Re: [gentoo-user] RE: Re: ssh and tar combined?
On Dec 28, 2005, at 5:00 PM, Willie Wong wrote: On Wed, Dec 28, 2005 at 06:31:48PM +, Penguin Lover Mick squawked: On 2005-12-28 07:29:31 + (Wed, Dec), Mick wrote: What does "not a regular file" mean? :=@ Do an 'ls -l /mnt/sda14/sda5_var.tmp and the first character on the left will tell you what kind of file is this. OK, I am back at home now and have checked. It is a normal directory with normal files in it (well, it has ccache, kdecache, portage and the tmp symlink). So I am at a loss as to why it won't copy over. Any ideas? Directories need the -r option for recursive copying. unless you are taring them. W -- Chocolate has many preservatives. Preservatives make you look younger. Sortir en Pantoufles: up 46 days, 15:21 -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] help
On Dec 29, 2005, at 9:14 AM, gentoo user mail list wrote: okay... we're good, but we need a BIT more information than that. :) -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] A few (gentoo-newbie) questions (mainly about binary packages)
You cannot really stay current on binaries but you can gradually convert your binary installation to a self-compiled one. You said above that your *main* machine was a laptop with insufficient harddisk space and CPU power. That implies you do have at least one other box. You could keep the whole portage tree, including the sources, on that other box and nfs mount it. Alternatively, if that other box has got more CPU power, you can compile the whole thing there, tar everything (except the portage tree) up, boot the laptop from a livecd, get the tarball over and ... well ... untar it. ;-) That's what I usually do with a new box, so I don't have to start from scratch. bear in mind that this is more difficult if they two machines don't have the same architecture/use flags. be careful with this approach. If you optimize a compile for a p4 and try to run it on a p3...well, that might or might not work. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Multi-user Console Viewing
one called "poke" and "peek"works on all unixes i've found so far. pretty inexpensive, but not free. peek allows you to watch, and the "poke" part lets you take over. or you can use vnc with a particular argument to share the :0 display. On Dec 29, 2005, at 2:57 PM, Etaoin Shrdlu wrote: On Thursday 29 December 2005 19:39, Delca wrote: somebody knows a program that let me see what others are doing on their consoles? i.e.: I'm root and with 'w' command i see that 'foo' user is running 'vi index.php' but i need to see what is he typing so i can have control of what is he doing. I find the use of such tools questionable at best, anyway, there used to be a tool called ttysnoop or something similar, google is your friend. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh and tar combined?
On Dec 30, 2005, at 9:21 AM, Neil Bothwick wrote: On Wed, 28 Dec 2005 08:22:26 -0600, John Jolet wrote: or ssh sourcebox "tar -czvf - /path/to/be/backed/up" | dd of=target.tar.gz tar outputs to stdout be default, so "-f -" is redundant, as is the use of dd. All you need is ssh hostname tar cf /source/path >backup.tar.gz hmm, I'm not sure this behavior is consistent across all versions of tar and all versions of ssh. I could be wrong, but the process I outlined will work on linux, aix, solaris, bsd, at least (those are the ones i've tested). but hey, I could be wrong...just because method a works doesn't mean it's the only method...that's the beauty of unix. -- Neil Bothwick Whats the difference between a magician and a brothel? One has a cunning array of stunts, -- gentoo-user@gentoo.org mailing list
[gentoo-user] xorg config
Okay, so i'm experimenting with the split kde ebuilds, having done a kde-meta the last time. However, when I did that, I got all my hardware configured and set up automatically somehow. when I just did emerge kdebase-startkde, It won't allow me to go beyond 640x480. So I ran xorgconfig, and now I've apparently picked the wrong mouse (it's a usb trackball) port and nothing works. Is there a script that will set all this for me? I really, REALLY hate mucking about in that stupid xorg.conf file. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] xorg config
On Dec 30, 2005, at 11:40 AM, C. Beamer wrote: John Jolet wrote: Okay, so i'm experimenting with the split kde ebuilds, having done a kde-meta the last time. However, when I did that, I got all my hardware configured and set up automatically somehow. when I just did emerge kdebase-startkde, It won't allow me to go beyond 640x480. So I ran xorgconfig, and now I've apparently picked the wrong mouse (it's a usb trackball) port and nothing works. Is there a script that will set all this for me? I really, REALLY hate mucking about in that stupid xorg.conf file. Xorg -configure yeah, did that. problem is that said it couldn't determine my mouse...so I booted to the live cd and looked at what /dev/mouse was symlinked to. /dev/input/mice. why that symlink didn't get created here, i don't know. but I put it in and it works...now i've just got to figure out how to get more than 640x480 resolution.. See: http://www.gentoo.org/doc/en/xorg-config.xml Regards, Colleen -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh and tar combined?
On Dec 31, 2005, at 8:26 AM, Neil Bothwick wrote: On Fri, 30 Dec 2005 18:58:17 +0100, Alexander Skwar wrote: tar outputs to stdout by default, Not always. From man tar -f, --file [HOSTNAME:]F use archive file or device F (default "-", meaning stdin/stdout) So "-f -" is unnecessary, but harmless. yes, this is a style question here. I always prefer to be explicit, where I can. Inevitably, in this business, you move on and someone will have to come behind and understand your scripts. when you're looking at a long line embedded in a script, it's SO much easier to debug when the stdout is explicitly listed, than assumed. This also allows for changes in default behavior. Such practices become habit. But you are correct, today this -f - is unnecessary. Tomorrow? who knows what decisions might be made regarding default output. My point is, being precise costs nothing... nothing but a few keystrokes. -- Neil Bothwick teG I sdrawkcaB eroM ehT oG I sdrawroF eroM ehT -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ssh and tar combined?
The file /etc/default/tar contains a list of tape devices. So on Solaris 2.8 if -f is not specified and $TAPE is not set, which it isn't by default, then tar will use a tape device *not* stdin/stdout Steve -- Thanks, Steve. This is the point I was trying to make, but I'm at home with only linux and mac boxes... My point was if you specify the arguments you want, every time, you don't usually have to stop and wonder what the default behavior is on a given platform. Not a problem if you're always on linux or know for sure that you're hitting gnu tar. But for those of us who support a variety of platforms, not making assumptions about defaults is a good habit to get into (not speaking only of tar). -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] KDE 3.5 : Kicker & other ebuilds fail
On Jan 1, 2006, at 9:02 AM, Philip Webb wrote: Before I submit a bug report, has anyone had a similar experience ? Does anyone have anything to suggest to try first ? I did an emerge kdebase-startkde and didn't see any errors, but the kicker doesn't seem to exist...so maybe it failed and I just didn't notice. I simply assumed it wasn't part of kdebase-startkde. I started to install KDE 3.5 (split) -- still ~x86 -- & got Kdelibs done, then went on to Kdebase-startkde, which pulls in 17 dependencies. Some of them went thro' ok, but then Kicker refused as below; I tried others & Khelpcenter Kdebase-kioslaves Kdesu Ksplashml failed at the same point. I took time out to get my Docbook pkgs upto-date, but no change. I checked Bugs & Forum & found nothing directly on this nor any solution, tho' a couple of people had run into it with Khelpcenter 3.4.1 (I have 3.4.1 installed & working perfectly well). The relevant error lines for Kicker seem to be the following : make[2]: Entering directory `/z/tmp/portage/kicker-3.5.0/work/ kicker-3.5.0/doc' Making all in kicker make[3]: Entering directory `/z/tmp/portage/kicker-3.5.0/work/ kicker-3.5.0/doc/kicker' /usr/kde/3.5/bin/meinproc --check --cache index.cache.bz2 ./ index.docbook XPath error : Undefined variable compilation error: file /usr/kde/3.5/share/apps/ksgmltools2/ docbook/xsl/html/autotoc.xsl line 544 element div Attribute template class: failed to compile $titles Other lines further down include : concat('ln-',$id,$html.ext) ... substring-before($stylesheets, ' ') ... unable to parse ./index.docbook Anyone have thoughts or suggestions before I submit a bug report ? -- ,, SUPPORT ___//___, Philip Webb : [EMAIL PROTECTED] ELECTRIC /] [] [] [] [] []| Centre for Urban & Community Studies TRANSIT`-O--O---' University of Toronto -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Can't get Vi
On Jan 3, 2006, at 2:02 PM, Shawn Singh wrote: Hey all, When trying to emerge vi, emerge fails on step 1 of 3 because it cannot find vim-6.3.068-netrw.tar.bz2. Here is a snippet from the last bit of the run of emerge: 09:55:37 ERROR 404: Not Found. !!! Couldn't download vim-6.3.068-netrw.tar.bz2. Aborting. try an emerge --sync. I've been getting the same results for the past week and a half. Any suggestions? Thanks, Shawn Singh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] cron help
On Jan 3, 2006, at 8:04 PM, Kris Kerwin wrote: Hi all, Let's play everyone's favorite game, "What did Kris do wrong"? ;-) I've been working on a set of scripts to utilize Mark Lyon's gml (Google Mail Loader), a tool to upload email to GMail for easy storage and searching. So far, the scripts work when called explicitly from the command line, but will not work when called from a cron job. you ARE aware that your environment and your cron's environment are not the same, right? Paths are not the sameetc. you might want to add an env command to the top of this script and compare that with an env command run at the command line to see the differences. Here's what I entered in my crontab: --- --- # Sync GMail */5 * * * * krisbash /home/kris/bin/gmail_export/gmail_export.sh - Thanks in advance! Kris Kerwin [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] System shutdown from within Xfce
On Jan 4, 2006, at 7:43 AM, <[EMAIL PROTECTED]> wrote: You have to set yourself up to be able do shutdown and reboot if desired. Do this in the sudoers file. I don't have my setup where I can reach it at this moment but if you need I can post it later tonight. what you wanted was %wheel (root) shutdowncommand what you put was let wheel group run the shutdown command as vukyou want to replace vuk with root. From: Michael Kjorling <[EMAIL PROTECTED]> Date: 2006/01/04 Wed AM 08:26:16 EST To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] System shutdown from within Xfce -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: SOLVED: [gentoo-user] System shutdown from within Xfce
On Jan 4, 2006, at 10:53 AM, Michael Kjorling wrote: On 2006-01-04 08:07 -0600, [EMAIL PROTECTED] wrote: what you put was let wheel group run the shutdown command as vukyou want to replace vuk with root. There we go, thank you! For the benefit of the archives, this is what I got in the end and which works (\t is tab): %wheel\tALL=(root)\tNOPASSWD: /usr/libexec/xfsm-shutdown-helper I can now shut down and reboot from within the GUI, and it doesn't seem to have opened any obvious other security holes. well, except ANY user in your wheel group can shut down your box.not saying that's a bad thing, but you need to know who all is in it... -- Michael Kjörling, [EMAIL PROTECTED] - http://michael.kjorling.com/ * ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments * * . No bird soars too high if he soars with his own wings . * -- gentoo-user@gentoo.org mailing list
Re: SOLVED: [gentoo-user] System shutdown from within Xfce
On Jan 4, 2006, at 11:23 AM, Michael Kjorling wrote: On 2006-01-04 11:09 -0600, [EMAIL PROTECTED] wrote: I can now shut down and reboot from within the GUI, and it doesn't seem to have opened any obvious other security holes. well, except ANY user in your wheel group can shut down your box.not saying that's a bad thing, but you need to know who all is in it... Yes, I am perfectly aware of that and it is also what I want. Of course my account is the only one besides root that is in the wheel group, but that's my own headache. :) sorry, too much time spent pointing out the obvious to management lately :) -- Michael Kjörling, [EMAIL PROTECTED] - http://michael.kjorling.com/ * ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments * * . No bird soars too high if he soars with his own wings . * -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] su stopped working
what are the permissions on the su binary? On Jan 9, 2006, at 8:18 AM, Beau E. Cox wrote: Hi - Very strange... 'su' ( and 'sudo' ) stopped working for my normal users. I get the "su: Permission denied, Sorry." message. I have tried: 1) changed the root password; no joy 2) created a new user and tried 'su'; ditto 3) tried in X( kde ) and non-X; nope 4) rebooted; nada I can't seem to find any change from the last time I used su ( Friday ) and now that would account for this problem. Can anyone think of what I should try next? -- Aloha => Beau; -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to do "account management" across multiple Unix boxes?
