FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 03-13-2012, 04:17 AM
Luca Barbato
 
Default

On 3/12/12 8:53 PM, Robin H. Johnson wrote:

On Mon, Mar 12, 2012 at 11:14:23PM -0400, Joshua Kinard wrote:

Yeah, I think it's an easy fix either in openrc or in an initscript
somewhere. I changed nothing except my kernel (was missing devtmpfs -- it's
not under Filesystems!), uninstalled module-init-tools, and installed kmod +
udev-181. Then rolled back the snapshot once I had the results.

When udev is linked against a library in /usr, this is not going to work
anymore, because udev won't start at all.


So you need need a smaller udev that is completely self contained and
make sure anything needed for the key rules works. I wonder if the
pci-ids cannot stay somewhere in /etc or /lib


lu
 
Old 03-13-2012, 07:07 AM
Arch Website Notification
 
Default

=== Signoff report for [community-testing] ===
https://www.archlinux.org/packages/signoffs/

There are currently:
* 0 new packages in last 24 hours
* 0 known bad packages
* 0 packages not accepting signoffs
* 0 fully signed off packages
* 3 packages missing signoffs
* 2 packages older than 14 days

(Note: the word 'package' as used here refers to packages as grouped by
pkgbase, architecture, and repository; e.g., one PKGBUILD produces one
package per architecture, even if it is a split package.)



== Incomplete signoffs for [community] (3 total) ==

* cdemu-daemon-1.5.0-2 (i686)
0/2 signoffs
* dbmail-3.0.0_rc3-1 (i686)
0/2 signoffs
* dbmail-3.0.0_rc3-1 (x86_64)
0/2 signoffs


== All packages in [community-testing] for more than 14 days (2 total) ==

* dbmail-3.0.0_rc3-1 (i686), since 2012-01-15
* dbmail-3.0.0_rc3-1 (x86_64), since 2012-01-16


== Top five in signoffs in last 24 hours ==

1. bpiotrowski - 9 signoffs
2. allan - 6 signoffs
3. bisson - 3 signoffs
4. dreisner - 2 signoffs
 
Old 03-13-2012, 07:07 AM
Arch Website Notification
 
Default

=== Signoff report for [testing] ===
https://www.archlinux.org/packages/signoffs/

There are currently:
* 14 new packages in last 24 hours
* 2 known bad packages
* 0 packages not accepting signoffs
* 12 fully signed off packages
* 28 packages missing signoffs
* 5 packages older than 14 days

(Note: the word 'package' as used here refers to packages as grouped by
pkgbase, architecture, and repository; e.g., one PKGBUILD produces one
package per architecture, even if it is a split package.)


== New packages in [testing] in last 24 hours (14 total) ==

* bash-4.2.024-1 (i686)
* grep-2.11-2 (i686)
* iproute2-3.2.0-3 (i686)
* libedit-20120311_3.0-1 (i686)
* openssl-1.0.0.h-1 (i686)
* sudo-1.8.4.p4-1 (i686)
* usbutils-005-1 (i686)
* bash-4.2.024-1 (x86_64)
* grep-2.11-2 (x86_64)
* iproute2-3.2.0-3 (x86_64)
* libedit-20120311_3.0-1 (x86_64)
* openssl-1.0.0.h-1 (x86_64)
* sudo-1.8.4.p4-1 (x86_64)
* usbutils-005-1 (x86_64)


== Incomplete signoffs for [core] (19 total) ==

* bash-4.2.024-1 (i686)
1/2 signoffs
* dirmngr-1.1.0-4 (i686)
0/2 signoffs
* iproute2-3.2.0-3 (i686)
0/2 signoffs
* krb5-1.10.1-1 (i686)
1/2 signoffs
* libedit-20120311_3.0-1 (i686)
1/2 signoffs
* mkinitcpio-busybox-1.19.4-2 (i686)
1/2 signoffs
* mpfr-3.1.0.p7-1 (i686)
1/2 signoffs
* openssl-1.0.0.h-1 (i686)
0/2 signoffs
* sudo-1.8.4.p4-1 (i686)
1/2 signoffs
* syslinux-4.05-4 (i686)
0/2 signoffs
* usbutils-005-1 (i686)
0/2 signoffs
* bash-4.2.024-1 (x86_64)
1/2 signoffs
* dirmngr-1.1.0-4 (x86_64)
0/2 signoffs
* iproute2-3.2.0-3 (x86_64)
0/2 signoffs
* krb5-1.10.1-1 (x86_64)
1/2 signoffs
* libedit-20120311_3.0-1 (x86_64)
1/2 signoffs
* openssl-1.0.0.h-1 (x86_64)
0/2 signoffs
* sudo-1.8.4.p4-1 (x86_64)
1/2 signoffs
* usbutils-005-1 (x86_64)
0/2 signoffs

== Incomplete signoffs for [extra] (6 total) ==

* libreoffice-i18n-3.5.0-1 (any)
1/2 signoffs
* libreoffice-3.5.0-2 (i686)
0/2 signoffs
* samba-3.6.3-4 (i686)
0/2 signoffs
* subversion-1.7.4-1 (i686)
1/2 signoffs
* libreoffice-3.5.0-2 (x86_64)
1/2 signoffs
* samba-3.6.3-4 (x86_64)
0/2 signoffs

== Incomplete signoffs for [unknown] (3 total) ==

* archlinux-keyring-20120303-1 (any)
0/2 signoffs
* cups-filters-1.0.1-1 (i686)
0/2 signoffs
* cups-filters-1.0.1-1 (x86_64)
1/2 signoffs


== Completed signoffs (12 total) ==

* mkinitcpio-0.8.4-1 (any)
* e2fsprogs-1.42.1-1 (i686)
* grep-2.11-2 (i686)
* udev-181-4 (i686)
* e2fsprogs-1.42.1-1 (x86_64)
* grep-2.11-2 (x86_64)
* mkinitcpio-busybox-1.19.4-2 (x86_64)
* mpfr-3.1.0.p7-1 (x86_64)
* syslinux-4.05-4 (x86_64)
* udev-181-4 (x86_64)
* namcap-3.2.3-1 (any)
* subversion-1.7.4-1 (x86_64)


== All packages in [testing] for more than 14 days (5 total) ==

* libreoffice-i18n-3.5.0-1 (any), since 2012-02-10
* cups-filters-1.0.1-1 (i686), since 2012-02-17
* cups-filters-1.0.1-1 (x86_64), since 2012-02-17
* libreoffice-3.5.0-2 (i686), since 2012-02-20
* libreoffice-3.5.0-2 (x86_64), since 2012-02-20


== Top five in signoffs in last 24 hours ==

1. bpiotrowski - 9 signoffs
2. allan - 6 signoffs
3. bisson - 3 signoffs
4. dreisner - 2 signoffs
 
Old 03-13-2012, 09:31 AM
Jeroen Roovers
 
Default

On Mon, 12 Mar 2012 21:22:26 -0400
Joshua Kinard <kumba@gentoo.org> wrote:

> On a somewhat sarcastic note, why don't we just deprecate /usr and
> move everything back to /? Isn't that, largely, what is being
> accomplished here? Solaris at least keeps some kernel stuff in / off
> of /stand (I believe). Linux, after this /usr thing is fully
> complete, about the only thing left in / that is of any value will
> be /etc. Kernels were moved into /boot ages ago.

A bit like stali? http://sta.li/

Or is that still too complicated?


jer
 
Old 03-13-2012, 10:21 AM
Bob Hoffman
 
Default

*Nataraj*
/Tue Mar 13 02:01:36 EDT 2012/ wrote:

>On 03/12/2012 10:06 PM, Nataraj wrote:
>>/ On 03/12/2012 09:08 PM, Ron Loftin wrote:
/>>>/ I'm going to chuck in my 2 cents worth here, as I've been using Postfix
/>>>/ as a first-line filter for some years now.
//
/>pbl.spamhaus.org (dynamic IP address RBL) is generally quite safe for
>most sites to use from postfix. The rest of the spamhaus RBL's such as
>the combination that you get from zen.spamhaus.org are mostly safe
>(better than all others that I've tried), but not 100%. Most others
>that I've tried I have gotten a fair number of false positives over time
>(This includes dul.dnsbl.sorbs.net, the sorbs dynamic IP RBL). Many
>people feel that most other RBL's need to be used with a scoring
>mechanism, such as that provided by spamassasin, instead of directly
>from postfix to avoid getting too many false positives.

>Nataraj

I changed it a bit since then. I found that sleep 1, when talking to my other VM that had
sleep 1, caused one mail to just get lost, so I dropped it.

My brother travels a lot and I found the client restrictions would not allow him
to send mail since the wi-fi he would connect to was not figured correctly causing
100% mail send failure. So I left client restrictions empty, but I force ssl and user auth
only anyway.

for the rbl lists I tried to pick those that had a notice page and a remove page.
This way a blocked user can try to figure out why.

Here is a bit from my logwatch, with 8 hours of non blocked spam and 16 hours since blocking it
6098 rejected, 429 accepted (most of those 429 were before the change)
Since 12 noon yesterday I have received 17 junk mails, all but two tagged by spamasassin.
BIG DIFFERENCE.

Below is the logwatch section, followed by my final set up (at least so far).


1.062M Bytes accepted 1,113,084
1007.732K Bytes delivered 1,031,918
======== ================================================

429 Accepted 6.57%
6098 Rejected 93.43%
-------- ------------------------------------------------
6527 Total 100.00%
======== ================================================

4 Reject relay denied 0.07%
340 Reject HELO/EHLO 5.58%
1749 Reject unknown user 28.68%
1 Reject recipient address 0.02%
3 Reject sender address 0.05%
4001 Reject RBL 65.61%
-------- ------------------------------------------------
6098 Total Rejects 100.00%
======== ================================================

8 4xx Reject relay denied 0.84%
318 4xx Reject HELO/EHLO 33.23%
39 4xx Reject unknown user 4.08%
81 4xx Reject recipient address 8.46%
511 4xx Reject sender address 53.40%
-------- ------------------------------------------------
957 Total 4xx Rejects 100.00%
======== ================================================

3534 Connections made
419 Connections lost
3533 Disconnections
429 Removed from queue
137 Delivered
10 Sent via SMTP
1 Bounce (remote)
1 DSNs undeliverable

22 Connection failure (outbound)
23 Timeout (inbound)
1 RBL lookup error
35 Excessive errors in SMTP commands dialog
802 Hostname verification errors
89 Address is deliverable (sendmail -bv)
194 Address is undeliverable (sendmail -bv)
4 Enabled PIX workaround
9 SASL authenticated messages

7 Postfix start
7 Postfix stop
4 Postfix refresh



# for SMTP-Auth settings

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname


smtpd_delay_reject = yes
smtpd_helo_required = yes

smtpd_client_restrictions = permit_mynetworks

smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname


smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain


smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_invalid_hostname,
reject_unknown_hostname,
reject_non_fqdn_hostname
reject_rbl_client zen.spamhaus.org,
reject_rbl_client truncate.gbudb.net,
reject_rbl_client dnsbl.njabl.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_unverified_recipient


smtpd_data_restrictions =
permit_mynetworks,
reject_multi_recipient_bounce

smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-13-2012, 10:54 AM
James Broadhead
 
Default

On 13 March 2012 01:22, Joshua Kinard <kumba@gentoo.org> wrote:
> We should be working to getting rid of /usr and bring it all back into /,
> then create temporary /usr symlinks to point programs in the right
> direction. *After all, /usr was originally for user data, not system data,
> until someone cooked up /home (I don't know the full exact history here, so
> feel free to correct me).
>

I believe that the Art of Unix Programming* says that /usr was the
result of the original UNIX 4MB hard disk becoming full, and that they
chose /usr to mount a second one. Every definition since then has been
an attempt to justify preserving the split.


* On reflection, I may have read this elsewhere.
 
Old 03-13-2012, 12:36 PM
Ian Stakenvicius
 
Default

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 12/03/12 11:14 PM, Joshua Kinard wrote:
> On 03/12/2012 22:33, Ian Stakenvicius wrote:
>
>>
>> On 2012-03-12, at 9:22 PM, Joshua Kinard <kumba@gentoo.org>
>> wrote:
>>
>>>
>>> And yes, I've already tested out udev-181 on a VM with a
>>> separate /usr. With devtmpfs, the system fully boots just
>>> fine, no initramfs needed. Guess what the only piece of
>>> software to mess up is? Udev. I largely think it's a timing
>>> issue in OpenRC, however, because /usr DOES get mounted fairly
>>> quickly, but not before udevd starts. But udevd does restart
>>> itself and everything looks to work fine. If you aren't
>>> watching the terminal, you wouldn't even notice the failures.
>>>
>>
>>
>> THANK YOU for testing this -- I could not forsee a reason, back
>> when this process started, as to why openrc couldn't mount /usr
>> before udev started. since devtmpfs should provide the source
>> devnode anyways. It's good to have a (near) proof of that.
>>
>> Ian
>
> Yeah, I think it's an easy fix either in openrc or in an initscript
> somewhere. I changed nothing except my kernel (was missing
> devtmpfs -- it's not under Filesystems!), uninstalled
> module-init-tools, and installed kmod + udev-181. Then rolled back
> the snapshot once I had the results.

Ah, right; kmod.. Tthere's pressure for that one to move to /usr
too, isn't there mgorny? .... ok, nvm.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iF4EAREIAAYFAk9fTXIACgkQAJxUfCtlWe3RQQD8DIr8mZ773v IqhIxf5ERYWo8E
ZkfDgAUlUDF7hcDiuUIA/1amWFFZcVu36V6vikq4HGF0we43YYMVLW6b96SblGzN
=dKid
-----END PGP SIGNATURE-----
 
Old 03-13-2012, 01:41 PM
Marc Schiffbauer
 
Default

Am Montag, 12. März 2012, 21:22:26 schrieb Joshua Kinard:
[...]
> After all, /usr was originally for user data, not system data,
> until someone cooked up /home (I don't know the full exact history here, so
> feel free to correct me).

IIRC usr = unified system resources (not an abbrev. for "user")

-Marc
--
0x35A64134 - 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134
 
Old 03-13-2012, 02:41 PM
shreyas m
 
Default

I want a process to be running with root*privileges, without providing the root password. Since i have my process in a remote machine. I want it such that, as soon as the system boots up, my process should be running with root privilege. Is there any way in which i can attain it?

Is there any possibility of forking c program as a child process of init process.If so please guide me on how to do it.


Thank You
--
Regards
Shreyas.M


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 03-13-2012, 04:17 PM
Nataraj
 
Default

On 03/13/2012 04:21 AM, Bob Hoffman wrote:
> *Nataraj*
> /Tue Mar 13 02:01:36 EDT 2012/ wrote:
>
>> On 03/12/2012 10:06 PM, Nataraj wrote:
>>> / On 03/12/2012 09:08 PM, Ron Loftin wrote:
> />>>/ I'm going to chuck in my 2 cents worth here, as I've been using Postfix
> />>>/ as a first-line filter for some years now.
> //
> />pbl.spamhaus.org (dynamic IP address RBL) is generally quite safe for
>> most sites to use from postfix. The rest of the spamhaus RBL's such as
>> the combination that you get from zen.spamhaus.org are mostly safe
>> (better than all others that I've tried), but not 100%. Most others
>> that I've tried I have gotten a fair number of false positives over time
>> (This includes dul.dnsbl.sorbs.net, the sorbs dynamic IP RBL). Many
>> people feel that most other RBL's need to be used with a scoring
>> mechanism, such as that provided by spamassasin, instead of directly
> >from postfix to avoid getting too many false positives.
>
>> Nataraj
> I changed it a bit since then. I found that sleep 1, when talking to my other VM that had
> sleep 1, caused one mail to just get lost, so I dropped it.
>
> My brother travels a lot and I found the client restrictions would not allow him
> to send mail since the wi-fi he would connect to was not figured correctly causing
> 100% mail send failure. So I left client restrictions empty, but I force ssl and user auth
> only anyway.
Mobile clients should be authenticating to a relay that's not on any of
the dynamic lists and sending mail out through there. Most sane mail
administrators do not accept mail directly from dynamic broadband/mobile
clients.
> for the rbl lists I tried to pick those that had a notice page and a remove page.
> This way a blocked user can try to figure out why.
Also anyone using rbl's should also review the RBL's policy. Most RBL's
charge a license fee for high volume queries and will cut you off if you
violate their policy.
> Here is a bit from my logwatch, with 8 hours of non blocked spam and 16 hours since blocking it
> 6098 rejected, 429 accepted (most of those 429 were before the change)
> Since 12 noon yesterday I have received 17 junk mails, all but two tagged by spamasassin.
> BIG DIFFERENCE.
>
> Below is the logwatch section, followed by my final set up (at least so far).
Your logwatch format is very nice, that does not appear to be the
standard CentOS included logwatch. Have you customized it alot yourself?

In any case, I used to have very large numbers in the category you
described, but since I started doing agressive blocking with fail2ban
(matching on repeated mail delivery failures), now I just completely
block all those with IPtables, so that postfix never sees them. I have
not noticed any increase in user complaints since this happened. And I
do notice that the majority of the offending IP addresses were from
asia, south america, eastern Europe, the middle east, etc.

Is this just a personal mail server or are you serving a large user base?
>
> 1.062M Bytes accepted 1,113,084
> 1007.732K Bytes delivered 1,031,918
> ======== ================================================
>
> 429 Accepted 6.57%
> 6098 Rejected 93.43%
> -------- ------------------------------------------------
> 6527 Total 100.00%
> ======== ================================================
>
> 4 Reject relay denied 0.07%
> 340 Reject HELO/EHLO 5.58%
> 1749 Reject unknown user 28.68%
> 1 Reject recipient address 0.02%
> 3 Reject sender address 0.05%
> 4001 Reject RBL 65.61%
> -------- ------------------------------------------------
> 6098 Total Rejects 100.00%
> ======== ================================================
>
> 8 4xx Reject relay denied 0.84%
> 318 4xx Reject HELO/EHLO 33.23%
> 39 4xx Reject unknown user 4.08%
> 81 4xx Reject recipient address 8.46%
> 511 4xx Reject sender address 53.40%
> -------- ------------------------------------------------
> 957 Total 4xx Rejects 100.00%
> ======== ================================================
>
> 3534 Connections made
> 419 Connections lost
> 3533 Disconnections
> 429 Removed from queue
> 137 Delivered
> 10 Sent via SMTP
> 1 Bounce (remote)
> 1 DSNs undeliverable
>
> 22 Connection failure (outbound)
> 23 Timeout (inbound)
> 1 RBL lookup error
> 35 Excessive errors in SMTP commands dialog
> 802 Hostname verification errors
> 89 Address is deliverable (sendmail -bv)
> 194 Address is undeliverable (sendmail -bv)
> 4 Enabled PIX workaround
> 9 SASL authenticated messages
>
> 7 Postfix start
> 7 Postfix stop
> 4 Postfix refresh
>
>
>
> # for SMTP-Auth settings
>
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain = $myhostname
>
>
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
>
> smtpd_client_restrictions = permit_mynetworks
>
> smtpd_helo_restrictions =
> permit_mynetworks,
> reject_non_fqdn_helo_hostname,
> reject_invalid_helo_hostname
>
>
> smtpd_sender_restrictions =
> permit_mynetworks,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain
>
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> reject_unauth_pipelining,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_invalid_hostname,
> reject_unknown_hostname,
> reject_non_fqdn_hostname
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client truncate.gbudb.net,
> reject_rbl_client dnsbl.njabl.org
> reject_rbl_client cbl.abuseat.org
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client dnsbl.sorbs.net,
> reject_unverified_recipient
>
>
> smtpd_data_restrictions =
> permit_mynetworks,
> reject_multi_recipient_bounce
>
> smtpd_use_tls = yes
> smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
> smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 02:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org