[CentOS] Simple web server with Apache: web page permissions ?

[Niki Kovacs]

Hi,

I'm currently sinking my teeth into the fine "Definitive Guide to 
CentOS". Right now I'm reading the chapter about Apache. One thing 
puzzles me: no mention is made of web page permissions.

Let's say I'm using Apache's default configuration for setting up the 
most simple no-frills web server, e. g. no virtual hosts, only a series 
of static HTML pages in /var/www/html.

Q: what permissions should I define for these pages?

I remember having setup some web servers on Debian, and the tradition 
was that everything under /var/www/html (as in this example) was to be 
owned by user www-data and group www-data.

What's the "tradition" with RHEL/CentOS?

Cheers,

Niki
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [Found] CentOS is dead, long live CentOS

[Ron Blizzard]

On Mon, Sep 14, 2009 at 4:23 PM, William Warren

> Why do we want to know?  Because of one person's disappearance the project
> nearly went boom.  Because by your own admission(the devs) the funds were
> NOT going to further the project.  If you can't get a thicker skin maybe you
> need a vacation.

No, the project didn't almost go "boom." By what I read, the worst
that could have possibly happened was that the project was in danger
of forking. In other words CentOS would have lost its name and domain
-- not desired, but hardly a project "killer." That possibility is now
gone.

-- 
RonB -- Using CentOS 5.3
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Ralph Angenendt]

On Tue, 2009-09-15 at 10:20 +0200, Niki Kovacs wrote:
> I remember having setup some web servers on Debian, and the tradition 
> was that everything under /var/www/html (as in this example) was to be 
> owned by user www-data and group www-data.
> 
> What's the "tradition" with RHEL/CentOS?

apache:apache - at least that is the UID/GID the webserver runs under. 

Ralph

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Jim Perrin]

On Tue, Sep 15, 2009 at 4:20 AM, Niki Kovacs  wrote:
> Hi,

> Q: what permissions should I define for these pages?

I'd say, the most restrictive permissions possible, that still allow
your web application to function. I'm a bit more security
conscious/paranoid than most though.

There are an array of things to consider when you're asking about this
sort of thing.
1. Is it a simple server where the person setting things up has the
keys to the castle everywhere, or do you have a 'web group' who can
only deposit pages, but have no other additional privileges and no
root access?

2. Are you hosting static content or dynamic pages?

> I remember having setup some web servers on Debian, and the tradition
> was that everything under /var/www/html (as in this example) was to be
> owned by user www-data and group www-data.
>
> What's the "tradition" with RHEL/CentOS?

The default in centos is root ownership, with read privs so the web
server running as apache can hand them out. This is fine for static
content in a basic setup. Some content management systems require that
the web server be able to create files, in which case Ralph's
recommendation of apache:apache ownership is correct.  The downside to
this is that if someone compromises that software through a php
exploit or bad code, they can make changes since they're operating as
the apache user.

I would suggest that you mix the two ideologies as much as possible.
Have root own everything that doesn't change, and display it with 644
permissions. Then let the apache user own the dynamic content areas.

The whole idea is to assume that at some point, someone *is* going to
get in, and you need to plan to minimize the impact when they do. By
planning things out in this way, you can keep your system much more
secure, and prevent nearly all break-ins before they occur.


-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Niki Kovacs]

Ralph Angenendt a écrit :

> 
> apache:apache - at least that is the UID/GID the webserver runs under. 
> 
Thanks very much... and thumbs up to one of the authors. I really like 
the book.

Niki
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Niki Kovacs]

Jim Perrin a écrit :

> 
> 2. Are you hosting static content or dynamic pages?

Both and neither :o)

I'm a system administrator for a series of public libraries here, and 
hosting several dynamic sites on a dedicated server (running CentOS). 
I'm just in one of my documentation phases, where I have some time to 
spend on an ununsed machine, so I'm reading some docs and work through 
them, back to basics.

Niki

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] iptables

[CentOS List]

Hi,

I have an existing iptables as follows:-

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

How do add a redirect port 26 to 25. I had googled the net and notice that
the 
syntax is different

iptables -A INPUT -p tcp --dport 26 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25


regards
LC



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables

[Chan Chung Hang Christopher]

CentOS List wrote:
> Hi,
>
> I have an existing iptables as follows:-
>
> # Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
>
> How do add a redirect port 26 to 25. I had googled the net and notice that
> the 
> syntax is different
>
> iptables -A INPUT -p tcp --dport 26 -j ACCEPT
> iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
>
>
>   

*nat   # Manipulate nat table

:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25

COMMIT
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Ralph Angenendt]

On Tue, 2009-09-15 at 13:27 +0200, Niki Kovacs wrote:
> Ralph Angenendt a écrit :
> 
> > 
> > apache:apache - at least that is the UID/GID the webserver runs under. 
> > 
> Thanks very much... and thumbs up to one of the authors. I really like 
> the book.

That chapter was written by someone else, though :)

Ralph

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SUMMARY : Repair Filesystem prompt , after inode has illegal blocks ; qla2xxx message on reboot

[Ross Walker]

On Sep 14, 2009, at 10:25 PM, "McCulloch, Alan" > wrote:



hi All,

thanks for the responses.

After being dropped into the

# Filesystem repair

prompt,

(  on account of “inode 27344909 has illegal blocks” )

following warm reboot (via “reboot”) after finding (SAN )  
filesystem in read-only

mode yesterday morning (possibly because of HBA fault on SAN) , I ran

fsck –r /data

(Linux version 2.6.18-92.1.18.el5 , Red Hat 4.1.2-42 , ext3  
filesystem)


This took a couple of hours or so , prompting me for various changes
all of which I accepted. This appeared to complete OK, but then the
system would not boot, with the following error from the qla2xxx  
driver.


