[CentOS] Centos 5.5 and AMD chipsets.

[Ireneusz Piasecki]

  Hi.

I want run Centos 5.5 with mobo ASUS M4A88TD-V Evo/USB3 which have AMD 
chipset 880G/SB850

Any idea, if kernel in centos 5.5 supports this chipset and SATA HDD 
will be recognized during install process ?

Best regards,

I.Piasecki
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Xen guest does not autostart

[Jussi Hirvi]

I have a virtual machine stack which was purely Centos 5.4 the last time 
I rebooted and experienced this problem: one of the guests does not 
start automatically after reboot.

[r...@farm1 xen]# pwd
/etc/xen
[r...@farm1 xen]# ls -l auto
total 0
lrwxrwxrwx 1 root root 8 Dec 11 17:25 name1 -> ../name1
lrwxrwxrwx 1 root root 8 May  5 21:10 name2 -> ../name2
lrwxrwxrwx 1 root root 8 Nov 26 11:43 name3 -> ../name3
lrwxrwxrwx 1 root root 6 Oct 29  2009 name4 -> ../name4

(I retyped the names there.)

[r...@farm1 xen]# ls -l
total 88
drwxr-xr-x 2 root root 4096 Apr  3 15:15 auto
-rw--- 1 root root  430 Dec 11 13:14 name1
-rw--- 1 root root  610 May  7 12:07 name2
-rw--- 1 root root  303 Nov  4  2009 name3
-rw--- 1 root root  295 Oct 29  2009 name4
(...)

Here is one guest that works:

name = "name3"
uuid = "958f8695-95e0-b43c-512e-2ca8950d35de"
maxmem = 900
memory = 900
vcpus = 1
bootloader = "/usr/bin/pygrub"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
disk = [ "tap:aio:/vm/mail3.img,xvda,w" ]
vif = [ "mac=00:16:36:4f:d6:11,bridge=xenbr1,script=vif-bridge" ]
~ 


The next one does not autostart (but starts ok with "xm create name2"). 
This is the only guest that has two bridges. There is only 500M RAM, but 
a third guest starts fine with 500M):

name = "name2"
uuid = "68e33ec6-ef36-9eac-27d7-65a709684551"
maxmem = 500
memory = 500
vcpus = 1
bootloader = "/usr/bin/pygrub"
# kernel = "/var/lib/xen/boot_kernel.5g5MLq"
# ramdisk = "/var/lib/xen/boot_ramdisk.1pSOoP"
# extra = "ro root=LABEL=/ console=xvc0"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
disk = [ "tap:aio:/vm/mail2.img,xvda,w" ]
vif = [ 
"mac=00:16:36:24:67:3c,bridge=xenbr0","mac=00:16:36:24:67:3d,bridge=xenbr1" 
]
~

What might be the problem??

- Jussi

-- 
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
jussi.hi...@greenspot.fi * http://www.greenspot.fi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] AQuA Powered Voice Quality Monitoring Solution

[Sevana Oy]

Overview

 Asterisk-powered dialer software
 Web Interface
 UNIX/Linux Cron-based Schedule Logic
 Open-Source Code
 Graphing Monitoring Stats
 MySQL Database for Call Records

Current Features

 Dial by SIP or PSTN - Asterisk base capable of dialing via any medium
 Blast-Dialing - send multiple calls to 1 trunk for specified duration
   - No QoS/MOS scoring performed, designed for load testing
 QoS/MOS Test-Dialing
   - Ad-Hoc - perform on-demand test dials
   - Scheduled - unlimited schedules - hardware/software limited
   - Multiple "Test Applications" Possible: Current system designed to access 
conference bridge
   Simple Customized sequencing could allow testing through IVR menus, or 
other applications as required.
   - Dial MIRROR/Echo: Each dialer configured to respond to calls from another 
dialer by CallerID
   Pre-Deployment Option: Perform simple inter-dialer testing
 Reporting
   - Reports performance of scheduled tests over time
   - Detailed graphs over time
   MOS, PESQ, R-Value, Volume/Amplitude Difference
   - Sortable tables of results for all calls
   - Detailed View of each test call
   Embedded web player; compare source, reference WAVs
 Initiate Dials via Web Service
   - All calls are initiated by HTTP POST (even internally)

Upcoming Features

 Roll-up Reporting Dashboard
 Scheduled email reports
 Email notifications
   - Threshold definitions per schedule, email notifications

Read more at: 
http://www.sevana.fi/aqua-powered-asterisk-voice-quality-monitoring-solution.php
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Calendar server software suggestions

[sync]

Hello,guys:

I've seen several suggestions for alternatives to exchange for mail,
which I will be trying.
My question is, does anyone know of any good open source shared calendar
systems?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.5 and AMD chipsets.

[James Hogarth]

Use the live cd to test?

Sent from Android mobile

On May 26, 2010 8:16 AM, "Ireneusz Piasecki"  wrote:

 Hi.

I want run Centos 5.5 with mobo ASUS M4A88TD-V Evo/USB3 which have AMD
chipset 880G/SB850

Any idea, if kernel in centos 5.5 supports this chipset and SATA HDD
will be recognized during install process ?

Best regards,

I.Piasecki
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4

[Louis Lagendijk]

On Tue, 2010-05-25 at 17:24 -0500, Les Mikesell wrote:
> On 5/25/2010 5:09 PM, Whit Blauvelt wrote:
> > On Tue, May 25, 2010 at 06:05:34PM -0400, Whit Blauvelt wrote:
> >
> >> where "smb" is RH's version and /etc/init.d/smb is Cent's. I can't quite
> >> imagine that a difference between overwriting or appending path.txt is at
> >> the root of what I'm seeing though.
> >
> > Correction: that wasn't a virgin version of Cent's. More in a moment.
> 
> Try changing:
> daemon smbd $SMBDOPTIONS
> to
>   strace -f smbd $SMBDOPTIONS
> and run it in the way that fails.  If there's not enough left on the 
> screen to see why it died, try
>   strace -f smbd $SMBOPTION 2>/tmp/smblog
> and look at the file reading backwards to find a fatal error.
> 
> I'm still very curious about why it would work when run with 'sh'.
> 
Maybe try an ls -alZ fopr both sh and bash. There may be a suble
difference there. If selinux gets in the way for one but not the other
there may be something fishy with the selinux settings of the shell (or
the /etc/init.d/samba file)
Louis 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Resolv.conf being overwritten

[Christoph Maser]

Am Donnerstag, den 20.05.2010, 19:02 -0400 schrieb Thomas Dukes:
> I am trying to add 127.0.0.1 to my resolv.conf. I added it through the
> system-config-network but if I reboot, its gone. I do not have the caching
> nameserver package installed. My ISP's nameservers are there. It must have
> something to do with DHCP.
> 
> Also, in the network config GUI, should I select the IPv6 option for either
> or both network cards?
> 
> TIA
> 

This was discussed here not very long ago.
>From /usr/share/doc/initscripts-8.45.30/sysconfig.txt:



PEERDNS=yes|no
  modify /etc/resolv.conf if peer uses msdns extension (PPP only) or
  DNS{1,2} are set, or if using dhclient. default to "yes".


So PEERDNS=no in the right /etc/sysconfig/network-scripts/ifcfg-
should be your solution.

Chris

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] raid resync speed? - laptop drive-

[John Doe]

From: Robert Nichols 
> Is that one of those WD drives that falsely 
> reports its physical sector size as 512 bytes?

>From the Scorpio blue specs, if I divide the capacity by the number of 
>sectors, I get 512...

JD


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Ross Walker]

On May 26, 2010, at 1:44 AM, Les Mikesell  wrote:

> Gordon Messmer wrote:
>>
>> No.  With that file removed, smbd probably wouldn't have been able to
>> write to the directory.  If it was able to, it probably would have  
>> run
>> into trouble with the next file.  If smbd started up in the context
>> which was configured for it, everything would work normally.  If smbd
>> started up in the "unconfined" context, everything would work  
>> normally
>> (but not benefit from SELinux security).  The problem appears to be  
>> that
>> smbd was starting in some other context, which you haven't shared.
>>
>>> Then why was it also happy with "sh /etc/init.d/smb start" but not
>>> "/etc/init.d/smb start". I'm happy to become more educated on  
>>> this. But if
>>> invoking a major daemon startup that selinux wants to block is as  
>>> easy as
>>> that, selinux is window dressing, not security.
>>
>> Your misunderstanding seems to be that SELinux is not intended to
>> prevent an attacker who has root privileges on your system from  
>> starting
>> smbd.  Instead, it is intended to confine the smbd that the system's
>> administrator is running from taking actions which are not allowed by
>> policy.
>
> That still doesn't explain why there is a difference in smbd's  
> context when its
> parent is an explicitly started shell vs. the implict one that  
> starts when the
> script file is executed.  Isn't the context associated with the  
> program itself,
> not its parent?  Is this documented anywhere?
>
>> That is to say that SELinux does not "want" to block smbd from  
>> running.
>>  SELinux is intended to describe the access that system daemons like
>> smbd should have in greater detail than mere filesystem access, and  
>> to
>> confine smbd to that behavior.  Whatever you did caused smbd to  
>> start up
>> in some other context (but not unconfined), and was thus confining  
>> smbd
>> to the behavior that was appropriate for some other process.  It  
>> should
>> be obvious why that would cause problems.
>
> From what he has posted so far the "whatever he did" was starting  
> smbd directly
> from a root command line or running the init script with 'sh' or  
> 'bash'.   Why
> would that give a different context than running the init script  
> with the sh.