On Wednesday 11 January 2006 13:51, [EMAIL PROTECTED] wrote: > Is there a term for the situation where you have one computer as the > "user account master" and every other machine recognizes all user > accounts that are specified on the master? > > I'm sure there's plenty of packages and documentation on how to do > this, but I don't know what it's called, so I don't know where to > start looking. > > Basically, I have one OpenBSD box and three gentoo boxes. I'd like > to have the same user accounts on all of them, but not have to > manually create them each time. Especially for dealing with Samba > and NFS, it's nice to have consistent accounts. > > Given the name of a couple key packages and/or web links, I think I > could figure the rest out. openldap is one way kerberos is another (don't pick this one) nis or YP is another I prefer openldap, but be warned, all of these methods are fairly non-trivial depending on your experience level. maybe there's a way to do it with sama as well? > > Thanks! > Matt > > -- > Matt Garman > email at: http://raw-sewage.net/index.php?file=email -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to do "account management" across multiple Unix boxes?
On Wednesday 11 January 2006 14:04, Shawn Singh wrote: > NIS comes to mind and some recommended docs are: > > http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html > http://gentoo-wiki.com/HOWTO_Setup_NIS > Please be aware of the security issues surrounding nis. may not be a problem in your environment, but they are real. also, with ANY centralized sign-on/authentication methodology, it's VERY, VERY bad idea to have just one auth server. this goes for everything from nis to active directory (which is really just ldap). however, nis might be a good choice in your environment, despite the security issues, because if you make ALL of your machines nis slaves, and have them authenticate to themselves, if you nis master goes down, you can still get on the other boxes. Or you could just use rdist to fan out your /etc/shadow and /etc/passwd files ;) > On 1/11/06, John Jolet <[EMAIL PROTECTED]> wrote: > > On Wednesday 11 January 2006 13:51, [EMAIL PROTECTED] wrote: > > > Is there a term for the situation where you have one computer as the > > > "user account master" and every other machine recognizes all user > > > accounts that are specified on the master? > > > > > > I'm sure there's plenty of packages and documentation on how to do > > > this, but I don't know what it's called, so I don't know where to > > > start looking. > > > > > > Basically, I have one OpenBSD box and three gentoo boxes. I'd like > > > to have the same user accounts on all of them, but not have to > > > manually create them each time. Especially for dealing with Samba > > > and NFS, it's nice to have consistent accounts. > > > > > > Given the name of a couple key packages and/or web links, I think I > > > could figure the rest out. > > > > openldap is one way > > kerberos is another (don't pick this one) > > nis or YP is another > > I prefer openldap, but be warned, all of these methods are fairly > > non-trivial > > depending on your experience level. > > > > maybe there's a way to do it with sama as well? > > > > > Thanks! > > > Matt > > > > > > -- > > > Matt Garman > > > email at: http://raw-sewage.net/index.php?file=email > > > > -- > > John Jolet > > Your On-Demand IT Department > > 512-762-0729 > > www.jolet.net > > [EMAIL PROTECTED] > > -- > > gentoo-user@gentoo.org mailing list > > -- > Shawn Singh -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
[gentoo-user] 2005.1 installs on dual-core amd64
I've encountered very weird behavior with ALL flavors of 2005.1 and 2005.1-r1 install media for amd64. boots, but then says it can't find ROOT. 2005.0 works fine, as does x86 2005.1. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] 2005.1 installs on dual-core amd64
On Wednesday 11 January 2006 14:35, Lares Moreau wrote: > On Wed, 2006-01-11 at 14:15 -0600, John Jolet wrote: > > I've encountered very weird behavior with ALL flavors of 2005.1 and > > 2005.1-r1 install media for amd64. boots, but then says it can't find > > ROOT. 2005.0 works fine, as does x86 2005.1. that's all the message says. it's at the stage where it's looking for the cd to mount under /newroot. I didn't edit the fstab, this is the livecd...and the minimal cd. I"m assuming it's looking for whatever is set as ROOT= in the grub.conf. dunno. like I said 2005.0 boots fine. > > More detail pls. > boots from the LiveCD? but cant find ROOT? > did you edit /etc/fstab? the default entry is /dev/ROOT ;) -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] 2005.1 installs on dual-core amd64
> > do you have a SATA cdrom drive? > Cynyr. no. it's ide. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] I can't send email anymore. O_O
On Thursday 12 January 2006 16:21, Dale wrote: > John Myers wrote: > >On Thursday 12 January 2006 13:54, Dale Kirkley wrote: > >>" An error occurred while sending mail. The mail server responded: 5.7.1 > >> Relaying denied. Please > >>verify that your email address is correct in your Mail preferences and > >> try again." > > > >Sounds like you need to check your SMTP Authentication settings. Go to > > Edit -> Mail and Newsgroups Account Settings -> Outgoing Server (SMTP) > >and verify that the settings are correct, especially the user name > > setting. > > Well, I am in Mozilla and it just started working again. > > This email is from Mozilla. If you get this, it works, for now anyway. > I may be back though. Kmail stopped for a while then started up again. > Now Mozilla works again. I hope. > > This is confusing me. I saw something similar with a client. she was using outlook express and on an sbc dsl connection. but was sending email for her roadrunner account. she was on sbc's net, and using sbc's mail server, but sometimes, not always, but most of the time, it would tell her that relaying was denied because of an invalid FROM address. looked like there were several actual mail servers behind a round-robin dns name and some had settings to filter on the from and only allow sbcglobal.net in the from. what a pain in the rear. > > Dale > > :-) > > -- > To err is human, I'm most certainly human. > > I have four rigs: > > 1: Home built; Abit NF7 ver 2.0 w/ AMD 2500+ CPU, 1GB of ram and right now > two 80GB hard drives. Named Smoker 2: Home built; Iwill KK266-R w/ AMD > 1GHz CPU, 256MBs of ram and a 4GB drive. Named Swifty 3: Home built; > Gigabyte GA-71XE4 w/ 800MHz CPU, 224MBs of ram and a 2.5GB drive. Named > Pokey 4: Compaq Proliant 6000 Server w/ Quad 200MHz CPUs, 128MBs of ram > and a 4.3GB SCSI drive. Named Putput > > All run Gentoo Linux, all run folding. #1 is my desktop, 2, 3, and 4 are > set up as servers. -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to compile 64bit Gentoo on a 32bit system?
On Jan 13, 2006, at 10:52 AM, Abhay Kedia wrote: On Friday 13 January 2006 02:04, Zac Medico wrote: You can boot off of the cd and build a kernel immediately or you can copy the cd's kernel. When booted from the cd, the kernel is found at /mnt/cdrom/isolinux/gentoo-em64t and corresponding modules are in /lib/modules. The install cd and stages are available from the /releases/amd64/2005.1-r1/ directory on the mirrors. Got the kernel and modules. Systems boots fine, just that I don't have X. This probably is expected as there might not be the necessary modules installed? Will be starting a 64bit install anytime now. Thanks for the tip of getting the kernel and modules from the CD. BTW is there any way I can get X? emerge Xorg? or emerge kde-meta -- Regards, Abhay -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ldap vs. pam
On Jan 13, 2006, at 11:03 AM, Allan Spagnol Comar wrote: Hi, I don´t know if this is a valid question, or I am making a big mess, but I was wondering witch autentication method is better, ldap or pam. I would like to know too if is possible to use bouth. ldap is one of the methods that can (p)lug in to pam (pluggable authentication method...) thanks. -- An application asked: "Requeires Windows 9x, NT4 or better", so I´ve installed Linux -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ldap vs. pam
On Jan 13, 2006, at 11:45 AM, Allan Spagnol Comar wrote: thanks. I believe I am starting to understand this. I was seeing that ldap can authenticate in a lot of types, like , databases, files, and PAM do some things like that too or am I wrong ? as far as I know you are wrong. ldap is an authentication mechanism. it stores usernames, passwords, and much more. hopefully, i'll not screw up this explanation. You sit down to your computeryou see the login prompt. You type username, it asks for a password. you give it one. it (the getty program) then passes those credentials to pam. pam looks in it's list of authentication mechanisms to see in what order you'd like to try to authenticate. say it's ldap, then nis, then shadow. so it does a query to ldap using your username as a key to retrieve your encrypted password. it then compares what returns (assuming you are in the ldap db) with the encrypted form of what you typed. If it matches, pam checks to see if that's simply a required authentication, or a sufficient authentication. it is possible with pan to require more than one test be passed before saying okay. if more tests are required, or you don't pass that test, pam goes down it's list of other methods. typically, for instance, root is only in shadow NOT in ldap. so usually, users are allowed to fail the ldap (or nis) and be checked against shadow. usually, though, shadow is the authentication method of last resort. so pam is a framework into which multiple authentication methods can snap. On 1/13/06, John Jolet <[EMAIL PROTECTED]> wrote: On Jan 13, 2006, at 11:03 AM, Allan Spagnol Comar wrote: Hi, I don´t know if this is a valid question, or I am making a big mess, but I was wondering witch autentication method is better, ldap or pam. I would like to know too if is possible to use bouth. ldap is one of the methods that can (p)lug in to pam (pluggable authentication method...) thanks. -- An application asked: "Requeires Windows 9x, NT4 or better", so I´ve installed Linux -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- An application asked: "Requeires Windows 9x, NT4 or better", so I´ve installed Linux -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ldap vs. pam
On Jan 13, 2006, at 2:37 PM, Jose Gonzalez Gomez wrote:2006/1/13, John Jolet <[EMAIL PROTECTED]>: On Jan 13, 2006, at 11:45 AM, Allan Spagnol Comar wrote:> thanks. I believe I am starting to understand this.>> I was seeing that ldap can authenticate in a lot of types, like ,> databases, files, and PAM do some things like that too or am I > wrong ?>as far as I know you are wrong. ldap is an authenticationmechanism. it stores usernames, passwords, and much more. LDAP is *not* an authentication mechanism. LDAP stands for Lightweight Directory Access Protocol, so LDAP is a protocol you use to access data stored in a structured way, called directory. An LDAP directory is a directory that may be accessed using LDAP. An LDAP server is a server that serves its data using LDAP. LDAP servers are used for a lot of things, and two of them may be single sign on or centralized authentication (they are different although related things).You are correct...I was attempting to highlight the distinction between a security storage mechanism (which is what I should have said) and a mechanism that does the actual authentication. To access data in a directory you may have to authenticate to access the data. This authentication can be done in several ways, and one of them is called simple bind: in this case you provide a path to locate an object in the directory and a password and the server "compares" the password provided with the password stored in the specified object. IIRC the PAM-LDAP module uses simple bind to authenticate an user trying to gain access to the system. This is, the PAM module takes the provided user and password and tries to authenticate itself against the LDAP server using the simple bind mechanism, translating the user into a path to locate the object representing that user in the directory. BIG WARNING: Don't do this unless you're using simple bind over SSL protected connections unless you want your passwords to travel (almost?) as clear text through the network. This MIGHT also not be a security risk if the ldap server and the service attempting to authenticate are on the same server. I usually did simple bind on the ldap server itself, and tls/ssl from all the other servers. HTH Jose
Re: [gentoo-user] ldap vs. pam
On Jan 14, 2006, at 4:41 PM, Allan Spagnol Comar wrote: thak you all. now I really understand what about PAM and LDAP. The upshot of all this is.if you have more than 5 computers that you want to all have the same usernames and passwords, ldap and nis, etc might be more than you need. rsyncing /etc/passwd and /etc/ shadow is probably going to be sufficient for a very small network. beyond 5 or so computers, the other methods start to earn their way. no matter what, though, pam stays in the soluution stack. On 1/13/06, John Jolet <[EMAIL PROTECTED]> wrote: On Jan 13, 2006, at 2:37 PM, Jose Gonzalez Gomez wrote: 2006/1/13, John Jolet <[EMAIL PROTECTED]>: On Jan 13, 2006, at 11:45 AM, Allan Spagnol Comar wrote: thanks. I believe I am starting to understand this. I was seeing that ldap can authenticate in a lot of types, like , databases, files, and PAM do some things like that too or am I wrong ? as far as I know you are wrong. ldap is an authentication mechanism. it stores usernames, passwords, and much more. LDAP is *not* an authentication mechanism. LDAP stands for Lightweight Directory Access Protocol, so LDAP is a protocol you use to access data stored in a structured way, called directory. An LDAP directory is a directory that may be accessed using LDAP. An LDAP server is a server that serves its data using LDAP. LDAP servers are used for a lot of things, and two of them may be single sign on or centralized authentication (they are different although related things). You are correct...I was attempting to highlight the distinction between a security storage mechanism (which is what I should have said) and a mechanism that does the actual authentication. To access data in a directory you may have to authenticate to access the data. This authentication can be done in several ways, and one of them is called simple bind: in this case you provide a path to locate an object in the directory and a password and the server "compares" the password provided with the password stored in the specified object. IIRC the PAM- LDAP module uses simple bind to authenticate an user trying to gain access to the system. This is, the PAM module takes the provided user and password and tries to authenticate itself against the LDAP server using the simple bind mechanism, translating the user into a path to locate the object representing that user in the directory. BIG WARNING: Don't do this unless you're using simple bind over SSL protected connections unless you want your passwords to travel (almost?) as clear text through the network. This MIGHT also not be a security risk if the ldap server and the service attempting to authenticate are on the same server. I usually did simple bind on the ldap server itself, and tls/ssl from all the other servers. HTH Jose -- An application asked: "Requeires Windows 9x, NT4 or better", so I´ve installed Linux -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Improving SpamAssassin's accuracy...