.
.
qla2xxx :05:0d.0: Mailbox command timeout occurred. Scheduling  
ISP abort.
qla2xxx :05:0d.0: Mailbox command timeout occurred. Scheduling  
ISP abort.

.
etc

However after powering down the system and cold-booting, the system  
was able
to boot up and mount the repaired filesystem without any obvious  
damage, but with
abnormal not to mention scary looking boot messages  and ongoing  
warnings from

multipath.

This morning (as I sort of expected) the filesystem had dropped back  
down to read-only mode, but meanwhile
the source of our woes was identified, a fibre port on the SAN  
controller which was degraded but not
completely failed,  so that there had been no clean failover to the  
twin controller, and therefore a degraded
virtual device was presented to the O/S, with consequence for the  
filesystem.


After that port and controller was quarantined, this time around I  
did a cold power-off reboot
of the server , and this time there was a more normal looking boot  
and the filesystem

came up normally without any repair being requested.

(My hypothesis is that in this situation – i.e. ext3 filesystem has  
put itself in read-only mode –
a warm boot , via reboot, does not cleanly remount the filesystem  
and apply the journal
quite like a cold power-off reboot does. I think it is likely that  
the lengthy
session of me answering “yes” to fsck’s interactive repair, the  
first time around, simply applied all of the
fixes that would automatically have been done from the journal , had  
I cold-rebooted in the first place.
However that is only a hunch. But I will be making sure to do cold  
power-off reboots in general, in

future.)

Another lesson is that a sophisticated system of twin SAN  
controllers with failover does not protect
against a situation where a device is degrading  rather than failing  
completely.


Thanks again for the responses and sorry if my questions were a bit  
basic but I have

been dropped  in a little out of my depth with this system.


I always prefer round-robin mpath versus fail-over if possible as a  
degraded or failed path simply is not used, then there is the twice  
the bandwidth factor when both paths are working which is nice.


-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables

[Filipe Brandenburger]

Hi,

On Tue, Sep 15, 2009 at 07:43, CentOS List  wrote:
> How do add a redirect port 26 to 25. I had googled the net and notice that
> the syntax is different
>
> iptables -A INPUT -p tcp --dport 26 -j ACCEPT
> iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25

I suggest you use "iptables" commands to add and delete rules until
you set the firewall the way you want, and when everything is ready
use the "service iptables save" command, that will write a new
/etc/sysconfig/iptables with the current rules you have. That way you
don't risk having a syntax error or typo prevent your rules from
loading during the next reboot. If you want to preview the new file
you can run "iptables-save" that will dump the rules to the console
where you can inspect them. I also suggest that you make regular
backups of /etc/sysconfig/iptables and that you do a backup just
before running "service iptables save" just in case something goes
wrong...

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] No envelope information

[Luis campo]

hi,

have installed centos 4.7

We have installed qmail + simscan + vpopmail + SpamAssassin + clanAV
and when we send a mail from a particular domain, the following error leaves us


simscan: no envelope information, deferred exit

and checking our log shows me the following 

2009-09-14 18:18:06.929624500 16910 < Received: from mail pickup service by 
cp197.mysite4now.com with Microsoft SMTPSVC;

2009-09-14 18:18:06.929631500 16910 < Mon, 14 Sep 2009 15:14:25 
-0700

2009-09-14 18:18:06.929635500 16910 < thread-index: 
Aco1iLhSamfTCiVGQWqn8JicKvfRZQ==

2009-09-14 18:18:06.929639500 16910 < Thread-Topic: Encuesta de clima laboral

2009-09-14 18:18:06.929642500 16910 < From: 

2009-09-14 18:18:06.929646500 16910 < To: 
2009-09-14 18:18:06.929727500 16910 < Subject: Encuesta


 I wonder if this problem can be for Centos 4.7 or which would be the problem.


Greetings

Luis


_
Connect to the next generation of MSN Messenger 
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] No envelope information

[Filipe Brandenburger]

Hi,

On Tue, Sep 15, 2009 at 09:43, Luis campo  wrote:
> We have installed qmail + simscan + vpopmail + SpamAssassin + clanAV
> and when we send a mail from a particular domain, the following error leaves
> us
>
> [...]
>
> I wonder if this problem can be for Centos 4.7 [...]

Hardly, since CentOS does not include packages for qmail or simscan or vpopmail.

How did you install those? You should probably ask this question to
those that provided you those packages, or, if you installed from
source following a tutorial, to those that wrote the tutorial.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.4 'prerelease-access' - is there such a thing?

[Phil Schaffner]

Peter l Jakobi wrote:
> Hi,
> 
> excluding  the  Frankengrade  from CENTOS5.3 to upstream  RHEL5.4,  is
> there are procedure / repository access / nightly builds / ... to what
> will be CENTOS 5.4?
> 
> URLs? Howtos? Discussion threads or notes?
> 
> I  checked  help, wiki and forums and google, but came up empty. 
> 
> Of  course, this kind of use is depending on the way the new  upstream
> RHEL  sources are processed, so maybe there won't be a complete set of
> packages  at all until maybe one or two weeks before the release.  But
> again I got no lucky search hits for this kind of internals either.
> 
> I'll  gladly collect and summarize for a (hopefully easier  locatable)
> wiki-page to be :).
> 
> cu,
> Peter

Access to the QA builds is under discussion.  IMHO this should be 
covered on

http://wiki.centos.org/Contribute#head-1c14314cdaa251daca6c3a79ff7510c5c05d489b

The discussion is awaiting input from CentOS core developers.