These are excellent questions that I wish I knew. I suspect it all has  
to do with how selinux associates processes with security contexts,  
but if someone has a pointer to the details already at hand that would  
be nice.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] raid resync speed? - laptop drive-

[Les Mikesell]

John Doe wrote:
> From: Robert Nichols 
>> Is that one of those WD drives that falsely 
>> reports its physical sector size as 512 bytes?
> 
>>From the Scorpio blue specs, if I divide the capacity by the number of 
>>sectors, I get 512...
> 

So is there any way to tell the kernel to write 4k at once even after the 
partitions are aligned right?   The size of this thing is really attractive for 
carrying data offsite and it seemed to "just work" in a windows 2003 server. I 
don't know the write speed it gets there, but the backup run to it completes 
overnight.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[JohnS]

On Tue, 2010-05-25 at 21:27 -0400, Whit Blauvelt wrote:

> But if someone can tell me why selinux thinks it's sane to block
> "/etc/init.d/smb start" while leaving "sh /etc/init.d/smb start" and even
> /some/random/dir/smb start" wide open ... I just can't believe some happy
> hacker at NSA thought that would count as a security scheme. Really, I'd
> like to know how this is supposed to be useful.

It had good reason to because you did inhereitly edit it as shown by the
previous rpm -V.  I say you will have more SEL problems if you do not do
a full relabel on boot.  You really need selinux for samba to prevent
buffer overflows. That is how it is usefull.  

John

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server software suggestions

[Max Hetrick]

sync wrote:
> Hello,guys:
> 
> I've seen several suggestions for alternatives to exchange for mail,
> which I will be trying.
> 
> My question is, does anyone know of any good open source shared calendar
> systems?

eGroupware and Horde are popular. I use Horde Webmail Edition which 
includes e-mail, calendar, shared tasks, etc. eGroupware is pretty nice 
as well.

Regards,
Max
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unable to execute a script , Permission denied

[John Doe]

From: Jatin Davey 
> I changed the file permissions such that any user 
> could execute it using the "chmod 777 filename" command.

Better use 755...

JD


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Les Mikesell]

JohnS wrote:
> On Tue, 2010-05-25 at 21:27 -0400, Whit Blauvelt wrote:
> 
>> But if someone can tell me why selinux thinks it's sane to block
>> "/etc/init.d/smb start" while leaving "sh /etc/init.d/smb start" and even
>> /some/random/dir/smb start" wide open ... I just can't believe some happy
>> hacker at NSA thought that would count as a security scheme. Really, I'd
>> like to know how this is supposed to be useful.
> 
> It had good reason to because you did inhereitly edit it as shown by the
> previous rpm -V.  I say you will have more SEL problems if you do not do
> a full relabel on boot.  You really need selinux for samba to prevent
> buffer overflows. That is how it is usefull.  

So smbd's context is _supposed_ to be inherited from the init script instead of 
being inherent to the program itself?  And the init script has to be executed 
directly instead of given to a shell for this to work?  Is this documented?

-- 
   Les Mikesell
 lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server software suggestions

[m . roth]

Max wrote:
> sync wrote:
>> Hello,guys:
>>
>> I've seen several suggestions for alternatives to exchange for mail,
>> which I will be trying.
>>
>> My question is, does anyone know of any good open source shared calendar
>> systems?
>
> eGroupware and Horde are popular. I use Horde Webmail Edition which
> includes e-mail, calendar, shared tasks, etc. eGroupware is pretty nice
> as well.

On a related note, since you're a horde user: my ISP that I have my domain
hosted on offers roundcube, squirrelmail, and horde. What I don't like
about squirrelmail is that it does *not* do the right thing on a reply: I
have to manually put in who wrote the email I'm responding to. Does horde
do it correctly?

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server software suggestions

[Max Hetrick]

m.r...@5-cent.us wrote:

> On a related note, since you're a horde user: my ISP that I have my domain
> hosted on offers roundcube, squirrelmail, and horde. What I don't like
> about squirrelmail is that it does *not* do the right thing on a reply: I
> have to manually put in who wrote the email I'm responding to. Does horde
> do it correctly?

Sounds to me like a configuration issue somewhere. My installation of 
Squirrelmail fills in the reply to field with no problems.

Max
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unable to execute a script , Permission denied

[Dale Dellutri]

On Tue, May 25, 2010 at 8:27 AM, Jatin Davey  wrote:

> On 5/25/2010 6:44 PM, Bowie Bailey wrote:
> > Jatin Davey wrote:
> >
> >> Here is the script that i am trying to execute as a non-root user:
> >>
> >> #!/bin/sh
> >> ps -C java -o thcount>  /home/proc_threads/tempfile
> >> awk ' { total += $1 } END { print total } ' /home/proc_threads/tempfile
> >>
> >> here is the output when i try to execute as a non-root user:
> >>
> >> ./javathreads: line 2: /home/proc_threads/tempfile: Permission denied
> >> awk: cmd. line:1: fatal: cannot open file
> >> `/home/proc_threads/tempfile' for reading (Permission denied)
> >>
> > The script is running, but the 'awk' line is failing to read
> > /home/proc_threads/tempfile.  What are the permissions on that file and
> > directory?
> >
> >
> >  $ ls -ld /home/proc_threads
> >
> >  $ ls -l /home/proc_threads/tempfile
> >
> >
>
> Thanks all
>
> I finally figured out that the tempfile that i was creating did not have
> proper permissions for the script to write into. Now i have fixed it
> using the chmod command and it is working fine.
>

If more than one other user executes this script at the same time,
tempfile may be overwritten by the second before the first can run
the awk line.  Change this to use a pipe.
-- 
Dale Dellutri
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unable to execute a script , Permission denied

[m . roth]

> On Tue, May 25, 2010 at 8:27 AM, Jatin Davey  wrote:
>
>> On 5/25/2010 6:44 PM, Bowie Bailey wrote:
>> > Jatin Davey wrote:
>> >
>> >> Here is the script that i am trying to execute as a non-root user:
>> >>
>> >> #!/bin/sh
>> >> ps -C java -o thcount>  /home/proc_threads/tempfile
>> >> awk ' { total += $1 } END { print total } '
>> /home/proc_threads/tempfile

> If more than one other user executes this script at the same time,
> tempfile may be overwritten by the second before the first can run
> the awk line.  Change this to use a pipe.

Good thought. Yes, do. An alternative, if you need the file for some
reason, try
#!/bin/sh
  TEMPFILE=/home/proc_threads/tempfile.`date +%Y%m%d%H%M`
  ps -C java -o thcount>  $TEMPFILE
  awk ' { total += $1 } END { print total } ' $TEMPFILE

Note those are backticks around date and its format.

 mark


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Craig White]

On Tue, 2010-05-25 at 23:36 -0400, Whit Blauvelt wrote:
> On Tue, May 25, 2010 at 09:09:33PM -0500, Jay Leafey wrote:
> 
> > In your case, there should have been AVC errors showing up in the
> > audit log related to smbd.  Using restorecon to fix up the security
> > context on the files in /etc/samba might have resolved the issue
> > quickly... but I guess the trick is having run across it before, eh?
> 
> Thoughtful advice. Thanks. Is there some method to duplicate basic
> configuration files across selinux servers without running restorecon for
> each set of files that's copied over - that is, to copy them with their
> selinux labels intact? 
> 
> >From this limited example, it looks like selinux gets in the way of standard
> administrative tasks, yet wouldn't be in the way at all of anyone who'd
> acquired a shell within which they could run another shell and with that
> call whatever program they like.
> 
> I was just reading a review by Freeman Dyson of physicist Steven Weinberg's
> new book, Lake Views. Dyson is impressed by Weinberg's argument that for
> defense we often go to "glorified technologies" which don't really do for us
> what we expect. For example, mounted knights, which were the expensive high
> tech approach to war of their time, more often than not lost to peasants
> with pikes. The list goes on from there, right up to the present.
> 
> In it's modest way, selinux would fit right into that record. It's complex
> and shiney and expensive to maintain (hell, it's competitor is even called
> "AppArmour" - armour?). But is it as essentially useless in real combat as
> mounted knights were against a line of men with spears? Or as today's
> wishful and extravagant missile defense?