On Jan 15, 2006, at 7:59 AM, Stroller wrote: On 15 Jan 2006, at 10:15, Ryan Viljoen wrote: What I landed up doing is defining a set of my own rules that detected if penis, viagra, slut and such words occured it added a +10.0 to the spam assassin rating so if is clearly identified as spam. This is exactly what the navy did while my wife was in it. Unfortunately, my wife is a pediatrician, and so has quite a bit of legitimate email with many of those words in it. Be careful of your userbase demographics when setting up things like this. I'm somewhat cautious about this. I know you get very high hit rates with this, but it doesn't make any allowances for false positives - if I make a list of "banned words" like this, one of them is _sure_ to turn up one day. I don't plan to dump the detected spam to /dev/null, but to a separate folder (SpamAssassin is already doing this nicely with the %age it detects) but my suspicion is that users will probably never check that Junk folder once they find it rarely contains anything of interest. Stroller. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Concerns (possible security threat?)
On Jan 17, 2006, at 11:14 AM, Michael Sullivan wrote: I'm concerned. When I got out of the shower just now and came to check my email, I didn't have any. Concerned that sendmail might not be running, I ps'd for it: bullet mail # ps ax | grep 'sendmail' 9939 ?Ss 0:00 sendmail: Queue [EMAIL PROTECTED]:30:00 for /var/spool/clientmqueue 10305 ?Ss 0:00 sendmail: accepting connections 10801 ?S 0:00 sendmail: ./k0FKmpDE010833 gpeplpqel.shankscape.com.: user open 10810 pts/0R+ 0:00 grep sendmail I see that sendmail is connected with gpeplpqel.shankscape.com. I assume that someone at that host is trying to send mail to my domain, but I checked /var/spool/mail and I didn't see anything from them. I ps'd sendmail again and saw that they were no longer connected. I checked /var/log/maillog and see a bunch of these: Jan 17 11:04:10 bullet sm-mta[10801]: k0FKmpDE010833: to=<[EMAIL PROTECTED]>, delay=1+20:15:18, xdelay=00:03:10, mailer=esmtp, pri=8599167, relay=gpeplpqel.shankscape.com. [69.25.212.153], dsn=4.0.0, stat=Deferred: Connection timed out with gpeplpqel.shankscape.com. Is there a way to make sure that unauthorized people are not sending mail through my domain? telnet yourdomain.com 25 helo somedomain.com msg from someforeigndomain.com rcpt to someotherforeigndomain.com see if it slaps you down (note, i may have the msg from and rcpt to backwards, always forget) -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Concerns (possible security threat?)
On Jan 17, 2006, at 11:35 AM, Michael Sullivan wrote: On Tue, 2006-01-17 at 11:20 -0600, John Jolet wrote: On Jan 17, 2006, at 11:14 AM, Michael Sullivan wrote: I'm concerned. When I got out of the shower just now and came to check my email, I didn't have any. Concerned that sendmail might not be running, I ps'd for it: bullet mail # ps ax | grep 'sendmail' 9939 ?Ss 0:00 sendmail: Queue [EMAIL PROTECTED]:30:00 for /var/spool/clientmqueue 10305 ?Ss 0:00 sendmail: accepting connections 10801 ?S 0:00 sendmail: ./k0FKmpDE010833 gpeplpqel.shankscape.com.: user open 10810 pts/0R+ 0:00 grep sendmail I see that sendmail is connected with gpeplpqel.shankscape.com. I assume that someone at that host is trying to send mail to my domain, but I checked /var/spool/mail and I didn't see anything from them. I ps'd sendmail again and saw that they were no longer connected. I checked /var/log/maillog and see a bunch of these: Jan 17 11:04:10 bullet sm-mta[10801]: k0FKmpDE010833: to=<[EMAIL PROTECTED]>, delay=1+20:15:18, xdelay=00:03:10, mailer=esmtp, pri=8599167, relay=gpeplpqel.shankscape.com. [69.25.212.153], dsn=4.0.0, stat=Deferred: Connection timed out with gpeplpqel.shankscape.com. Is there a way to make sure that unauthorized people are not sending mail through my domain? telnet yourdomain.com 25 helo somedomain.com msg from someforeigndomain.com rcpt to someotherforeigndomain.com see if it slaps you down (note, i may have the msg from and rcpt to backwards, always forget) -- gentoo-user@gentoo.org mailing list I think I messed up the syntax somewhere: camille ~ # telnet espersunited.com 25 Trying 64.149.52.102... Connected to espersunited.com. Escape character is '^]'. 220 bullet.espersunited.com ESMTP Sendmail 8.13.4/8.13.4; Tue, 17 Jan 2006 11:33:21 -0600 helo somedomain.com 250 bullet.espersunited.com Hello [192.168.1.1], pleased to meet you msg from someforeigndomain.com 500 5.5.1 Command unrecognized: "msg from someforeigndomain.com" rcpt to someotherforeigndomain.com 503 5.0.0 Need MAIL before RCPT mail from instead of msg from. my bad. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] email within a LAN?
On Jan 17, 2006, at 2:37 PM, [EMAIL PROTECTED] wrote: Does anyone know of a relatively easy way to send email within a private LAN (192.168.x.x), and at the same time know when to send the mail to an external router? I have three gentoo boxes and one OpenBSD box in my home LAN; I'd like to be able to send email internally (i.e. without going out to the Internet) for various administrative notifications (e.g. smartd). When I researched this in the past, I couldn't figure out any way simpler than a nontrivial postfix setup PLUS a working DNS/bind installation. if you give all your machines a fake domain nameboo.boo, say. and set up a postfix server that considers itself authoritative for that domain, then your wife could send an email at [EMAIL PROTECTED], and her email client would be set up to send via that mail gateway (for ALL mail). the gateway (that postfix box) would accept the mail, look at it and say, oh, that's matt on me. you would then check that server via pop (or preferably imap) for the boo.boo domain mail. That's essentially what happens with my family, except I happen to own the jolet.net domain, and that box also handles incoming traffic for that domain. I'd call that pretty set it and forget it. Or better yet, spend the $7/year and buy your own domain. I use zoneedit to populate the relationship between jolet.net and my dynamic ip address on my broadband, and publish that as the mx for jolet.net. I'm wishfully thinking that there is now an easy "set it and forget it" way to accomplish what I want :) Anyone have any suggestions? Thank you! Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to come back to Mac OS X?
On Jan 18, 2006, at 2:45 PM, Alessandro Di Rubbo wrote: Hello to everyone, I've got an Apple iBook (Dual USB) with a Gentoo installation on it, but now I'm going to sell it and I would restore the original situation, installing Mac OS 9 and/or Mac OS X. When I installed Gentoo, I deleted every partion related to Mac OS because I didn't need them, so now I have only the Apple_partion_map, the Apple_Bootstrap (where is Yaboot) and an empty partition (I've already removed my old Gentoo partitions). I've tried to insert the Mac OS X (v 10.0.1) but the installer is not able to find any partion (hd): what can I do? Thank you very much for your help, in advance. when it boots from the cd, find the hd tools app and run it. you should be able to partition your hd with it. not sure which folder that's in, though. Alessandro -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] New install, I still can't send email. Same error too.
On Jan 19, 2006, at 7:11 AM, Dale wrote: On Thursday 19 January 2006 06:38, Dale wrote: OK, some of this is getting out of order here. I changed the flag in my USE to -ipv6. I then recompiled the programs that it changed on. It was Mozilla and a couple others as well that Mozilla uses. If you get this it is working, for the moment any way. It did work earlier to but then stopped when I reconnected. I'm not sure if this has anything to do with it but it was worth a try. I played a game of Solitaire while it was working on it. LOL I'll keep you posted. Now to find some people that I can send email to and not get mad at me. Any volunteers?? Thanks. Dale :-) Oh, somewhere along the way this thing popped up. When I hit compose or reply, a line comes up for "reply to". It didn't use to do that and I usually delete it. How do I make it go away? It bugs me. OK. I got a couple volunteers. I sent one of them a email then disconnected. After I got reconnected, Mozilla gives me a error. I'm in Kmail again. I have one thing I'm going to tell my ISP. Fix this or I'm getting another ISP. Ever since the hurricane it has been going downhill, fast. I have five numbers for them and can only connect to one of them and it is VERY slow, only 24K. I usually get 28K or so. My emerge sync took half again as long to do last night. Thanks for the help. I'm 99% sure this is a ISP problem since it works sometimes and then stops after a reconnect. What you folks think? I think you need a new isp. Dale :-) -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SATA Hardware vs Software RAID
On Jan 19, 2006, at 2:23 PM, kashani wrote: Mike Williams wrote: Yesterday an IBM ServeRAID decided to mark it's 3 SCSI disks as defunct when they are all in fact perfectly fine, giving me a 4am finish this morning after the major hassle of rebuilding, so I'm now heavily biased against hardware RAID, when I know software RAID is fully capable. Plus, mdadm can give you all the information you could ever need, and bugs get squashed quickly. http://bugzilla.kernel.org/ show_bug.cgi?id=5181 I think the general consensus is that now CPUs are so cheap, and so powerful, that they can quite easily offset the extra horsepower needed, unless your workload is heavily CPU bound. None of the workloads on any of my servers are heavily CPU bound, so apart from this one server that came with the card (though an acquision of another company), all my RAID needs (on some 16 servers) are done in software. Both software and hardware RAIDs can and will flake at some point so it's a toss up there. I find hardware a bit easier to work with as I never need to mess with grub and whatnot to get things to boot correctly. CPU is just part of the equation in RAID. Assuming I/O is your biggest problem having a nice 256MB cache on the raid card can change expensive short writes into nice long writes can really help an underperforming server. I'd say if you want raid for better fault tolerance stay with software raid. If you also need performance spend the money and get a decent RAID card. Do not get the lame ass winmodem raid cards. You'll have driver issues and they basically emulate a software raid badly. if you do go with software raid...make DARN sure you get grub installed on both drives, or you're wasting your time. (can you tell i've been down that road)? I personally prefer hardware raid, because if you go software raid, I don't believe your /boot partition can exist on the raid. so each drive would have to have a /boot partitionor has that need been alleviated? kashani -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SATA Hardware vs Software RAID
On Jan 19, 2006, at 3:02 PM, Jarry wrote: John Jolet wrote: I personally prefer hardware raid, because if you go software raid, I don't believe your /boot partition can exist on the raid. so each drive would have to have a /boot partitionor has that need been alleviated? Not true. Of course /boot can be on raid too, but in case of linux software raid it can be only raid1 (which in case of small /boot partition does not matter). All other partitions can be in raid0,1,5... My apologies. My software raid testing WAS with raid5. Thanks for the correction. Jarry -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Hardware Testing a PC
On Jan 20, 2006, at 8:47 AM, Midnight Toker wrote: Neil, Thank you, looks like this could be the thing i'm looking for. Midnightoker. me, too, just hadn't gotten around to asking :) On 20 Jan 2006, at 09:26, Neil Bothwick wrote: On Fri, 20 Jan 2006 00:55:23 +, Midnight Toker wrote: I'm wondering if anyone can recommend software which will put a "PC" through a full series of tests, including CPU, RAM, HDD... just generally thrash a machine so I know the hardware is good. Try searching Freshmeat for "stress test", there are several programs to put network, CPU, I/O etc. through their paces. There's also StressLinux, a live CD containing a number of these programs. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Easy? Software Products
This error is returned consistently: E [22/Jan/2006:11:53:45 -0700] StartListening: Unable to find IP address for server name "sarawak" - Unknown host if sarawak is the name of the box in question, adjust the line in / etc/hosts for 127.0.0.1 to include sarawak. but cupsd.conf defaults to localhost, right? Also it gives "unknown directive" when I uncomment the debug levels('debug2' and 'debug') in cupsd.conf and [EMAIL PROTECTED] ~ $ lpr docs/misc/whatevs lpr: error - no default destination available. and [EMAIL PROTECTED] ~ $ dmesg|grep -i printer parport0: Printer, HEWLETT-PACKARD DESKJET 610C yes, the proper ppd driver is installed in /usr/share/cups/model __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH and terminal emulation
On Jan 23, 2006, at 12:35 PM, Tom Smith wrote: I use Kermit 95 to connect to my server. When I run "pstree" from an SSH session, I get the following type of output: pcadobe ssh # pstree initqwqaacraid tq2*[agetty] tqcron tqevents/0 tqkhelper tqkhpsbpkt tqkjournald tqksoftirqd/0 tqkswapd0 tqkthreadqwqaio/0 x tqkacpid x tqkblockd/0 x tqkhubd x tqkseriod x tq2*[pdflush] x mqscsi_eh_0 tqminiserv.pl tqsshdqqqsshdqqqbashqqqpstree tqsyslog-ng mqudevd pcadobe ssh # I haven't been able to determine what changes need to be made to the client (Kermit 95) to make this appear as it would at the console. I have Kermit setup using Terminal Type: Linux Terminal Remote-Charset: cp437 what is the output of "echo $TERM"? cp437 helped with the "menuconfig" interface of a kernel recompile as it was doing similar things when run from an SSH session. Can anyone provide with some feedback as to what the problem might be and what I need to do to resolve it? Thanks in advance for your help! -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH and terminal emulation
On Jan 23, 2006, at 1:00 PM, Tom Smith wrote: John Jolet wrote: what is the output of "echo $TERM"? pcadobe ~ # echo $TERM linux pcadobe ~ # try "export TERM=vt220" and see if that helps. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH and terminal emulation
On Jan 23, 2006, at 1:56 PM, Tom Smith wrote: John Jolet wrote: On Jan 23, 2006, at 1:00 PM, Tom Smith wrote: John Jolet wrote: what is the output of "echo $TERM"? pcadobe ~ # echo $TERM linux pcadobe ~ # try "export TERM=vt220" and see if that helps. This did work for "pstree" but seriously broke functionality in Vim, an app that is heavily used via SSH. I did notice something interesting, though. If I set (in Kermit) Terminal Type: vt220 Terminal Remote-Charset: cp437 the next thing I would try is export the TERM value at the gentoo command-line and the TERM value at the other end both vt220. Okay, now for another question, that may or may not be relevant. why is kermit involved? if you are sshing into another box, why use kermit? -- gentoo-user@gentoo.org mailing list
Re: Completely and totally OT - Re: [gentoo-user] Have you seen my flamesuit? (Was: How many people use KDE?)