Phil

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Brian Mathis]

On Tue, Sep 15, 2009 at 6:39 AM, Ralph Angenendt
 wrote:
>
> On Tue, 2009-09-15 at 10:20 +0200, Niki Kovacs wrote:
>> I remember having setup some web servers on Debian, and the tradition
>> was that everything under /var/www/html (as in this example) was to be
>> owned by user www-data and group www-data.
>>
>> What's the "tradition" with RHEL/CentOS?
>
> apache:apache - at least that is the UID/GID the webserver runs under.
>
> Ralph
>

This is EXTREMELY DANGEROUS  Do NOT give the same ownership to the
files as the user/group that apache runs as!  As apache runs as
apache:apache, setting all of the files with that same owner/group
gives everyone on the Internet the possibility to write to any web
server files on your server.  DO NOT DO THIS!!!

If there's a bug that allows file write access in apache or in any of
the program files you run as cgi/php/etc..., then an attacker can
write to anywhere in your web site/web app, and gain access to pretty
much the entire server.  They could plant malware that is served up to
all your web users, implant programs that you might run yourself or as
root, possibly open up shell access and login to your server, etc...

The correct permissions for all of your web files are any user that
the web server is NOT running as.  If your web apps need the ability
to upload files or to write to specific files, you will have to change
those exceptions to apache:apache, but keep that as minimal as
possible.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Filipe Brandenburger]

Hi,

On Tue, Sep 15, 2009 at 06:39, Ralph Angenendt
 wrote:
> On Tue, 2009-09-15 at 10:20 +0200, Niki Kovacs wrote:
>> I remember having setup some web servers on Debian, and the tradition
>> was that everything under /var/www/html (as in this example) was to be
>> owned by user www-data and group www-data.
>>
>> What's the "tradition" with RHEL/CentOS?
>
> apache:apache - at least that is the UID/GID the webserver runs under.

That's wrong. If your files are owned by Apache, any user that can
break into your server through Apache will be able to change those
files (i.e., deface your website).

In Debian Apache runs under (IIRC) www-run which is different from www-data.

In other words, your files should be "readable" and not "writable" by
user Apache.

You might choose to achieve that by setting file permissions to 640
and directory permissions to 750 and ownership root:apache or
youruser:apache, or setting file/directory ownership to world-readable
and then any owner/group different than "apache" would do.

The only files you want writable by Apache are the ones that a web
application needs to write, like session files in PHP or config file
controlled by a web admin interface.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 5.3 Kernel panic with fuse and glusterfs.

[Tom O'Connor]

Hi List,

We currently have a very irritating problem with Centos 5.3 x86_64 
running on a Dell Poweredge SC1435.  The problem is this: We are 
experiencing frequent kernel panics while using glusterfs and Fuse. 
Across the cluster of servers, we are experiencing roughly 1 panic every 
1-2 days.  This wasn't a problem with earlier servers where we used 
Fedora 6. 

Here's a kernel panic screenshot:
http://imagehost.gr/images/c5ad2d5jzgpgoq91v24y.png

Here's some general info:
Linux server6 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 
x86_64 x86_64 x86_64 GNU/Linux
Using:
fuse-2.7.4-8_10.el5
fuse-kmdl-2.6.18-128.1.10.el5-2.7.4-8_10.el5
fuse-libs-2.7.4-8_10.el5
glusterfs-common-2.0.1-1.el5
glusterfs-client-2.0.1-1.el5
glusterfs-server-2.0.1-1.el5

I've straced glusterfs while it dies, and there's nothing seriously 
spurious, just it stops working as soon as the kernel locks up.

A little background, Gluster is used to share some directories which are 
used by apache to serve files from.  I've managed to replicate the live 
environment inside a virtual machine, and also to replicate the kernel 
panic by loading the virtual machine's apache with ApacheBench, at as 
few as 3 concurrent requests, the kernel locks up.
However, i have been unable to reproduce this exact behavior on the live 
cluster, and have tried up to 10,000 concurrent requests which max out 
the network more than anything.

I've tried latest versions of gluster and fuse from development 
snapshots and stable releases, I've tried patched versions of fuse 
released by Gluster.  Nothing seems to improve this problem.

If anyone has any ideas for further debugging, or other routes for 
support.  I'm running out of ideas. 

Thanks in advance

Tom O'Connor

-- 
Tom O'Connor
--
Assanka: Every possibility
w: http://www.assanka.net/
t: 0870 085 2038
f: 0871 433 0919
e: tom.ocon...@assanka.net

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 Kernel panic with fuse and glusterfs.

[Matthew Miller]

On Tue, Sep 15, 2009 at 03:24:52PM +0100, Tom O'Connor wrote:
> If anyone has any ideas for further debugging, or other routes for 
> support.  I'm running out of ideas. 

Enterprise Linux 5.4 with included official FUSE support seems like the next
place to look. 

-- 
Matthew Miller   mat...@mattdm.org  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] No envelope information

[Chan Chung Hang Christopher]

Luis campo wrote:
> hi,
>
> have installed centos 4.7
>
> We have installed qmail + simscan + vpopmail + SpamAssassin + clanAV
> and when we send a mail from a particular domain, the following error leaves 
> us
>
>   
How about changing that combination of qmail + simscan to postfix + 
clamav-milter + spamass-milter?


In any case, you would also want to look at the qmail logs...was it a 
bounce?
>
>
>  I wonder if this problem can be for Centos 4.7 or which would be the problem.
>
>   

Or the Microsoft SMTP service if you want to go this far.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 Kernel panic with fuse and glusterfs.

