Re: Some help with dd backing up into an iso

[Thomas Schmitt]

Hi,

GiaThnYgeia wrote:
> > I used dd if=/dev/sdb of=usbfilename.iso
> > The resulting image was the full size of the disk.

That's the job of dd: Copying block by block.

As David stated, the file usbfilename.iso will not be an ISO 9660 filesystem
but rather a disk image. 


David Christensen wrote:
> dd if=/dev/sda | gzip > myimage.img

The name suffix .img is more appropriate than .iso, indeed.
If your USB stick contains a lot of blocks with zeros, you may get even
better compression by using bzip2 instead of gzip:

  dd if=/dev/sdb | bzip2 >usbfilename.img

Zeroing the unused blocks before running dd will normally improve the
compression ratio and thus yield an even smaller .img file.

When you put it back on the USB stick, you need to uncompress:

  bunzip2  To test the validity I restored reversing the order of the filenames
> if/of  but that took for ever

By default dd copies chunks of 512 bytes.
Changing to 1 MiB chunks by dd option
  bs=1M
might speed up copying substantially.


> I looked at the disk and
> it seemed complete with all files in tact, so maybe I killed it
> somewhere in the verification process.

There is no verification process with plain dd.

Probably you successfully copied the first partition and the directory
tree of the second one. It has to be expected that not all files in the
second partition bear their original content, because it was not copied.


> Is there someway one can avoid creating such a large iso for no reason,
> when the filesize is a fraction of the whole disk.

That's called backup and archiving.
While the filesystem is mounted but fewly busy, you let a program read
the files and pack them up in that program's archive format.

The classic archiver is called "tar". Caution: wrong arguments or wrong
sequence of arguments can easily shoot your foot.
Assumed you have your filesystems mounted as 
  /mnt/usb_part1
  /mnt/usb_part2
you may pack them up gzip compressed by

  tar cvzf usb_part1.tar.gz /mnt/usb_part1
  tar cvzf usb_part2.tar.gz /mnt/usb_part2

The archive files usb_part1.tar.gz and usb_part2.tar.gz can be unpacked into
some directory by:

  cd /some/directory/for/part1
  tar xzf /where/it/is/usb_part1.tar.gz
  cd /some/directory/for/part2
  tar xzf /where/it/is/usb_part2.tar.gz


If the archive shall be an ISO 9660 filesystem, you may create it by

  xorriso -for_backup \
  -outdev usb_part1_and_2.iso \
  -map /mnt/usb_part1 /part1 \
  -map /mnt/usb_part2 /part2 \

The superuser will be able to mount the result for random access:

  mkdir /mnt/usb_par1_and_2
  mount -o loop /where/it/is/usb_part1_and2.iso /mnt/usb_par1_and_2

The normal user will then see and be able to read two file trees
  /mnt/usb_par1_and_2/part1
  /mnt/usb_par1_and_2/part2

To unmount the .iso, the superuser later does:

  umount /mnt/usb_par1_and_2


Have a nice day :)

Thomas

Re: [résolu] [ifupdown?] délai ~1m à l'extinction du système

[Alexandre Hoïde]

On Mon, Mar 06, 2017 at 10:34:47PM +0100, andre_deb...@numericable.fr wrote:
> C'est normal si tu as un fichier tel "interfaces"
> mal configuré, il cherche une connexion non réalisable,
> et on a ce message de systemd boot :
> "Raise... A stop job is running for ...
> qui peut durer plusieurs minutes...
> 
> André

  Salut André et merci.

  Peut-être, en effet, que ma ligne « iface enp4s0 inet6 auto » pose un
problème sur mon système, cependant, si le délai a disparu lorsque j'ai
supprimé cette ligne, il n'est pas réaparu lorsque j'ai rétabli cette
même ligne. Accessoirement, je l'avais trouvée dans
/usr/share/doc/ifupdown/examples/. Si elle pose un problème, ça
m'intéresserait de savoir pourquoi… sans compter que, à première vue,
elle ne me sert à rien ! ^^ (je l'ai rétablie pour vérifier la
reproductibilité)

  Meilleures salutations,

-- 
 ___  _
| $ post_tenebras ↲ | waouh!  ?! | $ per_systemd ↲ |
| GNU\ /|\   /   | TENEBRAS :  |
|  -- * --  | o   | #)&&*+^'.|;>%9- |
| $ who ↲/ \|_-- ~_||| =!¨!$£{]]_:`¢_´ |
| Alexandre Hoïde   |  _/| |   / \   | … … … ...---... |
 ---  -

Re: Quel solution de sauvegarde ...

[Jean-Michel OLTRA]

Bonjour,


Le mardi 07 mars 2017, G2PC a écrit...


> > J'avais initié un fil à ce sujet l'année dernière. On m'avait conseillé dar
> > et rsnapshot. C'est ce que j'ai mis en place (les 2).

> Tu aurais des liens en référence ?

http://dar.linux.free.fr/doc/Tutorial.html
http://gradha.sdf-eu.org/textos/dar-differential-backup-mini-howto.en.html

rsnapshot n'est pas vraiment difficile à mettre en place.

J'ai créé 2 scripts pour l'archivage avec dar. Ça vaut ce que ça vaut. Je
peux te les faire passer, au besoin.

-- 
jm

Re: Some help with dd backing up into an iso

[David Christensen]

On 03/06/2017 09:05 PM, David Christensen wrote:

If you have an SSD, fstrim(8) will discard all unused blocks, regardless
of file system.  They should then read as zeros:

https://manpages.debian.org/jessie/util-linux/fstrim.8.en.html


I should qualify that:

If you have an SSD, fstrim(8) will discard all unused blocks (for
supported file systems and SSD's).


This computer has a SAMSUNG SSD UM410 Series 2.5" 16GB SSD with ext4 
boot and btrfs root file systems:


2017-03-06 21:48:24 root@jesse ~
# fstrim -v /boot
fstrim: /boot: the discard operation is not supported

2017-03-06 21:52:07 root@jesse ~
# fstrim -v /
fstrim: /: the discard operation is not supported


I need to test my other SSD's.


David

Re: Some help with dd backing up into an iso

[David Christensen]

On 03/06/2017 04:11 PM, GiaThnYgeia wrote:

I am not very confident I am doing this right and it seems wrong,  I
can't locate any documentation that results into proper options.
I tried backing up an 8gb USB that has 2 partitions in it, one had 1.7gb
of data on it.
I used dd if=/dev/sdb of=usbfilename.iso
The resulting image was the full size of the disk.
To test the validity I restored reversing the order of the filenames
if/of  but that took for ever and it was a hog on resources.  After a
while I just gave up and killed the process.  I looked at the disk and
it seemed complete with all files in tact, so maybe I killed it
somewhere in the verification process.
So I used a program called etcher which I have used with 100% success in
the past and was surprisingly fast in burning images.
It took for ever as well, eventually it run a verification routine and
it was done.
Is there someway one can avoid creating such a large iso for no reason,
when the filesize is a fraction of the whole disk.  One way I thought of
was to shrink the partitions to just about 99% full, and leave the blank
part of the disk as not allocated.  Would that help?
Is there some fancy command line that does just that?


Copying a raw device to a file, or vice-versa, I call "imaging".


ISO implies binary data structures ("format") on optical media so as to 
create a file system containing files and directories.



AFAIK USB flash drives use the same formats as hard disk drives and 
solid-state drives ("master boot record" (MBR) partition table, 
partition(s), and file system(s) within those partition(s)).



ISO and HDD/SSD formats are fundamentally different.  Taking an image of 
a USB flash drive and naming the output file with an *.iso extension 
will not translate the format to ISO.  Achieving that result requires 
tools other than 'dd'.



As for reducing the size of image files, the standard trick is to zero 
out the unused blocks first, and then compress the binary data stream 
while you take the image:


# dd if=/dev/sda | gzip > myimage.img


For Linux and ext2, ext3, and ext4 file systems, the tool for zeroing 
unused blocks is zerofree(8):


https://manpages.debian.org/jessie/zerofree/zerofree.8.en.html


If you have an SSD, fstrim(8) will discard all unused blocks, regardless 
of file system.  They should then read as zeros:


https://manpages.debian.org/jessie/util-linux/fstrim.8.en.html


But, most USB flash drives come factory formatted with FAT32.  The 
'sdelete' Windows utility can be used to zero unused blocks for both 
NTFS and FAT file systems:


https://technet.microsoft.com/en-us/sysinternals/sdelete.aspx


David

Re: procmail, when were the last rights administered?

[Gene Heskett]

On Monday 06 March 2017 21:54:26 Andy Smith wrote:

> On Tue, Mar 07, 2017 at 02:47:42AM +, Andy Smith wrote:
> > On Mon, Mar 06, 2017 at 09:29:37PM -0500, Gene Heskett wrote:
> > > And what replaces it in the MTA dept?
>
> Oh, and procmail is not an MTA (and neither is maildrop…), but more
> correctly a Mail Delivery Agent, but I got what you meant.
>
Correct, I should have said MDA, because fetchmail pulls my email for me.

> Sieve is a mail filtering language that is implemented by multiple
> different MDAs, but also some Mail User Agents and Mail Transfer
> Agents.
>
> Cheers,
> Andy


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: procmail, when were the last rights administered?

[Gene Heskett]

On Monday 06 March 2017 21:47:42 Andy Smith wrote:

> Hi Gene,
>
> On Mon, Mar 06, 2017 at 09:29:37PM -0500, Gene Heskett wrote:
> > And what replaces it in the MTA dept?
>
> procmail is still in Debian stretch and if it still works for you
> then it should continue to work for you.
>
I wanted to add a formail line but the docs do not seem to cover that 
recipe. I want an email to gene@localhost when it sequesters a virii.

> More modern alternatives include Sieve:
>
> http://sieve.info/clients
>
> and maildrop:
>
> http://www.courier-mta.org/maildrop/
>
> Cheers,
> Andy


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: procmail, when were the last rights administered?

[Andy Smith]

On Tue, Mar 07, 2017 at 02:47:42AM +, Andy Smith wrote:
> On Mon, Mar 06, 2017 at 09:29:37PM -0500, Gene Heskett wrote:
> > And what replaces it in the MTA dept?