On Jan 23, 2006, at 2:00 PM, Antoine wrote: Personally I use ext3 for everything except windows partitions. I have 3 NTFS-partitions, and one FAT32 partition. The freeware read/ write ext2-driver for Windows doesn't work with Windows 2003, so I have to use FAT32. Especially because captive-ntfs aren't working for me. Seeing as we are all talking nonsense anyway - does anyone have an opinion on the fact that m$ just got a fat patent validated by a US court? Chrs isn't it cool how you can patent something you stole? A -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't chmod +u /sbin/halt anymore
On Jan 23, 2006, at 2:11 PM, Antoine wrote: Hi, Until now I have been able to chmod halt to let me halt/reboot as a normal user and my last big emerge -uDNav world put a stop to that - any ideas? Cheers Antoine and using sudo is out of the question? -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH and terminal emulation
On Jan 23, 2006, at 2:41 PM, Tom Smith wrote: John Jolet wrote: On Jan 23, 2006, at 1:56 PM, Tom Smith wrote: John Jolet wrote: On Jan 23, 2006, at 1:00 PM, Tom Smith wrote: John Jolet wrote: what is the output of "echo $TERM"? pcadobe ~ # echo $TERM linux pcadobe ~ # try "export TERM=vt220" and see if that helps. This did work for "pstree" but seriously broke functionality in Vim, an app that is heavily used via SSH. I did notice something interesting, though. If I set (in Kermit) Terminal Type: vt220 Terminal Remote-Charset: cp437 the next thing I would try is export the TERM value at the gentoo command-line and the TERM value at the other end both vt220. Okay, now for another question, that may or may not be relevant. why is kermit involved? if you are sshing into another box, why use kermit? Sorry, I probably should've clarified this from the beginning... I'm using Kermit 95 on Windows XP Pro to connect to my Linux server. (Kermit 95 is a commercial, Windows-only product; while ckermit is the *nix version and freely available.) That said... I believe I've done the equivalent of what you're asking. I ran the "export TERM=vt220" within the SSH session (on the server) and then changed Kermit 95 to match that terminal type. (This should have the same effect as what you suggested, right?) if this were a unix-unix connection, yes. have you tried PutTTY? free windows ssh client. VERY nice. (not trying to bash kermit 95, but haven't used it since...well 95) -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Dual Boot System Setup
On Jan 23, 2006, at 9:06 PM, Sean wrote: I have a laptop I want to setup to boot either Gentoo or Windows. Looking around I am trying to find recommendations as to which is better to install first, Gentoo or Windows. From what I found, either often gets a recommendation. Would anyone recommend which is the best method for setup, start with Gentoo or Windows? always, always install windows first. when you install grub with gentoo,you make the grub.conf that chainboots windows. if you install windows second, it won't ask...and you'll end up booting into the install cd and installing grub again anyway. I also want to setup a common partition for data storage which both can access. Again, can anyone recommend a setup? Thanks Sean -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] tar over ssh
On Jan 24, 2006, at 10:57 AM, Jeff wrote: Hey guys. I've got this big fat backup server with no space left on the hard drive to store a tar file. I'd like to pipe a tar through ssh, but not sure what the command would be. Something to the effect of: # cat /var/backup | ssh backup.homelan.com 'tar data.info.gz' So that, the data is actually being sent over ssh, and then archived on the destination machine. you have a tar file you want transferred, or a directory called backup? if it's a directory, i'd (from the target machine) ssh sourcemachine "tar /var/backup/* -" > data.info.gz see the very long discussion we had on this list about this a few months ago. Help! :-) -- Luke Skywalker: What a piece of junk! Han Solo: She'll make point five past lightspeed. She may not look like much but she's got it where it counts, kid. I've made a lot of special modifications myself. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] tar over ssh
On Jan 24, 2006, at 11:20 AM, Tom Smith wrote: Jeff wrote: Hey guys. I've got this big fat backup server with no space left on the hard drive to store a tar file. I'd like to pipe a tar through ssh, but not sure what the command would be. Something to the effect of: # cat /var/backup | ssh backup.homelan.com 'tar data.info.gz' So that, the data is actually being sent over ssh, and then archived on the destination machine. Help! :-) Not possible. What you want is more along the lines of AFS, NFS, SMB, or the like. WRONG. I do it all the time. If your backup files already exist, you can use SCP or SFTP to copy those to a different server. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] tar over ssh
On Jan 24, 2006, at 11:46 AM, Tom Smith wrote: John Jolet wrote: On Jan 24, 2006, at 11:20 AM, Tom Smith wrote: Jeff wrote: Hey guys. I've got this big fat backup server with no space left on the hard drive to store a tar file. I'd like to pipe a tar through ssh, but not sure what the command would be. Something to the effect of: # cat /var/backup | ssh backup.homelan.com 'tar data.info.gz' So that, the data is actually being sent over ssh, and then archived on the destination machine. Help! :-) Not possible. What you want is more along the lines of AFS, NFS, SMB, or the like. WRONG. I do it all the time. Ok,. my bad. (Open mouth, insert foot. :-D ) Being a *nix junkie, I tend to do some things old school--that is, there are specific tools that are (dare I say) more specialized to such a task. You know... SSH = Secure SHell, SCP = Secure CoPy, SFTP = Secure FTP... So I had never really looked into using the "ssh" program for copying files between servers--it's always been more of a telnet-like application for me. hmmm, old school, eh? I was doing that tar trick about 10 or 11 years ago. you HAVE to do that if you have no room to complete the tar file on the source, THEN transfer it. it's quicker than scping a lot of files and then tarring them up on the destination, especially if THAT doesn't have room for both the source files and the tar. I did extensive performance testing for database migrations about 5 years ago and what I said was by far the most efficient, timewise (though, I didn't simply redirect to a file, but dd of=filename) -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] tar over ssh
Well, perhaps "old school" has different meanings to different people. :-) I was referring to the UNIX "tools" philosophy in which each program has a very specific use, similar to qmail (the original, unmodified qmail, that is). And this is usually the direction I take when looking for "tools" to accomplish some task. But I suppose this philosophy doesn't really apply quite as much nowadays. I must say, though, I've always managed to anticipate the storage needs of my servers so running low on or (even worse) running out of disk space has never been a problem. So I've never had to research such "tricks" to get things to work within those types of constraints. Call me quirky, but that's part of being a sysadmin... Yes? ;-) -- as do I, but how often do you get to start with no servers at all? I think there's this one sysadmin running around setting up servers badly, and we all get hired in after him to clean upi've got one db server with a 3-gig root partition and a 5-gig tmp partition, and all the programs aren't using the tmp partition, using the /tmp directory. and the root filesystem is 90% full. Ga! gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] tar over ssh
On Jan 24, 2006, at 2:22 PM, Jeff wrote: This example that Francesco illustrates seems to work pretty well. I guess my main concern was with tar - would it be able to handle a filesystem this large? Myself, I haven't seen or heard any scary stories thus far. Anyone shed light on tar limitations? all of tar's limitations will have to do with the output file. typically, you'll run into problems at 2 gigs on some old kernels, or *nix variants. tar used to have a limit of like 8 gigs or so, assuming the underlying kernel/filesystem would allow itbut I haven't tried to push that limit in quite a while. For instance, 4 gigs is where you crash if writing to a fat32 partition. Thanks for all the colorful replies. :-) -Jeff Francesco Riosa wrote: Jeff wrote: Hey guys. I've got this big fat backup server with no space left on the hard drive to store a tar file. I'd like to pipe a tar through ssh, but not sure what the command would be. Something to the effect of: # cat /var/backup | ssh backup.homelan.com 'tar data.info.gz' So that, the data is actually being sent over ssh, and then archived on the destination machine. tar -zcf - /var/backup | ssh backup.homelan.com "( cat > data.info.gz )" something similar, probably is possible to avoid the use of cat bat don't came in mind at the moment -- Officer: We've analyzed their attack, sir, and there is a danger. Should I have your ship standing by? Governor Tarkin: Evacuate? In our moment of triumph? I think you overestimate their chances. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] tar over ssh
On Jan 24, 2006, at 5:25 PM, Iain Buchanan wrote: On Tue, 2006-01-24 at 17:23 +, Francesco Riosa wrote: Jeff wrote: Hey guys. I've got this big fat backup server with no space left on the hard drive to store a tar file. I'd like to pipe a tar through ssh, but not sure what the command would be. [snip] So that, the data is actually being sent over ssh, and then archived on the destination machine. tar -zcf - /var/backup | ssh backup.homelan.com "( cat > data.info.gz )" something similar, probably is possible to avoid the use of cat bat don't came in mind at the moment wow, I am quite blown away - not only at the fact that I just tried the above command (and it worked of course) but also that I've found a new way of doing something that I never thought of before. This is one to remember! (now, if only I'd backed up yesterday, before I did an accidental `rm *` instead of `rm *~`) good thing none of US has ever done that...as root from the / on a running production serverin the middle of month-end -- Iain Buchanan It's not? Are you saying that you SHOULD allow people (other than William Wallace) to shoot lightning bolts from their arse? -- Seth Galbraith -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] tar over ssh