[Tom O'Connor]

Matthew Miller wrote:
> On Tue, Sep 15, 2009 at 03:24:52PM +0100, Tom O'Connor wrote:
>   
>> If anyone has any ideas for further debugging, or other routes for 
>> support.  I'm running out of ideas. 
>> 
>
> Enterprise Linux 5.4 with included official FUSE support seems like the next
> place to look. 
>
>   
Possibly, but i'd rather try and fix the problem without saying "oh 
well, just upgrade to the latest release".  It's quite a lot of effort 
to fully upgrade a whole bunch of servers, but upgrading individual 
packages would be far more realistic.

Tom

-- 
Tom O'Connor
--
Assanka: Every possibility
w: http://www.assanka.net/
t: 0870 085 2038
f: 0871 433 0919
e: tom.ocon...@assanka.net

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 Kernel panic with fuse and glusterfs.

[Chan Chung Hang Christopher]

Tom O'Connor wrote:
> Matthew Miller wrote:
>   
>> On Tue, Sep 15, 2009 at 03:24:52PM +0100, Tom O'Connor wrote:
>>   
>> 
>>> If anyone has any ideas for further debugging, or other routes for 
>>> support.  I'm running out of ideas. 
>>> 
>>>   
>> Enterprise Linux 5.4 with included official FUSE support seems like the next
>> place to look. 
>>
>>   
>> 
> Possibly, but i'd rather try and fix the problem without saying "oh 
> well, just upgrade to the latest release".  It's quite a lot of effort 
> to fully upgrade a whole bunch of servers, but upgrading individual 
> packages would be far more realistic.
>
>   

Good luck tracking down the problem yourself then. The reason people use 
RHEL and therefore Centos is because much effort has been put into 
making sure the entire set of toolchains work well with each other. 
Upgrading a whole bunch of servers versus tracking down the problem and 
if you are successful, building your own rpms and your own repository, 
which one do you think will be more effort? Besides, 'upgrading to 5.4' 
is just that...upgrading individual packages. :-|
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Olaf Mueller]

Filipe Brandenburger wrote:

> On Tue, Sep 15, 2009 at 06:39, Ralph Angenendt
>  wrote:
>> On Tue, 2009-09-15 at 10:20 +0200, Niki Kovacs wrote:
>>> I remember having setup some web servers on Debian, and the
>>> tradition was that everything under /var/www/html (as in this
>>> example) was to be owned by user www-data and group www-data.
>>>
>>> What's the "tradition" with RHEL/CentOS?
>>
>> apache:apache - at least that is the UID/GID the webserver runs
>> under.
> 
> That's wrong. If your files are owned by Apache, any user that can
> break into your server through Apache will be able to change those
> files (i.e., deface your website).
Why wrong? Concerning webdav, how would you get write acces for users to
write to directories?

Now I am a little bit confused, is your answer under
http://www.linux-archive.org/centos/354005-webdav-centos.html also
wrong now? You recommended apache:apache for webdav there.

By the way, if someone breaks into your server through Apache,
apache:apache is your lowest problem, that's my opinion.


regards
Olaf

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Brian Mathis]

On Tue, Sep 15, 2009 at 11:58 AM, Olaf Mueller  wrote:
> Filipe Brandenburger wrote:
>> On Tue, Sep 15, 2009 at 06:39, Ralph Angenendt
>>  wrote:
>>> On Tue, 2009-09-15 at 10:20 +0200, Niki Kovacs wrote:
 I remember having setup some web servers on Debian, and the
 tradition was that everything under /var/www/html (as in this
 example) was to be owned by user www-data and group www-data.

 What's the "tradition" with RHEL/CentOS?
>>>
>>> apache:apache - at least that is the UID/GID the webserver runs
>>> under.
>>
>> That's wrong. If your files are owned by Apache, any user that can
>> break into your server through Apache will be able to change those
>> files (i.e., deface your website).
> Why wrong? Concerning webdav, how would you get write acces for users to
> write to directories?
>
> Now I am a little bit confused, is your answer under
> http://www.linux-archive.org/centos/354005-webdav-centos.html also
> wrong now? You recommended apache:apache for webdav there.
>

One must think about the application at hand and not make blanket
statements about this or that.  Obviously, as noted above, anything
that needs write access to the server disk will need to be owned by
the user who is running apache.  WebDAV would clearly be one of those
cases, while hosting a web site would not.

You are being disingenuous here by selectively editing out the
relevant quoted text from the same message above, which I will add
back in as a quote here:

> Filipe Brandenburger wrote:
> The only files you want writable by Apache are the ones that a web
> application needs to write, like session files in PHP or config file
> controlled by a web admin interface.


> By the way, if someone breaks into your server through Apache,
> apache:apache is your lowest problem, that's my opinion.
>
> regards
> Olaf

This statement is quite silly.  The type of configuration above could
be the vector by which the server is compromised, so it is not at all
the lowest problem.  In that case it WOULD *BE* the problem.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Les Mikesell]

Olaf Mueller wrote:
> Filipe Brandenburger wrote:
> 
>> On Tue, Sep 15, 2009 at 06:39, Ralph Angenendt
>>  wrote:
>>> On Tue, 2009-09-15 at 10:20 +0200, Niki Kovacs wrote:
 I remember having setup some web servers on Debian, and the
 tradition was that everything under /var/www/html (as in this
 example) was to be owned by user www-data and group www-data.

 What's the "tradition" with RHEL/CentOS?
>>> apache:apache - at least that is the UID/GID the webserver runs
>>> under.
>> That's wrong. If your files are owned by Apache, any user that can
>> break into your server through Apache will be able to change those
>> files (i.e., deface your website).
> Why wrong? Concerning webdav, how would you get write acces for users to
> write to directories?
> 
> Now I am a little bit confused, is your answer under
> http://www.linux-archive.org/centos/354005-webdav-centos.html also
> wrong now? You recommended apache:apache for webdav there.

Webdav resources typically need write access.

> By the way, if someone breaks into your server through Apache,
> apache:apache is your lowest problem, that's my opinion.

It is a fairly high risk if you run server-side code (php, perl, etc) 
for anything.  It lets the intruder write where apache is allowed to 
write.  That doesn't have to be anywhere unless you permit uploads.

-- 
   Les Mikesell
lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Olaf Mueller]

Les Mikesell wrote:

> Olaf Mueller wrote:
>> Filipe Brandenburger wrote:
>> 
>>> On Tue, Sep 15, 2009 at 06:39, Ralph Angenendt
>>>  wrote:
 On Tue, 2009-09-15 at 10:20 +0200, Niki Kovacs wrote:
> I remember having setup some web servers on Debian, and the
> tradition was that everything under /var/www/html (as in this
> example) was to be owned by user www-data and group www-data.
>
> What's the "tradition" with RHEL/CentOS?
 apache:apache - at least that is the UID/GID the webserver runs
 under.
>>> That's wrong. If your files are owned by Apache, any user that can
>>> break into your server through Apache will be able to change those
>>> files (i.e., deface your website).
>> Why wrong? Concerning webdav, how would you get write acces for users
>> to write to directories?
>> 
>> Now I am a little bit confused, is your answer under
>> http://www.linux-archive.org/centos/354005-webdav-centos.html also
>> wrong now? You recommended apache:apache for webdav there.
> 
> Webdav resources typically need write access.
> 
>> By the way, if someone breaks into your server through Apache,
>> apache:apache is your lowest problem, that's my opinion.
> 
> It is a fairly high risk if you run server-side code (php, perl, etc)
> for anything.  It lets the intruder write where apache is allowed to
> write.  That doesn't have to be anywhere unless you permit uploads.
Yes, that is also my opinion.
The thing, which disturbed me, was the statement "That's wrong.". Since
it is a risk, but not wrong.


regards
Olaf

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Filipe Brandenburger]

Hi,

On Tue, Sep 15, 2009 at 11:58, Olaf Mueller  wrote:
> Filipe Brandenburger wrote:
>
>> On Tue, Sep 15, 2009 at 06:39, Ralph Angenendt  
>> wrote:
>>> apache:apache - at least that is the UID/GID the webserver runs
>>> under.
>>
>> That's wrong. If your files are owned by Apache, any user that can
>> break into your server through Apache will be able to change those
>> files (i.e., deface your website).
>
> Why wrong? Concerning webdav, how would you get write acces for users to
> write to directories?

Well, that is not the use case presented by the OP:

On Tue, Sep 15, 2009 at 04:20, Niki Kovacs  wrote:
> Let's say I'm using Apache's default configuration for setting up the
> most simple no-frills web server, e. g. no virtual hosts, only a series
> of static HTML pages in /var/www/html.

Obviously, if you want to set up Apache to serve WebDAV with write
access you will need to set the permissions to the files in a way that
Apache is able to write to the files. There are many other cases that
might justify that, but that should not be done every time, as much as
you should not run "chmod 777" or "kill -9" without thinking about
what you are doing and knowing the consequences of those commands.

However, if you are serving files that are not supposed to be modified
by Apache or a web application running under it, they should *not* be
writable by the Apache user. Making them writable by the Apache user
will only increase the potential for damage should your webserver be
hacked. But it's good to point that out since that is a very common
mistake among beginner (and even more seasoned!) sysadmins.

HTH,
Filipe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables

[Diogo Sperb Schneider]

2009/9/15 Filipe Brandenburger :
> I suggest you use "iptables" commands to add and delete rules until
> you set the firewall the way you want, and when everything is ready
> use the "service iptables save" command, that will write a new
> /etc/sysconfig/iptables with the current rules you have.

Typing iptables commands alone may get boring, so you can also write
your own script, with variables and stuff to make things easier and
then use "service iptables save" when everything is OK. Keep your own
script around so you can test new rules. But you can rest assured that
if anything goes wrong, your firewall will always load the last saved
set of rules. That's what I do and it works just fine for me.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Simple web server with Apache: web page permissions ?

[Olaf Mueller]

Brian Mathis wrote:

> You are being disingenuous here by selectively editing out the
> relevant quoted text from the same message above, which I will add
> back in as a quote here:
Disingenuous? Seems to me that it is a question of truth for you.

Once again. 'apache:apache' is a risk, but it is not wrong. And
sometimes it is also needed, since webdave, for example, doesn't work
without it. That was what I have tried to work out.

> > Filipe Brandenburger wrote:
> > The only files you want writable by Apache are the ones that
> > a web application needs to write, like session files in PHP
> > or config file controlled by a web admin interface.
> 
> 
>> By the way, if someone breaks into your server through Apache,
>> apache:apache is your lowest problem, that's my opinion.
>>
>> regards
>> Olaf
> 
> This statement is quite silly.  The type of configuration above could
Thank you, it is my greeting. You are silly too.

> be the vector by which the server is compromised, so it is not at all
> the lowest problem.  In that case it WOULD *BE* the problem.
Don't know why you are screaming here, maybe it is your personality.


regards
Olaf

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Install CentOS on Partition(!)-images as a Xen-guest

[Bernhard Gschaider]

Hi!