you can't make a useful argument out of ignorance. If you don't want to
use SELinux, then disable it. Otherwise, learn to understand how it
operates and deal with it.

one certain way to cause issues with SELinux is to copy files created in
other directories or other computers onto another computer because it
will not have the proper security contexts so the way to fix that is to
make sure your policy files are all up to date and then relabel your
file system which should set the contexts to their proper labels.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LSI software raid with centos 5.4

[CList]

 I have been trying to install CentOS 5.4 on a Intel SR1530SHS, Intel
>> S3200SH
 mainboard.. It has a 3 x 1TB sata hotswap drives with LSI software raid
 onboard.
>>> fake-raid alert!
>>>
 I had configured the LSI to have Sata0 and Sata1 with raid 1 and the
>> third
 drive as a hotspare drive.
>>> Okay...
>>>
 Format the harddisk and installation was a breeze. The server rebooted
>> into
 a blank screen and the cursor just keep blinking.
>>> Drivers for the LSI fake-raid not included in initrd maybe?
 Please advise.
>>> Reinstall and use md raid?
>> 
>> Will I lose the hotswap capability?
>> 
>
> That depends on the controller and driver...
>
> Just what LSI board is this? A 3ware board or megaraid or what?!?!

Intel confirmed there is no driver for 5.4. It is meant for 5.1

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] raid resync speed? - laptop drive-

[John R Pierce]

John Doe wrote:
> From: Robert Nichols 
>   
>> Is that one of those WD drives that falsely 
>> reports its physical sector size as 512 bytes?
>> 
>
> From the Scorpio blue specs, if I divide the capacity by the number of 
> sectors, I get 512...
>   



all these new 'advanced' drives look to the host like they have 512 byte 
sectors its just that they pack 8 of them internally into a single 
4K sector.if you don't ensure that your partitions start on a 4K (8 
sector) boundary, then committed random writes are very slow as your 
logical file system blocks will span multiple physical sectors


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Brunner, Brian T.]

> 
> you can't make a useful argument out of ignorance. 

You are being religious, and wrong. See below.

> If you don't want to use SELinux, then disable it. 

This is a good idea.  Disabling SELinux is the first thing that should
be done, since (as this conversation proves plainly) what we don't know
CAN hurt us, this is a useful argument arising out of ignorance.

> Otherwise, learn to understand how it operates and deal with it.

SELinux should (my religion) be disabled by default, and enabled to the
degree the victim err administrator understands what to expect when
SELinux is enabled, and iff said administrator desires the aforehinted
effects.

> one certain way to cause issues with SELinux is to copy files 
> created in other directories or other computers onto another 
> computer because it will not have the proper security 
> contexts so the way to fix that is to make sure your policy 
> files are all up to date and then relabel your file system 
> which should set the contexts to their proper labels.

My religion:
1: Disable SELinux.
2: If you think you need whatever SELinux offers, get a degree in
SELinux administration sufficient to understand the ramifications of the
(potential) policies.
3: Enable SELinux to the degree needed.

I've not yet seen a reason to enable SELinux.  Ever.  Anywhere.  It is
*that* badly presented to the administrators who (would) suffer it.  It
has (for me) broken things that were before working, it has fixed
nothing that was before broken, it has been nothing but one more cadre
of magicians-of-dubious-value in Pharaoh's Court.

***
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error please
notify the system manager. This footnote also confirms that this
email message has been swept for the presence of computer viruses.
www.Hubbell.com - Hubbell Incorporated**

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Installing from USB flash drive

[Bowie Bailey]

I successfully created an install media on a USB flash drive, but now I
have a minor problem installing from it.  Whenever I run the installer,
it insists on installing grub on /dev/sdb (the flash drive) rather than
/dev/sda (the hard drive where I'm installing everything).

Is there a way to convince the installer to put grub in the right
place?  Should I just tell it not to install grub and then do a
grub-install from a rescue prompt afterwards?

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server software suggestions

[David S.]

Zimbra Collaboration Suite OSE ??? MTA, webmail, LDAP backend, Calendar :)
 
-

Regards,
David
--
http://pnyet.web.id

-Original Message-
From: m.r...@5-cent.us
Sender: centos-boun...@centos.org
Date: Wed, 26 May 2010 09:57:00 
To: CentOS mailing list
Reply-To: CentOS mailing list 
Subject: Re: [CentOS] Calendar server software suggestions

Max wrote:
> sync wrote:
>> Hello,guys:
>>
>> I've seen several suggestions for alternatives to exchange for mail,
>> which I will be trying.
>>
>> My question is, does anyone know of any good open source shared calendar
>> systems?
>
> eGroupware and Horde are popular. I use Horde Webmail Edition which
> includes e-mail, calendar, shared tasks, etc. eGroupware is pretty nice
> as well.

On a related note, since you're a horde user: my ISP that I have my domain
hosted on offers roundcube, squirrelmail, and horde. What I don't like
about squirrelmail is that it does *not* do the right thing on a reply: I
have to manually put in who wrote the email I'm responding to. Does horde
do it correctly?

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] raid resync speed? - laptop drive-

[Les Mikesell]

On 5/26/2010 9:52 AM, John R Pierce wrote:
>
>>> Is that one of those WD drives that falsely
>>> reports its physical sector size as 512 bytes?
>>>
>>
>>  From the Scorpio blue specs, if I divide the capacity by the number of 
>> sectors, I get 512...
>>
>
>
>
> all these new 'advanced' drives look to the host like they have 512 byte
> sectors its just that they pack 8 of them internally into a single
> 4K sector.if you don't ensure that your partitions start on a 4K (8
> sector) boundary, then committed random writes are very slow as your
> logical file system blocks will span multiple physical sectors

How can they ever be fast if the OS is writing 512 byte sectors?  The 
drive is going to have to read the 4k sector, merge the update, wait for 
the disk to spin around and write it back.  The read speed seems a match 
for a desktop Seagate with the same capacity, but writes are about 10x 
slower, even if I dd to the raw disk which should bypass any partition 
alignment issues.  And unfortunately since I want to store backups on 
it, the write speed is what matters.

-- 
   Les Mikesell
lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server software suggestions

[Lucian]

On Wed, May 26, 2010 at 10:07 AM, sync  wrote:
> Hello,guys:
>
> I've seen several suggestions for alternatives to exchange for mail,
> which I will be trying.
>
> My question is, does anyone know of any good open source shared calendar
> systems?
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

This thread might be of interest to you:
http://www.debian-administration.org/article/How_should_I_allow_mail_calendar_and_contact_syncs
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] raid resync speed? - laptop drive-

[John R Pierce]

Les Mikesell wrote:
> On 5/26/2010 9:52 AM, John R Pierce wrote:
>   
 Is that one of those WD drives that falsely
 reports its physical sector size as 512 bytes?

 
>>>  From the Scorpio blue specs, if I divide the capacity by the number of 
>>> sectors, I get 512...
>>>
>>>   
>>
>> all these new 'advanced' drives look to the host like they have 512 byte
>> sectors its just that they pack 8 of them internally into a single
>> 4K sector.if you don't ensure that your partitions start on a 4K (8
>> sector) boundary, then committed random writes are very slow as your
>> logical file system blocks will span multiple physical sectors
>> 
>
> How can they ever be fast if the OS is writing 512 byte sectors?  The 
> drive is going to have to read the 4k sector, merge the update, wait for 
> the disk to spin around and write it back.  The read speed seems a match 
> for a desktop Seagate with the same capacity, but writes are about 10x 
> slower, even if I dd to the raw disk which should bypass any partition 
> alignment issues.  And unfortunately since I want to store backups on 
> it, the write speed is what matters.
>
>   


well, as long as the writes aren't being 'committed' on every sector, 
they should be cached long enough for the full 4K block to be filed 
prior to actually writing to disk.


your `dd` command, what did you specify for the block size?   try 
something realistic like 32768

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[Todd Denniston]

Bowie Bailey wrote, On 05/26/2010 10:59 AM:
> I successfully created an install media on a USB flash drive, but now I
> have a minor problem installing from it.  Whenever I run the installer,
> it insists on installing grub on /dev/sdb (the flash drive) rather than
> /dev/sda (the hard drive where I'm installing everything).
> 
> Is there a way to convince the installer to put grub in the right
> place?  

If you are installing from a kickstart, or at least preparing the install using 
KS, yes.
In my case it was easy, target of install was an IDE and source usb drive was 
detected as SCSI, in
the kickstart file I was using I set:
bootloader --driveorder=hda,sda
granted I put that in a file that kickstart included, by building the file in 
the %pre section of
the kickstart, i.e., I ran some detection routines to be sure of what I was 
putting in there.


however for yours, because both show up as sd? you will need to be aware of 
BIOS/kernel detection
order.  The detection order may be different between booting the install media 
bootloader and
booting the final system grub.