On Jan 24, 2006, at 9:10 PM, Ow Mun Heng wrote: On Tue, 2006-01-24 at 17:23 +, Francesco Riosa wrote: Jeff wrote: Hey guys. I've got this big fat backup server with no space left on the hard drive to store a tar file. I'd like to pipe a tar through ssh, but not sure what the command would be. Something to the effect of: # cat /var/backup | ssh backup.homelan.com 'tar data.info.gz' So that, the data is actually being sent over ssh, and then archived on the destination machine. tar -zcf - /var/backup | ssh backup.homelan.com "( cat > data.info.gz )" There's another way. This assumes your originating server's CPU is slow/precious and you have a 16 way node on a backup server (HAHA!!) tar cf - /var/backup | ssh backup.homelan.com "gzip -c > filename.tar.gz" But you transfer the stream uncompressed, so more bits get transferred. you're kidding, right? Unless you've got a PII on the originating end and are using gigabit ethernet between the two nodes, compressing the data before transmission will almost always be faster. I tested this scenerio extensively about 3 years ago, using linux, aix, and solaris hosts. In no case was transferring uncompressed data faster than compressing (at least to some degree) the data on the originating server. And frankly, no matter what you do...wouldn't you hope ALL the bits get transferred? :) -- Ow Mun Heng Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM 98% Microsoft(tm) Free!! Neuromancer 11:10:24 up 11:00, 6 users, load average: 1.08, 1.04, 1.15 -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] tar over ssh
I read something some time ago that suggested if you transfer a compressed file over a compressed SFTP connection, for example, that it would take longer to transfer the data versus if only the data or the connection was compressed. The reason, as I recall, had to do with compressing already compressed data--this apparently created some overhead on the connection. Did you look at this situation in your tests? If so, what were the results? No, I see absolutely no reason to use sftp. Just scp. By default, compression is off on that, unless you've modified your ssh_conf. But I have heard the same thing about doubly-compressing things. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] AMD 64 bit system selections
On Jan 31, 2006, at 11:58 AM, James wrote: Hello, We'll I'm finally taking the plunge and building a high performance 64 bit AMD system. Oh, but the company paying for it insist upon windozXP 64bit, just in case Gentoo does not work. I'm really surprise some vendor is not listed on gentoo.org, as it'd make this purchase more straightforward, and It'd be a great opportunity to support Gentoo. Any 'off the shelf' system recommendations, or should I just purchase pieces? (Reasonable vendors that build systems and perform Gentoo installation here in the US?) What's the best 64 bit processor choice for performance for Gentoo? Dual-core? Complimentary ram specs? we're building our own with tyan motherboards, dual-core opterons and 4 gigs of ram (for the web servers, single core and 2 gigs). They have dual gig ethernet ports (one nvidia, one broadcom, drivers in the kernel). Haven't found any 400gig sata drives, at least not for a reasonable price, we're using i think some 250s with 3ware raid cards (the tyan motherboards only have fakeraid). Man these things SCREAM One word of caution...the amd64 boot image that's latest won't complete a boot, and the older 2005.0 has broken 3ware drivers. had to install 65-bit ubuntu on a small partition and boot to that to install gentoo. and that ubuntu is NOT smp enabled, so the build went slow until I could reboot into gentoo. we're building "blade" servers...not true blad servers, as each has it's own nics and power, but you can get 10 in a 7-u rack (I think it's 7 u) Mobo recommendations (lm_sensors and acpi support) in a 19 inch rack? N+1 redundant power supply recommendations? 10/100/1000 Ethernet support? What's the friendliest high end video card for displaying video (fast motion) that has open source drivers? Multiple displays? Which Sata-2 drives give good performance and size (400 G or more)? What's the best Raid level to run for storing, searching and manipulating tons of video, and should I get a Gentoo friendly controller or use software raid? Finally which file system would one recommed for this video server with the best, stable performance. ideas? James -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: ntp won't synchronize
On Feb 1, 2006, at 1:25 PM, James wrote: Devon Miller gmail.com> writes: Make sure you have told you firewall to allow port 123 for both TCP & UDP.I had the same behavior until I did that.dcm Well my firewall should allow outgoing initiated sessions from the ntpd (internal) server. From what I read, the remote ntpd server does not initiate communications, it my server that initates the communications? That assumed, my firewall rules (which are undergoing revision) are ok? OK, I'm new to ntpd, but it looks straightforward. after emerging, I started up ntpd and added it to the default run level. Then I checked and got: ntpq -p remote refid st t when poll reach delay offset jitter == ecoca.eed.usv.r 80.96.120.2532 u8 641 202.639 1436722 0.001 then: # date Wed Feb 1 14:58:04 Local time zone must be set--see zic manual page 2006 /etc/localtime is a lock file so where do I correct/set the time zone to EST (eastern standard time) so ntpd will see it can correct my actual time (it's off by a little more than (1) hour. But now when I run 'ntpq -p' I get: ntpq: read: Connection refused What did I mess up or miss? is ntpd dying? ps -elf|grep ntp should show you something besides the grep. James man zic and man ntpd did not help, or I missed the file to edit or the correct command syntax James -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: ntp won't synchronize
On Feb 1, 2006, at 2:18 PM, James wrote: James tampabay.rr.com> writes: John Jolet jolet.net> writes: But now when I run 'ntpq -p' I get: ntpq: read: Connection refused is ntpd dying? ps -elf|grep ntp should show you something besides the grep. Yep. Attempt stop it and start it again: /etc/init.d/ntpd start fails. Well I rebooted and it is running: 9480 ?SLs0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -u ntp:ntp It corrected the minutes but it's off by exactly one hour. It needs to be EST (eastern standard time) NY (Tampa Florida). so what file do I edit to correct utc to est ? #date Wed Feb 1 16:16:51 UTC 2006 in /usr/share/zoneinfo are your timezone files. copy or symlink the correct one to /etc/localtime. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Stupid Postfix alias question...
On Feb 1, 2006, at 6:32 PM, Eric Bliss wrote: I've got a user who wants his mail both kept locally and forked off to another server. Will the following work in the aliases file, or will it create an infinite loop? bob: bob, [EMAIL PROTECTED] I'm thinking it should work safely, but I can't seem to find the reference to in in the documentation, although I know it's gotta be in there somewhere. i'm thinking that's a loop. procmail would be a better choice for that. -- Eric Bliss systems design and integration, CreativeCow.Net -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Backup device (sata hdd) best filesystem
On Feb 2, 2006, at 10:12 PM, Harry Putnam wrote: I'm about to format 2 200gb sata drives and one 300gb ATA for use as recipients of all backups. This will mostly consist of rsnapshot created files. And a number of tar.gz and other compression type files maybe some ISO type files etc. I'm backing up two winxp video/sound editing machines 2 gentoo boxes including my person main desktop and laptop and my wifes winxp home box. I guess one consideration would be what file system works well with remote network backup tools like rsnaphot or bacula. All of ext2 ext3 and reiserfs seem to do about the same to me. I've seen comments many times about the virtues of reiserfs and that is currently what most of my desktop is (except ext2 boot). That is new for me I always used ext2 then ext3 when it became common. I've seen nothing remarkable using reiserfs but have no real idea of what to expect and really NO idea what would make a good backup fs. I've not done any benchmarking...however, due to the way they work, what i've heard is that reiser is better for lots of small files, while ext3 performs better with fewer large files. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
[gentoo-user] permissions problem
Okay, I give up. I've been struggling with a couple of very, very strange permissions problems for months. I just finished an emerge - e system and emerge -e world hoping it would fix it. first problem: trying to use sudo, but it keeps saying "can't open sudoers file, permission denied". even if i'm root doing sudo it tells me that. here is permissions on /etc/sudoers: -r--r- 1 root root 1643 Feb 3 04:48 /etc/sudoers here is sudo itself: ---s--x--x 1 root root 97104 Feb 4 08:53 /usr/ bin/sudo I've compared this to other, working gentoo boxes and it all seems the same. In addition, I'm trying to run MailScanner and if I try to have it run as postfix, I get a message that it can't open it's MailScanner.conf, even though i've made that owned by postfix. Not sure if that's related, but it seems it could be. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ... Can't connect to local MySQL server ...
On Feb 4, 2006, at 6:22 PM, A. Khattri wrote: On Sun, 5 Feb 2006, Fredrik Lundgren wrote: When I try to visit with $ mysql -u root -p password. *** I get ERROR 2002 (HY000): Can't connect to local MySQL server through socket 'var/run/mysqld.sock' (2) Evidently my configuration is wrong Has anyone a tip or two ? Maybe start mysqld? /etc/init.d/mysql start and make sure it's still running. and make sure there's an entry for the mysql client in the my.cnf pointing to the proper socket. and how do I get mysql to start at boot? Maybe use rc-update? rc-update add mysql default (Yes, its in the handbook) -- -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ... Can't connect to local MySQL server ...