Some weeks ago the "Running Xen"-book was recommended to me on this
list. A nice book, but it gave me crazy idea: One of the
recommendations (which sounds very reasonable to me) was to have
instead of a single file that serves as a disk-image to have to
files: one of them (which is mounted to hda1) serves as a partition
that holds the data, the other one (which mounts to hda2) is the swap
partition. The text in the books (admittedly it's a bit vague there)
lead me to the conclusion that to the Xen-machine they will look like
two partitions of a single drive hda. The advantage should be that it
is much easier to extend the data partition (Take the machine
offline. Extend the image with dd. Extend the filesystem on the image)

I created the two files as described in book. "Formatted" them with
mkswap and mkfs.ext3 (as described in the book) and added them to the
configuration file for the host. Now when I start the installation of
the host machine right in the beginning I get a message "/dev/hda1 has
a loop partition layout. To use this disk for the installation of
CentOS it must be initialized". When I don't allow formatting I get
caught in a loop ("Is a loop partition. Initialize?"), when I allow
formatting I get a partition on each of the devices (hda11 and hda21)
and I would be allowed to go on with the installation, but IMHO this
would defeat the purpose of the exercise

So my question:
 - is there some error in thinking on my side?
 - is this a situation that the installer can't deal with? (in other
   words: would it work if I copied a complete installation into the root
   partition-image and then booted that?)
 - or is there a reason that using partition images is not very
   popular (Googling around did not reveal anything useful)
 
Bernhard


pgpzx4cF2QWDb.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install CentOS on Partition(!)-images as a Xen-guest

[Mathew S. McCarrell]

On Tue, Sep 15, 2009 at 1:23 PM, Bernhard Gschaider <
bgschaid_li...@ice-sf.at> wrote:

>
> Hi!
>
> Some weeks ago the "Running Xen"-book was recommended to me on this
> list. A nice book, but it gave me crazy idea: One of the
> recommendations (which sounds very reasonable to me) was to have
> instead of a single file that serves as a disk-image to have to
> files: one of them (which is mounted to hda1) serves as a partition
> that holds the data, the other one (which mounts to hda2) is the swap
> partition. The text in the books (admittedly it's a bit vague there)
> lead me to the conclusion that to the Xen-machine they will look like
> two partitions of a single drive hda. The advantage should be that it
> is much easier to extend the data partition (Take the machine
> offline. Extend the image with dd. Extend the filesystem on the image)
>
> I created the two files as described in book. "Formatted" them with
> mkswap and mkfs.ext3 (as described in the book) and added them to the
> configuration file for the host. Now when I start the installation of
> the host machine right in the beginning I get a message "/dev/hda1 has
> a loop partition layout. To use this disk for the installation of
> CentOS it must be initialized". When I don't allow formatting I get
> caught in a loop ("Is a loop partition. Initialize?"), when I allow
> formatting I get a partition on each of the devices (hda11 and hda21)
> and I would be allowed to go on with the installation, but IMHO this
> would defeat the purpose of the exercise
>
> So my question:
>  - is there some error in thinking on my side?
>  - is this a situation that the installer can't deal with? (in other
>   words: would it work if I copied a complete installation into the root
>   partition-image and then booted that?)
>  - or is there a reason that using partition images is not very
>   popular (Googling around did not reveal anything useful)
>
> Bernhard
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
Bernhard,

I'm actually probably the one that recommended the book to you.  I hope your
enjoying it so far.

As for your issue, I forwarded this to a friend of mine that is one of the
authors of the book.  He's interested in trying to fully understand what
you're trying to achieve.  He is wondering if you would mind sending an
email to cont...@runningxen.com with your issue and the specific page(s)
that you are referencing.  He also wanted me to make you aware of the
Running Xen readers mailing list, which you can find more information about
at http://runningxen.com/ .  You can also find several other resources for
the book on the site as well.

Feel free to keep me in the loop as well.  I might have some advice to offer
once I fully understand everything.

Matt

--
Mathew S. McCarrell
Clarkson University '10

mccar...@gmail.com
mccar...@clarkson.edu
1-518-314-9214
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] mount toption: nodev

[Yungwei Chen]

Hi,
I am trying to secure my CentOS file systems by introducing 
"nodev" to devies defined in /etc/fstab. I learned that "nodev" prevents users 
from mounting unauthorized devices. However, I can still mount a cdrom to 
/tmp/cdrom with the following defined in /etc/fstab. Am I missing something? 
Thanks.
LABEL=/tmp  /tmpext3
defaults,nodev  1 2
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 Kernel panic with fuse and glusterfs.

[Matthew Miller]

On Tue, Sep 15, 2009 at 03:53:52PM +0100, Tom O'Connor wrote:
> Possibly, but i'd rather try and fix the problem without saying "oh 
> well, just upgrade to the latest release".  It's quite a lot of effort 
> to fully upgrade a whole bunch of servers, but upgrading individual 
> packages would be far more realistic.

I understand your point in general, but in this specific case the suggestion
is to upgrade from a release in which the feature you are using is
unsupported to a release in which it is.

-- 
Matthew Miller   mat...@mattdm.org  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Wireless Printing

[Joseph L. Casale]

My home network doesn't have any wireless access points (to slow) and
I was iSCSI booting my wkst for a while:) Now I need to setup a printer
so I was going to get an HP Photosmart C4580.

The HPLIP page shows no network support:( I _was_ going to use a USB
wireless nic I have and setup an ad-hoc to print to this thing.

Anyone know anything that might make this work?

Thanks!
jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mount toption: nodev

[nate]

Yungwei Chen wrote:
> Hi,
> I am trying to secure my CentOS file systems by introducing
> "nodev" to devies defined in /etc/fstab. I learned that
> "nodev" prevents users from mounting unauthorized devices.
> However, I can still mount a cdrom to /tmp/cdrom with the
> following defined in /etc/fstab. Am I missing something?

yes, nodev prevents character and block devices from being
interpreted (man mknod) on the file system, rather than
preventing someone from mounting a file system on that
file system.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mount toption: nodev

[Ron Loftin]

On Tue, 2009-09-15 at 15:21 -0400, Yungwei Chen wrote:
> Hi,
> 
> I am trying to secure my CentOS file systems by
> introducing "nodev" to devies defined in /etc/fstab. I learned that
> "nodev" prevents users from mounting unauthorized devices. However, I
> can still mount a cdrom to /tmp/cdrom with the following defined
> in /etc/fstab. Am I missing something? Thanks.
> 
> LABEL=/tmp  /tmpext3
> defaults,nodev  1 2
> 

Yes, I think that you have misinterpreted the "nodev" option.