Assuming you are using a kickstart file, you could probably program the %pre to 
figure out which is
which by looking for a known UUID of the USB flash or its file system label and 
tell grub use
anything else it finds first.


I believe the final file you would need to look at is /boot/grub/device.map
grub and grub-install take options for this file.

> Should I just tell it not to install grub and then do a
> grub-install from a rescue prompt afterwards?
> 

painful, but possible.

Hopefully enough clues to be helpful.
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[m . roth]

> Bowie Bailey wrote, On 05/26/2010 10:59 AM:
>> I successfully created an install media on a USB flash drive, but now I
>> have a minor problem installing from it.  Whenever I run the installer,
>> it insists on installing grub on /dev/sdb (the flash drive) rather than
>> /dev/sda (the hard drive where I'm installing everything).
>>
>> Is there a way to convince the installer to put grub in the right
>> place?
>
> If you are installing from a kickstart, or at least preparing the install
> using KS, yes.

So, if you're *not*, and you just want to install on a new drive, then the
Grand Unified Boot Loader religiously won't let you do what you want,
since, it's *sure* (the same way M$ is), that it knows how to do this *so*
much better than you do, and if you want to do it any other way, why
that's the *wrong* way, and will do everything it can to keep you from
doing it the "wrong" way.

Next time I bounce my system at home, I really ought to plug in /dev/hda
again, and maybe I can access stuff on it - I had to physically unplug it,
because a straight install *refused* to install the boot record in the MBR
on /dev/sda

  mark


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Benjamin Franz]

On 05/26/2010 07:40 AM, Craig White wrote:
>
> you can't make a useful argument out of ignorance. If you don't want to
> use SELinux, then disable it. Otherwise, learn to understand how it
> operates and deal with it.
>
> one certain way to cause issues with SELinux is to copy files created in
> other directories or other computers onto another computer because it
> will not have the proper security contexts so the way to fix that is to
> make sure your policy files are all up to date and then relabel your
> file system which should set the contexts to their proper labels.
>

I can make a useful argument from experience. Over the last few years, 
as Redhat has progressively deployed SELinux, I have had *several* 
incidents (the most recent only a few weeks ago) where updates to 
SELinux broke existing, stable, systems. Each time sucking up hours of 
my time to diagnose and fix. And (as in this incident) there are not 
always useful error messages to track it with.

The *theoretical* system security improvement of SELinux is trumped by 
the *practical* observation that I have had existing systems broken by 
SELinux multiple times on the mere handful of systems I have run it on 
in enforcing mode,  but have yet to see a single one of several dozen 
(all internet exposed) up-to-date *non*-SELinux systems hacked.

It is a 'safety' feature that is in practice more dangerous to system 
stability than what it is trying to fix. It is like having air bags in 
your car that go off at random times while you are driving: It is NOT 
acceptable behavior.

-- 
Benjamin Franz


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server software suggestions

[Ned Slider]

On 05/26/2010 10:07 AM, sync wrote:
> Hello,guys:
>
> I've seen several suggestions for alternatives to exchange for mail,
> which I will be trying.
> My question is, does anyone know of any good open source shared calendar
> systems?
>

Take a look at Zafara:

http://fedoraproject.org/wiki/Features/Zarafa

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[m . roth]

Benjamin wrote:
> On 05/26/2010 07:40 AM, Craig White wrote:
>>
>> you can't make a useful argument out of ignorance. If you don't want to
>> use SELinux, then disable it. Otherwise, learn to understand how it
>> operates and deal with it.
>>
>> one certain way to cause issues with SELinux is to copy files created in
>> other directories or other computers onto another computer because it
>> will not have the proper security contexts so the way to fix that is to
>> make sure your policy files are all up to date and then relabel your
>> file system which should set the contexts to their proper labels.
>
> I can make a useful argument from experience. Over the last few years,
> as Redhat has progressively deployed SELinux, I have had *several*
> incidents (the most recent only a few weeks ago) where updates to
> SELinux broke existing, stable, systems. Each time sucking up hours of
> my time to diagnose and fix. And (as in this incident) there are not
> always useful error messages to track it with.

And the selinux folks (I'm on the fedora selinux mailing list) don't like
to accept that *they* have bugs. For example, we're stuck with CA's
siteminder (*gag*). Selinux complains about it writing to its own logfile,
/var/log/httpd/smwagent.log. The AVI, when I run sealert, tells me to fix
it by setting httpd_unified to on. I've done that, numerous times, which
tells me that *they* have a logical flaw in their error handling, and it's
*not* telling me the correct cause/solution.

They didn't suggest I file a bug report when I mentioned it on the list.
Maybe I'll do it again

mark


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] raid resync speed? - laptop drive-

[Robert Nichols]

On 05/26/2010 10:12 AM, Les Mikesell wrote:
> On 5/26/2010 9:52 AM, John R Pierce wrote:
>>
 Is that one of those WD drives that falsely
 reports its physical sector size as 512 bytes?

>>>
>>>From the Scorpio blue specs, if I divide the capacity by the number of 
>>> sectors, I get 512...
>>>
>>
>>
>>
>> all these new 'advanced' drives look to the host like they have 512 byte
>> sectors its just that they pack 8 of them internally into a single
>> 4K sector.if you don't ensure that your partitions start on a 4K (8
>> sector) boundary, then committed random writes are very slow as your
>> logical file system blocks will span multiple physical sectors
>
> How can they ever be fast if the OS is writing 512 byte sectors?  The
> drive is going to have to read the 4k sector, merge the update, wait for
> the disk to spin around and write it back.  The read speed seems a match
> for a desktop Seagate with the same capacity, but writes are about 10x
> slower, even if I dd to the raw disk which should bypass any partition
> alignment issues.  And unfortunately since I want to store backups on
> it, the write speed is what matters.

According to that page I referenced on ata.wiki.kernel.org, "Most modern
filesystems generate 4KiB aligned accesses from the partition it is
in."  If you get the partition alignment correct, it should "just work"
unless something else is getting in the way.  When I look at the counts
from "vmstat -d" I see that the sector count is indeed 8X the number of
I/O requests, but I have no way to see the alignment of those.

   https://ata.wiki.kernel.org/index.php/ATA_4_KiB_sector_issues

-- 
Bob Nichols "NOSPAM" is really part of my email address.
 Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Lars Hecking]

> The *theoretical* system security improvement of SELinux is trumped by 
> the *practical* observation that I have had existing systems broken by 
> SELinux multiple times on the mere handful of systems I have run it on 
> in enforcing mode,  but have yet to see a single one of several dozen 
> (all internet exposed) up-to-date *non*-SELinux systems hacked.
> 
> It is a 'safety' feature that is in practice more dangerous to system 
> stability than what it is trying to fix. It is like having air bags in 
> your car that go off at random times while you are driving: It is NOT 
> acceptable behavior.
 
 Under CentOS 5.5, and I presume RHEL5.5 too, there is a small improvement
 in the shape of setroubleshoot-server, it at least gives you improved
 troubleshooting capabilities.

 Not that it helps when you upgrade a 5.4 machine to 5.5 and you get no
 selinux logging whatsoever because setroubleshoot-server wasn't installed
 during the upgrade. Note to self, need to add it to the minimal-kickstart
 configurations.



---
This message and any attachments may contain Cypress (or its
subsidiaries) confidential information. If it has been received
in error, please advise the sender and immediately delete this
message.
---

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[Bowie Bailey]

m.r...@5-cent.us wrote:
>> Bowie Bailey wrote, On 05/26/2010 10:59 AM:
>> 
>>> I successfully created an install media on a USB flash drive, but now I
>>> have a minor problem installing from it.  Whenever I run the installer,
>>> it insists on installing grub on /dev/sdb (the flash drive) rather than
>>> /dev/sda (the hard drive where I'm installing everything).
>>>
>>> Is there a way to convince the installer to put grub in the right
>>> place?
>>>   
>> If you are installing from a kickstart, or at least preparing the install
>> using KS, yes.
>> 
> 
> So, if you're *not*, and you just want to install on a new drive, then the
> Grand Unified Boot Loader religiously won't let you do what you want,
> since, it's *sure* (the same way M$ is), that it knows how to do this *so*
> much better than you do, and if you want to do it any other way, why
> that's the *wrong* way, and will do everything it can to keep you from
> doing it the "wrong" way.
>
> Next time I bounce my system at home, I really ought to plug in /dev/hda
> again, and maybe I can access stuff on it - I had to physically unplug it,
> because a straight install *refused* to install the boot record in the MBR
> on /dev/sda
>   

Agreed.  It's truly obnoxious that we can specify which drive to install
the OS onto, but we can't specify where to put the boot loader.

