Re: [gentoo-user] Reconciling users and services

[Alan McKinnon]

On Sunday 18 January 2009 00:09:31 Grant wrote:
> I have some users on a system and some services.  How can I make sure
> only certain users can log into certain services?  Do I need to
> explicitly define which users can log into each service?  Are there
> different types of users so that some can only log into certain
> services?
>
> For example, I know any user that has their shell set to /bin/nologin
> can't log into a shell.  How can I check on users' shell settings?
>
> - Grant

To do this you configure each service separately (there is no central 
registry-type thing for this). You don't say what "services" you are 
interested in, so I have to make some assumptions.

apache, samba, ftp servers, all have their own authentication methods. You 
have to research what methods they provide, and choose which is most 
appropriate. For instance, Samba can auth against kerberos/ldap or using a 
local smbpasswd file. For a specific user to be able to access something via 
samba, you ensure they have an entry in AD or a line in smbpasswd.

For more simple local services, you can use user and group permissions. I have 
to restrict cron and wget at work, I find the easiest way is to:
chown root:trusted /usr/bin/wget
chown root:trusted /usr/bin/crontab
users authorized to use wget/cron must then be put in the trusted group.

cron has it's cron.allow and cron.deny files that you can also use.

sshd has config options to limit who can do what in sshd_config.

If you post back with more specifics about what you want to achieve, we can 
assist you better.


-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] digikam, gtkam,... what's else?

[Andrew Gaydenko]

On Sunday 18 January 2009 10:37:56 Dale wrote:

>
> Most Canon cameras that I have read about are p2p or something.  It
> should just work but maybe there is something specific about your model
> or they are changing the camera part.

~2-3 months ago all did work.

> I'm just glad I like my little
> Canon PowerShotA95.  It has the flip out display which is hard to find
> now.  I like mine that way to protect the display.  I don't think there
> is a scratch on mine anywhere.
>
> I hope they fix the bug or give a workaround soon.
>
> Dale
>
> :-)  :-)
>
> P.S.  I recently got me a little cheap card reader to use for the camera
> and the cell phone card. That works very well.  

I have SD-card-to-memory-stick "adapter" - it does work.

> You do have to mount it
> manually but it works well.  Camera uses CF and phone uses MicroSD.
> That may be a option.  The card reader has Targus wrote on it and it was
> pretty cheap.

Re: [gentoo-user] Avahi Keeps failing on Emerge - Maybe a Python Error?

[Alan McKinnon]

On Sunday 18 January 2009 06:38:15 Richard Watson wrote:
> I'm sorry about the delay in closing this. I finally figured out if I
> remove "-pipe" from my /etc/make.conf CFLAGS that all my compile errors go
> away. Looking at the reference on the subject this option tells GCC not to
> create temporary files when compiling but to turn this off if low on RAM.
> Not sure why this happens as I have a 1GB Ram. Maybe this is not enough
> these days. Anyway problem solved.

That's an interesting result, but I can't help thinking it's the wrong 
solution to the wrong problem. One of my machines has had merely 1G for 2 
years, before that it had 512M for 3 years and it has never shown this 
symptom. I have servers at work with 512M - same thing, even when building 
current packages.

Gut feel is telling me that removing -pipe is simply revealing a deeper 
symptom somewhere - 1G is actually an enormous amount of memory for 
compilation purposes. If you feel like digging deeper, I'd be very interested 
to see where this one leads.


-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] digikam, gtkam,... what's else?

[Dale]

Andrew Gaydenko wrote:
> On Sunday 18 January 2009 01:11:51 Dale wrote:
>   
>> In my past, it was a permissions issue that got me.  Make sure you are
>> in the right groups, or try as root.  If it works as root, then it
>> should be a permissions problem or missing group.
>>
>> If it don't work as root, oh boy, you got problems now.  ;-)
>> 
>
> Yes, I have got :-) Have sent debug info to gphoto mailing list.
>
>
>   
>> Dale
>>
>> :-)  :_)
>> 
>
>
>
>   

Most Canon cameras that I have read about are p2p or something.  It
should just work but maybe there is something specific about your model
or they are changing the camera part.  I'm just glad I like my little
Canon PowerShotA95.  It has the flip out display which is hard to find
now.  I like mine that way to protect the display.  I don't think there
is a scratch on mine anywhere.

I hope they fix the bug or give a workaround soon.

Dale

:-)  :-) 

P.S.  I recently got me a little cheap card reader to use for the camera
and the cell phone card. That works very well.  You do have to mount it
manually but it works well.  Camera uses CF and phone uses MicroSD. 
That may be a option.  The card reader has Targus wrote on it and it was
pretty cheap. 

Re: [gentoo-user] digikam, gtkam,... what's else?

[Andrew Gaydenko]

On Sunday 18 January 2009 01:11:51 Dale wrote:
>
> In my past, it was a permissions issue that got me.  Make sure you are
> in the right groups, or try as root.  If it works as root, then it
> should be a permissions problem or missing group.
>
> If it don't work as root, oh boy, you got problems now.  ;-)

Yes, I have got :-) Have sent debug info to gphoto mailing list.


>
> Dale
>
> :-)  :_)

Re: [gentoo-user] Disable remote login for certain user

[Mike Kazantsev]

On Sat, 17 Jan 2009 10:50:31 -0800
Grant  wrote:

> Can anyone tell me how to find out which users on a system have a
> login shell (e.g. not /bin/nologin)?

echo 'Unavailable user accounts:'; for usr in `cat /etc/passwd`; do 
usr=${usr%%:*}; exit | su "$usr" >/dev/null 2>&1 || echo -n "$usr "; done

-- 
Mike Kazantsev // fraggod.net


signature.asc
Description: PGP signature

RE: [gentoo-user] Avahi Keeps failing on Emerge - Maybe a Python Error?

[Richard Watson]

I'm sorry about the delay in closing this. I finally figured out if I remove
"-pipe" from my /etc/make.conf CFLAGS that all my compile errors go away.
Looking at the reference on the subject this option tells GCC not to create
temporary files when compiling but to turn this off if low on RAM. Not sure
why this happens as I have a 1GB Ram. Maybe this is not enough these days.
Anyway problem solved.

Regards, Richard

===
Try to find out why this strange configure command line is being
called (take a look at the ebuild)

Also, there are other logs you can post. I don't remember exactly the
names, but I think there are multiple configure log files like
configure.log and configure.error (or something like that) that says
exactly why did configure concluded that a certain feature is missing.
The log you provided does not say why configure concluded there is no
pygtk, but configure usually *does* explain this (is specific log
files. Do a little search).

Regards,
Jorge Peixoto

-- 
Software is like sex: it is better when it is free - Linus Torvalds


No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.176 / Virus Database: 270.10.8/1899 - Release Date: 17/01/2009
5:50 PM

[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?

[»Q«]

In <58965d8a0901171927q12cac290ocead4eb8409d9...@mail.gmail.com>,
Paul Hartman  wrote:

> On Sat, Jan 17, 2009 at 9:20 PM, Paul Hartman
>  wrote:
> > On Sat, Jan 17, 2009 at 6:32 PM, »Q«  wrote:
> >> On Fri, 16 Jan 2009 01:42:30 -0600

> >> You mean you are now successfully using uvesafb *without* an
> >> initrd or initramfs?  Spock's site says you need v86d, and I don't
> >> know how else to get it.  If I boot a kernel without it, uvesafb
> >> doesn't work for me.
> >
> > Well you need the initramfs stuff is configured in the kernel as
> > stated in the instructions at his website, but I'm not (not have I
> > ever) used the initrd. 

[snip]
 
> I forgot to specify: the kernel setting
> 
> CONFIG_INITRAMFS_SOURCE="/usr/share/v86d/initramfs"
> 
> compiled v86d into the kernel, so it doesn't need to execute
> the /sbin/v86d

Ah, thanks, I see.  I think my initial confusion was due to my
misreading of your original post.  I do it the same way you do,
compiling it into the kernel, both on Gentoo and Slackware.

-- 
»Q«
 Kleeneness is next to Gödelness.

Re: [gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?