That means that "device" files ( normally created under /dev ) in a
filesystem mounted with the "nodev" option are not allowed to access the
hardware that they represent.  This is used primarily as a protection
against malware that tries to get direct access to hardware such as
memory or network cards by creating additional device files somewhere
else.

Since CentOS ( and most other recent distros ) use "udev" to create the
necessary block and character files in the /dev tree ( which is NOT an
ext3 filesystem ) there should be no need for the "average" user to
create device files anywhere else in the directory tree.  After I
understood this, I then modified all of the systems that I take care of
to specify "nodev" as an option for ALL ext3 filesystems.

In your case, if you are mounting a CD, you are using the normal block
device(s) in /dev ( such as /dev/cdrom or /dev/hdc ) and just specifying
the directory to use as the mount point ( /tmp/cdrom ), which is
perfectly legal with this option.

-- 
Ron Loftin  relof...@twcny.rr.com

"God, root, what is difference ?"   Piter from UserFriendly

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[Rainer Duffner]

Am 15.09.2009 um 21:50 schrieb Joseph L. Casale:

> My home network doesn't have any wireless access points (to slow) and
> I was iSCSI booting my wkst for a while:) Now I need to setup a  
> printer
> so I was going to get an HP Photosmart C4580.
>
> The HPLIP page shows no network support:( I _was_ going to use a USB
> wireless nic I have and setup an ad-hoc to print to this thing.
>
> Anyone know anything that might make this work?


Does that actually work the way you intend it to?
I have my doubts...

Buy a wireless AP and save a lot of trouble.

Is your time worth nothing?



Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[Joseph L. Casale]

>Does that actually work the way you intend it to?
>I have my doubts...

It should, others do it:)

>Buy a wireless AP and save a lot of trouble.
>
>Is your time worth nothing?

Depends who you ask:) At home, I'll do next to just about anything, heh...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] FYI: Why is NFS slower on EL5 than EL4?

[Ross Walker]

For those who have wondered why NFS on EL5 is slower than on EL4 I
provide these links for your edification.

http://kbase.redhat.com/faq/docs/DOC-15355

http://bugzilla.redhat.com/show_bug.cgi?id=448130

Problem is kernel threads cannot create or assign an io context as
there is no api in the kernel available to do so, so each is given a
different context and there is an 8ms latency between switching
contexts. The knowledge base article recommends disabling this latency
to get around it, but in doing that you might as well just use the
deadline scheduler.

Some other interesting tidbits for those using NFS.

NFS with many nfsd threads will create a lot of file system fragments
when writing large files.

XFS does have the advantage of a defragger (I hope some smart person
will develop one for ext2/3/4), but I am still looking for a better
way to protect against fragmentation then running a defragger, so if
anyone has an alternative I'm all ears.

Another hint for those using NFS with ESX, make sure your vmdk
partitions are 4k aligned or there is a serious performance penalty as
2 reads for each write will happen if the io request stradles a page
boundary. This is more serious for random io than sequential, but both
are effected.

To give an example, my NFS storage with write-back cache was only able
to do 1MB/s (4k direct io 4 outstanding) on a non-aligned partition,
on an aligned partition I was able to get 13MB/s with the same
workload. That's 13x improvement.

For Linux you can use fdisk/sfdisk to start your first partition on
sector 64 instead of the default 63. On Windows use diskpart to create
a partition that is aligned on a given offset.

-Ross
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[Rainer Duffner]

Am 15.09.2009 um 23:05 schrieb Joseph L. Casale:

>> Does that actually work the way you intend it to?
>> I have my doubts...
>
> It should, others do it:)


Hm. So you can setup networking to an USB-stick without an OS?

I thought you needed to load the firmware onto the stick before it  
does anything useful at all.




Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[Joseph L. Casale]

>Hm. So you can setup networking to an USB-stick without an OS?
>
>I thought you needed to load the firmware onto the stick before it
>does anything useful at all.

Apparently the HP's support this, at least some quick searches show people
with success. Of course I haven't tried it:)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[Rainer Duffner]

Am 16.09.2009 um 00:09 schrieb Joseph L. Casale:

>> Hm. So you can setup networking to an USB-stick without an OS?
>>
>> I thought you needed to load the firmware onto the stick before it
>> does anything useful at all.
>
> Apparently the HP's support this, at least some quick searches show  
> people
> with success. Of course I haven't tried it:)



If you succeed, you can add an article to the wiki ;-)



Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[Joseph L. Casale]

>If you succeed, you can add an article to the wiki ;-)

I am going to hit the Fedora list, get it working there and then work backwards.
If I do get it in CentOS, I will add the page.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[John R Pierce]

Joseph L. Casale wrote:
> My home network doesn't have any wireless access points (to slow) and
> I was iSCSI booting my wkst for a while:) Now I need to setup a printer
> so I was going to get an HP Photosmart C4580.
>
> The HPLIP page shows no network support:( I _was_ going to use a USB
> wireless nic I have and setup an ad-hoc to print to this thing.
>
> Anyone know anything that might make this work?
>   

get an ethernet printer, sheesh.