What I did was skip the grub install and then install it from the rescue
prompt.  Unfortunately, this left me with no grub.conf at all, so I had
to look at another machine to get the proper format and manually create
grub.conf.  After that, however, it booted normally.  I'm doing a 'yum
update' now, which includes a new kernel.  I'm keeping my fingers
crossed that it will update my grub.conf properly.

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] with dovecot deliver amavisd not work

[fakessh]

hello all reader
hello list
hello centos network

since I've installed dovecot deliver. e-mails no longer pass through
amavisd. 
amavisd no longer work. 
c is to say I have no anti-spam and anti virus

my postconf and dovecot -n
[r...@r13151 ~]# postconf -n
alias_database = hash:/etc/aliases , hash:/etc/postfix/aliases
alias_maps = hash:/etc/aliases , hash:/etc/postfix/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = dkimproxy:[127.0.0.1]:10029
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
double_bounce_sender = no
header_checks = regexp:/etc/postfix/header_checks.cf
home_mailbox = Maildir/
in_flow_delay = 10
inet_interfaces = all
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2048
mime_header_checks = regexp:/etc/postfix/mime_header_checks.cf
mydestination = $myhostname , localhost.$mydomain, r13151.ovh.net
mydomain = r13151.ovh.net
mynetworks = 127.0.0.0/8 ,87.98.186.232
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_run_delay = 200s
readme_directory = /usr/share/doc/postfix-2.5.4/README_FILES
recipient_delimiter = +
relay_domains = 
sample_directory = /usr/share/doc/postfix-2.5.4/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions =
permit_mynetworks,reject_unknown_reverse_client_hostname,reject_unauth_pipelining,
reject_non_fqdn_recipient ,  permit
smtpd_milters = inet:[127.0.0.1]:10040
smtpd_recipient_restrictions = permit_mynetworks  permit_inet_interfaces
permit_sasl_authenticated  reject_unverified_recipient
reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unknown_sender_domain reject_unknown_recipient_domain
reject_unknown_reverse_client_hostname reject_unauth_destination
reject_unauth_pipelining reject_rbl_client zen.spamhaus.org
reject_sender_login_mismatch check_policy_service unix:postgrey/socket
check_sender_access hash:/etc/postfix/check_backscatterer
check_sender_access hash:/etc/postfix/check_spamcannibal
check_policy_service unix:private/spfpolicy  reject_rhsbl_sender
dbl.spamhaus.org reject_rbl_client bl.spamcop.net  reject_rbl_client
cbl.abuseat.org  reject_rbl_client b.barracudacentral.org
check_client_access hash:/etc/postfix/whitelist  reject_rhsbl_helo
dbl.spamhaus.org  reject_rhsbl_client dbl.spamhaus.org
reject_unknown_helo_hostname reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname  check_client_access
pcre:/etc/postfix/ptr-tld.pcre check_client_access
cidr:/etc/postfix/sinokorea.cidr check_client_access
cidr:/etc/postfix/taiwancidr.cidr  check_client_access
regexp:/etc/postfix/blacklist_clients  check_client_access
cidr:/etc/postfix/asian-ip.cidr  reject_rbl_client relays.orbs.org 
reject_rbl_client in.dnsbl.org
smtpd_reject_unlisted_sender = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/certs/class3.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/r13151.ovh.net.crt
smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = renelacroute.fr , nicolaspichot.fr , fakessh.eu
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot



[r...@r13151 ~]# dovecot -n 
# 1.2.11: /etc/dovecot.conf
# OS: Linux 2.6.24.5-grsec--grs-ipv4-32 i686 CentOS release 5.5
(Final) 
base_dir: /var/run/dovecot/
log_path: /var/log/maillog
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imap imaps pop3 pop3s managesieve
listen(default): [::]
listen(imap): [::]
listen(pop3): [::]
listen(managesieve): *:2000
ssl_listen(default): *:993
ssl_listen(imap): *:993
ssl_listen(pop3): *:995
ssl_listen(managesieve): 
ssl_ca_file: /etc/pki/tls/certs/root.crt
ssl_cert_file: /etc/pki/tls/certs/r13151.ovh.net.crt
ssl_key_file: /etc/pki/tls/private/r13151.ovh.net.key
ssl_verify_client_cert: yes
version_ignore: yes
login_dir: /var/run/dovecot//login
login_executable(default): /usr/libexec/dovecot/i

Re: [CentOS] Calendar server software suggestions

[Les Mikesell]

On 5/26/2010 8:25 AM, Max Hetrick wrote:
> sync wrote:
>> Hello,guys:
>>
>> I've seen several suggestions for alternatives to exchange for mail,
>> which I will be trying.
>>
>> My question is, does anyone know of any good open source shared calendar
>> systems?
>
> eGroupware and Horde are popular. I use Horde Webmail Edition which
> includes e-mail, calendar, shared tasks, etc. eGroupware is pretty nice
> as well.
>

If horde will work for you, you might want to look at the ClearOS 
distribution which comes up with Cyrus imap, horde, and ldap working out 
of the box (and a bunch of other stuff) with a web management interface. 
  I believe you can also get an outlook connector but there is a 
per-client license fee for that part.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server software suggestions

[Andres Lucena]

Hi,

I think that maybe Zimbra, ClearOS, eGroupware, Zarafa or Horde are a
little too much if the only thing you want is to have the calendar.
Maybe you should check WebCalendar [1]; its pretty good, allowing you
to sync it with iCal/RSS, and a bunch of other things.

Of course it all depends on what do you want to do, I mean, if you
want something to replace Microsoft Exchange maybe you should check
one of the above, but if the only thing you want is a Calendar, then
WebCalendar is the tool for the job.

[1] http://www.k5n.us/webcalendar.php

Bye,
Andres

On Wed, May 26, 2010 at 6:48 PM, Les Mikesell  wrote:
> On 5/26/2010 8:25 AM, Max Hetrick wrote:
>> sync wrote:
>>> Hello,guys:
>>>
>>> I've seen several suggestions for alternatives to exchange for mail,
>>> which I will be trying.
>>>
>>> My question is, does anyone know of any good open source shared calendar
>>> systems?
>>
>> eGroupware and Horde are popular. I use Horde Webmail Edition which
>> includes e-mail, calendar, shared tasks, etc. eGroupware is pretty nice
>> as well.
>>
>
> If horde will work for you, you might want to look at the ClearOS
> distribution which comes up with Cyrus imap, horde, and ldap working out
> of the box (and a bunch of other stuff) with a web management interface.
>  I believe you can also get an outlook connector but there is a
> per-client license fee for that part.
>
> --
>   Les Mikesell
>    lesmikes...@gmail.com
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[m . roth]

Bowie wrote:
> m.r...@5-cent.us wrote:
>>> Bowie Bailey wrote, On 05/26/2010 10:59 AM:
>>>
 I successfully created an install media on a USB flash drive, but now
 I have a minor problem installing from it.  Whenever I run the
 installer, it insists on installing grub on /dev/sdb (the flash drive)
 rather than
 /dev/sda (the hard drive where I'm installing everything).

 Is there a way to convince the installer to put grub in the right
 place?

> Agreed.  It's truly obnoxious that we can specify which drive to install
> the OS onto, but we can't specify where to put the boot loader.
>
> What I did was skip the grub install and then install it from the rescue
> prompt.  Unfortunately, this left me with no grub.conf at all, so I had
> to look at another machine to get the proper format and manually create
> grub.conf.  After that, however, it booted normally.  I'm doing a 'yum
> update' now, which includes a new kernel.  I'm keeping my fingers
> crossed that it will update my grub.conf properly.

Once it's on, it's fairly stable... though the update of the kernel does
*not* always work correctly. With nearly 200 machines that I'm rolling out
updates to, not infrequently, I'll see that the default= line in
/etc/grub.conf is reset... to the last kernel,rather than the current, or
to the debug kernel. I always have to check to verify that it's pointing
correctly before rebooting.

 mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[Bowie Bailey]

m.r...@5-cent.us wrote:
> Bowie wrote:
>   
>
>> Agreed.  It's truly obnoxious that we can specify which drive to install
>> the OS onto, but we can't specify where to put the boot loader.
>>
>> What I did was skip the grub install and then install it from the rescue
>> prompt.  Unfortunately, this left me with no grub.conf at all, so I had
>> to look at another machine to get the proper format and manually create
>> grub.conf.  After that, however, it booted normally.  I'm doing a 'yum
>> update' now, which includes a new kernel.  I'm keeping my fingers
>> crossed that it will update my grub.conf properly.
>> 
>
> Once it's on, it's fairly stable... though the update of the kernel does
> *not* always work correctly. With nearly 200 machines that I'm rolling out
> updates to, not infrequently, I'll see that the default= line in
> /etc/grub.conf is reset... to the last kernel,rather than the current, or
> to the debug kernel. I always have to check to verify that it's pointing
> correctly before rebooting.
>   

And, in fact, that is exactly what happened.  The default= line was set
to 1, so it booted the old kernel instead of the new one.  Other than
that, it seems to be fine.  I wonder what causes that?  I've never
noticed that behavior in my other systems.  (But maybe I should go check
now...)