[Paul Hartman]

On Sat, Jan 17, 2009 at 9:20 PM, Paul Hartman
 wrote:
> On Sat, Jan 17, 2009 at 6:32 PM, »Q«  wrote:
>> On Fri, 16 Jan 2009 01:42:30 -0600
>> Paul Hartman  wrote:
>>
>>> On Thu, Jan 15, 2009 at 11:49 PM, Paul Hartman
>>>  wrote:
>>> > Hi,
>>> >
>>> > Does anyone here use uvesafb? I followed the instructions to install
>>> > uvesafb from this page:
>>> >
>>> > http://dev.gentoo.org/~spock/projects/uvesafb/
>>> >
>>> > However, it does not work. Is it required to use initrd in order to
>>> > use uvesafb? (because I don't use it...)
>>> >
>>> > the 80x25 looks absolutely horrible and I'd love to have something
>>> > usable without needing to be in X. I have an nvidia geforce 9600GT
>>> > card using the latest nvidia-drivers, and am on amd64 if it matters.
>>>
>>> I'm ashamed to admit I made the most basic mistake. I compiled uvesafb
>>> as a module. Oops! Compiled it as "Y" instead of "M" and now I have a
>>> pair of Tux sitting atop my kernel boot screen and no more 80x25
>>> horror. :)
>>
>> You mean you are now successfully using uvesafb *without* an
>> initrd or initramfs?  Spock's site says you need v86d, and I don't know
>> how else to get it.  If I boot a kernel without it, uvesafb doesn't
>> work for me.
>
> Well you need the initramfs stuff is configured in the kernel as
> stated in the instructions at his website, but I'm not (not have I
> ever) used the initrd. My grub config (possibly wordwrapped by gmail)
> is:
>
> default 0
> timeout 10
> splashimage=(hd0,0)/grub/splash.xpm.gz
>
> title=Gentoo Linux 2.6
> root (hd0,0)
> kernel /vmlinuz root=/dev/sda5 doscsi dodmraid nmi_watchdog=0
> rootfstype=ext4 video=uvesafb:1280x720p-59,mtrr:3,ywrap
>

I forgot to specify: the kernel setting

CONFIG_INITRAMFS_SOURCE="/usr/share/v86d/initramfs"

compiled v86d into the kernel, so it doesn't need to execute the /sbin/v86d

Re: [gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?

[Paul Hartman]

On Sat, Jan 17, 2009 at 9:32 AM, Peter Humphrey
 wrote:
> On Friday 16 January 2009 19:27:53 Paul Hartman wrote:
>
>> Now I just need to find a good consolefont that doesn't look
>> "squished" in 16:9 aspect ratio. Right now I'm using ter-112n (from
>> terminus-fonts) and it's pretty good but still a little too wide for
>> my taste.
>
> Thanks for the pointer to that rather nice font. I think the problem, if
> yours is like mine in having a 1280x800 screen, is that the frame buffer
> simply takes a standard 4:3 screen resolution and stretches it to fit. Thus
> I have a distorted 1024x768 console.
>
> The only way to get a narrower font seems to be to design one six or seven
> pixels wide instead of the usual eight. Or at least, to design a tall,
> narrow font that would look right when stretched in this way.
>
> I too would like to know if someone discovers one like this.

Well, my framebuffer is 1280x720 which is proper 16:9 aspect ratio for
my monitor, but the consolefonts I've tried just don't seem quite my
flavor. I want a small font (so I can fit a lot of characters in the
screen) without being "short", by which I mean I'd rather have an 8x16
font than an 8x8.

In Konsole I'm using "Fixed [ETL]" 10pt, whatever that is, maybe it's
the default, I can't remember, but it's nice.

Re: [gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?

[Paul Hartman]

On Sat, Jan 17, 2009 at 6:32 PM, »Q«  wrote:
> On Fri, 16 Jan 2009 01:42:30 -0600
> Paul Hartman  wrote:
>
>> On Thu, Jan 15, 2009 at 11:49 PM, Paul Hartman
>>  wrote:
>> > Hi,
>> >
>> > Does anyone here use uvesafb? I followed the instructions to install
>> > uvesafb from this page:
>> >
>> > http://dev.gentoo.org/~spock/projects/uvesafb/
>> >
>> > However, it does not work. Is it required to use initrd in order to
>> > use uvesafb? (because I don't use it...)
>> >
>> > the 80x25 looks absolutely horrible and I'd love to have something
>> > usable without needing to be in X. I have an nvidia geforce 9600GT
>> > card using the latest nvidia-drivers, and am on amd64 if it matters.
>>
>> I'm ashamed to admit I made the most basic mistake. I compiled uvesafb
>> as a module. Oops! Compiled it as "Y" instead of "M" and now I have a
>> pair of Tux sitting atop my kernel boot screen and no more 80x25
>> horror. :)
>
> You mean you are now successfully using uvesafb *without* an
> initrd or initramfs?  Spock's site says you need v86d, and I don't know
> how else to get it.  If I boot a kernel without it, uvesafb doesn't
> work for me.

Well you need the initramfs stuff is configured in the kernel as
stated in the instructions at his website, but I'm not (not have I
ever) used the initrd. My grub config (possibly wordwrapped by gmail)
is:

default 0
timeout 10
splashimage=(hd0,0)/grub/splash.xpm.gz

title=Gentoo Linux 2.6
root (hd0,0)
kernel /vmlinuz root=/dev/sda5 doscsi dodmraid nmi_watchdog=0
rootfstype=ext4 video=uvesafb:1280x720p-59,mtrr:3,ywrap

Re: [gentoo-user] Reconciling users and services

[Norberto Bensa]

On Saturday January 17 2009 20:09:31 Grant wrote:
> I have some users on a system and some services.  How can I make sure
> only certain users can log into certain services? 

Depends on the service and how it is configured. Can you be more specific on 
what services yo want limited access?

[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?

[»Q«]

On Fri, 16 Jan 2009 01:42:30 -0600
Paul Hartman  wrote:

> On Thu, Jan 15, 2009 at 11:49 PM, Paul Hartman
>  wrote:
> > Hi,
> >
> > Does anyone here use uvesafb? I followed the instructions to install
> > uvesafb from this page:
> >
> > http://dev.gentoo.org/~spock/projects/uvesafb/
> >
> > However, it does not work. Is it required to use initrd in order to
> > use uvesafb? (because I don't use it...)
> >
> > the 80x25 looks absolutely horrible and I'd love to have something
> > usable without needing to be in X. I have an nvidia geforce 9600GT
> > card using the latest nvidia-drivers, and am on amd64 if it matters.
> 
> I'm ashamed to admit I made the most basic mistake. I compiled uvesafb
> as a module. Oops! Compiled it as "Y" instead of "M" and now I have a
> pair of Tux sitting atop my kernel boot screen and no more 80x25
> horror. :)

You mean you are now successfully using uvesafb *without* an
initrd or initramfs?  Spock's site says you need v86d, and I don't know
how else to get it.  If I boot a kernel without it, uvesafb doesn't
work for me.

-- 
»Q«
 Kleeneness is next to Gödelness.

Re: [gentoo-user] Bash completion annoyance: escapes directory variables.

[Jean-Baptiste Mestelan]

2009/1/18 Peter Alfredsen :
> Did you try using unstable gentoo-bashcomp too?

Yes, exact same result, meaning gentoo specific completion is disabled.
Does it work for you folks ?

[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?

[»Q«]

On Sat, 17 Jan 2009 15:32:38 +
Peter Humphrey  wrote:

> On Friday 16 January 2009 19:27:53 Paul Hartman wrote:
> 
> > Now I just need to find a good consolefont that doesn't look
> > "squished" in 16:9 aspect ratio. Right now I'm using ter-112n (from
> > terminus-fonts) and it's pretty good but still a little too wide for
> > my taste.  
> 
> Thanks for the pointer to that rather nice font. I think the problem,
> if yours is like mine in having a 1280x800 screen, is that the frame
> buffer simply takes a standard 4:3 screen resolution and stretches it
> to fit. Thus I have a distorted 1024x768 console.

I also have a 1280x800 screen and uvesafb works for me without
distortion with this kernel video option in grub.conf: 

 video=uvesafb:1280x800-32,mtrr:3,ywrap

-- 
»Q«
 Kleeneness is next to Gödelness.

Re: [gentoo-user] Bash completion annoyance: escapes directory variables.

[Peter Alfredsen]

On Sat, 17 Jan 2009 20:59:38 +0100
"Jean-Baptiste Mestelan"  wrote:

> BUT (there had to be a 'but') ...
> gentoo-bashcomp does not play well with this latest version, meaning
> that after re-installing bashcomp, completion does not work after
> gentoo commands (emerge, ebuild ...).

Did you try using unstable gentoo-bashcomp too?

/PA

Re: [gentoo-user] Reconciling users and services

[Volker Armin Hemmann]

On Samstag 17 Januar 2009, Grant wrote:
> I have some users on a system and some services.  How can I make sure
> only certain users can log into certain services?  Do I need to
> explicitly define which users can log into each service?  Are there
> different types of users so that some can only log into certain
> services?
>
> For example, I know any user that has their shell set to /bin/nologin
> can't log into a shell.  How can I check on users' shell settings?

/etc/passwd?

[gentoo-user] Re: X Program to show tty messages

[Fernando Antunes]

On Sat, Jan 17, 2009 at 1:55 PM, Fernando Antunes wrote:

> Hi.
> I looking for a way to see/monitor messages sent to the tty when a running
> X programs.
> I tryed xconsole, but it only works with /dev/console. Does anybody knows
> such a program ?
>

Sorry if my poor english vocabulary didn't help you to understand me.

I'd like to see the output text sent by the graphicals programs to the tty1
when a running in X. Nowaday I using CTRL+ALT+F1 to see them.

I figure out if is there a program that capture and show them in X a window.

Re: [gentoo-user] digikam, gtkam,... what's else?

[Dale]

Andrew Gaydenko wrote:
> On Sunday 18 January 2009 00:48:25 Dale wrote:
>
>   
>> If that many programs can't access your camera, either the system is not
>> able to recognize the camera or you have other problems.  Maybe you can
>> post the related portion of /var/log/messages or whatever log your
>> system uses and we can help.  Right now, I have no other clue.  We have
>> to have more info before we can help.
>>
>> Dale
>>
>> :-)  :-)
>> 
>
> Dale, you are right. I have tried gphoto2 from CLI - the error takes place. 
> Probably will file an issue for upstream team. Unfortunately, there was very 
> long period since last camera using, and I can not presume which update is 
> the 
> problem reason.
>
>
>   

In my past, it was a permissions issue that got me.  Make sure you are
in the right groups, or try as root.  If it works as root, then it
should be a permissions problem or missing group.

If it don't work as root, oh boy, you got problems now.  ;-)

Dale

:-)  :_) 

[gentoo-user] Reconciling users and services

[Grant]

I have some users on a system and some services.  How can I make sure
only certain users can log into certain services?  Do I need to
explicitly define which users can log into each service?  Are there
different types of users so that some can only log into certain
services?

For example, I know any user that has their shell set to /bin/nologin
can't log into a shell.  How can I check on users' shell settings?

- Grant

[gentoo-user] Re: Grub Error 21: Selected disk does not exist

[Grant Edwards]

On 2009-01-17, Mick  wrote:
> On Saturday 17 January 2009, Grant Edwards wrote:

>>   grub> root (hd0,2)
>>
>>   Error 21: Selected disk does not exist

> Did you try tab completion at:
>
> grub> root ( <--tab

Nope, I didn't know about tab completion.  And now that I've
got grub installed and Gentoo is booted, it's working fine.  I
think something was broken in /dev

> Had you chrooted properly at the time and could you see the grub fs 
> under /boot/grub ?.

I cut/pasted the commands from the quick install guide to do
the chroot.  And I rebooted and chroot'ed twice just to make
sure.

-- 
Grant

[gentoo-user] Re: Grub Error 21: Selected disk does not exist

[Grant Edwards]

On 2009-01-17, Nicolas Sebrecht  wrote:
>
> On Sat, Jan 17, 2009 at 05:31:22PM +, Grant Edwards wrote:
>
>> I was following the "quick install" doc, and everything went
>> fine until I got to the section on installing grub.  After
>> emerging grub, the "root" command failed:
>> 
>>   grub> root (hd0,2)
>> 
>>   Error 21: Selected disk does not exist
>
> Did you try it on a chroot system?

Yes, that was in the chroot'ed system.

> If so, did you have access on /dev /proc and /sys inside the
> chroot?

I thought so.  Everything else seemed to work.  I definitely
checked to make sure /proc was mounted -- I cut/pasted the
commands from the quick-install web page (changing sda to hda).

But, now that you mention it, something in /dev was wrong
because the first time I booted Gentoo off hda2, the "issue"
message that's displayed before the login prompt gave
instructions on how to fix /dev.  I never figured out what
exactly was wrong, but following the instructions fixed it.

It took me a while to get to that point since I tripped over
the grub bug that displays a blank menu and then corrupts the
console. Apparently there's something wrong with the
splash.xpm.gz file, and you have to comment out the splashcreen
line in menu.lst.

-- 
Grant

Re: [gentoo-user] digikam, gtkam,... what's else?

[Andrew Gaydenko]

On Sunday 18 January 2009 00:48:25 Dale wrote:

> If that many programs can't access your camera, either the system is not
> able to recognize the camera or you have other problems.  Maybe you can
> post the related portion of /var/log/messages or whatever log your
> system uses and we can help.  Right now, I have no other clue.  We have
> to have more info before we can help.
>
> Dale
>
> :-)  :-)

Dale, you are right. I have tried gphoto2 from CLI - the error takes place. 
Probably will file an issue for upstream team. Unfortunately, there was very 
long period since last camera using, and I can not presume which update is the 
problem reason.

Re: [gentoo-user] digikam, gtkam,... what's else?

[Dale]

Andrew Gaydenko wrote:
> On Saturday 17 January 2009 22:38:43 Dale wrote:
>   
>> Andrew Gaydenko wrote:
>> 
>>> On Saturday 17 January 2009 21:52:19 Dale wrote:
>>>   
 It doesn't here either but it is most likely miss configured here since
 I use gtkam.  You may want to try gtkam if all else fails.  Put
 CAMERAS="canon ptp2" in your make.conf and it should work.
 
>>> Already have.
>>>
>>>   
 Dale

 :-)  :-)
 
>> Does gtkam not work either?  If not, you may have something other than
>> software problems.  It may be something not recognizing  your camera for
>> some reason.  May want to check your logs for errors.
>> 
>
> In fact, there are many googling results wrt this gtkam error message - too 
> many to identify the problem reason :-) 
>
>   
>> I'm not using KDE 4 but gtkam should work regardless since it is not KDE.
>>
>> Dale
>>
>> :-)  :-)
>> 
>
>
>
>   


If that many programs can't access your camera, either the system is not
able to recognize the camera or you have other problems.  Maybe you can
post the related portion of /var/log/messages or whatever log your
system uses and we can help.  Right now, I have no other clue.  We have
to have more info before we can help.

Dale

:-)  :-) 

Re: [gentoo-user] More on /sys files

[Neil Bothwick]

On Sat, 17 Jan 2009 09:13:44 -0600, Harry Putnam wrote:

> I'm in the process of rsyncing an OS to a remote file system.
> 
> when rsyncing /sys to remote /sys... I get piles of errors

/sys is a virtual filesystem, like /dev and /proc. Even if you do succeed
on copying the contents,you'll only waste space on the root partition of
the new machine and the virtual filesystems will get mounted over
them. On my desktop, one file in /proc is more that ten times the size of
the root filesystem!

Use the -x option with rsync to prevent copying these. 


-- 
Neil Bothwick

Yes, I am an agent of Satan, but my duties are largely ceremonial.


signature.asc
Description: PGP signature

Re: [gentoo-user] Grub Error 21: Selected disk does not exist

[Nicolas Sebrecht]

On Sat, Jan 17, 2009 at 05:31:22PM +, Grant Edwards wrote:

> I was following the "quick install" doc, and everything went
> fine until I got to the section on installing grub.  After
> emerging grub, the "root" command failed:
> 
>   grub> root (hd0,2)
> 
>   Error 21: Selected disk does not exist

Did you try it on a chroot system ? If so, did you have access on /dev
/proc and /sys inside the chroot ?

-- 
Nicolas Sebrecht

Re: [gentoo-user] X Program to show tty messages

[Mick]

On Saturday 17 January 2009, Fernando Antunes wrote:
> Hi.
> I looking for a way to see/monitor messages sent to the tty when a running
> X programs.
> I tryed xconsole, but it only works with /dev/console. Does anybody knows
> such a program ?

I think you need to comment out /dev/tty12 and enter something like:

destination xconsole { pipe("/dev/xconsole"); };
destination console_all { file("/dev/console"); };

in your /etc/syslog-ng/syslog-ng.conf.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Grub Error 21: Selected disk does not exist

[Mick]

On Saturday 17 January 2009, Grant Edwards wrote:
> I just did an install onto a machine with a single internal IDE
> hard drive.  hda1 is Win2K (NTFS), hda2 is swap, hda3 is Gentoo
> root (ext3).
>
> I was following the "quick install" doc, and everything went
> fine until I got to the section on installing grub.  After
> emerging grub, the "root" command failed:
>
>   grub> root (hd0,2)
>
>   Error 21: Selected disk does not exist
>
> I tried hd0,hd1,hd2,hd3 with various paritions from 0 to 2 and
> always got an Error 21.  The drive is recognized correctly by
> the BIOS, and Win2K boots and runs fine.  I rebooted and
> chroot'ed several times and always got Error 21.
>
> So, I downloaded a Grub CD from http://www.supergrubdisk.org/.
> The grub on the CD recognized the disk and all partitions
> correctly and installed just fine using the normal procedure:
>
>root (hd0,2)
>setup (hd0)
>
> I rebooted, and everything works great.
>
> Any ideas on why grub couldn't see any hard drives when it was
> run from the 2008.0 minimal install CD's chroot'ed environment?
> I've done dozens of Gentoo installs, and I've never seen this
> problem before.

Did you try tab completion at:

grub> root ( <--tab

Had you chrooted properly at the time and could you see the grub fs 
under /boot/grub ?.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] digikam, gtkam,... what's else?

[Andrew Gaydenko]

On Saturday 17 January 2009 22:38:43 Dale wrote:
> Andrew Gaydenko wrote:
> > On Saturday 17 January 2009 21:52:19 Dale wrote:
> >> It doesn't here either but it is most likely miss configured here since
> >> I use gtkam.  You may want to try gtkam if all else fails.  Put
> >> CAMERAS="canon ptp2" in your make.conf and it should work.
> >
> > Already have.
> >
> >> Dale
> >>
> >> :-)  :-)
>
> Does gtkam not work either?  If not, you may have something other than
> software problems.  It may be something not recognizing  your camera for
> some reason.  May want to check your logs for errors.

In fact, there are many googling results wrt this gtkam error message - too 
many to identify the problem reason :-) 

>
> I'm not using KDE 4 but gtkam should work regardless since it is not KDE.
>
> Dale
>
> :-)  :-)

Re: [gentoo-user] Bash completion annoyance: escapes directory variables.

[Jean-Baptiste Mestelan]

2009/1/17 Stroller :
>
> I don't know much about this, but I wonder if it may be related to some of
> Gentoo's 3rd-party Bash-completion features?

I have unmerged gentoo-bashcomp, but the problem remains. So, this
would put the blame on bash-completion.

I am using bash-completion-20060301. Following your message, I have
upgraded to latest (unstable) bash-completion-20081218
*and this solved the original problem* : tab-completion now does not
escape variables after 'cd' !

BUT (there had to be a 'but') ...
gentoo-bashcomp does not play well with this latest version, meaning
that after re-installing bashcomp, completion does not work after
gentoo commands (emerge, ebuild ...).


So, I think I will get back to bash-completion-20060301, and use cdb
instead of path variables.

Thanks for attention and suggestions.


> You might also check bash-completion USE flags.

# equery uses app-shells/bash-completion
[ Searching for packages matching app-shells/bash-completion... ]
[ Colour Code : set unset ]
[ Legend : Left column  (U) - USE flags from make.conf  ]
[: Right column (I) - USE flags packages was installed with ]
[ No USE flags found for app-shells/bash-completion-20060301]

Re: [gentoo-user] Disable remote login for certain user

[Volker Armin Hemmann]

On Samstag 17 Januar 2009, Grant wrote:
> >> >> an ssh config setting, in shorewall, or somewhere else?
> >> >
> >> > You can:
> >> >
> >> > 1) use pam as described by Mike
> >> >
> >> > or
> >> >
> >> > 2) use sshd_config "AllowUsers"
> >>
> >> Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd
> >> is the only service running on the system.
> >
> > I really would not do that. Instead create a user to log in and su to
> > root. Root should not be allowed to log in - way to risky.
>
> Is the idea to put 2 passwords in the way of gaining root access? 

one key+username and one password.

> The
> problem is twice as many passwords to memorize.  Even if the 2
> passwords are the same, I suppose they would have to come up with the
> username too which is a (thin) extra layer.

just use pubkey for ssh. It is much saver anyway.

Re: [gentoo-user] X Program to show tty messages

[Dale]

Fernando Antunes wrote:
> Hi.
> I looking for a way to see/monitor messages sent to the tty when a
> running X programs.
> I tryed xconsole, but it only works with /dev/console. Does anybody
> knows such a program ?

I'm not sure this is what you are looking for but try knotify. 

* kde-base/knotify
 Available versions:  (4.1)  ~4.1.4
{debug kdeprefix}
 Homepage:http://www.kde.org/
 Description: The KDE notification daemon.


Dale

:-)  :-)

Re: [gentoo-user] Disable remote login for certain user

[Dale]

Grant wrote:
> an ssh config setting, in shorewall, or somewhere else?
>   
 You can:

 1) use pam as described by Mike

 or

 2) use sshd_config "AllowUsers"
 
>>> Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd
>>> is the only service running on the system.
>>>   
>> I really would not do that. Instead create a user to log in and su to root.
>> Root should not be allowed to log in - way to risky.
>> 
>
> Is the idea to put 2 passwords in the way of gaining root access?  The
> problem is twice as many passwords to memorize.  Even if the 2
> passwords are the same, I suppose they would have to come up with the
> username too which is a (thin) extra layer.
>
> Is that done with 'AllowUsers user'?
>
> - Grant
>
>
>   

I would think the point is every hacker out there knows the user root
exists.  They may not know the other users but they know root is there
so they just script the user root and bang away at passwords and hope
they get lucky.  Eventually, they will get lucky if they try long enough.

Think of it this way.  If root is disabled, they have to figure out
which user can su to root since all may not be allowed to.  They also
have to guess that users password.  Then on top of that they have to
guess the root password too.  They have to get the user name, password
and the root password right before they can do anything. 

If you allow root access, they only need the root password.  Guessing
one is easier than guessing three.

Dale

:-)  :-) 

Re: [gentoo-user] digikam, gtkam,... what's else?

[Dale]

Andrew Gaydenko wrote:
> On Saturday 17 January 2009 21:52:19 Dale wrote:
>   
>> It doesn't here either but it is most likely miss configured here since
>> I use gtkam.  You may want to try gtkam if all else fails.  Put
>> CAMERAS="canon ptp2" in your make.conf and it should work.
>> 
>
> Already have.
>
>   
>> Dale
>>
>> :-)  :-)
>> 
>
>   

Does gtkam not work either?  If not, you may have something other than
software problems.  It may be something not recognizing  your camera for
some reason.  May want to check your logs for errors.

I'm not using KDE 4 but gtkam should work regardless since it is not KDE.

Dale

:-)  :-) 

Re: [gentoo-user] digikam, gtkam,... what's else?

[Andrew Gaydenko]

On Saturday 17 January 2009 21:52:19 Dale wrote:
> Andrew Gaydenko wrote:
> > digikam (during this KDE3-to-KDE4 epoch) can not be installed (see Gentoo
> > bugs related to 'digikam'), gtkam shows PTP I/O error... Is there other
> > software I have missed? I have Canon ixus 40 camera.
>
> Does one of these in Konqueror work?
>
> media:/camera
>
> system:/media/camera

Have tried with krusader ('camera:/') - just got infinite nested subdirs with 
the camera name.

>
> It doesn't here either but it is most likely miss configured here since
> I use gtkam.  You may want to try gtkam if all else fails.  Put
> CAMERAS="canon ptp2" in your make.conf and it should work.

Already have.

>
> Dale
>
> :-)  :-)

Re: [gentoo-user] Disable remote login for certain user

[Grant]

>> >> an ssh config setting, in shorewall, or somewhere else?
>> >
>> > You can:
>> >
>> > 1) use pam as described by Mike
>> >
>> > or
>> >
>> > 2) use sshd_config "AllowUsers"
>>
>> Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd
>> is the only service running on the system.
>
> I really would not do that. Instead create a user to log in and su to root.
> Root should not be allowed to log in - way to risky.

Is the idea to put 2 passwords in the way of gaining root access?  The
problem is twice as many passwords to memorize.  Even if the 2
passwords are the same, I suppose they would have to come up with the
username too which is a (thin) extra layer.

Is that done with 'AllowUsers user'?

- Grant

[gentoo-user] Re: Restricting Firefox website access

[Harry Putnam]

Grant  writes:

>>> But I had expected Squid + module to be the answer, and no-one
>>> mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian
>>> was the only serious reply I got, so you might want to look at that,
>>> too.
>>> http://www.gossamer-threads.com/lists/gentoo/user/175114
>>>
>>> I really should be implementing this internet filtering this weekend.
>>
>> Did privoxy go out of business... or just not suitable for the need?
>>
>> I used to use it a few yrs ago but haven't had the need for quite a
>> while now.
>
> What is the advantage of privoxy over squid?  Maybe simplicity?

Not sure there is one.  I ran privoxy through squid.  Privoxy talked
direct to squid.

Re: [gentoo-user] Disable remote login for certain user

[Volker Armin Hemmann]

On Samstag 17 Januar 2009, Grant wrote:
> >> an ssh config setting, in shorewall, or somewhere else?
> >
> > You can:
> >
> > 1) use pam as described by Mike
> >
> > or
> >
> > 2) use sshd_config "AllowUsers"
>
> Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd
> is the only service running on the system.

I really would not do that. Instead create a user to log in and su to root. 
Root should not be allowed to log in - way to risky.

Re: [gentoo-user] Restricting Firefox website access

[Matt Harrison]

Alan McKinnon wrote:

On Saturday 17 January 2009 20:12:06 Grant wrote:


This requires only that the computer in question has a static IP or a
permanent lease (so you always know what it is), and you know the IP of
the web sites to be accessed (dig is a very good friend). Allow these,
deny everything else to destination port 80.

That sounds good, but I won't be able to fetch all updates that
portage might want, right?


There's always a wrinkle isn't there?

I find in real terms that my machines get all their updates from gentoo.org or 
from the gentoo mirror on the ftp server at work. That works for me, if those 
two mirrors both fail, I have problems that a change of GENTOO_MIRRORS will 
not solve. 

Perhaps the same is true of your environment. Failing that, I think you need 
to haul out the big guns, along with the big administration burden, and run 
an http proxy




I setup my squid proxy probably 5 years ago, I moved the config over 
when I switched to gentoo a couple of years ago, and it still works.


I would say I spend around 10 minutes a year performing admin tasks on 
my (home) squid server.


I just wanted to let it be said that squid doesn't have to be a big burden.

Matt

Re: [gentoo-user] digikam, gtkam,... what's else?

[Dale]

Andrew Gaydenko wrote:
> digikam (during this KDE3-to-KDE4 epoch) can not be installed (see Gentoo 
> bugs 
> related to 'digikam'), gtkam shows PTP I/O error... Is there other software I 
> have missed? I have Canon ixus 40 camera.
>
>
>   

Does one of these in Konqueror work?

media:/camera

system:/media/camera

It doesn't here either but it is most likely miss configured here since
I use gtkam.  You may want to try gtkam if all else fails.  Put
CAMERAS="canon ptp2" in your make.conf and it should work.

Dale

:-)  :-) 

Re: [gentoo-user] Disable remote login for certain user

[Grant]

>> Should I do that via an ssh config setting, in shorewall, or somewhere else?
>
> I believe the right way would be to add 'account required
> pam_access.so' line to /etc/pam.d/system-auth and define login
> restrictions in /etc/securety/access.conf (it's also quite well
> documented).
>
> That way you'll block ssh/ftp/mail etc logins for that account, which
> should also be prone to brutforce attacks because of weak password.
>
> The catch is, of course, that you should have pam on your system ;)
>
> --
> Mike Kazantsev // fraggod.net

Can anyone tell me how to find out which users on a system have a
login shell (e.g. not /bin/nologin)?

- Grant

Re: [gentoo-user] Disable remote login for certain user

[Grant]

>> an ssh config setting, in shorewall, or somewhere else?
>
> You can:
>
> 1) use pam as described by Mike
>
> or
>
> 2) use sshd_config "AllowUsers"

Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd
is the only service running on the system.

- Grant


> or
>
> 3) What I usually do is, disable pam in ssh so only keys are accepted. Only if
> you have the key, you can login remotely. Of course that means you will have
> to carry your usb pendrive with you all the time :-)
>
> Regards,
> Norberto

Re: [gentoo-user] Restricting Firefox website access

[Grant]

>>> >> That sounds good, how can I do that?
>>> >
>>> > iptables module "owner" handles that stuff, just "man iptables" if
>>> > you'll have any trouble.
>>> >
>>> >  iptables -A OUTPUT -m owner --uid-owner someuser -m tcp --dport http -j
>>> > REJECT
>>>
>>> I brought this to the shorewall list for config advice, but I was told:
>>>
>>> a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any
>>> notion of domains. So filterinG by domain is a non-starter.
>>>
>>> b) When referring to packet filters, filtering by user id (e.g., root)
>>> can only be done for connections originating from the firewall. See "man
>>> shoreall-rules" and read about the USER/GROUP column.
>>>
>>> Here was my original request:
>>>
>>> I'd like to restrict the websites one of the computers on my network
>>> can access in Firefox.  It only needs to access 2 different domain
>>> names and I don't want it to be able to access any others.  I can
>>> restrict it at the router if necessary because the router is a Gentoo
>>> system.
>>>
>>> I think this leaves a squid proxy setup as my only option?
>>
>> Restrict by source AND destination IP
>>
>> This requires only that the computer in question has a static IP or a
>> permanent lease (so you always know what it is), and you know the IP of the
>> web sites to be accessed (dig is a very good friend). Allow these, deny
>> everything else to destination port 80.
>
> That sounds good, but I won't be able to fetch all updates that
> portage might want, right?
>
> - Grant

But I could install a wide-open firewall on the system-to-restrict and
use that firewall to restrict website access instead of the router's
firewall.  That way I could consider the user (root, non-root) when
deciding whether or not to allow the 80/443 outbound connection since:

"When referring to packet filters, filtering by user id (e.g., root)
can only be done for connections originating from the firewall."

That should restrict website access and allow portage to do its thing.

- Grant

Re: [gentoo-user] Restricting Firefox website access

[Alan McKinnon]

On Saturday 17 January 2009 20:12:06 Grant wrote:

> > This requires only that the computer in question has a static IP or a
> > permanent lease (so you always know what it is), and you know the IP of
> > the web sites to be accessed (dig is a very good friend). Allow these,
> > deny everything else to destination port 80.
>
> That sounds good, but I won't be able to fetch all updates that
> portage might want, right?

There's always a wrinkle isn't there?

I find in real terms that my machines get all their updates from gentoo.org or 
from the gentoo mirror on the ftp server at work. That works for me, if those 
two mirrors both fail, I have problems that a change of GENTOO_MIRRORS will 
not solve. 

Perhaps the same is true of your environment. Failing that, I think you need 
to haul out the big guns, along with the big administration burden, and run 
an http proxy

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Restricting Firefox website access

[Grant]

>> >> That sounds good, how can I do that?
>> >
>> > iptables module "owner" handles that stuff, just "man iptables" if
>> > you'll have any trouble.
>> >
>> >  iptables -A OUTPUT -m owner --uid-owner someuser -m tcp --dport http -j
>> > REJECT
>>
>> I brought this to the shorewall list for config advice, but I was told:
>>
>> a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any
>> notion of domains. So filterinG by domain is a non-starter.
>>
>> b) When referring to packet filters, filtering by user id (e.g., root)
>> can only be done for connections originating from the firewall. See "man
>> shoreall-rules" and read about the USER/GROUP column.
>>
>> Here was my original request:
>>
>> I'd like to restrict the websites one of the computers on my network
>> can access in Firefox.  It only needs to access 2 different domain
>> names and I don't want it to be able to access any others.  I can
>> restrict it at the router if necessary because the router is a Gentoo
>> system.
>>
>> I think this leaves a squid proxy setup as my only option?
>
> Restrict by source AND destination IP
>
> This requires only that the computer in question has a static IP or a
> permanent lease (so you always know what it is), and you know the IP of the
> web sites to be accessed (dig is a very good friend). Allow these, deny
> everything else to destination port 80.

That sounds good, but I won't be able to fetch all updates that
portage might want, right?

- Grant

Re: [gentoo-user] Re: Restricting Firefox website access

[Grant]

>> But I had expected Squid + module to be the answer, and no-one
>> mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian
>> was the only serious reply I got, so you might want to look at that,
>> too.
>> http://www.gossamer-threads.com/lists/gentoo/user/175114
>>
>> I really should be implementing this internet filtering this weekend.
>
> Did privoxy go out of business... or just not suitable for the need?
>
> I used to use it a few yrs ago but haven't had the need for quite a
> while now.

What is the advantage of privoxy over squid?  Maybe simplicity?

- Grant

Re: [gentoo-user] Bash completion annoyance: escapes directory variables.

[felix]

On Sat, Jan 17, 2009 at 03:27:04PM +, Stroller wrote:
>
> On 17 Jan 2009, at 13:23, Jean-Baptiste Mestelan wrote:
>> ...
>> Now, I am unsure whether this is a feature, but:
>> when I tab-complete 'cd ' followed  an environment variable, bash
>> insists on escaping this variable.
>>
>> ex: cd $ -> cd \$
>> Which means I end up typing for example
>> # cd \$DOC
>> and this is not resolved right.
>>
>> If the variable path is not preceded by 'cd ' , bash completes it OK,
>> without escaping them.
>
> A system here does the same thing, another across town behaves "correctly".
>
> (I don't actually have $DOC set on either, but `cd /` and then use 
> autocomplete to `cd $HOME`, which is set.)
>
> I don't know much about this, but I wonder if it may be related to some of 
> Gentoo's 3rd-party Bash-completion features?

I have the same problem, and it also won't tab complete file names
inside back quotes as it used to.  If I have /tmp/fix-me-now, this
will simply beep.  It used to work.  I have gotten so used to gentoo
enhancements screwing up things like this that I won't waste time
filing bug reports or whining on the mailing liost until it has gone
several weeks without being fixed.  I figure sooner or later some dev
will notice it without haviung to ignore my whinings in the mean time.

$ emacs `cat /tmp/fix[TAB]

-- 
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
 Felix Finch: scarecrow repairman & rocket surgeon / fe...@crowfix.com
  GPG = E987 4493 C860 246C 3B1E  6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o

Re: [gentoo-user] Restricting Firefox website access

[Grant]

>> I brought this to the shorewall list for config advice, but I was told:
>>
>> a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any
>> notion of domains. So filterinG by domain is a non-starter.
>> ...
>>
>> I'd like to restrict the websites one of the computers on my network
>> can access in Firefox.  It only needs to access 2 different domain
>> names and I don't want it to be able to access any others.
>
> If it's a case of only 2 domains, then the chances are that dumb filtering
> will work ok.
>
> If you allow packets from computer X with a destination port of 80 only to
> computers with the IP address 12.154.191.10 then users of computer X will be
> able to access mylittlepony.com freely and also any hardcore porn sites also
> hosted on the same webserver (12.154.191.10).
>
> I have to admit this is probably not the way I'd do it, but WHEN YOU WROTE
> IN ALL CAPITALS, I FELT COMPELLED TO REPLY TO YOU.

I was quoting the other thread.  Guess I should have used [quote][/quote].

- Grant


> When I asked about content filtering a couple of months ago, everyone said
> Squid was rubbish.
>
> Actually, they ignored me. From now on, I will write all my questions in
> BLOCK CAPITALS in order to maximise my responses.
>
> But I had expected Squid + module to be the answer, and no-one mentioned it.
> A couple of clowns mentioned OpenDNS, and DansGuardian was the only serious
> reply I got, so you might want to look at that, too.
> http://www.gossamer-threads.com/lists/gentoo/user/175114
>
> I really should be implementing this internet filtering this weekend.
>
> Cheers,
>
> Stroller.

[gentoo-user] Grub Error 21: Selected disk does not exist

[Grant Edwards]

I just did an install onto a machine with a single internal IDE
hard drive.  hda1 is Win2K (NTFS), hda2 is swap, hda3 is Gentoo
root (ext3).

I was following the "quick install" doc, and everything went
fine until I got to the section on installing grub.  After
emerging grub, the "root" command failed:

  grub> root (hd0,2)

  Error 21: Selected disk does not exist

I tried hd0,hd1,hd2,hd3 with various paritions from 0 to 2 and
always got an Error 21.  The drive is recognized correctly by
the BIOS, and Win2K boots and runs fine.  I rebooted and
chroot'ed several times and always got Error 21.

So, I downloaded a Grub CD from http://www.supergrubdisk.org/.
The grub on the CD recognized the disk and all partitions
correctly and installed just fine using the normal procedure:

   root (hd0,2)
   setup (hd0)

I rebooted, and everything works great.

Any ideas on why grub couldn't see any hard drives when it was
run from the 2008.0 minimal install CD's chroot'ed environment?
I've done dozens of Gentoo installs, and I've never seen this
problem before.

-- 
Grant

[gentoo-user] Re: Restricting Firefox website access

[Harry Putnam]

Stroller  writes:

> But I had expected Squid + module to be the answer, and no-one
> mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian
> was the only serious reply I got, so you might want to look at that,
> too.
> http://www.gossamer-threads.com/lists/gentoo/user/175114
>
> I really should be implementing this internet filtering this weekend.

Did privoxy go out of business... or just not suitable for the need?

I used to use it a few yrs ago but haven't had the need for quite a
while now.

[gentoo-user] X Program to show tty messages

[Fernando Antunes]

Hi.
I looking for a way to see/monitor messages sent to the tty when a running X
programs.
I tryed xconsole, but it only works with /dev/console. Does anybody knows
such a program ?

[gentoo-user] Re: More on /sys files

[Harry Putnam]

Vladimir Rusinov  writes:

> On Sat, Jan 17, 2009 at 6:13 PM, Harry Putnam  wrote:
>
>> What do I need to do to get remote /sys  to mirror local /sys
>> Will booting the remote... once the transfer is done cure the problem?
>>
>
> Why do you need to sync /sys? It's completely useless - kernel creates all
> files in /sys automatically.

Good... thanks

Re: [gentoo-user] Restricting Firefox website access

[Stroller]

On 17 Jan 2009, at 05:34, Grant wrote:

...
I brought this to the shorewall list for config advice, but I was  
told:


a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any
notion of domains. So filterinG by domain is a non-starter.
...

I'd like to restrict the websites one of the computers on my network
can access in Firefox.  It only needs to access 2 different domain
names and I don't want it to be able to access any others.


If it's a case of only 2 domains, then the chances are that dumb  
filtering will work ok.


If you allow packets from computer X with a destination port of 80  
only to computers with the IP address 12.154.191.10 then users of  
computer X will be able to access mylittlepony.com freely and also any  
hardcore porn sites also hosted on the same webserver (12.154.191.10).


I have to admit this is probably not the way I'd do it, but WHEN YOU  
WROTE IN ALL CAPITALS, I FELT COMPELLED TO REPLY TO YOU.


When I asked about content filtering a couple of months ago, everyone  
said Squid was rubbish.


Actually, they ignored me. From now on, I will write all my questions  
in BLOCK CAPITALS in order to maximise my responses.


But I had expected Squid + module to be the answer, and no-one  
mentioned it. A couple of clowns mentioned OpenDNS, and DansGuardian  
was the only serious reply I got, so you might want to look at that,  
too.

http://www.gossamer-threads.com/lists/gentoo/user/175114

I really should be implementing this internet filtering this weekend.

Cheers,

Stroller.

Re: [gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?

[Peter Humphrey]

On Friday 16 January 2009 19:27:53 Paul Hartman wrote:

> Now I just need to find a good consolefont that doesn't look
> "squished" in 16:9 aspect ratio. Right now I'm using ter-112n (from
> terminus-fonts) and it's pretty good but still a little too wide for
> my taste.

Thanks for the pointer to that rather nice font. I think the problem, if 
yours is like mine in having a 1280x800 screen, is that the frame buffer 
simply takes a standard 4:3 screen resolution and stretches it to fit. Thus 
I have a distorted 1024x768 console.

The only way to get a narrower font seems to be to design one six or seven 
pixels wide instead of the usual eight. Or at least, to design a tall, 
narrow font that would look right when stretched in this way.

I too would like to know if someone discovers one like this.

-- 
Rgds
Peter

Re: [gentoo-user] Bash completion annoyance: escapes directory variables.

[Stroller]

On 17 Jan 2009, at 13:23, Jean-Baptiste Mestelan wrote:

...
Now, I am unsure whether this is a feature, but:
when I tab-complete 'cd ' followed  an environment variable, bash
insists on escaping this variable.

ex: cd $ -> cd \$
Which means I end up typing for example
# cd \$DOC
and this is not resolved right.

If the variable path is not preceded by 'cd ' , bash completes it OK,
without escaping them.


A system here does the same thing, another across town behaves  
"correctly".


(I don't actually have $DOC set on either, but `cd /` and then use  
autocomplete to `cd $HOME`, which is set.)


I don't know much about this, but I wonder if it may be related to  
some of Gentoo's 3rd-party Bash-completion features?



WORKING SYSTEM:

$ eselect bashcomp list
Available completions:
  [1]   eselect
  [2]   genlop *
  [3]   vim
  [4]   xxd
$


NON-WORKING SYSTEM:

$ eselect bashcomp list
Available completions:
  [1]   bash-completion-config
  [2]   bitkeeper
  [3]   bittorrent
  [4]   cksfv
  [5]   clisp
  [6]   dsniff
  [7]   freeciv
  [8]   gcl
  [9]   gentoo *
  [10]  gkrellm
  [11]  gnatmake
  [12]  harbour
  [13]  hg
  [14]  isql
  [15]  larch
  [16]  lilypond
  [17]  lisp
  [18]  mailman
  [19]  mcrypt
  [20]  modules
  [21]  mtx
  [22]  p4
  [23]  povray
  [24]  ri
  [25]  sbcl
  [26]  sitecopy
  [27]  snownews
  [28]  svk
  [29]  unace *
  [30]  unrar *
$


You might also check bash-completion USE flags.

Stroller.

Re: [gentoo-user] More on /sys files

[Vladimir Rusinov]

On Sat, Jan 17, 2009 at 6:13 PM, Harry Putnam  wrote:

> What do I need to do to get remote /sys  to mirror local /sys
> Will booting the remote... once the transfer is done cure the problem?
>

Why do you need to sync /sys? It's completely useless - kernel creates all
files in /sys automatically.

-- 
Vladimir Rusinov
http://greenmice.info/

Re: [gentoo-user] Disable remote login for certain user

[Norberto Bensa]

On Saturday January 17 2009 03:28:07 Grant wrote:
> an ssh config setting, in shorewall, or somewhere else?

You can:

1) use pam as described by Mike

or

2) use sshd_config "AllowUsers"

or

3) What I usually do is, disable pam in ssh so only keys are accepted. Only if 
you have the key, you can login remotely. Of course that means you will have 
to carry your usb pendrive with you all the time :-)

Regards,
Norberto

[gentoo-user] More on /sys files

[Harry Putnam]

I'm in the process of rsyncing an OS to a remote file system.

when rsyncing /sys to remote /sys... I get piles of errors of the
form:
  WARNING: devices/LNXSYSTM:00/device:00/ACPI_CPU:00/power/wakeup failed
  verification -- update discarded (will try again).

This is after a session failed so I'm re rsyncing directory by directory
to make sure all is copied over.

du -sh /sys on both remote and local shows:
  0


But find shows something else:
 find /sys -type f|wc   (on remote host)
  5850

find  /sys -type f|wc -l (on local host)
   6915

What do I need to do to get remote /sys  to mirror local /sys
Will booting the remote... once the transfer is done cure the problem?

[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?

[Harry Putnam]

Nikos Chantziaras  writes:

> rea...@newsguy.com wrote:
>> Paul Hartman  writes:
>>
>>> I'm ashamed to admit I made the most basic mistake. I compiled uvesafb
>>> as a module. Oops! Compiled it as "Y" instead of "M" and now I have a
>>> pair of Tux sitting atop my kernel boot screen and no more 80x25
>>> horror. :)
>>
>> Is there some difference in uvesafb and vesafb?  I've always just ignored
>> the uvesafb choice and used plain vesafb.
>>
>> I just assumed from the name of it and the menuconfig help on it that
>> it was something only usable in `userspace'.  I took that to mean
>> after bootup.. something you'd do from the command line.
>>
>> Anyone here that can explain what the difference is.
>
> uvesafb also works on non-x86 system.  It has one drawback though: it
> doesn't switch to graphical mode right from the start like vesafb
> does. Instead, you get the initial kernel messages in text mode and
> need to wait for graphics to kick-in.  With vesafb, you're in graphics
> mode right from the start.  That pretty much makes uvesafb a poor
> choice for bootsplash configurations.

If you select both will that lead to problems?
Could you invoke uvesafb from console session one you've booted?

[gentoo-user] Re: Append string on Kernel builds

[Harry Putnam]

Robert Bridge  writes:

> On Fri, 16 Jan 2009 19:36:42 -0600
> rea...@newsguy.com wrote:
>> What I asked was if there is some tricky syntax I could use on that
>> kernel setting that would do:  linux-2.6.26-gentoo-$HOST-N
>> Where N is an incremented number every time I build the kernel without
>> running `mrproper'.
>
> Not quite what you are asking, but would appending a timestamp to the
> name work instead? It would pretty much guarantee a different name for
> every build.

A timestamp would be fine.  What syntax would I use on the kernel
config item:

  inside menuconfig => General Setup/Local Version [...]  

to get a timestamp?

Re: [gentoo-user] Problem with Kde 4.1.X

[Nicola]

Alle sabato 17 gennaio 2009, Chris Walters ha scritto:
> Nicola wrote:
> > Hi,
> > I have searched on google and bugtrack for weeks for people with a
> > similar problem with the new kde 4.1.X but I didn't find anything. I have
> > some problem even to describe the problem beacause I don't know how to
> > figure out what is wrong with my system. The real problem is that kde
> > 4.1.X didn't start if I use kwin. I only get it start if I use another
> > window decorator (for example compiz). I have tried with 4.1.3 and 4.1.4
> > but with the same problem. After the login screen i get the splash screen
> > but at the end of the sequence I'm kicked out to the login screen.
> > I need some advice to how and where begin to search for the problem.
> > Which file I need to parse in search of the problem? Is there on the ML
> > someone whith the same problem?
> >
> > Xorg:1.5.3-r1
> > nvidia-drivers:177.82
> > kernel:2.6.27-r7
> >
> > Intel Core2Duo 8400
> > nvidia geforce8800GT
> >
> > Thanks
> >
> > Nicola
>
> Hello,
>
> This may or may not be your problem, but I have found xorg-sever-1.5.3 and
> xorg-server-1.5.3-r1 to be unstable.  However, xorg-server-1.5.2 works fine
> for me.  I just masked the other two.  What I mean by "unstable" is that
> they will lock up my system - the mouse and keyboard won't work, so I have
> to do a hard boot.
>
> Regards,
> Chris

Thanks for the reply, I didn't find xorg 1.5.3 unstable, I use every day with 
kde 3.5.10 or gnome. I had the mouse and keyboard problem too, but I resolved 
commenting out the entry in my xorg config file and switching to udev for 
keyboard and mouse configuration. I will try compiling switching back to 
1.5.2 to see if something changes.

Thanks again

Nicola

[gentoo-user] digikam, gtkam,... what's else?

[Andrew Gaydenko]

digikam (during this KDE3-to-KDE4 epoch) can not be installed (see Gentoo bugs 
related to 'digikam'), gtkam shows PTP I/O error... Is there other software I 
have missed? I have Canon ixus 40 camera.

Re: [gentoo-user] Permissions of files in /sys/

[pk]

Momesso Andrea wrote:



> Hmmm... Having not recived any answers might mean that my suspects are
> right and there is no way to create an udev rule for my scope.
> 
> I think I will have to change those permissions manually at boot time

You can make udev run a *sh script... man udev, locate RUN keyword.

Best regards

Peter K

[gentoo-user] Re: Problem with Kde 4.1.X

[Nikos Chantziaras]

Nicola wrote:
Hi, 
I have searched on google and bugtrack for weeks for people with a similar 
problem with the new kde 4.1.X but I didn't find anything. I have some 
problem even to describe the problem beacause I don't know how to figure out 
what is wrong with my system. The real problem is that kde 4.1.X didn't start 
if I use kwin. I only get it start if I use another window decorator (for 
example compiz). I have tried with 4.1.3 and 4.1.4 but with the same problem. 
After the login screen i get the splash screen but at the end of the sequence 
I'm kicked out to the login screen. 


I have that too now but only after emerge updated to KDE 4.1.4.  4.1.3 
was working fine.  I didn't try to solve it since I use KDE3 and 
installed KDE4 only to check it out.

[gentoo-user] Re: uvesafb - does it require use of initramfs/initrd?

[Nikos Chantziaras]

rea...@newsguy.com wrote:

Paul Hartman  writes:


I'm ashamed to admit I made the most basic mistake. I compiled uvesafb
as a module. Oops! Compiled it as "Y" instead of "M" and now I have a
pair of Tux sitting atop my kernel boot screen and no more 80x25
horror. :)


Is there some difference in uvesafb and vesafb?  I've always just ignored
the uvesafb choice and used plain vesafb.

I just assumed from the name of it and the menuconfig help on it that
it was something only usable in `userspace'.  I took that to mean
after bootup.. something you'd do from the command line.

Anyone here that can explain what the difference is.


uvesafb also works on non-x86 system.  It has one drawback though: it 
doesn't switch to graphical mode right from the start like vesafb does. 
 Instead, you get the initial kernel messages in text mode and need to 
wait for graphics to kick-in.  With vesafb, you're in graphics mode 
right from the start.  That pretty much makes uvesafb a poor choice for 
bootsplash configurations.

[gentoo-user] Bash completion annoyance: escapes directory variables.

[Jean-Baptiste Mestelan]

Hello all.


Now, I am unsure whether this is a feature, but:
when I tab-complete 'cd ' followed  an environment variable, bash
insists on escaping this variable.

ex: cd $ -> cd \$
Which means I end up typing for example
# cd \$DOC
and this is not resolved right.

If the variable path is not preceded by 'cd ' , bash completes it OK,
without escaping them.


Is there any way I can fix this behaviour ?
Thanks for your tips.

Re: [gentoo-user] Re: Append string on Kernel builds

[Robert Bridge]

On Fri, 16 Jan 2009 19:36:42 -0600
rea...@newsguy.com wrote:
> What I asked was if there is some tricky syntax I could use on that
> kernel setting that would do:  linux-2.6.26-gentoo-$HOST-N
> Where N is an incremented number every time I build the kernel without
> running `mrproper'.

Not quite what you are asking, but would appending a timestamp to the
name work instead? It would pretty much guarantee a different name for
every build.

Just a thought,
RobbieAB.


signature.asc
Description: PGP signature

Re: [gentoo-user] Problem with Kde 4.1.X

[Chris Walters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Nicola wrote:
> Hi, 
> I have searched on google and bugtrack for weeks for people with a similar 
> problem with the new kde 4.1.X but I didn't find anything. I have some 
> problem even to describe the problem beacause I don't know how to figure out 
> what is wrong with my system. The real problem is that kde 4.1.X didn't start 
> if I use kwin. I only get it start if I use another window decorator (for 
> example compiz). I have tried with 4.1.3 and 4.1.4 but with the same problem. 
> After the login screen i get the splash screen but at the end of the sequence 
> I'm kicked out to the login screen. 
> I need some advice to how and where begin to search for the problem. Which 
> file I need to parse in search of the problem? Is there on the ML someone 
> whith the same problem?
> 
> Xorg:1.5.3-r1
> nvidia-drivers:177.82
> kernel:2.6.27-r7
> 
> Intel Core2Duo 8400
> nvidia geforce8800GT
> 
> Thanks
> 
> Nicola

Hello,

This may or may not be your problem, but I have found xorg-sever-1.5.3 and
xorg-server-1.5.3-r1 to be unstable.  However, xorg-server-1.5.2 works fine for
me.  I just masked the other two.  What I mean by "unstable" is that they will
lock up my system - the mouse and keyboard won't work, so I have to do a hard 
boot.

Regards,
Chris
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJJcbq9AAoJEIAhA8M9p9DAx7gP/2CBubwV5g+21f9r4QWxEQx2
Xv4pFYUz4oLI/b/JY2jBIXm+lMm88lToetneP8yLgjdTCadxDmB36dKyWqVo5aul
TxphaB+uw50WEEN1ayYzVT4xWUCme63DxGsLGRjL+cID0xpvw42DJIvACaR94LOm
GJAiHgt6SjoHHcizHqi5JJ6gpDZxgBGBYhlSqpRqgJAJUYIWDi/4FqUyGbIi6u2K
S/6D+3SUI09SuPveCRwwdWzp11kcJFXlLVGb0w5A2Om69rxajGSIRoqle3aU+twO
jx3CHpF4vCA9yg5aQaQ4kyILuss7cKnCfQt/8a+yU9KJYUjP5eWLExqSnYnDbmdU
sFDgpGpgkez4OQikNKG4ti1xBXkjX1kLzCMj4Axda6ZuKRpAslGvOY4xeR5cDJ5S
OSMuVu/C41C8BiWICQgQixhIuTROBo0pdoBXQDJMod0aLxfLtM/hBjBVDQphBt6i
wUlgHEcFpSQJQwa+Cp4lc1SrZwNXPtYlT4Ma7Nhdcf7mX2VeJcbh8kio1pNwFGKp
9BZIwkIAsZiD44fUsB/iT0kMeG4DaOHoz+cs+mHBCW/onBH78RJCyEhEvHMiuTu2
HZlFWY6VMIcd52yQsJQdu0Ck3dEXnjSGG1q/JeISi5UbI5V05Am/pF6oolGykNca
K7HSh3AOPaR9TA5Nxuj1
=C553
-END PGP SIGNATURE-

[gentoo-user] Problem with Kde 4.1.X

[Nicola]

Hi, 
I have searched on google and bugtrack for weeks for people with a similar 
problem with the new kde 4.1.X but I didn't find anything. I have some 
problem even to describe the problem beacause I don't know how to figure out 
what is wrong with my system. The real problem is that kde 4.1.X didn't start 
if I use kwin. I only get it start if I use another window decorator (for 
example compiz). I have tried with 4.1.3 and 4.1.4 but with the same problem. 
After the login screen i get the splash screen but at the end of the sequence 
I'm kicked out to the login screen. 
I need some advice to how and where begin to search for the problem. Which 
file I need to parse in search of the problem? Is there on the ML someone 
whith the same problem?

Xorg:1.5.3-r1
nvidia-drivers:177.82
kernel:2.6.27-r7

Intel Core2Duo 8400
nvidia geforce8800GT

Thanks

Nicola

Re: [gentoo-user] Restricting Firefox website access

[Peter Humphrey]

On Saturday 17 January 2009 06:30:45 Mike Kazantsev wrote:

> And since you're using gentoo you can also pass rsync traffic through
> a proxy. Rsync (as well as wget and lots of other tools) will use proxy
> automatically if RSYNC_PROXY (http_proxy/ftp_proxy for other apps,
> lower- and uppercase) env var is set.
> For squid to pass rsync traffic you'll need to specify rsync ports in
> squid.conf, like this:
>
> acl SSL_ports port 873  # rsync
> acl Safe_ports port 873 # rsync

Another way, of course, is to run rsyncd on one machine on the network, and 
point the other machines to it for emerge --sync. This is getting a bit 
off-topic, though.

-- 
Rgds
Peter

Re: [gentoo-user] Restricting Firefox website access

[Alan McKinnon]

On Saturday 17 January 2009 07:34:59 Grant wrote:
> >> That sounds good, how can I do that?
> >
> > iptables module "owner" handles that stuff, just "man iptables" if
> > you'll have any trouble.
> >
> >  iptables -A OUTPUT -m owner --uid-owner someuser -m tcp --dport http -j
> > REJECT
>
> I brought this to the shorewall list for config advice, but I was told:
>
> a) NO PACKET FILTERING FIREWALL (which includes Shorewall) has any
> notion of domains. So filterinG by domain is a non-starter.
>
> b) When referring to packet filters, filtering by user id (e.g., root)
> can only be done for connections originating from the firewall. See "man
> shoreall-rules" and read about the USER/GROUP column.
>
> Here was my original request:
>
> I'd like to restrict the websites one of the computers on my network
> can access in Firefox.  It only needs to access 2 different domain
> names and I don't want it to be able to access any others.  I can
> restrict it at the router if necessary because the router is a Gentoo
> system.
>
> I think this leaves a squid proxy setup as my only option?

Restrict by source AND destination IP

This requires only that the computer in question has a static IP or a 
permanent lease (so you always know what it is), and you know the IP of the 
web sites to be accessed (dig is a very good friend). Allow these, deny 
everything else to destination port 80.


-- 
alan dot mckinnon at gmail dot com