Oh, and procmail is not an MTA (and neither is maildrop…), but more
correctly a Mail Delivery Agent, but I got what you meant.

Sieve is a mail filtering language that is implemented by multiple
different MDAs, but also some Mail User Agents and Mail Transfer
Agents.

Cheers,
Andy

Re: procmail, when were the last rights administered?

[Andy Smith]

Hi Gene,

On Mon, Mar 06, 2017 at 09:29:37PM -0500, Gene Heskett wrote:
> And what replaces it in the MTA dept?

procmail is still in Debian stretch and if it still works for you
then it should continue to work for you.

More modern alternatives include Sieve:

http://sieve.info/clients

and maildrop:

http://www.courier-mta.org/maildrop/

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

"I remember the first time I made love.  Perhaps it was not love exactly but I
 made it and it still works." — The League Against Tedium

procmail, when were the last rights administered?

[Gene Heskett]

And what replaces it in the MTA dept?

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Bloquear red a ejecutable

[Carlos Manuel Escalona Villeda]

Y porque no simplemente bloquear el destino:puerto con iptables???

El lun., 6 de mar. de 2017 a la(s) 03:31, Darthcoli - Alejandro Izquierdo <
darthc...@gmail.com> escribió:

> Se me ocurren dos maneras sencillas de hacerlo. Puedes ejecutar la
> aplicación en un entorno aislado (por ejemplo con containers, como docker o
> lxc), o puedes limitar la red a un proceso via iptables, pero ojo, es
> mejor, dado como funciona linux, que lo hagas limitando los permisos del
> usuario, es decir, generar un usuario adhoc para ejecutar ese proceso y
> configurar las limitaciones a ese usuario. Creo que es mas limpio y seguro
> que delegar esa gestión a programas de terceros.
>
> Aqui puedes obtener mas ifnformacion sobre ćomo hacerlo.
>
> https://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html
>
>
> El 4 de marzo de 2017, 4:50, Felix Perez 
> escribió:
>
> El día 2 de marzo de 2017, 9:07, Pablo Daniel Estigarribia Davyt
>  escribió:
> > Hola,
> >
> > hace un rato leyendo un artículo X encontré este software:
> > http://douaneapp.com/
> >
> > No lo probé pero el fin del mismo es: "allowing a user to control which
> > applications can connect to the internet from their GNU/Linux computer."
> >
>
> Douane personal firewall for GNU/Linux,
>
>
> > Creo que esto te puede servir.
> >
> >
> >
> > El mié., 22 feb. 2017 a las 17:18, Josu Lazkano ( >)
> > escribió:
> >>
> >> Hola,
> >>
> >> Respondo para decir que funciona bien, lo unico malo es que solo
> >> funciona como root:
> >>
> >> # unshare -n programa
> >>
> >> Un saludo.
> >>
> >> El día 22 de febrero de 2017, 8:12, Josu Lazkano
> >>  escribió:
> >> > He encontrado esto:
> >> >
> >> > unshare -n programa
> >> >
> >> > Ahora no estoy en casa y no lo puedo probar. Seria algo asi:
> >> >
> >> > unshare -n ping 8.8.8.8
> >> >
> >> > Saludos.
> >> >
> >> >
> >> > El 21 feb. 2017 10:57 p. m., "Matias Mucciolo" <
> mmucci...@suteba.org.ar>
> >> > escribió:
> >> >
> >> > On Tuesday, February 21, 2017 10:26:45 PM Josu Lazkano wrote:
> >> >> Muchas gracias a todos,
> >> >>
> >> >> Ya he localizado a donde se conecta, pero ahora me falta bloquear el
> >> >> ejecutable.
> >> >>
> >> >> ¿Existe algun software para ello? Algo como "./bloquear programa"
> >> >>
> >> >> Muchas gracias por todo.
> >> >>
> >> >> Un saludo.
> >> >
> >> > todo depende de que binario estes hablando
> >> > podes sacarle los permisos de ejecución y lectura
> >> > para todos los usuarios.
> >> > Si necesitas que algunos si pueden ejecutarlo
> >> > vas a tener que hacer un grupo y poner ese
> >> > grupo en el binario...tipicos permisos de unix.
> >> > Tambien podes usar ACLs
> >> >
> >> > ahora lo que preguntas acerca de ./bloquear programa.
> >> > yo al menos nunca vi algo como eso o no recuerdo en estos momentos.
> >> >
> >> > Tambien selinux se podria hacer algo pero ya es mas complicado..
> >> > demasiado complicado y mucho tiempo de mantenimiento.
> >> >
> >> > Saludos
> >> > Matias.
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Josu Lazkano
> >>
> > --
> > Pablo.
>
>
>
> --
> usuario linux  #274354
> normas de la lista:  http://wiki.debian.org/es/NormasLista
> como hacer preguntas inteligentes:
> http://www.sindominio.net/ayuda/preguntas-inteligentes.html
>
>
>
>
> --
> -Alejandro Izquierdo-
>
>
>

Re: Debian en Asus EEEPC

[Juan Lavieri]

Lo reenvío porque me llegó al privado.



 Mensaje reenviado 
Asunto: Re: Debian en Asus EEEPC
Fecha:  Mon, 06 Mar 2017 22:24:08 -0300
De: Darío 
Para:   Juan Lavieri 



Gracias por responder!


Según tengo entendido esas máquinas poseen recursos muy limitados,
según sea el modelo, la memoria ram ronda los 512MB.

No, esta tiene 1 GB de RAM, por lo que está bien creo para usar un GNOME
que es lo que quiero usar preferentemente.


problemas y hasta es posible que puedas instalar jessie (dependiendo
del model de tu eeepc que por cierto no has descrito)


Ah y el modelo es la EEE PC 1000HA.

Saludos!

Re: Debian en Asus EEEPC

[Juan Lavieri]

Lo reenvío porque me llegó al privado



 Mensaje reenviado 
Asunto: Re: Debian en Asus EEEPC
Fecha:  Mon, 06 Mar 2017 23:49:46 +0100
De: 3018340001 <3018340...@mundo-r.com>
Para:   Juan Lavieri 





 Mensaje original 
De: Juan Lavieri 
Fecha: 6/3/17 23:42 (GMT+01:00)
Para: debian-user-spanish@lists.debian.org
Asunto: Re: Debian en Asus EEEPC

Hola Darío.


El 06/03/17 a las 14:04, Darío escribió:
> Hola a toda la comunidad!
> estoy por comprar esta notebook como segunda, para llevar a la
> escuela. Pienso instalarle una distro Debian, posiblemente Squeeze
> estable aunque ya no tenga más actualizaciones.
> Quisiera saber opiniones sobre cómo anda esta notebook con Debian o
> alguna otra que recomienden (menos Ubuntu), en especial el uso será
> con programas educativos como GeoGebra, Octave, y compilar archivos tex.

Según tengo entendido esas máquinas poseen recursos muy limitados, según
sea el modelo, la memoria ram ronda los 512MB.

Con esa cantidad de memoria deberás usar un escritorio muy ligero, tal
vez xfce, lxde o algo similar.  por lo demás no debería haber mayores
problemas y hasta es posible que puedas instalar jessie (dependiendo del
model de tu eeepc que por cierto no has descrito)

Saludos

>
> Saludos y gracias!
> Darío
>
Saludos. Yo me he echado al monte: Asus eeepc 1001 HA con 2 Gb de RAM 
con debian testing y kde. 4 escritorios virtuales, efecto cubo y 
virtualizar con win10.

Eso sí. La batería no dura gran cosa

Re: Failing disk advice

[Gregory Seidman]

On Mon, Mar 06, 2017 at 12:17:03PM +0100, Mirko Parthey wrote:
> On Sun, Mar 05, 2017 at 08:38:27PM -0800, David Christensen wrote:
> > On 03/05/2017 01:02 PM, Gregory Seidman wrote:
> > >I have a disk that is reporting SMART errors. It is an active disk in
> > >a (kernel, not hardware) RAID1 configuration. I also have a hot spare
> > >in the RAID1, and md hasn't decided it should fail the disk and switch
> > >to the hot spare. Should I proactively tell md to fail the disk (and
> > >let the hot spare take over), or should I just wait until md notices a
> > >problem?
> > 
> > I'm confused by "I also have a hot spare in the RAID1".  Do you have a
> > two-member RAID1 with a hot spare, or a three-member RAID1?  I would
> > prefer the latter:
> > 
> > https://manpages.debian.org/jessie/mdadm/md.4.en.html
> 
> Refining this advice a bit, I would convert the spare to a full RAID
> member now, without explicitly failing the disk that reports SMART
> errors first.
> Assuming you have a two-member RAID1 with a hot spare, the command
> should be similar to this (untested):
>   mdadm -G /dev/mdX -n 3 
> This ensures you keep redundancy during further maintenance actions.

I was unaware that this was possible. I've run it and mdadm -D reports that
it is now in the "clean, degraded, rebuilding" state. Thank you! I wish I
had room in my system to add the fourth (which I've ordered) without
removing the failing disk, but I do not.

> Which SMART errors do you get, and who reports them?

I get emails sent to root:

This message was generated by the smartd daemon running on:

   host name:  XX
   DNS domain: YY

The following warning/error was logged by the smartd daemon:

Device: /dev/sdc [SAT], 8 Currently unreadable (pending) sectors

Device info:
ST31500341AS, S/N:9VS43CV9, WWN:5-000c50-0208aa9a3, FW:CC1H, 1.50 TB

For details see host's SYSLOG.

You can also use the smartctl utility for further investigation.
The original message about this issue was sent at Wed Dec 14 00:51:36 
2016 EST
Another message will be sent in 24 hours if the problem persists.

...and...

This message was generated by the smartd daemon running on:

   host name:  XX
   DNS domain: YY

The following warning/error was logged by the smartd daemon:

Device: /dev/sdc [SAT], 8 Offline uncorrectable sectors

Device info:
ST31500341AS, S/N:9VS43CV9, WWN:5-000c50-0208aa9a3, FW:CC1H, 1.50 TB

For details see host's SYSLOG.

You can also use the smartctl utility for further investigation.
The original message about this issue was sent at Wed Dec 14 00:51:37 
2016 EST
Another message will be sent in 24 hours if the problem persists.

(Yes, I know, I've been letting it do this since mid-December, which is not
great.)

> What is the output of the following command for the failing drive?
>   smartctl -A /dev/sdY

# smartctl -A /dev/sdc  
smartctl 6.4 2014-10-07 r4002 [i686-linux-3.16.0-4-686-pae] (local 
build)
Copyright (C) 2002-14, Bruce Allen, Christian Franke, 
www.smartmontools.org

=== START OF READ SMART DATA SECTION ===
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME  FLAG VALUE WORST THRESH TYPE  
UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate 0x000f   119   099   006Pre-fail  
Always   -   205161943
  3 Spin_Up_Time0x0003   100   091   000Pre-fail  
Always   -   0
  4 Start_Stop_Count0x0032   099   099   020Old_age   
Always   -   1055
  5 Reallocated_Sector_Ct   0x0033   099   099   036Pre-fail  
Always   -   41
  7 Seek_Error_Rate 0x000f   092   060   030Pre-fail  
Always   -   1743842168
  9 Power_On_Hours  0x0032   039   039   000Old_age   
Always   -   53898
 10 Spin_Retry_Count0x0013   100   100   097Pre-fail  
Always   -   0
 12 Power_Cycle_Count   0x0032   100   100   020Old_age   
Always   -   85
184 End-to-End_Error0x0032   100   100   099Old_age   
Always   -   0
187 Reported_Uncorrect  0x0032   097   097   000Old_age   
Always   -   3
188 Command_Timeout 0x0032   100   098   000Old_age   
Always   -   133146017827
189 High_Fly_Writes 0x003a   007   007   000Old_age   
Always   -   93
190 Airflow_Temperature_Cel 0x0022   060   040   045Old_age   
Always   In_the_past 40 (Min/Max 26/45 #502)
194 Temperature_Celsius 0x0022   040   060   000Old_age   
Always   -   40 (0 18 0 0 0)
195 Hardware_ECC_Recovered  0x001a   038   023   000Old_age  

Re: Quel solution de sauvegarde ...

[G2PC]

Le 06/03/2017 à 14:00, Jean-Michel OLTRA a écrit :
> Bonjour,
>
>
> Le lundi 06 mars 2017, contact a écrit...
>
>
>>je souhaite mettre en place une solution de sauvegarde des données des
>>comptes de PC sous linux sur une machine dédiée elle aussi sous linux.
>>J'ai envisagé cette approche, qui consiste a sauvegarder les comptes
>>avec un script via rsync. Mais peut être y-a-t-il une meilleure
>>formule.
> J'avais initié un fil à ce sujet l'année dernière. On m'avait conseillé dar
> et rsnapshot. C'est ce que j'ai mis en place (les 2).
>
Bonjour,
Tu aurais des liens en référence ?

Re: Some help with dd backing up into an iso

[Michael Lange]

Hi,

On Tue, 07 Mar 2017 00:11:00 +
GiaThnYgeia  wrote:

> I am not very confident I am doing this right and it seems wrong,  I
> can't locate any documentation that results into proper options.
> I tried backing up an 8gb USB that has 2 partitions in it, one had 1.7gb
> of data on it.
> I used dd if=/dev/sdb of=usbfilename.iso
> The resulting image was the full size of the disk.
> To test the validity I restored reversing the order of the filenames
> if/of  but that took for ever and it was a hog on resources.  After a
> while I just gave up and killed the process.  I looked at the disk and
> it seemed complete with all files in tact, so maybe I killed it
> somewhere in the verification process.
> So I used a program called etcher which I have used with 100% success in
> the past and was surprisingly fast in burning images.
> It took for ever as well, eventually it run a verification routine and
> it was done.
> Is there someway one can avoid creating such a large iso for no reason,
> when the filesize is a fraction of the whole disk.  One way I thought of
> was to shrink the partitions to just about 99% full, and leave the blank
> part of the disk as not allocated.  Would that help?
> Is there some fancy command line that does just that?

you mean something like mkisofs? I cannot remember right now how the
cdrkit counterpart calls itself, but it probably does more or less the
same.

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

"What happened to the crewman?"
"The M-5 computer needed a new power source, the crewman merely
 got in the way."
-- Kirk and Dr. Richard Daystrom, "The Ultimate Computer",
   stardate 4731.3.

Some help with dd backing up into an iso

[GiaThnYgeia]

I am not very confident I am doing this right and it seems wrong,  I
can't locate any documentation that results into proper options.
I tried backing up an 8gb USB that has 2 partitions in it, one had 1.7gb
of data on it.
I used dd if=/dev/sdb of=usbfilename.iso
The resulting image was the full size of the disk.
To test the validity I restored reversing the order of the filenames
if/of  but that took for ever and it was a hog on resources.  After a
while I just gave up and killed the process.  I looked at the disk and
it seemed complete with all files in tact, so maybe I killed it
somewhere in the verification process.
So I used a program called etcher which I have used with 100% success in
the past and was surprisingly fast in burning images.
It took for ever as well, eventually it run a verification routine and
it was done.
Is there someway one can avoid creating such a large iso for no reason,
when the filesize is a fraction of the whole disk.  One way I thought of
was to shrink the partitions to just about 99% full, and leave the blank
part of the disk as not allocated.  Would that help?
Is there some fancy command line that does just that?

Thank you in advance




-- 
 "The most violent element in society is ignorance" rEG

Re: Debian en Asus EEEPC

[Juan Lavieri]

Hola Darío.


El 06/03/17 a las 14:04, Darío escribió:

Hola a toda la comunidad!
estoy por comprar esta notebook como segunda, para llevar a la 
escuela. Pienso instalarle una distro Debian, posiblemente Squeeze 
estable aunque ya no tenga más actualizaciones.
Quisiera saber opiniones sobre cómo anda esta notebook con Debian o 
alguna otra que recomienden (menos Ubuntu), en especial el uso será 
con programas educativos como GeoGebra, Octave, y compilar archivos tex.


Según tengo entendido esas máquinas poseen recursos muy limitados, según 
sea el modelo, la memoria ram ronda los 512MB.


Con esa cantidad de memoria deberás usar un escritorio muy ligero, tal 
vez xfce, lxde o algo similar.  por lo demás no debería haber mayores 
problemas y hasta es posible que puedas instalar jessie (dependiendo del 
model de tu eeepc que por cierto no has descrito)


Saludos



Saludos y gracias!
Darío

Re: No network and update notifications on Gnome desktop

[Stephen Allen]

On Mon, Mar 06, 2017 at 07:53:57PM +0200, Mika Hanhijärvi wrote:
> Hi
> 
> I am using Debian Stretch on both of my laptops. I use Gnome desktop. I have
> installedd all updates available.
> 
> For some reason I do not get any network notifications. If I e.g connect to
> wifi network, disconnect from it or if the connection just gets
> disconnected for some reason then I do not get any notification. That is not
> good.


 
> Any idea what is wrong? Thanks in advance.

Do you have 'Software & Updates' installed, should be visible in your 
'Activities' panel.

Re: [résolu] [ifupdown?] délai ~1m à l'extinction du système

[andre_debian]

C'est normal si tu as un fichier tel "interfaces"
mal configuré, il cherche une connexion non réalisable,
et on a ce message de systemd boot :
"Raise... A stop job is running for ...
qui peut durer plusieurs minutes...

André


On Monday 06 March 2017 22:17:54 Alexandre Hoïde wrote:
>   Un problème de délai de ~1m à l'extinction [poweroff|reboot] du
> système, avec les messages systemd :
> [***]  A stop job is running for ifup for enp4s0 …
> [***]  A stop job is running for Raise network interfaces …
> sur une Debian Sid avec ifupdown (configuration dans
> /etc/network/interfaces), dhclient (paquet isc-dhcp-client) et
> Network-Manager installé et « enabled », mais [
>   $ cat /etc/NetworkManager/NetworkManager.conf
>   [main]
>   plugins=ifupdown,keyfile
>   [ifupdown]
>   *managed=false*
>   Les logs ne m'ont donné aucun indice (ou peut-être n'ai-je pas su les
> voir). Mon fichier [
>   $ cat /etc/network/interfaces
>   auto lo
>   iface lo inet loopback
>   auto enp4s0
> iface enp4s0 inet dhcp
> iface enp4s0 inet6 auto
>   iface wlp3s0 inet dhcp
> wpa-ssid X
> wpa-psk XXX
>   Ça fait des mois que je trainais ce problème, finalement résolu, un
> peu par hasard, de cette manière [
> # ifdown enp4s0
> # sed -i '/iface enp4s0 inet6 auto/d' /etc/network/interfaces
> # ifup enp4s0
> # systemctl reboot
> ] Le délai à l'extinction du système avait disparu !
>   Pour vérifier la reproductibilité, j'ai ensuite rétabli la
> configuration originale, mais le problème ne s'est plus jamais
> reproduit, alors qu'il était systématique auparavant.
>   Voilà… donc tout est bel et bien. Mais je me pose deux questions :
> 1. Un « ifconfig enp4s0 » me donne toujours le même résultat, avec et
> sans « iface enp4s0 inet6 auto » -- en particulier, les données ipv6
> sont présentes et identiques dans les deux cas. Est-ce bien normal ?
> 2. de quelle manière ma manipulation a-t-elle pu résoudre le problème ?
> Est-ce bien normal ? ^^

[résolu][ifupdown?] délai ~1m à l'extinction du système

[Alexandre Hoïde]

  Chères et chers Debianistes,

  Un problème de délai de ~1m à l'extinction [poweroff|reboot] du
système, avec les messages systemd :
[***]  A stop job is running for ifup for enp4s0 …
[***]  A stop job is running for Raise network interfaces …
sur une Debian Sid avec ifupdown (configuration dans
/etc/network/interfaces), dhclient (paquet isc-dhcp-client) et
Network-Manager installé et « enabled », mais [
  $ cat /etc/NetworkManager/NetworkManager.conf
  [main]
  plugins=ifupdown,keyfile

  [ifupdown]
  *managed=false*
]
  Les logs ne m'ont donné aucun indice (ou peut-être n'ai-je pas su les
voir). Mon fichier [
  $ cat /etc/network/interfaces
  auto lo
  iface lo inet loopback

  auto enp4s0
iface enp4s0 inet dhcp
iface enp4s0 inet6 auto

  iface wlp3s0 inet dhcp
wpa-ssid X
wpa-psk XXX
]
  Ça fait des mois que je trainais ce problème, finalement résolu, un
peu par hasard, de cette manière [
# ifdown enp4s0
# sed -i '/iface enp4s0 inet6 auto/d' /etc/network/interfaces
# ifup enp4s0
# systemctl reboot
] Le délai à l'extinction du système avait disparu !
  Pour vérifier la reproductibilité, j'ai ensuite rétabli la
configuration originale, mais le problème ne s'est plus jamais
reproduit, alors qu'il était systématique auparavant.
  Voilà… donc tout est bel et bien. Mais je me pose deux questions :
1. Un « ifconfig enp4s0 » me donne toujours le même résultat, avec et
sans « iface enp4s0 inet6 auto » -- en particulier, les données ipv6
sont présentes et identiques dans les deux cas. Est-ce bien normal ?
2. de quelle manière ma manipulation a-t-elle pu résoudre le problème ?
Est-ce bien normal ? ^^

-- 
 ___  _
| $ post_tenebras ↲ | waouh!  ?! | $ per_systemd ↲ |
| GNU\ /|\   /   | TENEBRAS :  |
|  -- * --  | o   | #)&&*+^'.|;>%9- |
| $ who ↲/ \|_-- ~_||| =!¨!$£{]]_:`¢_´ |
| Alexandre Hoïde   |  _/| |   / \   | … … … ...---... |
 ---  -

Re: [SOLVED] Re: Security hole in LXDE?

[Joe]

On Mon, 6 Mar 2017 20:47:50 + (UTC)
Curt  wrote:

> On 2017-03-06, Joe  wrote:
> >
> > Who said anything about lpadmin? The question is about the wisdom of
> > automatically including someone in the sudo group, which in a
> > default Debian sudoers file, gives full root privileges to
> > everything, using the user's password.
> >
> > We have someone saying this happens, someone else saying it
> > doesn't, I don't know as I haven't done a recent installation, and
> > the thread was started by someone who says it did happen to him.
> >  
> 
> I've only used the installer up to and including Wheezy and have
> always created a root password. But if I hadn't (created a root
> password) then I suppose I would've been included in the sudo group
> with full administrative privileges. If not, how would or does the
> person installing the OS (who is therefore, ipso facto, IMO, the
> administrator of the machine) do anything administratively? And what
> difference would it make security-wise to put the "first user" in the
> sudo group when she or he could have gotten there anyway by simply
> creating a root password and foregoing sudo altogether? Or am being
> stupid here, missing something obvious?
> 

A member of the sudo group has permanent root privileges. He might as
well simply login as root every day, and not bother with another user.

My understanding of the use of the sudo group was for multiple server
admins, not workstation users.

-- 
Joe

Re: [SOLVED] Re: Security hole in LXDE?

[Brian]

On Mon 06 Mar 2017 at 19:57:25 +, Joe wrote:

> On Mon, 6 Mar 2017 19:36:40 +
> Brian  wrote:
> 
> > On Mon 06 Mar 2017 at 18:59:18 +, Joe wrote:
> > 
> > > On Mon, 6 Mar 2017 13:40:45 -0500
> > > Greg Wooledge  wrote:
> > >   
> > > > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote:  
> > > > > Debian appears to use the group 'sudo' as an administrative
> > > > > group, where some other distributions use 'wheel'.
> > > > > 
> > > > > I would not have thought that users would be added to it by
> > > > > default, there are no members on my sid/xfce4 workstation.
> > > > > Indeed, up to Jessie, sudo was not installed at all by default,
> > > > > and may still not be.
> > > > 
> > > > If you use the regular Debian installer, the user account that you
> > > > create during installation gets added to a lot of these special
> > > > groups (sudo, cdrom, floppy, audio, video, ...?).  Users that you
> > > > create post-installtion using adduser or useradd do not.
> > > >   
> > > 
> > > New behaviour, then, my current sid was installed as wheezy, I added
> > > sudo manually early on, but as it was not installed by default, it
> > > would not have added the installing user to a sudo group. I'm
> > > certainly not a member of that group, and have no wish to be.  
> > 
> > The "first user" is not in the sudo group. The place to check this
> > is the templates file in the user-setup-udeb package.
> >  
> > > Possibly I'm missing something, but doesn't this repeat the Windows
> > > mistake of automatically giving the user admin privileges? Isn't
> > > that the main reason for the existence of so many Windows viruses?  
> > 
> > Look at it this way. The "first user" wishes to set up a printer. Is
> > it better for the user to be granted very limited privileges by being
> > in the lpadmin group or to become root to carry out the task?
> > 
> 
> Who said anything about lpadmin? The question is about the wisdom of
> automatically including someone in the sudo group, which in a default
> Debian sudoers file, gives full root privileges to everything, using the
> user's password.
>
> We have someone saying this happens, someone else saying it doesn't, I
> don't know as I haven't done a recent installation, and the thread was
> started by someone who says it did happen to him.

I'll reconstruct my previous response. If there is no root password,
sudo is installed and the "first user" is put into the sudo group.

-- 
Brian.

Re: [SOLVED] Re: Security hole in LXDE?

[Curt]

On 2017-03-06, Joe  wrote:
>
> Who said anything about lpadmin? The question is about the wisdom of
> automatically including someone in the sudo group, which in a default
> Debian sudoers file, gives full root privileges to everything, using the
> user's password.
>
> We have someone saying this happens, someone else saying it doesn't, I
> don't know as I haven't done a recent installation, and the thread was
> started by someone who says it did happen to him.
>

I've only used the installer up to and including Wheezy and have always
created a root password. But if I hadn't (created a root password) then
I suppose I would've been included in the sudo group with full
administrative privileges. If not, how would or does the person
installing the OS (who is therefore, ipso facto, IMO, the administrator
of the machine) do anything administratively? And what difference would
it make security-wise to put the "first user" in the sudo group when she
or he could have gotten there anyway by simply creating a root password
and foregoing sudo altogether? Or am being stupid here, missing
something obvious?

-- 
"It might be a vision--of a shell, of a wheelbarrow, of a fairy kingdom on the
far side of the hedge; or it might be the glory of speed; no one knew." --Mrs.
Ramsay, speculating on why her little daughter might be dashing about, in "To
the Lighthouse," by Virginia Woolf.

Re: [SOLVED] Re: Security hole in LXDE?

[Joe]

On Mon, 6 Mar 2017 19:36:40 +
Brian  wrote:

> On Mon 06 Mar 2017 at 18:59:18 +, Joe wrote:
> 
> > On Mon, 6 Mar 2017 13:40:45 -0500
> > Greg Wooledge  wrote:
> >   
> > > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote:  
> > > > Debian appears to use the group 'sudo' as an administrative
> > > > group, where some other distributions use 'wheel'.
> > > > 
> > > > I would not have thought that users would be added to it by
> > > > default, there are no members on my sid/xfce4 workstation.
> > > > Indeed, up to Jessie, sudo was not installed at all by default,
> > > > and may still not be.
> > > 
> > > If you use the regular Debian installer, the user account that you
> > > create during installation gets added to a lot of these special
> > > groups (sudo, cdrom, floppy, audio, video, ...?).  Users that you
> > > create post-installtion using adduser or useradd do not.
> > >   
> > 
> > New behaviour, then, my current sid was installed as wheezy, I added
> > sudo manually early on, but as it was not installed by default, it
> > would not have added the installing user to a sudo group. I'm
> > certainly not a member of that group, and have no wish to be.  
> 
> The "first user" is not in the sudo group. The place to check this
> is the templates file in the user-setup-udeb package.
>  
> > Possibly I'm missing something, but doesn't this repeat the Windows
> > mistake of automatically giving the user admin privileges? Isn't
> > that the main reason for the existence of so many Windows viruses?  
> 
> Look at it this way. The "first user" wishes to set up a printer. Is
> it better for the user to be granted very limited privileges by being
> in the lpadmin group or to become root to carry out the task?
> 

Who said anything about lpadmin? The question is about the wisdom of
automatically including someone in the sudo group, which in a default
Debian sudoers file, gives full root privileges to everything, using the
user's password.

We have someone saying this happens, someone else saying it doesn't, I
don't know as I haven't done a recent installation, and the thread was
started by someone who says it did happen to him.

-- 
Joe

Re: [SOLVED] Re: Security hole in LXDE?

[GiaThnYgeia]

Greg Wooledge:
> On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote:
>> Debian appears to use the group 'sudo' as an administrative group,
>> where some other distributions use 'wheel'.
>>
>> I would not have thought that users would be added to it by default,
>> there are no members on my sid/xfce4 workstation. Indeed, up to Jessie,
>> sudo was not installed at all by default, and may still not be.
> 
> If you use the regular Debian installer, the user account that you
> create during installation gets added to a lot of these special groups
> (sudo, cdrom, floppy, audio, video, ...?).  Users that you create
> post-installtion using adduser or useradd do not.

On an Debian-lxde installer you are asked for a root pass and then a
username/pass
As I remember before you manually add a user in the user group the sudo
command results to error.  Before I figured it out I had to use su
instead and any admin-package required user:root and pass to run.  After
adding a user in the sudo list all such packages ask for the user's
pass.  I think it is a sensible policy.

-- 
 "The most violent element in society is ignorance" rEG

Re: [SOLVED] Re: Security hole in LXDE?

[Brian]

On Mon 06 Mar 2017 at 18:59:18 +, Joe wrote:

> On Mon, 6 Mar 2017 13:40:45 -0500
> Greg Wooledge  wrote:
> 
> > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote:
> > > Debian appears to use the group 'sudo' as an administrative group,
> > > where some other distributions use 'wheel'.
> > > 
> > > I would not have thought that users would be added to it by default,
> > > there are no members on my sid/xfce4 workstation. Indeed, up to
> > > Jessie, sudo was not installed at all by default, and may still not
> > > be.  
> > 
> > If you use the regular Debian installer, the user account that you
> > create during installation gets added to a lot of these special groups
> > (sudo, cdrom, floppy, audio, video, ...?).  Users that you create
> > post-installtion using adduser or useradd do not.
> > 
> 
> New behaviour, then, my current sid was installed as wheezy, I added
> sudo manually early on, but as it was not installed by default, it
> would not have added the installing user to a sudo group. I'm certainly
> not a member of that group, and have no wish to be.

The "first user" is not in the sudo group. The place to check this
is the templates file in the user-setup-udeb package.
 
> Possibly I'm missing something, but doesn't this repeat the Windows
> mistake of automatically giving the user admin privileges? Isn't that
> the main reason for the existence of so many Windows viruses?

Look at it this way. The "first user" wishes to set up a printer. Is
it better for the user to be granted very limited privileges by being
in the lpadmin group or to become root to carry out the task?

-- 
Brian.

Re: [SOLVED] Re: Security hole in LXDE?

[Joe]

On Mon, 6 Mar 2017 13:40:45 -0500
Greg Wooledge  wrote:

> On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote:
> > Debian appears to use the group 'sudo' as an administrative group,
> > where some other distributions use 'wheel'.
> > 
> > I would not have thought that users would be added to it by default,
> > there are no members on my sid/xfce4 workstation. Indeed, up to
> > Jessie, sudo was not installed at all by default, and may still not
> > be.  
> 
> If you use the regular Debian installer, the user account that you
> create during installation gets added to a lot of these special groups
> (sudo, cdrom, floppy, audio, video, ...?).  Users that you create
> post-installtion using adduser or useradd do not.
> 

New behaviour, then, my current sid was installed as wheezy, I added
sudo manually early on, but as it was not installed by default, it
would not have added the installing user to a sudo group. I'm certainly
not a member of that group, and have no wish to be.

Possibly I'm missing something, but doesn't this repeat the Windows
mistake of automatically giving the user admin privileges? Isn't that
the main reason for the existence of so many Windows viruses?

-- 
Joe

Re: [SOLVED] Re: Security hole in LXDE?

[Greg Wooledge]

On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote:
> Debian appears to use the group 'sudo' as an administrative group,
> where some other distributions use 'wheel'.
> 
> I would not have thought that users would be added to it by default,
> there are no members on my sid/xfce4 workstation. Indeed, up to Jessie,
> sudo was not installed at all by default, and may still not be.

If you use the regular Debian installer, the user account that you
create during installation gets added to a lot of these special groups
(sudo, cdrom, floppy, audio, video, ...?).  Users that you create
post-installtion using adduser or useradd do not.

Re: [SOLVED] Re: Security hole in LXDE?

[Joe]

On Mon, 06 Mar 2017 18:28:25 +0100
Hans  wrote:

> Closing my first report. When  I deleted the user from the group
> "sudo", everything worked back as normal.
> 
>

Debian appears to use the group 'sudo' as an administrative group,
where some other distributions use 'wheel'.

I would not have thought that users would be added to it by default,
there are no members on my sid/xfce4 workstation. Indeed, up to Jessie,
sudo was not installed at all by default, and may still not be.

-- 
Joe

No network and update notifications on Gnome desktop

[Mika Hanhijärvi]

Hi

I am using Debian Stretch on both of my laptops. I use Gnome desktop. I 
have installedd all updates available.


For some reason I do not get any network notifications. If I e.g connect 
to wifi network, disconnect from it or if the connection just gets  
disconnected for some reason then I do not get any notification. That is 
not good.


 Notifications are activated in the Gnome settings. Network application 
notifications are also activated. I have activated both sound alerts and 
notification banners.  I get no sound alerts and no notification 
banners. The same happens on both of my laptops.


I am blind so it is difficult for me to try to solve this. I have no 
idea in which package the problem is.


I have noticed one thing. When I go to Network's notification settings 
(Gnome desktop's settings: Settings->Notifications->Network)and switch 
the notification banner on or o ff then Orca says "Not pressed Not 
pressed" or "Pressed Pressed". So it says two times "Not pressed" or 
"Pressed". The does not happen if I switch notifacation banners on or 
off for some other application, it happens only if I change Network's 
notification settings. Maybe this is a sign of bug somewhere.


I do get e.g e-mail notifications from Mailnag etc.

Similarly I also do not get anysoftware update notifications. When there 
is updates available I do not get any notification. I have noticed that 
even  if there really is updates available I get no notification about 
that. It does not seem to matter if my computer is connected to wifi or 
mobile broadband. The same happens on both of my laptops. This is not 
good at all.


There really should be both network and update notifications, those are 
important part of desktop.


I do not know if it somehow causes problems that I have both Gnome and 
Mate desktop installed. I really do not know how could that cause the 
problem, and as I said I do get e.g e-mail notifications from Mailnag I 
will most likely uninstall Mate at some point because I like Gnome more. 
I do not really use Mate .


Any idea what is wrong? Thanks in advance.

Debian en Asus EEEPC

[Darío]

Hola a toda la comunidad!
estoy por comprar esta notebook como segunda, para llevar a la escuela. 
Pienso instalarle una distro Debian, posiblemente Squeeze estable aunque 
ya no tenga más actualizaciones.
Quisiera saber opiniones sobre cómo anda esta notebook con Debian o 
alguna otra que recomienden (menos Ubuntu), en especial el uso será con 
programas educativos como GeoGebra, Octave, y compilar archivos tex.


Saludos y gracias!
Darío

[SOLVED] Re: Security hole in LXDE?

[Hans]

Closing my first report. When  I deleted the user from the group "sudo", 
everything worked back as normal.

However, IMO the user must additionally be in /et/suders to get the described 
behaviour working.

What is sure: Either KDE or LXDE gave me the opportunity (by using the root  
password), to remember the passsword and let users 
execute applications (like synaptic) s root.

I am glad, to find the reason at h eend. There is nothing more annoying, than 
not to kow, what is going on.

Thank you all for your help and your thoughts abut this problem!

I love the community!

Best regards

Hans

Re: upgraded config files in /lib/systemd/system

[Reco]

Hi.

On Mon, 6 Mar 2017 14:25:44 +
Jonathan Dowland  wrote:

> On Tue, Feb 28, 2017 at 10:25:52AM -0500, Marc Auslander wrote:
> > IIRC in the "old" world, if you had a modified version of a config
> > file and an update modified the original released version, you got
> > a warning and a dialog which let you decide how to proceed.
> 
> This is still the case on Debian systems: it's the "conffile" feature
> of Debian packages.
> 
> Unfortunately systemd was designed in part around limitations of other
> systems' package managers, such as RPM, which lack this feature. So
> they invented the /etc/systemd/system-overrides-/lib/systemd/system
> override scheme instead.

To be more precise, a file in RPM actually *can* be declared as a
configfile (rpm -qc). It's 'dialog' part aka debconf that's
deliberately missing there.
Since both RPM install and upgrade do not allow user input by
design, user-modified configfiles are preserved as is (usually),
rpm-provided configfiles are placed nearby with .rpmnew extension.

Reco

Installation issues - Synaptic/packaging bugs and/or confused operator

[Richard Owlett]

I don't have I would call a succinct problem description.
I will list chronologically what I did with what DID NOT happen that 
"should" have happened.


1.   I have been attempting to use multistrap. I have suspicions that I 
have configuration problems. This is not the subject of this thread, but 
only stated for context.


2.   I used Synaptic's search function to find multistrap related 
packages. The only one that came up was  libconfig-model-perl. It's 
description and homepage [https://github.com/dod38fr/config-model/wiki] 
had at least a partial solution to my problems. They said it had a 
configuration model and editor for multistrap.


3.   I installed it. The Synaptic description had said it provided (or 
could provide) a graphical user interface (with 
libconfig-model-tkui-perl). Checking showed that 
libconfig-model-tkui-perl had been installed. *NOTHING* had shown up in 
any MATE menu. Further checking showed that *NEITHER* Tk *NOR* Tcl had 
been installed. I installed both. *NEITHER* showed up in any menu. I can 
execute tclsh8.6 in a MATE terminal. I haven't used Tcl/Tk in quite a 
while and will have to go to my Windows machine to refresh my memory on 
how Tk is launched.



How do I use libconfig-model-perl to configure multistrap?
What additional information is needed to resolve my problems?

TIA

Re: MONTHLY UPDATE

[Juan Lavieri]

Hola a todos.


El 06-03-2017 a las 09:02 a.m., Felix Perez escribió:

El día 2 de marzo de 2017, 12:11, Miguel Matos
 escribió:

2017-03-01 21:09 GMT-04:00 Dixan :

Mas basura phishing! No se pueden eliminar estas direcciones de la lista?


El 01/03/17 a las 23:26, IT Department escribió:

Please be advised that we will be performing a scheduled email maintenance 
within the next 24hrs, during this maintenance you will be require to
update your email account via link goo.gl/jOwp6e

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


Mi recomendación para estos casos es siempre estar presionando el
botón de "spam" o "correo basura", si su gestor de correo no lo hace
entonces no lo han configurado bien. La mía sí lo hace. Si no les
funcionan, debe haber un botón o una opción que especifique "marcar
como spam" o, en el caso de Gmail, elegir una opción que diga "Filtrar
mensajes como este", "Bloquear a ..." y "Marcar como spam" (no
necesariamente en ese orden).




Si no es porque lo respondiste a la lista no me habría dado cuenta que
llegó, configura bien tu cliente de correo o si usas gmail marcalo
como spam misma acción  puedes hacer dentro de la lista.


Felix una pregunta.

Si marco como spam en mi cliente de correo, un mensaje de la lista, ¿no 
me filtraría todos los mensajes de la lista de allí en adelante?


Siempre he tenido esa duda.

Gracias.



Saludos.



--
Juan M Lavieri

Errar es de humanos, pero es mas humano culpar a los demás.

Re: Recomended tutoial(s) on doing arithmetic in Bash scripts

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Mar 06, 2017 at 03:50:06PM +0100, Jörg-Volker Peetz wrote:
> Greg Wooledge wrote on 03/06/17 14:38:
> > On Sun, Mar 05, 2017 at 05:25:49PM +0100, to...@tuxteam.de wrote:
> >> If you need floating point numbers, bc (or dc) are your next stops.
> > 
> > Or awk.  For some problems, awk is fantastic.
> > 
> 
> Yes, it helps to sample the number of "bytes" like so:
> 
> owl1=$(awk '/usb0/ {print $2}' /proc/net/dev)
> 
> # insert process to be measured
> 
> bytes=$(awk "/usb0/ {print (\$2 - $owl1)}" /proc/net/dev)

Yep to Greg and thanks to Jörg. And to those who say "Perl": again,
I'm a Perl fan, but awk is *much* nimbler than Perl and thus far a
better match as a toolset utility in a shell script's context.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli9gY0ACgkQBcgs9XrR2kbDGACfZtsUq5bC0pgLDZsESy/NHCoa
mGkAnRabjRPiwTT2EERjVq5PUCnXyD2J
=cyV9
-END PGP SIGNATURE-

Re: [OT] Alerta!!!!! fishing en esta lista!!!!

[yukiteruamano]

El 2017-03-03 21:33, rogger.ortega0...@openmailbox.org escribió:

Son mas, curiosidades o un gran wtf! para estas epocas.

El 3 de marzo de 2017 2:46:07 AM GMT-05:00, alfon  
escribió:

Pues no es cosa de risa.


Por acá seguimos riendo de un compañero que dió su clave bancaria y

le

vaciaron su cuenta.


Esto es increible...como la gente cae en una broma tan tonta y absurda.

Re: upgraded config files in /lib/systemd/system

[Jonathan Dowland]

On Tue, Feb 28, 2017 at 10:25:52AM -0500, Marc Auslander wrote:
> IIRC in the "old" world, if you had a modified version of a config
> file and an update modified the original released version, you got
> a warning and a dialog which let you decide how to proceed.

This is still the case on Debian systems: it's the "conffile" feature
of Debian packages.

Unfortunately systemd was designed in part around limitations of other
systems' package managers, such as RPM, which lack this feature. So
they invented the /etc/systemd/system-overrides-/lib/systemd/system
override scheme instead.

The techniques that others in this thread have mentioned for partially
overriding or supplanting an existing system file go some way to
redress this.

-- 
Jonathan Dowland
Please do not CC me, I am subscribed to the list.


signature.asc
Description: Digital signature

Re: Recomended tutoial(s) on doing arithmetic in Bash scripts

[Jörg-Volker Peetz]

Greg Wooledge wrote on 03/06/17 14:38:
> On Sun, Mar 05, 2017 at 05:25:49PM +0100, to...@tuxteam.de wrote:
>> If you need floating point numbers, bc (or dc) are your next stops.
> 
> Or awk.  For some problems, awk is fantastic.
> 

Yes, it helps to sample the number of "bytes" like so:

owl1=$(awk '/usb0/ {print $2}' /proc/net/dev)

# insert process to be measured

bytes=$(awk "/usb0/ {print (\$2 - $owl1)}" /proc/net/dev)


Regards,
jvp.

Re: Recomended tutoial(s) on doing arithmetic in Bash scripts

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Mar 06, 2017 at 08:38:05AM -0500, Greg Wooledge wrote:
> On Sun, Mar 05, 2017 at 05:25:49PM +0100, to...@tuxteam.de wrote:
> > If you need floating point numbers, bc (or dc) are your next stops.
> 
> Or awk.  For some problems, awk is fantastic.
> 
> 
> On Sun, Mar 05, 2017 at 06:14:00PM +, GiaThnYgeia wrote:
> > I see your 2 and raise you
> > nosuchagency@bottomofthesea:~$ echo $(((30+40)/3))
> > 23
> > 
> > Infinitely inaccurate digital systems
> 
> Bash uses 64-bit integers, since version 2.05b.  If you want arbitrary
> precision, use bc (or a programming language with an arbitrary precision
> math library).

As I found out, dc also supports arbitrary precision. Had I read the
man page's "NAME" entry

  NAME
   dc - an arbitrary precision calculator

with some more care, oh, well.

> POSIX shells in general may use smaller integers than that.  I wouldn't
> expect anything outside the range (-2^31 .. +2^31) to be portable.

Yes. Proceed with care.

> expr(1) is legacy rubbish and should never be used in new scripts.

It's from the times shells hadn't built-in arithmetic. If you are stuck
with, e.g. an old c shell (some over-expensive commercial application
at $COMPANY is), you might find calls to it deeply buried in shell
primordial soup. So it makes sense to keep it around. But yes, what
expr can do can/should be done (better) by $((...))

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli9aX8ACgkQBcgs9XrR2kZ0kwCfRml26cNAb7uvl31UkB/gz+Ch
MMIAnjdfsjuUgpQ/JoP3Slha3I/OsQXQ
=czPp
-END PGP SIGNATURE-

Re: Recomended tutoial(s) on doing arithmetic in Bash scripts

[Greg Wooledge]

On Sun, Mar 05, 2017 at 05:25:49PM +0100, to...@tuxteam.de wrote:
> If you need floating point numbers, bc (or dc) are your next stops.

Or awk.  For some problems, awk is fantastic.


On Sun, Mar 05, 2017 at 06:14:00PM +, GiaThnYgeia wrote:
> I see your 2 and raise you
> nosuchagency@bottomofthesea:~$ echo $(((30+40)/3))
> 23
> 
> Infinitely inaccurate digital systems

Bash uses 64-bit integers, since version 2.05b.  If you want arbitrary
precision, use bc (or a programming language with an arbitrary precision
math library).

POSIX shells in general may use smaller integers than that.  I wouldn't
expect anything outside the range (-2^31 .. +2^31) to be portable.

expr(1) is legacy rubbish and should never be used in new scripts.

Re: se connecter à une machine distante via ssh

[Jean-Claude MARQUES]

Le 06/03/2017 à 11:27, Sébastien NOBILI a écrit :

Bonjour,

Le dimanche 05 mars 2017 à 18:38, Jean-Claude MARQUES a écrit :

PermitRootLogin no

Là on désactive complètement la possibilité de se connecter au compte « root »,
ce qui n’est pas l’objectif de la manipulation proposée. Pour permettre une
connexion uniquement par clé, il faut plutôt mettre cette directive :

 PermitRootLogin without-password

Oui, bien sûr !!!...
Les effets (persistants) d'un trop bon repas de dimanche midi ? Pour 
s'en remettre : man 5 sshd_config, sans modération

Jean-Claude


Sébastien

Re: Quel solution de sauvegarde ...

[Dominique Asselineau]

daniel huhardeaux wrote on Mon, Mar 06, 2017 at 02:05:26PM +0100
> Le 06/03/2017 à 13:51, contact a écrit :
> >
> >Bonjour
> >
> >je souhaite mettre en place une solution de sauvegarde des données des
> >comptes de PC sous linux sur une machine dédiée elle aussi sous linux.
> >
> >J'ai envisagé cette approche, qui consiste a sauvegarder les comptes avec
> >un script via rsync. Mais peut être y-a-t-il une meilleure formule.
> >
> 
> Deja-dup se base sur sync. Simple et efficace

rsnapshot également.

--

Re: Quel solution de sauvegarde ...

[Jean-Michel OLTRA]

Bonjour,


Le lundi 06 mars 2017, contact a écrit...


>je souhaite mettre en place une solution de sauvegarde des données des
>comptes de PC sous linux sur une machine dédiée elle aussi sous linux.

>J'ai envisagé cette approche, qui consiste a sauvegarder les comptes
>avec un script via rsync. Mais peut être y-a-t-il une meilleure
>formule.

J'avais initié un fil à ce sujet l'année dernière. On m'avait conseillé dar
et rsnapshot. C'est ce que j'ai mis en place (les 2).

-- 
jm

Re: Quel solution de sauvegarde ...

[daniel huhardeaux]

Le 06/03/2017 à 13:51, contact a écrit :


Bonjour

je souhaite mettre en place une solution de sauvegarde des données des 
comptes de PC sous linux sur une machine dédiée elle aussi sous linux.


J'ai envisagé cette approche, qui consiste a sauvegarder les comptes 
avec un script via rsync. Mais peut être y-a-t-il une meilleure formule.




Deja-dup se base sur sync. Simple et efficace

--
Daniel

Re: MONTHLY UPDATE

[Felix Perez]

El día 2 de marzo de 2017, 12:11, Miguel Matos
 escribió:
> 2017-03-01 21:09 GMT-04:00 Dixan :
>> Mas basura phishing! No se pueden eliminar estas direcciones de la lista?
>>
>>
>> El 01/03/17 a las 23:26, IT Department escribió:
>>> Please be advised that we will be performing a scheduled email maintenance 
>>> within the next 24hrs, during this maintenance you will be require to
>>> update your email account via link goo.gl/jOwp6e
>>>
>>> ---
>>> This email has been checked for viruses by Avast antivirus software.
>>> https://www.avast.com/antivirus
>>>
>>
>
> Mi recomendación para estos casos es siempre estar presionando el
> botón de "spam" o "correo basura", si su gestor de correo no lo hace
> entonces no lo han configurado bien. La mía sí lo hace. Si no les
> funcionan, debe haber un botón o una opción que especifique "marcar
> como spam" o, en el caso de Gmail, elegir una opción que diga "Filtrar
> mensajes como este", "Bloquear a ..." y "Marcar como spam" (no
> necesariamente en ese orden).
>
>
>

Si no es porque lo respondiste a la lista no me habría dado cuenta que
llegó, configura bien tu cliente de correo o si usas gmail marcalo
como spam misma acción  puedes hacer dentro de la lista.

Saludos.

-- 
usuario linux  #274354
normas de la lista:  http://wiki.debian.org/es/NormasLista
como hacer preguntas inteligentes:
http://www.sindominio.net/ayuda/preguntas-inteligentes.html

Quel solution de sauvegarde ...

[contact]

  
  
Bonjour
je souhaite mettre en place une solution de sauvegarde des
  données des comptes de PC sous linux sur une machine dédiée elle
  aussi sous linux.
J'ai envisagé cette approche, qui consiste a sauvegarder les
  comptes avec un script via rsync. Mais peut être y-a-t-il une
  meilleure formule.





-- 
  François-Marie BILLARD
  Sculpteur - Céramiste 

  

Re: se connecter à une machine distante via ssh PB avec la clef et KNOW_HOSTS.

[contact]

  
  
en effet mais je me demande pourquoi ce fichier a ces droits
  particuliers.
Cordialement

François-Marie BILLARD
  Sculpteur - Céramiste 

Le 06/03/2017 à 12:16, Sébastien NOBILI
  a écrit :


  Le lundi 06 mars 2017 à 11:39, contact a écrit :

  
   Un ls - ld de ~/.ssh/ renvoi :

   -rw--- 1 root root 3774 janv.  9 13:01 known_hosts

   ce qui fait qu'en tant qu'utilisateur je ne peux modifier ce fichier. Que
   faire ?

  
  
Il faut rendre le fichier à son propriétaire. Ça se fait avec la commande
« chown » à qui il va falloir donner :
— l’identifiant de l’utilisateur,
— le chemin d’accès complet au fichier.

Le tout lancé par « root ».

Sébastien




  

erreur -31 avec mc et sftp

[bernard . schoenacker]

bonjour,


je suis confronté à cette erreur: -31

et j'ai trouvé un N° de ticket ...

https://midnight-commander.org/ticket/3406

et rien d'autre


comment faire pour contourner l'erreur ?


slt
bernard

Re: Failing disk advice

[Andy Smith]

Hello,

On Sun, Mar 05, 2017 at 08:38:27PM -0800, David Christensen wrote:
> On 03/05/2017 01:02 PM, Gregory Seidman wrote:
> >I have a disk that is reporting SMART errors.

What are the errors? Some are more serious, some less so.

> >It is an active disk in a (kernel, not hardware) RAID1
> >configuration. I also have a hot spare in the RAID1, and md
> >hasn't decided it should fail the disk and switch to the hot
> >spare. Should I proactively tell md to fail the disk (and let the
> >hot spare take over), or should I just wait until md notices a
> >problem?
> 
> AFAIK desktop disks and "enterprise RAID" disks degrade differently.
> When a desktop disk is having trouble reading a sector, it will retry
> many times before giving up because it is likely the data does not
> exist anywhere else.  But, an enterprise RAID disc will retry only a
> few times and then fail; because the data should exist elsewhere and
> hung reads are intolerable in enterprise environments.

What you're referring to here is SCT Error Recovery Control:

https://en.wikipedia.org/wiki/Error_recovery_control

At one point it was common for it to be a configurable timeout on
most drives, but defaulting to disabled on drive models designed for
desktop use. As you say, the rationale would be that a desktop drive
was probably not in a RAID, so holds the only copy of the data, and
must go to heroic lengths if necessary to read data.

As the drive vendors started being more aggressive about segmenting
their product ranges into "desktop" and "enterprise", they removed
the ability to change the timeout from drives in their desktop ranges.

This has had a very bad side effect for those using desktop drives
in their RAIDs. When SCTERC is not configurable, the timeout is
usually longer than Linux's own block layer timeout. The drive will
be unresponsive for so long that Linux will think the link has died
and reset it or the whole controller. That can cause multiple drives
to be kicked from the MD array though there is nothing wrong with
them, leading to the array becoming inoperable.

This is probably the number one cause of "my array broke and won't
assemble again" posts to linux-raid and so the first question asked
is usually, "what are your timeouts set to?"

It is imperative that anyone using MD RAID checks that their drive
timeouts are set sensibly.

You can check a drive's timeout like this:

# smartctl -l scterc /dev/sda
smartctl 6.4 2014-10-07 r4002 [x86_64-linux-3.16.0-4-amd64] (local build)
Copyright (C) 2002-14, Bruce Allen, Christian Franke, www.smartmontools.org

SCT Error Recovery Control:
   Read: 70 (7.0 seconds)
  Write: 70 (7.0 seconds)

If it comes back like this:

SCT Error Recovery Control:
   Read: Disabled
  Write: Disabled

then it means that SCTERC is supported but disabled, so just needs
setting, like so:

# smartctl -q errorsonly -l scterc,70,70 /dev/sda

but if it comes back like:

Warning: device does not support SCT Error Recovery Control command

then you have a problem as the drive does not support SCTERC and
will likely freeze up for several minutes trying to read a damaged
sector.

If you have drives that don't support SCTERC, and you can't replace
them for ones that do, then your next best course of action is to
increase Linux's own timeouts. 180 seconds seems to be enough:

# echo 180 > /sys/block/sda/device/timeout

The drive will still seem to freeze up for minutes when encountering
an unreadable sector, but Linux will give it longer and you'll avoid
a link/controller reset that could affect other drives.

If you needed to set SCTERC or Linux drive timeout then you must
re-apply those settings at every boot.

> So, if you are using desktop disks in a RAID, you might need to
> manually intervene to compensate for the mismatch.

Adjusting the timeouts is normally all that would be necessary.

If I had a drive that had SCTERC unsupported and it started showing
signs of impending failure, and I had no hot spare, then I'd
probably get a new drive and replace it ASAP just because of the
hassle involved when it does fail. Chances are that failure is going
to happen at an inconvenient time, whereas I could do the
replacement at a time convenient to me.

If, like OP, I had a hot spare in the array then really it is a
no-brainer to me: promote the hot spare then remove the suspect drive.
Since it's a spare there is no time where the array lacks
redundancy. If you wait for the drive to fail then there will be a
period of no redundancy while the spare is brought it.

This does depend on what kind of SMART failure it is though. Some of
them are a concern but do not imply total device failure in the near
future.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Recomended tutoial(s) on doing arithmetic in Bash scripts

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Mar 06, 2017 at 05:13:36AM -0600, Richard Owlett wrote:
> On 03/05/2017 04:12 PM, Jude DaShiell wrote:
> >Another external tool at least as good as bc is wcalc and once that
> >package gets installed just run wcalc at the command prompt and you'll
> >have quite a load of examples show up.
> >
> 
> For my current project I think dc, rather than expr or bc, is the
> better fit for my current project.
> 
> However, browsing thru http://w-calc.sourceforge.net/ and related
> pages indicates it might be a very nice alternative to the
> calculator that the default MATE package includes.

Yes, wcalc looks nice, thanks Jude! And judging by its dependencies
(GNU gmp), it has a fair chance to pass GiaThnYgeia's big number
criterion ;-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli9SN4ACgkQBcgs9XrR2kYVHgCfchLJNY6VRiqsDONZv5wdvylu
AtMAn2SWLqOPL7TFoDubiZdKkTLEIrNh
=LT2x
-END PGP SIGNATURE-

Re: Llista sobre Nautilus/Gnome

[Narcis Garcia]

Gràcies, vaig estar fent servir la llista que esmentaves per esbrinar el
problema, però fins ara no he obtingut resposta que doni resposta.

Tan sols ahir em van orientar cap a una nova característica a partir de
de Nautilus 3.20 (no disponible a Debian 8), la qual permet elaborar un
pedaç:
http://askubuntu.com/questions/680016

Allà mateix desconbreixo el «Stop loading custom accel maps file» desde
la versió 3.15.4 de Nautilus, que no entenc perquè afecta a Debian 8 que
porta la versió 3.14.1



__
I'm using this express-made address because personal addresses aren't
masked enough at this list's archives. Mailing lists service
administrator should fix this.
El 28/12/16 a les 11:33, Alex Muntada ha escrit:
> Narcis Garcia:
> 
>> Tinc un problema per configurar dreceres (com Delete) a Debian 8 amb Gnome.
>> He buscat al wiki.gnome.org però no trobo per on preguntar per això.
>> Algú sap si hi ha algun recurs (llista/fòrum/persona) adequat per fer
>> una consulta tant específica*?
> 
> L'autor de la pàgina https://wiki.gnome.org/Apps/Nautilus és un
> tal https://wiki.gnome.org/CarlosSoriano, que llista algunes
> formes de contacte que et podrien servir.
> 
> D'altra banda, buscant a lists.gnome.org he trobat aquesta llista
> per a desenvolupadors i usuaris:
> 
> https://mail.gnome.org/mailman/listinfo/nautilus-list
> 
> Salut,
> Alex
> 

Re: Failing disk advice

[Mirko Parthey]

On Sun, Mar 05, 2017 at 08:38:27PM -0800, David Christensen wrote:
> On 03/05/2017 01:02 PM, Gregory Seidman wrote:
> >I have a disk that is reporting SMART errors. It is an active disk in a
> >(kernel, not hardware) RAID1 configuration. I also have a hot spare in the
> >RAID1, and md hasn't decided it should fail the disk and switch to the hot
> >spare. Should I proactively tell md to fail the disk (and let the hot spare
> >take over), or should I just wait until md notices a problem?
> 
> I'm confused by "I also have a hot spare in the RAID1".  Do you have a
> two-member RAID1 with a hot spare, or a three-member RAID1?  I would prefer
> the latter:
> 
> https://manpages.debian.org/jessie/mdadm/md.4.en.html

Refining this advice a bit, I would convert the spare to a full RAID
member now, without explicitly failing the disk that reports SMART
errors first.
Assuming you have a two-member RAID1 with a hot spare, the command
should be similar to this (untested):
  mdadm -G /dev/mdX -n 3 
This ensures you keep redundancy during further maintenance actions.

Which SMART errors do you get, and who reports them?
What is the output of the following command for the failing drive?
  smartctl -A /dev/sdY

Regards,
Mirko

Re: se connecter à une machine distante via ssh PB avec la clef et KNOW_HOSTS.

[Sébastien NOBILI]

Le lundi 06 mars 2017 à 11:39, contact a écrit :
>Un ls - ld de ~/.ssh/ renvoi :
> 
>-rw--- 1 root root 3774 janv.  9 13:01 known_hosts
> 
>ce qui fait qu'en tant qu'utilisateur je ne peux modifier ce fichier. Que
>faire ?

Il faut rendre le fichier à son propriétaire. Ça se fait avec la commande
« chown » à qui il va falloir donner :
— l’identifiant de l’utilisateur,
— le chemin d’accès complet au fichier.

Le tout lancé par « root ».

Sébastien

Re: Recomended tutoial(s) on doing arithmetic in Bash scripts

[Richard Owlett]

On 03/05/2017 04:12 PM, Jude DaShiell wrote:

Another external tool at least as good as bc is wcalc and once that
package gets installed just run wcalc at the command prompt and you'll
have quite a load of examples show up.



For my current project I think dc, rather than expr or bc, is the better 
fit for my current project.


However, browsing thru http://w-calc.sourceforge.net/ and related pages 
indicates it might be a very nice alternative to the calculator that the 
default MATE package includes.

Re: dupliquer le dossier de profil de firefox

[hamster]

Le 06/03/2017 11:08, Thierry Bugier Pineau a écrit :

On 06/03/2017 08:52, hamster wrote:

Hello.

J'aimerais que tout nouvel utilisateur créé ait d'office un firefox
avec adblock déjà installé. C'est facile a faire en mettant une copie
du dossier de profil dans /etc/skel. Seulement voila : firefox utilise
des dossiers de profil avec des noms aléatoires. Si c'est fait comme
ca, y'a sans doute une bonne raison. Si j'en met un dans /etc/skel
tous les utilisateurs auront le meme nom de dossier de profil.

Comment gérer ca ?

Et merci pour votre aide.



Bonjour

Peut être qu'installer l'extension à l'échelle du système peut faire
l'affaire ?

Cette page résout elle la question ?

http://kb.mozillazine.org/Installing_extensions#Multi-user_installation


C'est une très bonne idée et ca résoud la moitié de mon problème.

J'ai pris l'exemple de l'antipub, mais je ne me contente pas de faire 
ca. Je vais aussi trifouiller dans la configurantion (notamment sur la 
gestion des cookies), je rajoute le certificat racine de cacert, je 
rajoute des moteurs de recherche.


En fait faut que je cherche si y'a moyen de faire toutes ces opérations 
a l'échelle du système.

Re: se connecter à une machine distante via ssh PB avec la clef et KNOW_HOSTS.

[contact]

  
  
Dans le cadre de connexion ssh, j'ai 


  généré un couple de clef avec ssh-keygen.
  installé un morceau sur le serveur sur lequel je souhaite
avoir accès.

Depuis lors d'une connexion ssh je n'ai plus de demande de mot de
  passe, cependant j'ai un message qui indique que le fichier
  know_hosts ne peut être mis à jour.
Un ls - ld de ~/.ssh/ renvoi :
-rw--- 1 root root 3774 janv.  9 13:01 known_hosts
ce qui fait qu'en tant qu'utilisateur je ne peux modifier ce
  fichier. Que faire ?
Merci 





François-Marie BILLARD
  Sculpteur - Céramiste 

Le 06/03/2017 à 11:27, Sébastien NOBILI
  a écrit :


  Bonjour,

Le dimanche 05 mars 2017 à 18:38, Jean-Claude MARQUES a écrit :

  
PermitRootLogin no

  
  
Là on désactive complètement la possibilité de se connecter au compte « root »,
ce qui n’est pas l’objectif de la manipulation proposée. Pour permettre une
connexion uniquement par clé, il faut plutôt mettre cette directive :

PermitRootLogin without-password

Sébastien




  

Re: confusion in /etc/network/interfaces

[Dominik George]

>> "ifconfig" can not handle multiple IPv4 addresses on one interface
>and
>> needs this kind of crutch.
>> 
>> The far more modern command "ip" has no such limitations.
> 
>I've found my own brain to have a similar limitation, and find
>interface
>aliases useful for clarity even when I have ip(8) available.

OTOH, it is important to be aware of the addresses being on the same interface, 
e.g. when it comes to firewall rules and ARP and the like. There are a few 
pitfalls in having more than one address on one interface which need to be 
taken into account. So I kind of like iproute2 making this clearer.

-nik

Re: Stretch & Safely Replacing systemd?

[Jonathan Dowland]

On Fri, Mar 03, 2017 at 09:42:10AM -0800, Patrick Bartek wrote:
> All that's why I consider systemd so insidious.  It forces you to use it
> whether you want to or not.  Something Microsoft has been doing to
> their users for decades. ;-)
 
You started this thread with

>  I don't like systemd (why is unimportant to this query)

It would be better if we stuck to that.
 

-- 
Jonathan Dowland
Please do not CC me, I am subscribed to the list.


signature.asc
Description: Digital signature

Re: se connecter à une machine distante via ssh

[Sébastien NOBILI]

Bonjour,

Le dimanche 05 mars 2017 à 18:38, Jean-Claude MARQUES a écrit :
> PermitRootLogin no

Là on désactive complètement la possibilité de se connecter au compte « root »,
ce qui n’est pas l’objectif de la manipulation proposée. Pour permettre une
connexion uniquement par clé, il faut plutôt mettre cette directive :

PermitRootLogin without-password

Sébastien

Re: dupliquer le dossier de profil de firefox

[Thierry Bugier Pineau]

Bonjour

Peut être qu'installer l'extension à l'échelle du système peut faire
l'affaire ?

Cette page résout elle la question ?

http://kb.mozillazine.org/Installing_extensions#Multi-user_installation

On 06/03/2017 08:52, hamster wrote:
> Hello.
>
> J'aimerais que tout nouvel utilisateur créé ait d'office un firefox
> avec adblock déjà installé. C'est facile a faire en mettant une copie
> du dossier de profil dans /etc/skel. Seulement voila : firefox utilise
> des dossiers de profil avec des noms aléatoires. Si c'est fait comme
> ca, y'a sans doute une bonne raison. Si j'en met un dans /etc/skel
> tous les utilisateurs auront le meme nom de dossier de profil.
>
> Comment gérer ca ?
>
> Et merci pour votre aide.
>

Re: confusion in /etc/network/interfaces

[Jonathan Dowland]

On Sat, Mar 04, 2017 at 09:10:16PM +0100, Sven Hartge wrote:
> Worth noting: the interface:alias notation was introduced because
> "ifconfig" can not handle multiple IPv4 addresses on one interface and
> needs this kind of crutch.
> 
> The far more modern command "ip" has no such limitations.
 
I've found my own brain to have a similar limitation, and find interface
aliases useful for clarity even when I have ip(8) available.

-- 
Jonathan Dowland
Please do not CC me, I am subscribed to the list.


signature.asc
Description: Digital signature

Re: Bloquear red a ejecutable

[Darthcoli - Alejandro Izquierdo]

Se me ocurren dos maneras sencillas de hacerlo. Puedes ejecutar la
aplicación en un entorno aislado (por ejemplo con containers, como docker o
lxc), o puedes limitar la red a un proceso via iptables, pero ojo, es
mejor, dado como funciona linux, que lo hagas limitando los permisos del
usuario, es decir, generar un usuario adhoc para ejecutar ese proceso y
configurar las limitaciones a ese usuario. Creo que es mas limpio y seguro
que delegar esa gestión a programas de terceros.

Aqui puedes obtener mas ifnformacion sobre ćomo hacerlo.
https://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html


El 4 de marzo de 2017, 4:50, Felix Perez 
escribió:

> El día 2 de marzo de 2017, 9:07, Pablo Daniel Estigarribia Davyt
>  escribió:
> > Hola,
> >
> > hace un rato leyendo un artículo X encontré este software:
> > http://douaneapp.com/
> >
> > No lo probé pero el fin del mismo es: "allowing a user to control which
> > applications can connect to the internet from their GNU/Linux computer."
> >
>
> Douane personal firewall for GNU/Linux,
>
>
> > Creo que esto te puede servir.
> >
> >
> >
> > El mié., 22 feb. 2017 a las 17:18, Josu Lazkano ( >)
> > escribió:
> >>
> >> Hola,
> >>
> >> Respondo para decir que funciona bien, lo unico malo es que solo
> >> funciona como root:
> >>
> >> # unshare -n programa
> >>
> >> Un saludo.
> >>
> >> El día 22 de febrero de 2017, 8:12, Josu Lazkano
> >>  escribió:
> >> > He encontrado esto:
> >> >
> >> > unshare -n programa
> >> >
> >> > Ahora no estoy en casa y no lo puedo probar. Seria algo asi:
> >> >
> >> > unshare -n ping 8.8.8.8
> >> >
> >> > Saludos.
> >> >
> >> >
> >> > El 21 feb. 2017 10:57 p. m., "Matias Mucciolo" <
> mmucci...@suteba.org.ar>
> >> > escribió:
> >> >
> >> > On Tuesday, February 21, 2017 10:26:45 PM Josu Lazkano wrote:
> >> >> Muchas gracias a todos,
> >> >>
> >> >> Ya he localizado a donde se conecta, pero ahora me falta bloquear el
> >> >> ejecutable.
> >> >>
> >> >> ¿Existe algun software para ello? Algo como "./bloquear programa"
> >> >>
> >> >> Muchas gracias por todo.
> >> >>
> >> >> Un saludo.
> >> >
> >> > todo depende de que binario estes hablando
> >> > podes sacarle los permisos de ejecución y lectura
> >> > para todos los usuarios.
> >> > Si necesitas que algunos si pueden ejecutarlo
> >> > vas a tener que hacer un grupo y poner ese
> >> > grupo en el binario...tipicos permisos de unix.
> >> > Tambien podes usar ACLs
> >> >
> >> > ahora lo que preguntas acerca de ./bloquear programa.
> >> > yo al menos nunca vi algo como eso o no recuerdo en estos momentos.
> >> >
> >> > Tambien selinux se podria hacer algo pero ya es mas complicado..
> >> > demasiado complicado y mucho tiempo de mantenimiento.
> >> >
> >> > Saludos
> >> > Matias.
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Josu Lazkano
> >>
> > --
> > Pablo.
>
>
>
> --
> usuario linux  #274354
> normas de la lista:  http://wiki.debian.org/es/NormasLista
> como hacer preguntas inteligentes:
> http://www.sindominio.net/ayuda/preguntas-inteligentes.html
>
>


-- 
-Alejandro Izquierdo-

dupliquer le dossier de profil de firefox

[hamster]

Hello.

J'aimerais que tout nouvel utilisateur créé ait d'office un firefox avec 
adblock déjà installé. C'est facile a faire en mettant une copie du 
dossier de profil dans /etc/skel. Seulement voila : firefox utilise des 
dossiers de profil avec des noms aléatoires. Si c'est fait comme ca, y'a 
sans doute une bonne raison. Si j'en met un dans /etc/skel tous les 
utilisateurs auront le meme nom de dossier de profil.


Comment gérer ca ?

Et merci pour votre aide.