I have a Brother MFC7345N (Costco version of the 7340 with an ethernet 
interface) on my home LAN, is a B&W Laser, color scanner, copier, fax, 
both flatbed and sheet feed scanning/faxing/copying.  does copy and fax 
without any host software involvement (too many cheap all-in-ones rely 
on a software utilities to do the copy/fax functionality).  has 100baseT 
ethernet.  Supports LPR/LPD protocols so Linux should be able to print 
to it just fine.  Says the scanner supports Linux SANE protocol (I know 
nothing about this, never tried that part).   We originally bought this 
$200 printer strictly to use as a fax machine, and after setting it up 
and playing with it, shut off our HP LJ1300 printer and use it for all 
our home printing.


I would not use a inkjet as a primary home printer, the supplies are too 
costly, and if they are used sporadically, you waste 2/3rds of the ink 
unclogging them.  also inkjets require extra smooth extra heavy paper or 
they look like crap, while a laser can print on any old cheap copier 
paper.  I have a techwriter wife and two school kids, so we do a LOT of 
printing at my place.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[Joseph L. Casale]

>get an ethernet printer, sheesh.

I actually wanted wireless because of the location I want to put it:)

>I have a Brother MFC7345N (Costco version of the 7340 with an ethernet
>interface) on my home LAN, is a B&W Laser, color scanner, copier, fax,
>both flatbed and sheet feed scanning/faxing/copying.

I have plenty of those brother MF's at one place and they are good and
cheap, just not wireless.

>I would not use a inkjet as a primary home printer, the supplies are too
>costly, and if they are used sporadically, you waste 2/3rds of the ink
>unclogging them.  also inkjets require extra smooth extra heavy paper or
>they look like crap, while a laser can print on any old cheap copier
>paper.  I have a techwriter wife and two school kids, so we do a LOT of
>printing at my place.

Ok, I am getting convinced:)
jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[Bill Campbell]

On Tue, Sep 15, 2009, John R Pierce wrote:
>Joseph L. Casale wrote:
>> My home network doesn't have any wireless access points (to slow) and
>> I was iSCSI booting my wkst for a while:) Now I need to setup a printer
>> so I was going to get an HP Photosmart C4580.
>>
>> The HPLIP page shows no network support:( I _was_ going to use a USB
>> wireless nic I have and setup an ad-hoc to print to this thing.
>>
>> Anyone know anything that might make this work?
>
>get an ethernet printer, sheesh.
>
...
>I would not use a inkjet as a primary home printer, the supplies are too 
>costly, and if they are used sporadically, you waste 2/3rds of the ink 
>unclogging them.  also inkjets require extra smooth extra heavy paper or 
>they look like crap, while a laser can print on any old cheap copier 
>paper.  I have a techwriter wife and two school kids, so we do a LOT of 
>printing at my place.

One good thing about the HP splatjets is that they are designed so they
don't clog after long periods of inactivity.  I have an HP Photosmart 7350
that only is used when I want to print color.  My only real complaint with
this printer is that HP no longer provides software for in for OS X Leopard
or Snow Leopard, and the generic gutenprint stuff doesn't do nearly as well
with different paper types and such that the HP software does.

We use an HP 4M Plus with duplex for pretty much everything else.  This was
bought new in November 1995, and has been a true work horse.  I spent about
$200 last year to get it serviced, replacing all the rollers and such
figuring that we couldn't get a better printer for the money.

Bill
-- 
INTERNET:   b...@celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186  Skype: jwccsllc (206) 855-5792

I would be blind to the responsibilities that mark this fateful hour if
I did not caution the wage-earners of America that mounting wages and
decreased production can lead only to industrial and economic ruin.
  -- Warren Harding
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FYI: Why is NFS slower on EL5 than EL4?

[Eugene Vilensky]

This was introduced in 5.4 or 5.0 or somewhere between?


> For those who have wondered why NFS on EL5 is slower than on EL4 I
> provide these links for your edification.
>
> http://kbase.redhat.com/faq/docs/DOC-15355


-- 
Regards,
Eugene Vilensky
evilen...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[Frank Cox]

On Tue, 15 Sep 2009 17:20:00 -0700
Bill Campbell wrote:

> One good thing about the HP splatjets is that they are designed so they
> don't clog after long periods of inactivity. 

They may not clog, but they do dry out after a while.  I have a HP fax machine
that uses a black inkjet cartridge and while I don't receive very many faxes I
find that I have to replace my cartridge once in a while because it dries
out and stops working.  It still reads 50-75% full, but it doesn't print.

In hindsight I should probably have sprung for a laser fax machine but it would
have cost about twice as much as I paid for this inkjet.  But toner doesn't dry
out so I would have been ahead by now, I think

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wireless Printing

[John R Pierce]

Frank Cox wrote:
> On Tue, 15 Sep 2009 17:20:00 -0700
> Bill Campbell wrote:
>
>   
>> One good thing about the HP splatjets is that they are designed so they
>> don't clog after long periods of inactivity. 
>> 
>
> They may not clog, but they do dry out after a while.  I have a HP fax machine
> that uses a black inkjet cartridge and while I don't receive very many faxes I
> find that I have to replace my cartridge once in a while because it dries
> out and stops working.  It still reads 50-75% full, but it doesn't print.
>
> In hindsight I should probably have sprung for a laser fax machine but it 
> would
> have cost about twice as much as I paid for this inkjet.  But toner doesn't 
> dry
> out so I would have been ahead by now, I think
>   


my $200 brother laser MFC gets 2-3 cases of copier paper out of a $50 
toner cartridge.  the paper is about $25/case (2000 sheets) so that 
brings it to about $100 per 4000 pages, or about $0.025/page.   every 
1 pages or so I need to replace the drum, thats like $60 more, I 
think, so that brings it to $0.031/page total.  


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos