Re: [gentoo-user] (WAS OT - Port named runs on)
Michael Sullivan wrote: On Fri, 2005-12-16 at 18:48 +, Stroller wrote: On Dec 16, 2005, at 6:25 pm, Michael Sullivan wrote: How would I find out what port named runs on (so I could open that port on my firewall)? It normally runs on port 53, unhelpfully labelled domain in /etc/services (a file which is otherwise normally useful for grepping). Stroller. I found it. It is port 53. Now I have a new problem. I tried to list my DNS server (that I've been working on this week) as an optional third DNS server for my domain at my registrar's website. I have a record for ns.espersunited.com in my DNS setup on my server box. The problem is that nobody knows who ns.espersunited.com is because my current DNS hosting service (Yahoo SmallBusiness) doesn't allow entry of NS records in their customer DNS settings and my registrar (1accredited.com) won't accept an IP address as a nameserver. I might try listing bullet.espersunited.com as a nameserver (ns.espersunited.com has a CNAME record pointing to bullet.espersunited.com), but I'm not sure it will work. Any suggestions of how to get my DNS server noticed You can only run an externally visible DNS server on a *completely* static IP. If you have a static IP for your server, you then have to ask your domain registrar (for espersunited.com) to register your DNS server with the name(s) you wish, I recommend keeping to the standard nsX.domain. If you ever need to change the IP address for your DNS server, you need to ask your registrar to do this. Only once your DNS server is registered can you use it as a server for a domain. Before you do any of this, however, I *strongly* recommend you get very familiar with DNS and understand exactly what you are doing. I cannot emphasize this enough, since if your DNS server is not running properly you can become the target of various attacks and/or the domain(s) you are servicing may start failing. DNS isn't trivial. HTH, Chris -- Chris Boot [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] GCC only for priviliged users?
On 9 Dec 2005, at 17:29, Spider (D.m.D. Lj.) wrote: On Fri, 2005-12-09 at 18:21 +0100, Jesús García Crespo wrote: Hi! I thought that GCC could means a risk if all of the users of my system are able to run it! I talked this with a friend and he propossed to create a new group, compiler, for example, where all the users who will be able to run gcc must belong to it! Wouldn't be interesting to implement this into Gentoo gcc ebuild as an USE? Exactly what risk is there from an end-user running a compiler? A compiler doesn't access any kind of restricted environment, doesn't auytomatically create binaries with other rights than its own and is about as safe a product as there can be. And if you think that users running their own programs is a risk, simply mount /home as noexec, ( make sure to impose the same limitations on /tmp and /var/tmp as well, since users have write-access there) And.. really. python, perl, awk, bash ... All of those are fully capable of creating and running programs. And no, I do not think you can limit the use thereof from user accounts.: ) Don't forget you can run a normal executable with noexec as well: /lib/ld-linux.so some_executable Which basically makes noexec on a mount completely useless. Try it: mount some partition with noexec, copy bash to it, and run it with the above. If you're really paranoid about execution and so on, start reading the SELinux FAQ and create a ruleset.. The default one is probably more lenient than you want it ;) //Spider -- begin .signature Tortured users / Laughing in pain See Microsoft KB Article Q265230 for more information. end Chris -- Chris Boot [EMAIL PROTECTED] http://www.bootc.net/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] grub on a SATA drive
maxim wexler wrote: Thanks for your suggestions. Here's where things stand: I did a fresh 2005.1 stage3 install onto the SATA drive without a hitch. I removed the ide drive, so there's only one hd. In dmesg the drive comes up as /dev/sda sda1(Macro$haft) sda2(/boot) sda5(swap) sda6(/) sda7(home) When I boot w/ the grub floppy I do: grub root (hd0,1) Fs is ext2, part type 0x83 grub kernel /vmlinuz root=/dev/sda6 [Linux-bzImage, setup=0x120, size 0x1463b31] ...so far, so good... grub boot and get: ...VFS: Cannot open root device sda6 or unknown block (0,0) Please append correct root boot option Kernel Panic-not syncing: VFS: Unable to mount root fs on unknown block (0,0) So grub loads abd boots the Linux kernel, but the kernel can't mount the root FS on /dev/sda6. So /dev/sda6 doesn't exist for some reason, which could be one of: 1) There is no /dev/sda6 partition 2) You haven't compiled in support for your SATA controller in the kernel There are two ways of doing SATA on Linux, one is through the IDE layer, which is deprecated and I strongly recommend against, the other is using libata through the SCSI layer. So I'm at a loss. The grub commands went alright. Wouldn't I get an error if one of the commands was wrong? Don't know what's meant by unknown block (0,0). Is it saying it's trying to mount / on /dev/sda1? Doesn't make sense. That means it has no idea what sda6 is, that there is no such device. HTH, Chris -- Chris Boot [EMAIL PROTECTED] http://www.bootc.net/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] what's a good on-demand anti-virus program?
Robert Persson wrote: Does anybody have a recommendation as to which anti-virus program in portage would be best for occasional on-demand scanning? The main use would be to screen windows programs before installing them in wine. Many thanks Robert My fave would ClamAV, which I've been using on my mail server and hasn't let anything nasty past yet. Ever. HTH, Chris -- Chris Boot [EMAIL PROTECTED] http://www.bootc.net/ -- gentoo-user@gentoo.org mailing list
[gentoo-user] GDB can't recognise core files?
Hi all, I just had a crash from the CLI version of PHP that I wanted to debug, so I enabled core files, triggered the crash, and tried to load the core file into GDB: arcadia ~ # gdb /usr/lib/php5/bin/php core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i686-pc-linux-gnu...(no debugging symbols found) Using host libthread_db library /lib/tls/libthread_db.so.1. /home/bootc/core is not a core dump: File format not recognized ^ (gdb) Yet, file clearly states this is a core file, which I fully expect it to be: arcadia ~ # file core core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4- style, SVR4-style, from 'php' What the heck is happening? Chris -- Chris Boot [EMAIL PROTECTED] http://www.bootc.net/ smime.p7s Description: S/MIME cryptographic signature
Re: [gentoo-user] SMP/HT top
Mark Knecht wrote: Hi, Was I mistaken in thinking that a true SMP system and also a hyper threading system would show two processors in top? I am trying out a new HT kernel built this morning. I've enabled both SMP support and hyper threading support but top shows only a single processor. This is not a 'problem'. More a curiosity. 1) Do SMP systems show two or more processors with top? Yes. You may need to press '1' once you have started top to show each processor individually. See the top manpage to see how you can set this as the default. Also note you have to be using an SMP kernel for your extra CPUs to be used at all, let alone seen by top... 2) If not top then what else? 3) Should a HT system show multiple processors? Yes, same as the above. Thanks, Mark -- Chris Boot [EMAIL PROTECTED] http://www.bootc.net/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] daemon monitoring programs
Quoting Eric S. Johansson [EMAIL PROTECTED]: for some reason I've got a couple of daemons that keep going out to lunch on me. Are there any good tools for monitoring daemons and possibly restarting them when they go away? Monit has got to be the best one I've tried. I use it on my server which has surprisingly few problems, but has saved my a$$ too many times to count. I originally started using it because OpenLDAP kept packing up, but I've stopped using it now... HTH, Chris -- Chris Boot [EMAIL PROTECTED] http://www.bootc.net/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] package.provided location question
On 10 Sep 2005, at 16:15, Mark Knecht wrote: Hi, Generic question - why is package.provided located in /etc/make.profile instead of in /etc/portage? Won't l lose my edits when profile changes come along? It seems to me that if I take responsibility for a package, such as jack-audio-connection-kit, that I wouldn't want the system to take responsibility for it later on when a profile change comes along. package.provided is a great feature. I would have killed for this on my old Redhat systems. Thanks, Mark Yes, if you keep package.provided in /etc/make.profile it will get overwritten at every sync. The proper place to put your overrides is in /etc/portage/profile, which took me a good while to figure out... Indeed it is rather nice :-) HTH, Chris -- Chris Boot [EMAIL PROTECTED] http://www.bootc.net/ smime.p7s Description: S/MIME cryptographic signature
Re: [gentoo-user] Turning OFF font-hinting globally?
Oscar Carlsson wrote: Take a look at this file: /etc/fonts/local.conf You can turn on / off the font hinting / whatever from there. There are a few nice font tutorials over at gentoo-wiki.com http://gentoo-wiki.com if you're intrested. I can't help you with the GDM-part, tho :( On 8/14/05, *Chris Boot* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi all, Call me a heretic, but I want to turn OFF font hinting globally in X, most particularly I'd like it off in GDM. I've turned it off in my own Gnome prefs, but tht obviously doesn't touch GDM. As an added bonus, can I change the fonts GDM uses? Thanks, Chris -- Chris Boot [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.bootc.net/ -- gentoo-user@gentoo.org mailto:gentoo-user@gentoo.org mailing list Ah thanks, I looked there but seemed to completely miss the font-related HOWTOs. Lovely stuff! Chris -- Chris Boot [EMAIL PROTECTED] http://www.bootc.net/ -- gentoo-user@gentoo.org mailing list
[gentoo-user] SiI 3112A + Seagate HDs = still no go?
Hi all, I just recently took the plunge and bought 4 250 GB Seagate drives and a 2 port Silicon Image 3112A controller card for the 2 drives my motherboard doesn't handle. No matter how hard I try, I can't get the hard drives to work: they are detected correctly and work reasonably well under _very_ light load, but anything like building a RAID array is a bit much and the whole controller seems to lock up. I can't remember the exact kernel messages, and I've unplugged the drives for now, but they were exactly like those in the following posts: http://www.mail-archive.com/linux-ide@vger.kernel.org/msg00958.html http://www.thisishull.net/archive/index.php/t-21928.html All of these people seemed to be having trouble a good while ago, and other than the blacklist fix (which I have tried...) there seem to be no solutions to the problem at all. I can't seem to find any PCI controller cards not based on the SiI chipset (even the expensive ones) to replace my current card, either. Needless to say the drives on my internal VIA controller work like a charm. Has anyone run unto this problem? Any fixes? Many thanks, Chris -- Chris Boot [EMAIL PROTECTED] http://www.bootc.net/ smime.p7s Description: S/MIME cryptographic signature