On Feb 4, 2006, at 7:37 PM, Fredrik Lundgren wrote: Thanks for the suggestions! The problem is that # /etc/init.d/mysql start * ... * Starting mysql (/etc/mysql/my.cnf) * MySQL NOT started (0)[!!] In my.cnf [client] # password= your_password port= 3306 socket = /var/run/mysqld/mysqld.sock ... ... [mysqld] ... ... user= mysql port= 3306 socket= /var/run/mysqld/mysqld.sock ... So it appears that /var/run/mysqld/mysqld.sock somehow is corrupted How should that be fixed? not necessarily. make sure mysql is not running. check for the existence of /var/run/mysqld/mysqld.sock...if it exists, delete it. it shouldn't exist with mysql not running. Fredrik - Original Message - From: "John Jolet" <[EMAIL PROTECTED]> To: Sent: Sunday, February 05, 2006 1:40 AM Subject: Re: [gentoo-user] ... Can't connect to local MySQL server ... On Feb 4, 2006, at 6:22 PM, A. Khattri wrote: On Sun, 5 Feb 2006, Fredrik Lundgren wrote: When I try to visit with $ mysql -u root -p password. *** I get ERROR 2002 (HY000): Can't connect to local MySQL server through socket 'var/run/mysqld.sock' (2) Evidently my configuration is wrong Has anyone a tip or two ? Maybe start mysqld? /etc/init.d/mysql start and make sure it's still running. and make sure there's an entry for the mysql client in the my.cnf pointing to the proper socket. and how do I get mysql to start at boot? Maybe use rc-update? rc-update add mysql default (Yes, its in the handbook) -- -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] permissions problem
On Feb 4, 2006, at 7:56 PM, Richard Fish wrote: On 2/4/06, John Jolet <[EMAIL PROTECTED]> wrote: Okay, I give up. I've been struggling with a couple of very, very strange permissions problems for months. I just finished an emerge - e system and emerge -e world hoping it would fix it. first problem: trying to use sudo, but it keeps saying "can't open sudoers file, permission denied". even if i'm root doing sudo it tells me that. Try doing "strace sudo ..." as root. That should at least tell you what system call is returning -EPERM. okay, so I emerged strace and did that. didn't find any "EPERM" thing, but did find this: lstat64("/etc/sudoers", {st_mode=S_IFREG|0440, st_size=1643, ...}) = 0 setresgid32(-1, 0, -1) = 0 setresuid32(0, 1, 0)= 0 open("/etc/sudoers", O_RDONLY) = -1 EACCES (Permission denied) geteuid32() = 1 setresuid32(0, 0, 0)= 0 write(2, "sudo: ", 6sudo: ) = 6 write(2, "can\'t open /etc/sudoers", 23can't open /etc/sudoers) = 23 which just says permission denied, right? am I missing something simple here? i mean, root can read anything, right? -Richard -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT: Linksys router problems
On Feb 7, 2006, at 11:08 AM, Ernie Schroder wrote: I updated firmware on my linksys BEFSW11 router yesterday and I cannot receive email, nor access the email provider's website. I've spent about 3 hours on the phone with less that competent tech support people at #1 ntplx.net (email provider) #2 bellsouth.net (ISP) and linksys.com All blame the other guy. Linksys is telling me I need to set up port triggering for email and web surfing. The problem is that my bellsouth email account is un affected as are every other website I try to access. I have, for now, disconnected the linksys and am connected through a hub directly to the DSL modem/router. The problem is gone. I would really like to be able to use the router. I've gotten rather used to it in the 4 years I've had it working. Any ideas? there should be a little hole marked "reset" on the back somewhere. get a paper clip, unplug the device, and plug it in while holding down the reset button in the hole with the paper clip for at least 8 seconds. this should reset it to factory defaults. might want to make a note of your settings first. and any recommendation for port triggering for email and web surfing is patently riduculous. those are for incoming connections. -- Regards, Ernie -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Connecting to a WEP Airport router
On Feb 7, 2006, at 2:40 PM, Grant wrote: Hello, my housing complex just switched to an Airport router and I can't seem to connect. They are supposedly using WEP. There was a 5-character psk at first and wpa_supplicant told me it was an invalid key and it had to be at least 8 characters. They switched it to a 13-character psk and I still can't connect, although I don't get the invalid key error now. Does anyone know how to connect to a WEP Airport router with Gentoo? Everyone else is using Windows and Mac and they are connecting just fine. I've tried lots of different configurations in wpa_supplicant.conf to no avail and all of my software is up to date. well, you DON'T use wpa_supplicant. you put the key in /etc/conf.d/ wireless, unless it's open, you can say "any" and get connected. - Grant -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Faxing in Gentoo with Digital Phone Line
On Feb 8, 2006, at 2:11 PM, C. Beamer wrote: Hi Guys: I'm a little fuzzy here, so I'm asking for help. I recently subscribed to my local cable company's digital phone service. Now, I would like to send a fax from my computer. Is rp-ppoe what I need (and of course a fax client) to do this? If this is not what I need, please advise. I don't know about YOURS, but my cable company's digital phone service looks to devices...well like phone service. pretend it's a POTS. Regards, Colleen -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to determine if a partition is formated
Fdisk -l On 2/10/06 3:41 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > Is there a way to determine if a partition is formated, and the type > of formating, other than trying to mount it? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to determine if a partition is formated
Iain Buchanan wrote: > On Fri, 2006-02-10 at 14:03 -0800, Mike Owen wrote: >> On 2/10/06, John Jolet <[EMAIL PROTECTED]> wrote: >> > Fdisk -l > > no!!! > >> Even easier: >> waldo# file -s /dev/sdb1 >> /dev/sdb1: SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs) > > are you sure? At least for fdisk, (and maybe for 'file' as well) this > will just show what you've "told" the partition it is. > hmm, hadn't considered you'd lie to fdisk. You are correct, i'm sure, though lying to fdisk might have some consequences you don't like. I guess I'm not sure why you don't just mount the puppy. > What happens if you mark a partition with fdisk as type, say, fat32, and > then run mkfs.ext3 over it? fdisk -l will show fat32, file will > do .? > > There are other tools to help you, like disktype: > * sys-block/disktype > Latest version available: 8 > Latest version installed: 8 > Size of downloaded files: 39 kB > Homepage:http://disktype.sourceforge.net/ > Description: Detect the content format of a disk or disk image. > License: BSD > > HTH, > -- > Iain Buchanan > > Bumper sticker: > All the parts falling off this car are of the very finest > British manufacture. > > -- > gentoo-user@gentoo.org mailing list > > -- John Jolet Your On-Demand IT Department 512-762-0729 [EMAIL PROTECTED] www.jolet.net -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Problems with GRUB in the installation of Gentoo
On 2/12/06 11:21 AM, "Gilberto Martins" <[EMAIL PROTECTED]> wrote: > Hi, > On Sun, 2006-02-12 at 13:30 -0300, Gilberto Martins wrote: >> Hi again ... >> ---cut--- Then, kindly selected GRUB, and did this simple /boot/grub.conf file: default 0 timeout 0 splashimage=(dhb0,0)/boot/grub/splash.xpm.gz > think this is a typo^, mine is:splashimage=(hd0,0)/grub/splash.xpm.gz > > You are right, I did it wrong here. But the correct one is as you typed here. > >> Concerning to Kernel name, does it must have a specific name format ? >> If yes, wich would be the name ? > No i don't think is *has* to be a fixed name, but most people comply to > some conventions (e.x. kernel-2.6.15-r3, gentoo-kernel-2.6.15-r4 etc.) > Using 'genkernel' so don't remember, check install guide if interested. > Check grub man page & guide as Grub has some strange naming conventions. > > I tried not to use genkernel, for I did some changes in kernel. Can > any buddie confirm wich are the kernel file and others that must be > copied to \boot after compiling it in hand ? It can be called anything, but the file name you give it in /boot, of course, has to be the one you call out in the grub.conf line. So, you copy (for instance) arch/i386/boot/bzImage to /boot/kernel-kernelversion (I usually also copy .config to /boot/config-kernelversion). > > Thanks for all help you are giving. I was in other list many years > ago, and left for I haven`t received help, but RTFM as answers. I just > came here after reading gentoo handbook and Grub Manual and many > relative docs. > > Thanks for help. >> >> Thanks again. >> > HTH.Rumen -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Problems with GRUB in the installation of Gentoo
On 2/12/06 12:12 PM, "Gilberto Martins" <[EMAIL PROTECTED]> wrote: >> It can be called anything, but the file name you give it in /boot, of >> course, has to be the one you call out in the grub.conf line. So, you copy >> (for instance) arch/i386/boot/bzImage to /boot/kernel-kernelversion (I >> usually also copy .config to /boot/config-kernelversion). > > That`s what I thought. The ".config" tip, I wil do the same. What I > have to change in grub.conf ? Okay, so you compile gentoo-sources.2.6.15-r4 (just as a made-up example). So you copy arch/boot/bzImage to /boot/kernel-gentoo-2.6.15-r4, and copy .config to /boot/config-gentoo-2.6.15-r4. Then edit your /boot/grub/grub.conf and copy the whole stanza that was already there, including: title Linux-2.6.14-r2-2 win4lin enabled root (hd0,0) kernel /boot/kernel-2.6.14.2-w4l-2 root=/dev/hda2 Past it at the end. Change the title line to match the name you gave on the copy (Linux-2.6.15-r4), and the "kernel" line (/boot/kernel-2.6.15-r4). At the top of the file is the line: default 0 (or whichever one is active). Change the number to match the stanza you just added (remember they are numbered from zero, not one). Then save the file. > > thanx -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Problems with GRUB in the installation of Gentoo
> > Ummm... isn't there supposed to be a system.map for the kernel as well? > > I myself don't manually copy my kernels after compiling it; I use make > install to do so, and I have the following files in /boot for all my > kernels: I've never done anything with a system.map. I manually copy it myself to allow me to name them whatever I want. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Problems with GRUB in the installation of Gentoo
On 2/12/06 5:28 PM, "Holly Bostick" <[EMAIL PROTECTED]> wrote: >> I've never done anything with a system.map. I manually copy it >> myself to allow me to name them whatever I want. >> >> > Well, that's my point, sort of... what exactly do you copy, and has that > file been copied to Gilberto's /boot folder? From my /boot listing > previously, you can see that even SUSE creates a system.map in the /boot > folder, and that's a precompiled kernel (so it's not like it's copying > manually or via make install). So I kinda suspect that it's a needed > file across all distros, whatever it may be called and, looking in > /usr/src/linux, it is a separate file from the bzImage file, which is > the actual compiled kernel. The fact that the make install command also > finds it necessary to copy this file from /usr/src/linux to /boot is not > to be sneezed at either, imo. I see your point. However, how critical can it be, if I have 10 versions of kernels in /boot and in /boot/grub/grub.conf, and NEVER copied that file? It gets created in /usr/src/linux-, but NOT in /boot. And is not referenced anywhere in my grub.conf. If it's to be used, it needs to be called on the kernel line of the grub.conf. And I've got 30 gentoo servers running, without a one having the system.map file copied. > > Holly -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] [OT] Can bash do comments on files?
On 2/12/06 6:10 PM, "Iain Buchanan" <[EMAIL PROTECTED]> wrote: > On Mon, 2006-02-13 at 09:47 +1000, Alan E. Davis wrote: >> On 2/13/06, Gerhard Hoogterp <[EMAIL PROTECTED]> wrote: >>> Under linux that's not nessecary >>> as you can just use long filenames including spaces.. >>> >> >> I do that, of course. It solves 95% of my issues. Somehow, I still >> miss that feature. Additional comments would help me, for example, >> when I have a series of source code files with similar file names, and >> need to make comments to distinguish them. Especially when other >> programs are looking for the file names in a series. > > The simplest way I can see to do it, would be to: > - make a bash script called "ls" > - put it in your ~/bin directory (not in /bin) > - make an alias to _your_ ls, which first checks for a descript.ion file > or maybe even .comments file in the current directory, and then passes > the rest to ls. You know...now that you put it that way, I seem to recall seeing a project in freshmeat that did something like that > > A bit of fiddling, but that's what linux is about - if it doesn't work > the way you want it: make it work the way you want it!! > > Let me know if you want to know more about this method. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] [OT] find list of files and then copy them
On 2/15/06 11:10 AM, "Marco Calviani" <[EMAIL PROTECTED]> wrote: > Hi list, >i know this is OT for this list, but it deals in general with linux. > I need to search and copy a list of files that end with a particular > extension and belong to a certain user: i've managed this part with > > find -name "*.C" -user username Find -name "*.C" -user username -exec cp {} /targetdir \; > > now i would like only these files copied to a certain directory. > > How is it possible to accomplish this? > > Thanks in advance, > MC -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How many GB for / partition?
On 2/16/06 9:04 AM, "Martin Eisenhardt" <[EMAIL PROTECTED]> wrote: > Alexander Skwar wrote: >> Hm, as I said before - have a look at LVM. It makes >> life *SO* much easier. I don't quite get, why people >> still do the old style partitioning. >> >> For example, in your setup, how do you make /var larger, if need >> be? >> >> With LVM, it would just be a matter of "lvresize -L+512m >> /dev/Volume00/Var". You also wouldn't waste so much space. >> >> Alexander Skwar >> -- >> BOFH Excuse #126: >> >> it has Intel Inside > > I do agree with almost all you said (like - for instance - having separate > filesystems for the different top-level directories). Indeed, this (using > several small filesystems mounted together instead of one large filesystem > for /) is a technique that can be applied to speed things up (have a look at > http://gentoo-wiki.com/TIP_Speeding_up_portage to see how Portage may profit > from the use of small filesystems). > > Having said that, I would like to suggest that instead of using LVM, the > top-poster might be better off by using EVMS (http://evms.sourceforge.net) > since EVMS sports different UIs for all kinds of users (CLI, ncurses, X) and > automates many tasks like resizing etc. I have a question hereI was under the impression that evms sat below lvm...is it a one or the other thing? I've always been confused by the whole "partition" question, having come up through the AIX ranks, where such questions are nonexistent. Personally, for linux boxes, if it's my personal "workstation", I just go with /boot swap and /. For servers, I separate out /boot swap /usr /var /tmp using lvm (using the aix maxim that you make them as small as possible and resize at threshold). > > Kind regards > Martin Eisenhardt -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Problems with GRUB in the installation of Gentoo
On 2/16/06 11:05 AM, "Michael Kintzios" <[EMAIL PROTECTED]> wrote: > > >> -Original Message- >> From: Neil Bothwick [mailto:[EMAIL PROTECTED] >> Sent: 16 February 2006 16:10 >> To: gentoo-user@lists.gentoo.org >> Subject: Re: [gentoo-user] Re: Problems with GRUB in the >> installation of Gentoo >> make install does exactly the same, and sets up the vmlinuz and vmlinuz.old symlinks to point to your new and previous kernel respectively, so you don't need to edit grub.conf. >>> >>> Hmm, it doesn't on my two boxen. :-( I do not have a vmlinuz, >>> System.map and config links. >>> >>> Do I have to first set up the symlinks manually? >> >> Looking as /sbin/installkernel, it doesn't appear that you >> have to create >> the links. Of course, you do have to make sure /boot is >> mounted first :) > > Yep, /boot is always mounted (just to be sure I won't forget it, I > always mount it before I even cd into /usr/src/linux). Running make && > make modules_install does *not* create any links in my /boot directory, > ever. Could it be that there's something wrong with my system(s) - at > least three installations have always behaved like this . . . No, make makes the bzImage under /usr/src/linux.arch/.boot And make modules_install installes the modules in /lib, I think. Neither of them touches /boot. I THINK there's a make install that's supposed to do some stuff for you, but I prefer to do those steps by hand. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Re: Problems with GRUB in the installation of Gentoo
> > I am confused: how many 'make install's are there? Don't they 'all' do the > same? Are we talking about a customised (hacked) make install here? Install is a target to make. Install_modules is a target to make. What's confusing? Make is a command. Install or install_modules, or install_docs (for other things) are targets in the Makefile. -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] net.eth0 and net.eth1 choice + net.eth1 timeout
Emerge ifplugd. that's precisely what my laptop does. -Original Message- From: "Marco Calviani"<[EMAIL PROTECTED]> Sent: 2/17/06 2:29:46 AM To: "gentoo-user@lists.gentoo.org" Subject: [gentoo-user] net.eth0 and net.eth1 choice + net.eth1 timeout Hi list, i would like to share a problem that i'm encountering in dealing with two net interfaces. I've a "normal" ethernet device (eth0) and a wireless ipw2200 one (eth1). 1) i would like to have, at boot, a situation in which first of all eth0 is started; if dhcp signal is found proceed with the initialization of eth0, while if dhcp is not found try to start eth1. 2) as of now, at boot time i've only eth0; obviously if it's not connected via ethernet cable the dhcp goes in timeout and net initialization is failed. Then at the prompt i reissue /etc/init.d/net.eth1 start to start wireless connection. However, and here's the problem, the first time i digit this, eth1 goes in timeout too. Digiting another time the same command and everythig goes well. This situation is encountered everytime. Thanks in advance for any hint, MC -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How many GB for / partition?
the problem is they both have valid points. in this,as in nearly all aspects of unix administration, there is not a single right answer. -Original Message- From: "Patrick Börjesson"<[EMAIL PROTECTED]> Sent: 2/17/06 4:15:08 PM To: "gentoo-user@lists.gentoo.org" Subject: Re: [gentoo-user] How many GB for / partition? First, I can't really understand why either one of you two won't fully explain your reasonings when going against the other. It helps noone. On 2006-02-17 19:04, Hemmann, Volker Armin uttered these thoughts: > On Friday 17 February 2006 07:33, Alexander Skwar wrote: > > Hemmann, Volker Armin wrote: > > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote: > > >> Hemmann, Volker Armin wrote: > > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote: > > >> >> Hemmann, Volker Armin wrote: > > >> >> > > > >> >> > Why should he make /tmp noexec, > > >> >> > > >> >> Security precaution. > > >> > > > >> > if you have 10+ users with access to the box. But a workstation, > > >> > without even sshd running, it is not needed. Of course, if you have a system with _no_ services running (including apache, sshd and so on), or a firewall that blocks every and all incoming connection attempt, then for someone to access /tmp without having physical access to the system (in which case you're pretty much screwed anyhow) is, as far as I know, impossible.=20 This doesn't take into account client-side exploits; because with these the exploiting code has access to whatever resources the user running the client has, including writing to whatever areas that the user has.=20 > > >> "needed" - What's "needed", anyway? > > >> > > >> > And hey, why should /tmp noexec save you from anything? > > >> > > >> Because it does. > > > > > > so? how? > > > > Think, you might find out. What does noexec do, hm? > > > > Even *you* might find out... > > > > Well... If I think about it... No, you're too clueless > > to find out. > > > > Hint 1: "noexec" nowadays makes it impossible to execute > > programs stored on that filesystem. >=20 > I know, but it won't save you from anything. > After a user got in, he is a user. And every user has a place with write= =20 > permission (if he is user apache/httpd he has lots of places, where he ca= n=20 > store code). Outside of /tmp. Where? [Message truncated. Tap Edit->Mark for Download to get remaining portion.] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo kixtstart/jumpstart equivalent
Title: Re: [gentoo-user] Gentoo kixtstart/jumpstart equivalent On 2/17/06 11:30 PM, "Ghislain Bourgeois" <[EMAIL PROTECTED]> wrote: At my job, I designed a system we call Pullstart that we use to install Gentoo servers. I'm basically building what I call a "stage-4", which is simply a stage3 updated, with the packages we want added to it and a generic kernel built with genkernel. It is made available through a tarball on a web server and I have a simple script generated by web-based configuration utility to install it on the server and configure it for the machine (partitionning, networking, etc...). The only thing you need to run the script is to have a basic linux system running, which you can get with a livecd or a floppy like tomslinux (sorry, I forgot the exact name...). Of course, I have an NDA and the scripts all belong to the company, so I can't make it available, but you can build yourself something similar. I use something called systemimager that does a pxeboot install. Kinda a pain to do it with gentoo, as they really, really want redhat or suse, but it can be done.
Re: [gentoo-user] Resolving hostnames with OpenVPN/TUN device?
On 2/20/06 6:04 PM, "Jeff" <[EMAIL PROTECTED]> wrote: > Hey all. > > I've got OpenVPN installed, and it runs great. Only thing - I've noticed > between the Windows and Linux version - the Windows version seems to > auto-magically assign the proper nameserver addresses to the TUN device > once connected, hence I can just enter hostnames and ping or PuTTY with > no problem. > > How can I do the same with OpenVPN on Linux? So far, I have to enter IP > addresses, which isn't bad - it just stinks trying to memorize them all! There are instructions about this on the openvpn site, or at least the mailing list archives. Short answer is, you can't. Really, put them in the /etc/hosts file. The instructions talk about scripts that get run on interface up and down. They involve copying around /etc/resolv.conf files. Kinda clunky. > > Thanks! -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mysql DB file
On 2/21/06 2:52 PM, "Nick Smith" <[EMAIL PROTECTED]> wrote: > where is the actual mysql DB file stored? what it the name as well? > found info on the net that pointed to either /usr/local/mysql/data or > /usr/local/var neither of which contain a mysql dir, the latter doesnt > even exsist on gentoo. It should say in /etc/my.cnf where the data dir is. > > TIA > > nick > > -- > Linux, because I'd rather own a free OS than steal one that's not > worth paying for. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] chroot: cannot run command `bin/bash': Exec format error
On 2/22/06 5:03 PM, "Bo Andresen" <[EMAIL PROTECTED]> wrote: > Hi > > I have just purchased a new computer with a AMD Semphron 2800+ 64 bit > processor. I am installing it following the gentoo handbook of the amd64 > architecture - only I am using the x86 minimal livecd (2005-r1) and the > stage3-amd64-2005.1-r1.tar.bz2 tarball. Shouldn that be a problem? > > When I get to step 6a (chrooting) > http://www.gentoo.org/doc/en/handbook/handbook-amd64.xml?part=1&chap=6#doc_cha > p1 > I get the following error: > > livecd gentoo # chroot /mnt/gentoo bin/bash > chroot: cannot run command `bin/bash': Exec format error I've seen that when chrooting into 64-bit environment from a 32-bit kernel. You cannot boot from the x86 minimal and use an amd64 stage file. You need the amd64 boot cd. > > I did use LVM2 for partitioning but other than that I have followed the > handbook very throughly. I hope someone has a solution. Please feel free to > ask for any information that may be helpful. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How many GB for / partition?
> > There are too damn many myths about swap out there. Like this one: Always > configure twice as much swap as you have ram. Why? Why would I need more swap > if I increased my ram? You need at least a little bit of swap for peak memory > usage. Let's look at real numbers. Say, I am a bit low of ram for today's > computers. I have 256MB ram. For peak usage, I add 128MB swap. I open so many > applications/documents that the box starts swapping out 20MB. Sure, without > swap space, I wouldn't have been able to open the last document. But nothing > makes me stop there. I can as well run out of swap. The rule I always used (and do use) is twice ram, up to one gig of ram. Pretty much after that, I just do a gig of swap, and monitor it for growth. If my swap goes up AT ALL, I examine the typical workload on the box and consider adding ram. Ram may be more expensive than disk, but at less than $100 or so per gig, it's pretty cheap. I use swap as a "safety net", allowing me enough time to react if something goes nuts or leaks. > > If you have 2GB of ram and 2GB of swap your total available memory is 4GB. If > you need more you have to add either ram or swap. What you add is your choice > based on your needs for speed and the money you are willing to spend on > memory. That's it. > > End of rant. > > Uwe -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo LVM Newbie Question
Title: Re: [gentoo-user] Gentoo LVM Newbie Question On 2/23/06 2:22 PM, "CR Little" <[EMAIL PROTECTED]> wrote: I’m having a problem with LVM. I setup a volume group it had 5.91G in Free PE/Size now states 0/0 I have a logical volume inside that I tried to extend It now states 10.91 GB for LV Size. This lv is mounted to /home when I ran lvextend –L+5.91G /dev/vg/home it extended the lv but when you run df-h it doesn’t show an increased size. /dev/mapper/vg-home 5.0G 1.6G 3.2G 33% /home Apparently I missed a step and can’t find any information on how to fix this. Doesn’t it need to know how to format and add the LV extention? Help would be great. Yes, you missed a step. Extending the lv in no way increases the size of the fs. Extendfs is the command you need to “man”. Remember, the fs cannot be mounted when you extend it.
Re: [gentoo-user] Gentoo LVM Newbie Question
On Feb 24, 2006, at 9:35 PM, Zac Slade wrote: On Friday 24 February 2006 00:03, Alexander Skwar wrote: John Jolet wrote: Remember, the fs cannot be mounted when you extend it. That's wrong. Every FS can be extended online, even ext{2,3} with certain patches IIRC. WRONG!!! (or partially anyway) Here's the rundown: reiser3, resizable online in two ways 1)resize_reiserfs /path/to/dev 2)mount -o remount,resize /path/to/dev XFS, MUST be mounted to resize use xfs_grow /mount/point JFS, resizable online with a mount -o remount,resize /path/to/dev ext2/3, resizable offline reliably. Online resize is a *very* experimental experiment. Have good backups. For a good reference if one is ever needed to give to a friend, relative or foe try http://www.tldp.org/HOWTO/LVM-HOWTO/extendlv.html okay, i'll rephrase being an old aix hand... with the (possible) exeption of reiser I, personally, would not trust any filesystem to resize without being unmounted. but then, compared to the aix lvm, which can be resized with oracle accessing at full speed, linux lvms are just barely getting to what I'd call "production ready". interesting to see that we're moving in an online-resizable direction on linux. :) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo LVM Newbie Question
What an unenlighten troll. I have plenty of experience with AIX's volume manager. LVM2 can stand up to it any day. As a matter of fact Linux's LVM is about to completely surpass what is available in AIX. LVM2 can do cluster locking and management. You can use LVM2 with Multipathing tools just as you can under any commercial Unix. LVM2 is more than ready for prime time as can be seen by looking at RHEL and SLES distributions. I think that comment is a bit extreme, don't you? Linux is not a toy and neither is LVM2. It can be used as a toy or a learning device, but it is not relegated to the closet of geeks. And don't get me started on AIX if you don't happen to have the OnlineJFS sets installed. Also the draconian having to resize the filesystem by calculating the number of 512 byte blocks in the filesystem. yes, that was always a big complaint of mine. Do your homework please. Just because you've dealt exclusively or extensively with one flavor of *nix doesn't mean that others aren't up to the task. And just because it's IBM's Unix doesn't make it more or less ready for the enterprise, it just makes it proprietary. You'd do well to judge based on features, capabilities and the completeness of the tools. -- Yes, I've supported just about every unix, not to mention every flavor of linux out there...for the past 16 years. I AM judging on the features and capabilities and completeness of the tools. My comments were meant as compliments for the progress of the tools from the old 2.2 kernel days, not an insult. My apologies if i've hit a nerve of some sort. However, that said. I'd still prefer, all things considered, to support a volume under aix's lvm than the current lvm2 stuff. However, I have NOT researched all the current options for lvm creation and management under lvm2. I will admit that. I wasn't trying to start a flamewar here, but I assure youmy homework has been done. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SATA+GRUB not able to boot
On Feb 27, 2006, at 9:27 AM, Muthu wrote: Hai, I am using gentoo 2.6.15 kernel and grub 0.96. I am using software RAID1 for 3 devices (2 IDE(hda,hdb)+1 SATA(sda)). I am not able to boot through the SATA hardisk(ie. Just the plain cursor comes). When the grub loader loads initially, if I type the the command grub>find /boot/grub/stage1 hd(0,0) hd(1,0) and it hangs, it is not detecting the SATA drive and not even coming out from the prompt. After the machine booted in the normal mode using IDE drive, I logged in as root and I tried grub>find /boot/grub/stage1 hd(0,0) hd(1,0) hd(4,0) Now the grub is recognizing the SATA drive. Can somebody give me a suggestion why the SATA is not recognized while booting in the grub? is your sata support compiled in as modules or into the kernel? Thanks & Regards, Muthu. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Help with backup script
mount -t cifs -o user=reader%XXPASSWDXX //harvey/harvey-c /mnt/ harvey-c The directory /mnt/harvey-c has to be created ahead of time. The user reader needs to have an account on that windows machine. You'll need a windows user account username and password. If you don't use passwords for windows shares I think you can just leave out the %SECRET_PASS, but I'm not sure exactly. Once the device is mounted locally you can read/write to/from it in scripting, then umount it at the end of the script. Thanks for the reply, I think I didn't make the problem clear enough. I have a usb server running on my network with 2 external disks connected to it. I can read and write to them using smb://lkg5f.homenet.com/ DISK 2/ with no problems. I need to mount these drives so that I can run a backup script to backup all of my gentoo system. I have tried smbmount and mount -t smbfs but even after reading man mount and smbmount I am still unclear as to the correct format. mount -t smbfs //lkg5f.homenet.com/DISK 2 /mnt/someplace if the share is password protected, after the smbfs, add -o username=whatever,password=whatever only root will be able to do this. You might want to try to avoid spaces in your share names in the future...just makes things easier on the unix side. paul -- This message has been sent using kmail with gentoo linux -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Help with backup script
On Mar 2, 2006, at 8:23 AM, Paul wrote: On Thursday 02 Mar 2006 12:49, John Jolet wrote: snip mount -t smbfs //lkg5f.homenet.com/DISK 2 /mnt/someplace if the share is password protected, after the smbfs, add -o username=whatever,password=whatever only root will be able to do this. You might want to try to avoid spaces in your share names in the future...just makes things easier on the unix side. I hace tried the above commands with and without username and password but all I get is the usage message, no indication of an error. that message indicates you did not type it as shown. they probably are the same, but I'm an old guy and this was before cifs... :) if you NEED a password but don't pass it, you'll get a permission denied error. if you get usage, you mucked the syntax. try it exactly as I had it above, but replacing the mountpoint at the end..and if it fails, cut and paste EXACTLY what you typed. I was going to try Harry Putnam's solution of using cifs but it seems to me that the commands are exactly the same except for the file system. Any other ideas please Paul -- This message has been sent using kmail with gentoo linux -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Help with backup script
On Mar 2, 2006, at 8:58 AM, Paul wrote: On Thursday 02 Mar 2006 14:37, John Jolet wrote: On Mar 2, 2006, at 8:23 AM, Paul wrote: On Thursday 02 Mar 2006 12:49, John Jolet wrote: snip mount -t smbfs //lkg5f.homenet.com/DISK 2 /mnt/someplace Thanks for all your help -- I now have it working, it appears that the line didn't like the space between DISK and 2. I created another share (with no spaces and it worked) yes, i'm not surprised...which is why I added the comment about avoiding spaces. if you can't avoid the space in the future, sometimes you can escape it (for instance, you'd do // lkg5f.homenet.com/DISK\ 2). Not sure if smbmount will let you do that but if you can't change the share name, it's worth a try. Thanks again Paul gentoo-user@gentoo.org mailing list -- This message has been sent using kmail with gentoo linux -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] antivirus
On Mar 5, 2006, at 11:55 PM, Ghaith Hachem wrote: hello, i was wondering if there's any good antivirus scanner outthere for linux i recently got infected on the windows part and the linux systems are accessible from there so i want to make sure the system is clean i've been missing some documents from these partitions on windows but they are availiable on linux could anyone plz point me to the right manual to read? thx clamav is what I use. I think it's in portage. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Mar 8, 2006, at 8:31 AM, Timothy A. Holmes wrote: Good Morning Folks: I have been doing some reading over the last day or two about a SSH bot attack that is occurring in some places. I will be the first to admit that I have been a bit lax with my ssh security (allowing root logins etc). This problem has inspired me to get things cleaned up, and flying right again. I have already modified my ssh config to prevent root logins via ssh, so that hole is closed. In talking to a friend yesterday, he suggested using key based authentication to further protect my servers, which sounds like a great idea. The problem is that I have no idea how to set it up. A google search turned up the Gentoo pages on keychain, which does not sound exactly like what he was talking about (he mentioned a key carried on a JUMP drive (usb stick)) I am using gentoo (and fedora (soon to be converted) servers) and PUTTY. If someone can offer suggestions, or point me in the right direction, I would be most appreciative. step one...on the box you'll be connecting FROM, run ssh-keygen -t rsa (or dsa). It will ask you the name of the file to save it to, take the default. Put a passphrase on it. step two...that created id_dsa.pub (which is what you get if you pick dsa above) in your ~/.ssh directory. copy that id_dsa.pub up to a server you want to connect to step three...since you've turned off root logins, you have a user on that box. copy that id_dsa.pub file into the ~/.ssh/authorized_keys file on the target system. note that if you have to create that directory yourself, you'll probably have to remove group-write permissions before this will work. step four...verify that in the target server's sshd_config file, PubkeyAuthentication is set to yes that should allow you to ssh targetservername...you'll be asked for a password, but that's to access the key on your LOCAL box. add a -vv and you'll see all kinds of cool stuff. Note that I also move ssh from port 22 to some other port, and in my local box, in .ssh, create a file called config. In that I put: "Host * User john port xxx" this says for all hosts i ssh to, use port 26, and username john at the far end. you can replace the * with individual host names (as resolved via dns or hosts file) to have different usernames on different boxes and different ports per host. I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Mar 8, 2006, at 9:02 AM, Nagatoro wrote: John Jolet wrote: this says for all hosts i ssh to, use port 26, and username john at the [...] I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) Missed something? :) is that a question or statement? What do you mean? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Mar 8, 2006, at 10:06 AM, Etaoin Shrdlu wrote: On Wednesday 08 March 2006 16:06, John Jolet wrote: is that a question or statement? What do you mean? You said: I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) but at the beginning of your message you said: this says for all hosts i ssh to, use port 26, and username john at the so, you said that you use port 26 for ssh before saying that you won't tell what port you moved ssh to. oops. well i guess i'll move it again :) -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SSH + Keys
On Mar 8, 2006, at 9:54 AM, A. Khattri wrote: On Wed, 8 Mar 2006, John Jolet wrote: I've had NO ssh portscans on my boxes since I moved them off of port 22. for security's sake, i won't tell you where I moved them to :) I dont think moving ssh from port 22 will stop portscans but it will stop brute force attacks directly on port 22. Perhaps I was unclear. I haven't seen the large numbers of attempted logins with obvious dictionary lists of usernames on ssh since I moved it. I'll have to look into denyhosts...what does it do? I can't predict where I might be coming from, as I'm frequently at client locations and travelling. I prefer to just run denyhosts on my servers instead: # eix denyhosts * app-admin/denyhosts Available versions: 1.1.2 1.1.2-r1 2.1 Installed: 2.1 Homepage:http://www.denyhosts.net Description: DenyHosts is a utility to help sys admins thwart ssh hackers Found 1 matches -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] antivirus
In short if a user is getting infected a lot using Windows, switching to Linux is not curing the root cause. The basic problem is the user needs to understand what s/he is doing that's allowing malicious code to execute on their system and stop doing it. In the vast majority of Windows cases, simply *not* routinely logging on with admin privileges would probably stop 99% plus of the infections. that's an interesting commentwindows xp is the first version that even gives you that option. and most of the games my kids play on the computer simply won't run unless you have admin rights. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Printer Sharing with Samba
Question: how does one *make* a static IP? I thought that IP was assigned by DHCP? Isn't that the way that DHCP works? It leases an IP to a specific computer, which then gives up that lease when it's done using it. At that point, DHCP is free to re-lease that same IP to whomever else requests it, correct? If that's the case, what would prevent another computer from accidentally obtaining that same IP? Otherwise, if this is a viable solution, how do I make it work? I'm comfortable editing config files, but I just don't know where to go to do it. Thanks again, all, for your help. Kris this is a more complicated question than it appears. Let's say, for instance that you have an actual dhcp server, not just a router/ap giving out ips. Now, most dhcp servers allow you to either statically, or dynamically, associate an IP with a MAC address (hardware address). I can set my dhcp server up such that you ALWAYS get the same ip address for a given mac address. This is helpful in some cases where you have more ip space than machines and want to know who gets what. I can either do that by manually adding the mac into the configuration, or by making an infinate lease time. in both cases, you've got a static dynamic address :) if you have more machines than ip space (a class C subnet has on the order of 254 possible addresses), you have to have dynamic dhcp for those. in that case, you have a much shorter lease time, and when a box comes on, it asks for the last address it has, and the dhcp server says "yes" if no one is using it, or "no, use this one" if it's in use. however, IP is NOT limited to using dhcp. you can manually set your machine to have a given ip address (since this is the gentoo list, it's in the /etc/conf.d/net file). if you're manually setting an ip address, you do have to be careful that you're not setting it in the range that the dhcp server will assign. email me offline if you need more detail than thatip theory in general is a little off-topic. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] moving /usr
On Mar 10, 2006, at 12:39 PM, Eric Bliss wrote: On Friday 10 March 2006 03:17, Josh Helmer wrote: On Friday 10 March 2006 18:05, Eric Bliss wrote: Before you do that... did you also edit /etc/mtab in addition to /etc/fstab? Just a thought, since we are talking about separate partitions to mount. Don't touch mtab. mtab is auto-magically generated by mount. Josh Ah, okay. Learn something every day. I just remembered seeing mount information in that file when I was reading it (although why I was doing that, I now have no idea). Guess this would explain why. Now if only I could remember why I had even read the file in the past. You don't edit it during the original install process do you? before you chroot, you copy /proc/mounts to it so your chrooted environment matches.maybe that's where you saw it. -- Eric Bliss systems design and integration, CreativeCow.Net -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Is my postfix being used as a relay?
Yes, I expose this machine's port 25 on purpose. So I would like to make it a good netizen. I had done this with sendmail in previous distros, but am a neophyte with Postfix. Right now I want to verify if I have (or am) a problem. with postfix, it will, by default ONLY accept mail for which it considers itself the final destination for, or destinations that are in relay_domains. typically, out of the box, it will not relay mail for anyone, though it will accept mail for it, as resolved from the box's fqdn, or mydestination. I have mine set up to also allow you to relay if you authenticate (using sasl, via pam...or pam via sasl, if you want to look at it that way). basically that means I can send mail using this server from any network, as long as I set my client up to authenticate on send. but you can't randomly use it as a relay. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Multi-DVD backup
On Mar 17, 2006, at 3:23 PM, JimD wrote: Does anyone know of an app/script for doing a multi-DVD backup of my ~/? My ~/ is 10GB so I will need something that could do a little compression and create as many DVD iso images as needed. I was thinking of just tar.gzing my ~/ and then splitting that file to sizes to fit on a DVD and then make the ISO. I was hoping for a script/app that is tested since I don't want to lose my data and I have to format my computer soon. look at freshmeat.net for scdbackup. it can be called with sdvdbackup and will span dvds. I back up my mail server totally to 4 dvds. you can tell it what filesystems to backup, or directories. it figures it all out for you. be warned that growisofs is a prereq for it. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] 2006.0 minimal install howto
On Mar 17, 2006, at 3:23 PM, maxim wexler wrote: --- Jeremy Olexa <[EMAIL PROTECTED]> wrote: maxim wexler wrote: Hello everybody, Can someone give me a tip(s) on how to proceed with this minimal install? I note on the CD big files such as image.squasfs and gentoo.igz but the little on-line about them is not very helpful. I think I can start ppp and prepare the harddrive but beyond that darkness looms :^( Have you read the install handbooks yet? Yes. To paraphrase what I found: "if you want you can use the minimal install CD." If you got a link to something a trifle more verbose I'd sure like to follow it. the only difference (and this is spelled out in the install docs) is that instead of using the snapshot and stage file from the cd, you download it (and THAT is mentioned in the docs, or was last time I did a gentoo install). It says "we'll show you how to use the cd first, as that's the usual route", but the section after that shows you how to download the stage file and snapshot. (i'm paraphrasing here, before anyone goes nuts on me for misquoting). -- gentoo-user@gentoo.org mailing list