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server software suggestions

[Mauriat Miranda]

On Wed, May 26, 2010 at 5:07 AM, sync  wrote:
> Hello,guys:
>
> I've seen several suggestions for alternatives to exchange for mail,
> which I will be trying.
>
> My question is, does anyone know of any good open source shared calendar
> systems?

I know its not open source, but have you considered Google Apps for
Domains?  You can get your own gmail/calendar/docs/sites/chat on your
own domain.com address for up to 50 people for free.  As well as
groups/contact sharing/calendar sharing, etc.

I originally tried it out just for testing, but I find it much
easier/faster than my managing my own hosting.

-- 
Mauriat Miranda
http://www.mjmwired.net/linux
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[m . roth]

Bowie wrote:
> m.r...@5-cent.us wrote:
>> Bowie wrote:

>> Once it's on, it's fairly stable... though the update of the kernel does
>> *not* always work correctly. With nearly 200 machines that I'm rolling
>> out
>> updates to, not infrequently, I'll see that the default= line in
>> /etc/grub.conf is reset... to the last kernel,rather than the current,
>> or
>> to the debug kernel. I always have to check to verify that it's pointing
>> correctly before rebooting.
>>
> And, in fact, that is exactly what happened.  The default= line was set
> to 1, so it booted the old kernel instead of the new one.  Other than
> that, it seems to be fine.  I wonder what causes that?  I've never
> noticed that behavior in my other systems.  (But maybe I should go check
> now...)

I have *no* idea. I've even seen it pointing to 2, or 4. Anyone here have
any idea why it wouldn't *always* change the default to 0?

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Amavisd-new from rpmforge and Courier

[Bowie Bailey]

Does anyone know if the amavisd-new package in rpmforge has the Courier
patch installed?

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[JohnS]

On Wed, 2010-05-26 at 14:57 -0400, m.r...@5-cent.us wrote:
> Bowie wrote:
> > m.r...@5-cent.us wrote:
> >> Bowie wrote:
> 
> >> Once it's on, it's fairly stable... though the update of the kernel does
> >> *not* always work correctly. With nearly 200 machines that I'm rolling
> >> out
> >> updates to, not infrequently, I'll see that the default= line in
> >> /etc/grub.conf is reset... to the last kernel,rather than the current,
> >> or
> >> to the debug kernel. I always have to check to verify that it's pointing
> >> correctly before rebooting.
> >>
> > And, in fact, that is exactly what happened.  The default= line was set
> > to 1, so it booted the old kernel instead of the new one.  Other than
> > that, it seems to be fine.  I wonder what causes that?  I've never
> > noticed that behavior in my other systems.  (But maybe I should go check
> > now...)
> 
> I have *no* idea. I've even seen it pointing to 2, or 4. Anyone here have
> any idea why it wouldn't *always* change the default to 0?
> 
>mark

Where did you get the kernel from?  There is a reason why I ask this
because all installed kernels I have installed that were built by CentOS
do the right thing.  As in update the boot sequence for you.

The exception is The Upstream Real Time Kernel does not do this and is
docoed.

Now the PAE Kernel I can not speak for because I do not use it.  I only
utilize the pae form for 32 bit under the RT Kernel which pae is built
into for 32bits.

John

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[Bowie Bailey]

JohnS wrote:
> On Wed, 2010-05-26 at 14:57 -0400, m.r...@5-cent.us wrote:
>   
>> Bowie wrote:
>> 
>>> m.r...@5-cent.us wrote:
>>>   
 Bowie wrote:
 
>> 
>> 
 Once it's on, it's fairly stable... though the update of the kernel does
 *not* always work correctly. With nearly 200 machines that I'm rolling
 out
 updates to, not infrequently, I'll see that the default= line in
 /etc/grub.conf is reset... to the last kernel,rather than the current,
 or
 to the debug kernel. I always have to check to verify that it's pointing
 correctly before rebooting.

 
>>> And, in fact, that is exactly what happened.  The default= line was set
>>> to 1, so it booted the old kernel instead of the new one.  Other than
>>> that, it seems to be fine.  I wonder what causes that?  I've never
>>> noticed that behavior in my other systems.  (But maybe I should go check
>>> now...)
>>>   
>> I have *no* idea. I've even seen it pointing to 2, or 4. Anyone here have
>> any idea why it wouldn't *always* change the default to 0?
>>
>>mark
>> 
> 
> Where did you get the kernel from?  There is a reason why I ask this
> because all installed kernels I have installed that were built by CentOS
> do the right thing.  As in update the boot sequence for you.
>
> The exception is The Upstream Real Time Kernel does not do this and is
> docoed.
>
> Now the PAE Kernel I can not speak for because I do not use it.  I only
> utilize the pae form for 32 bit under the RT Kernel which pae is built
> into for 32bits.
>   

The kernel came from the updates repo.  I just did "yum update" on a
newly installed 5.5 system.  The only oddity is that the original
grub.conf file was created by hand rather than by anaconda.  (Due to
anaconda NOT doing "the right thing" when installing from a USB install
media)

My theory is that the script that updates grub.conf is somehow detecting
that the file is not stock and therefore updating the default= line to
avoid changing the active kernel.

I looked through some of my other machines and was not able to find a
single one that had anything other than default=0.

-- 
Bowie
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[m . roth]

>
> On Wed, 2010-05-26 at 14:57 -0400, m.r...@5-cent.us wrote:
>> Bowie wrote:
>> > m.r...@5-cent.us wrote:
>> >> Bowie wrote:
>> 
>> >> Once it's on, it's fairly stable... though the update of the kernel
>> >> does *not* always work correctly. With nearly 200 machines that I'm
>> >> rolling out
>> >> updates to, not infrequently, I'll see that the default= line in
>> >> /etc/grub.conf is reset... to the last kernel,rather than the
>> >> current, or to the debug kernel. I always have to check to verify
>> >> that it's pointing correctly before rebooting.
>> >>
>> > And, in fact, that is exactly what happened.  The default= line was
>> > set to 1, so it booted the old kernel instead of the new one.

>> I have *no* idea. I've even seen it pointing to 2, or 4. Anyone here
>> have any idea why it wouldn't *always* change the default to 0?
> 
> Where did you get the kernel from?  There is a reason why I ask this
> because all installed kernels I have installed that were built by CentOS
> do the right thing.  As in update the boot sequence for you.
>
We build our own repository directly from an upstream CentOS mirror; in
this case, mirror.cc.vt.edu::centos/5.5. The exact same thing happened
with 5.4, and with some updates.

> The exception is The Upstream Real Time Kernel does not do this and is
> docoed.

Nope. 64 bit plain, mostly, with an occasional 32 bit, and fewer PAE. No
real time.

   mark


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[Les Mikesell]

On 5/26/2010 2:37 PM, JohnS wrote:
>
>>> And, in fact, that is exactly what happened.  The default= line was set
>>> to 1, so it booted the old kernel instead of the new one.  Other than
>>> that, it seems to be fine.  I wonder what causes that?  I've never
>>> noticed that behavior in my other systems.  (But maybe I should go check
>>> now...)
>>
>> I have *no* idea. I've even seen it pointing to 2, or 4. Anyone here have
>> any idea why it wouldn't *always* change the default to 0?
>>
>> mark
> 
> Where did you get the kernel from?  There is a reason why I ask this
> because all installed kernels I have installed that were built by CentOS
> do the right thing.  As in update the boot sequence for you.
>
> The exception is The Upstream Real Time Kernel does not do this and is
> docoed.
>
> Now the PAE Kernel I can not speak for because I do not use it.  I only
> utilize the pae form for 32 bit under the RT Kernel which pae is built
> into for 32bits.

I think this fails where you initially install a non-PAE kernel and 
later add RAM and change to the PAE version.

-- 
   Les Mikesell
lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Amavisd-new from rpmforge and Courier

[Ned Slider]

Bowie Bailey wrote:
> Does anyone know if the amavisd-new package in rpmforge has the Courier
> patch installed?
> 

I can't see any indication that it does...

http://svn.rpmforge.net/svn/trunk/rpms/amavisd-new/amavisd-new.spec

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Calendar server software suggestions

[Nataraj]

Mauriat Miranda wrote:
> On Wed, May 26, 2010 at 5:07 AM, sync  wrote:
>   
>> Hello,guys:
>>
>> I've seen several suggestions for alternatives to exchange for mail,
>> which I will be trying.
>>
>> My question is, does anyone know of any good open source shared calendar
>> systems?
>> 
>
> I know its not open source, but have you considered Google Apps for
> Domains?  You can get your own gmail/calendar/docs/sites/chat on your
> own domain.com address for up to 50 people for free.  As well as
> groups/contact sharing/calendar sharing, etc.
>
> I originally tried it out just for testing, but I find it much
> easier/faster than my managing my own hosting.
>
>   

I was planning to evaluate devical, but have not tried it yet:
http://www.davical.org/

I would welcome comments from anyone with experience with devical.

Here's a feature comparison of several calendar implementation, though 
it looks a little old, based on the versions listed for the various 
packages.
https://wiki.mozilla.org/Calendar:QA_CalDAV_Support

I know you asked primarily about calendar servers, but I just thought 
I'd mention the mailserver that I use.

For everything else, I currently run 
http://www.tummy.com/Products/vpostmaster/ which I like very much.  It 
does not have any kind of calender or contact support, but that can be 
added seperately.  It uses postfix for the underlying mail transport 
which is very solid and has extensive capability for managing spam 
attacks and supports many plugins.  Vpostmaster implements greylisting, 
spf checking, spamassasin, clamav, white/black listing.  It uses the 
postgres database.  Oh and it also has support for unlimited virtual 
domains. It includes dovecot pop/imap support and squirrelmail webmail 
interface.

The GUI is quite user friendly and spam control parameters can be 
customized on a per user/mailbox basis.  It's probably most suitable for 
small to medium size organizations due to the cost of many features 
implemented in python, though with postfix as the underlying transport,  
preliminary spam control features, rbl checks, connection rate limiting 
etc, can easily be implemented at the postfix level. (If a site has big 
problems with spam attacks, it is desirable to stop them as early as 
possible, since running lots of python or perl code on huge amounts of 
spam can bring a server to its knees.)  There is already support in the 
gui to manage parameters which might be read from the database by 
postfix or a another plugin.

A basic install can be done by invoking the installation script on a 
clean install of CentOS in about 3 minutes.  I support about 60 mail  
users running it in a VMware virtual machine.

Nataraj


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[JohnS]

On Wed, 2010-05-26 at 15:07 -0500, Les Mikesell wrote:
> On 5/26/2010 2:37 PM, JohnS wrote:
> >
> >>> And, in fact, that is exactly what happened.  The default= line was set
> >>> to 1, so it booted the old kernel instead of the new one.  Other than
> >>> that, it seems to be fine.  I wonder what causes that?  I've never
> >>> noticed that behavior in my other systems.  (But maybe I should go check
> >>> now...)
> >>
> >> I have *no* idea. I've even seen it pointing to 2, or 4. Anyone here have
> >> any idea why it wouldn't *always* change the default to 0?
> >>
> >> mark
> > 
> > Where did you get the kernel from?  There is a reason why I ask this
> > because all installed kernels I have installed that were built by CentOS
> > do the right thing.  As in update the boot sequence for you.
> >
> > The exception is The Upstream Real Time Kernel does not do this and is
> > docoed.
> >
> > Now the PAE Kernel I can not speak for because I do not use it.  I only
> > utilize the pae form for 32 bit under the RT Kernel which pae is built
> > into for 32bits.
> 
> I think this fails where you initially install a non-PAE kernel and 
> later add RAM and change to the PAE version.
---
How on Gods Green Earth is a STICK OF RAM going to change the damn BOOT
Order?
PFt my RAID 1ed Memory Just changed my boot order of my grid rack.  Let
me fix it back in the bios.
 
John

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[Les Mikesell]

On 5/26/2010 3:17 PM, JohnS wrote:
>
> And, in fact, that is exactly what happened.  The default= line was set
> to 1, so it booted the old kernel instead of the new one.  Other than
> that, it seems to be fine.  I wonder what causes that?  I've never
> noticed that behavior in my other systems.  (But maybe I should go check
> now...)

 I have *no* idea. I've even seen it pointing to 2, or 4. Anyone here have
 any idea why it wouldn't *always* change the default to 0?

  mark
>>> 
>>> Where did you get the kernel from?  There is a reason why I ask this
>>> because all installed kernels I have installed that were built by CentOS
>>> do the right thing.  As in update the boot sequence for you.
>>>
>>> The exception is The Upstream Real Time Kernel does not do this and is
>>> docoed.
>>>
>>> Now the PAE Kernel I can not speak for because I do not use it.  I only
>>> utilize the pae form for 32 bit under the RT Kernel which pae is built
>>> into for 32bits.
>>
>> I think this fails where you initially install a non-PAE kernel and
>> later add RAM and change to the PAE version.
> ---
> How on Gods Green Earth is a STICK OF RAM going to change the damn BOOT
> Order?
> PFt my RAID 1ed Memory Just changed my boot order of my grid rack.  Let
> me fix it back in the bios.

It's not the stick of RAM - it's the fact the the grub conf editing is 
set up to match your initial kernel type and isn't triggered by the 
install of the PAE kernel or it's subsequent updates.  Look in 
/etc/sysconfig/kernel.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[JohnS]

On Wed, 2010-05-26 at 15:29 -0500, Les Mikesell wrote:

> 
> It's not the stick of RAM - it's the fact the the grub conf editing is 
> set up to match your initial kernel type and isn't triggered by the 
> install of the PAE kernel or it's subsequent updates.  Look in 
> /etc/sysconfig/kernel.
---

Exceuse the spamming of the list please.  Just a point to point out.
POC Proven.

Maybe add kernel-pae for default.  Not to hard to do.  Installing one
then the other should have no effect in updateing or going back to
'kernel' should have no problem and just update. Mine updated from RT
back to Mainline but to go back to defacto RT  I will have to edit it.
Make any sense?

For others that are saying it want update the boot config then you may
have something wrong somewhere because it should plain out update it.

Repo Mirrored Local 

yum list kernel   ### CentOS Kernel ONLY REPO. I have several repos.
CentOS is the defacto repo here.

Loaded plugins: downloadonly, fastestmirror, kmod, versionlock
Loading mirror speeds from cached hostfile
Reading version lock configuration
Installed Packages
kernel.i686
2.6.18-164.9.1.el5
installed
kernel.i686
2.6.18-164.10.1.el5
installed
kernel.i686
2.6.18-164.11.1.el5
installed
Available Packages
kernel.i686
2.6.18-194.3.1.el5
updates  

## BEFORE ##

[r...@ ~]# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this
file
# NOTICE:  You have a /boot partition.  This means that
#  all kernel and initrd paths are relative to /boot/, eg.
#  root (hd0,0)
#  kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#  initrd /initrd-version.img
#boot=/dev/hda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title JE2 Enterprise Linux (realtime) (2.6.24.7-149.el5)
root (hd0,0)
kernel /vmlinuz-2.6.24.7-149.el5 ro
root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.24.7-149.el5.img
title JE2 Enterprise Linux (2.6.24.7-149.el5trace)
root (hd0,0)
kernel /vmlinuz-2.6.24.7-149.el5trace ro
root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.24.7-149.el5trace.img
title JE2 Enterprise Linux (2.6.24.7-149.el5vanilla)
root (hd0,0)
kernel /vmlinuz-2.6.24.7-149.el5vanilla ro
root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.24.7-149.el5vanilla.img
title JE2 Enterprise Linux (2.6.24.7-146.JonE2trace)
root (hd0,0)
kernel /vmlinuz-2.6.24.7-146.JonE2trace ro
root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.24.7-146.JonE2trace.img
title JE2 Enterprise Linux (realtime) (2.6.24.7-146.JonE2)
root (hd0,0)
kernel /vmlinuz-2.6.24.7-146.JonE2 ro
root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.24.7-146.JonE2.img
title CentOS (2.6.18-164.11.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.11.1.el5 ro
root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-164.11.1.el5.img
title CentOS (2.6.18-164.10.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.10.1.el5 ro
root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-164.10.1.el5.img
title CentOS (2.6.18-164.9.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.9.1.el5 ro
root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-164.9.1.el5.img


Install:

[r...@ethies ~]# yum update kernel
Loaded plugins: downloadonly, fastestmirror, kmod, versionlock
Loading mirror speeds from cached hostfile
Reading version lock configuration
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package kernel.i686 0:2.6.18-194.3.1.el5 set to be installed
--> Finished Dependency Resolution
Excluding to be erased: kernel-2.6.18-164.9.1.el5.i686
--> Running transaction check
---> Package kernel.i686 0:2.6.18-164.9.1.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

=
 Package   Arch
VersionRepository
Size
=
Installing:
 kerneli686
2.6.18-194.3.1.el5 updates
17 M
Removing:
 kerneli686
2.6.18-164.9.1.el5 installed
41 M

Transaction Summary
=
Install   1 Package(s)
Upgrade   0 Package(s)
Remove1 Package(s)
Reinstall 0 Package(s)
Downgrad

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Gordon Messmer]

On 05/25/2010 10:44 PM, Les Mikesell wrote:
>
> That still doesn't explain why there is a difference in smbd's context when 
> its
> parent is an explicitly started shell vs. the implict one that starts when the
> script file is executed.

SELinux domain transitions are handled by the kernel.  If you call 
exec() with a path which has a domain transition specified, the kernel 
will transition to the specified domain as part of the exec() call.

What that means here is that /etc/init.d/smbd has a domain transition 
specified.  If you were to call exec() with that path (as your shell 
will when you enter that path alone and hit Enter), the kernel receives 
your exec() request, examines the path given, determines that a 
transition is defined, and transitions to the new domain as it creates 
the new process.

Now, if you call exec() with /bin/sh as the path and /etc/init.d/smbd as 
an arg (as your shell will when you enter "/bin/sh /etc/init.d/smbd" and 
hit Enter), the kernel will check for a domain transition on /bin/sh and 
load that program.  The kernel has no knowledge that sh will load 
instructions from /etc/init.d/smbd and execute them any more than it 
would if you were to run "/bin/sh < /etc/init.d/smbd" in a shell.  It 
can't determine that it should transition to the domain on that file, so 
the process inherits whatever domain called "/bin/sh" (probably the 
unconfined domain).

> Isn't the context associated with the program itself,
> not its parent?

The context is inherited from the process which calls exec() if there is 
no transition defined.  If there is a transition, it is associated with 
the path.

> Is this documented anywhere?

Yes, this is the documented behavior of domain transitions.

>
>> That is to say that SELinux does not "want" to block smbd from running.
>>SELinux is intended to describe the access that system daemons like
>> smbd should have in greater detail than mere filesystem access, and to
>> confine smbd to that behavior.  Whatever you did caused smbd to start up
>> in some other context (but not unconfined), and was thus confining smbd
>> to the behavior that was appropriate for some other process.  It should
>> be obvious why that would cause problems.
>
>From what he has posted so far the "whatever he did" was starting smbd 
> directly
> from a root command line or running the init script with 'sh' or 'bash'.

I meant whatever he did to create /etc/init.d/smbd with an SELinux label 
other than the one that rpm originally placed on it.  He wasn't specific 
about how or where the file was created.  It had a label on it which 
caused a transition to an SELinux domain other than unconfined or the 
one normally used by smbd.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Gordon Messmer]

On 05/26/2010 07:54 AM, Brunner, Brian T. wrote:
>>
>> you can't make a useful argument out of ignorance.
>
> You are being religious, and wrong. See below.

You also can't make a useful argument out of name-calling.

People frequently use the label "religious" derisively when someone 
advocates a viewpoint without cause or evidence to support it.  Craig 
did nothing of the sort.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from USB flash drive

[Benjamin Franz]

On 05/26/2010 11:57 AM, m.r...@5-cent.us wrote:
> Bowie wrote:
>
>> m.r...@5-cent.us wrote:
>>  
>>> Bowie wrote:
>> And, in fact, that is exactly what happened.  The default= line was set
>> to 1, so it booted the old kernel instead of the new one.  Other than
>> that, it seems to be fine.  I wonder what causes that?  I've never
>> noticed that behavior in my other systems.  (But maybe I should go check
>> now...)
>>  
> I have *no* idea. I've even seen it pointing to 2, or 4. Anyone here have
> any idea why it wouldn't *always* change the default to 0?
>
>

Look at /etc/sysconfig/kernel - it specifies the default kernel type.

-- 
Benjamin Franz
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Les Mikesell]

On 5/26/2010 5:16 PM, Gordon Messmer wrote:
>
>> Isn't the context associated with the program itself,
>> not its parent?
>
> The context is inherited from the process which calls exec() if there is
> no transition defined.  If there is a transition, it is associated with
> the path.
>
>> Is this documented anywhere?
>
> Yes, this is the documented behavior of domain transitions.

I meant, is it documented that the domain transitions are specified on 
the init scripts only, not the actual programs they start?  Or is that a 
quirk of this particular case?   It's not unusual at all for an 
administrator to run the init scripts directly, perhaps with 'sh -x' to 
see the values that are expanded in the commands.  I doubt if many 
people that trust SElinux would realize that would leave them unprotected.

>>
>>> That is to say that SELinux does not "want" to block smbd from running.
>>> SELinux is intended to describe the access that system daemons like
>>> smbd should have in greater detail than mere filesystem access, and to
>>> confine smbd to that behavior.  Whatever you did caused smbd to start up
>>> in some other context (but not unconfined), and was thus confining smbd
>>> to the behavior that was appropriate for some other process.  It should
>>> be obvious why that would cause problems.
>>
>>  From what he has posted so far the "whatever he did" was starting smbd 
>> directly
>> from a root command line or running the init script with 'sh' or 'bash'.
>
> I meant whatever he did to create /etc/init.d/smbd with an SELinux label
> other than the one that rpm originally placed on it.  He wasn't specific
> about how or where the file was created.  It had a label on it which
> caused a transition to an SELinux domain other than unconfined or the
> one normally used by smbd.

My impression was that the usual invocation of /etc/init.d/smbd (via 
"service" or directly without 'sh ...' _did_ give the expected context 
and his problems were from files smbd subsequently could not access, 
whereas running smbd directly or using 'sh ' on the script made it work 
anyway.

-- 
   Les Mikesell
lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Logrotation with retention period

[James Corteciano]

Hi All,

How can it be done it logrotate configuration that I wanted to have the logs
in six (6) month retention period? I have the following logs and directories
of mysql.

[hostname]# ls /var/log/mysql/
2010.05.01/general.log
2010.05.01/error.log
2010.05.02/general.log
2010.05.02/error.log
2010.05.03/general.log
2010.05.03/error.log

Is it possible that the output after doing logrotate could be like the below
sample. All compressed logs will be keep until 6 months only. I know there
is man page / docs in internet but I can't get the exact configuration to
use.

[hostname]# ls /var/log/mysql/
2010.05.01.gz
2010.05.02.gz
2010.05.03.gz
2010.05.27/general.log
2010.05.27/report.log

Thank you.

Regards,
James
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Gordon Messmer]

On 05/26/2010 08:44 AM, Benjamin Franz wrote:
>
> I can make a useful argument from experience. Over the last few years,
> as Redhat has progressively deployed SELinux, I have had *several*
> incidents (the most recent only a few weeks ago) where updates to
> SELinux broke existing, stable, systems. Each time sucking up hours of
> my time to diagnose and fix. And (as in this incident) there are not
> always useful error messages to track it with.

Except that in this incident, there WERE useful error messages.  The OP 
simply didn't know that he needed to look in /var/log/audit/audit.log.

> The *theoretical* system security improvement of SELinux is trumped by
> the *practical* observation that I have had existing systems broken by
> SELinux multiple times on the mere handful of systems I have run it on
> in enforcing mode,  but have yet to see a single one of several dozen
> (all internet exposed) up-to-date *non*-SELinux systems hacked.

You are comparing two unlike things.  You can't very well judge the 
benefits of SELinux based on a system which hasn't needed its protection.

> It is a 'safety' feature that is in practice more dangerous to system
> stability than what it is trying to fix.

I advise administrators to test all updates on non-production systems. 
SELinux updates are no exception.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] [URGENT] Assistance Requested in Looking for Dr Francis T. Seow, Harvard Law School Research Fellow

[Mr. Teo En Ming (Zhang Enming)]

Hi,

First, I would like to apologize for the out-of-topic post. I will keep 
this as short as I possibly could.

Does anybody know Dr. Francis T. Seow, the former Solicitor-General from 
the Republic of Singapore? I want to contact him but can't seem to find 
his email address or telephone number on the internet. Could you help me?

Do you also know how I can contact all the justices of the Judicial 
Committee of the UK Privy Council and all the Lords of the UK House of 
Lords? According to the UK Parliament website, it says that many Peers 
do not have public email addresses.

I would like to apologize again for using this platform to get my 
message across as my email accounts may have been compromised.

Thank you very much.

Yours sincerely,

Mr. Teo En Ming
Hanyu Pinyin Name: Zhang Enming
Facebook: Teo En Ming (Zhang Enming)
Photo (1): http://img26.imageshack.us/img26/7534/enmingteodscf2511.jpg
Photo (2): http://i.imgur.com/CLifZ.jpg
Mobile Phone (Starhub Pre-paid): +65-8369-2618
Singapore Citizen

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos