Re: [CentOS] Provide access to /home folder
From: Gopu Krishnan > When I set the setfacl, wordpress sites are giving 500 internal server > error. > I am planning to set a user 'developer' with the home directory as > '/home' > Inside the /home directory, each site is having its own ownership. For > example, /home/site1 should have ownership user1:user1 and /home/site2 > should have user2:user2 and so on. If I create a user 'developer' with > home > directory as /home, would he be able to access and modify the site files > inside /home/site1 and /home/site2 which is having different ownership. Its > not practical to add the user 'developer' to all the groups user1,user2 > etc. Any thoughts on this ? If you do not care too much about security, you could try to SGID the users' directories... Eg. http://www.library.yale.edu/wsg/docs/permissions/sgid.htm JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 105, Issue 4
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CESA-2013:1505 Important CentOS 5 java-1.6.0-openjdk Update
(Johnny Hughes)
2. CEBA-2013:1504 CentOS 6 lvm2 Update (Johnny Hughes)
3. CEBA-2013:1502 CentOS 6 e2fsprogs Update (Johnny Hughes)
4. CESA-2013:1505 Important CentOS 6 java-1.6.0-openjdk Update
(Johnny Hughes)
--
Message: 1
Date: Tue, 5 Nov 2013 20:45:16 +
From: Johnny Hughes
Subject: [CentOS-announce] CESA-2013:1505 Important CentOS 5
java-1.6.0-openjdk Update
To: centos-annou...@centos.org
Message-ID: <20131105204516.ga27...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2013:1505 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-1505.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
dd169ca8d385654007cae4e860cdd298cfc315db65f727aa6c1380d2bca1b123
java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm
a4b71822114fd37c6c6daa6d12d3eea9e9b7f1dd24fbe550897de59783d8320e
java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm
25629c0881b4abf619e8f36f4c4f445d15a7710ee38c27d24aa2dc8c3fd9e616
java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm
7efd5cffb1c1168654066aff95b2710dd2451970a1e7354e30be1b909c63c5e6
java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm
71c6a01a454b9352d68709e9f9031f9eef145420fd60051a66f6b7281cace20d
java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm
x86_64:
39edace146e4b2bbbacfe5e148f443b7d8511bd8842871433225aa0d49da06d9
java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm
63941c45f78969dbea729453bab8ad9adbf2c1349ae4fd98097b29ac4ab69ad0
java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm
cb205722eb289ddd233ec60bf693f0a6c32286cfbba68ebc3fea1d54bc362c5b
java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm
44067d0bca757f767d3c48382f93590a314533afa69b90f66cf4b64ecd421578
java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm
56a1fc2fcc56e461be17a201e7c288d25f5672909ef3c47e195feb8634981c1a
java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm
Source:
86b2a469dbe6da765da0444cf1b21f4048bf6543fd92813cf6ce8c34f545e3c6
java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Tue, 5 Nov 2013 21:40:57 +
From: Johnny Hughes
Subject: [CentOS-announce] CEBA-2013:1504 CentOS 6 lvm2 Update
To: centos-annou...@centos.org
Message-ID: <20131105214057.ga37...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2013:1504
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1504.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
afb10969863e5be9dc2e12d3d572b3e30e8db05d2fe2cce77b21378309497033
cmirror-2.02.98-9.el6_4.3.i686.rpm
f3fcebc12a257b9d62ec8f0dd1d7f312e82166a714c60433488f64dc6ec34c12
device-mapper-1.02.77-9.el6_4.3.i686.rpm
9333086c9884b188f8f7500691a92f8d4403c6c61e81997c4789d988aa643ac2
device-mapper-devel-1.02.77-9.el6_4.3.i686.rpm
0cb5c88b3293cf7ebd3734c8840c84ee0f5af46ef7bda1a27ffe9e26943a7964
device-mapper-event-1.02.77-9.el6_4.3.i686.rpm
05a20b870da7917f87dc96c2e78581f6172cf21b07ab8c0a8a93c580a5b1e2c9
device-mapper-event-devel-1.02.77-9.el6_4.3.i686.rpm
66b622c8613c894029bfbd91dfdcb9c6c4b73cd9ac34c51080c0236c748a3c83
device-mapper-event-libs-1.02.77-9.el6_4.3.i686.rpm
e7d9e006dec02f85c6e96a43243e5faa576dfd1681ab3a85773e5fa9969c35df
device-mapper-libs-1.02.77-9.el6_4.3.i686.rpm
d4892fb65734d69db76cbdc068f020cd7d57a7a6c6ecd830ad6ac459dfafff56
lvm2-2.02.98-9.el6_4.3.i686.rpm
797cd30c09e767f1d0ee6cdb619614e69b256e297cdf55462f44dedb73c5ae03
lvm2-cluster-2.02.98-9.el6_4.3.i686.rpm
ca4ba74f3845022f12860ed5eba23d0323cd0b8407a969fa3ea857ff4cd418a1
lvm2-devel-2.02.98-9.el6_4.3.i686.rpm
9bacf9832b22c36c34c4b92ed3c4d49f7d3b2766914ac0ac9b12d4bb7515425c
lvm2-libs-2.02.98-9.el6_4.3.i686.rpm
x86_64:
d4e1f0a6e46ac7e86f6624f15ad4271ce51be7eb40d35fc36592525e246cdaf6
cmirror-2.02.98-9.el6_4.3.x86_64.rpm
657a64406e6d2726e24c9c097720945a02934d190739402f941d6d825d7b8f4d
device-mapper-1.02.77-9.el6_4.3.x86_64.rpm
9333086c9884b188f8f7500691a92f8d4403c6c61e81997
[CentOS] syslog-ng or rsyslog?
Hi All. I've used syslog-ng for some time. I like it. I have a project in which I need to choose a central logging solution. What are your experiences with rsyslog? Is it more complex to setup than syslog-ng? Or maybe does it have some additional features? I am also thinking about using some gui tools for log parsing and graphing. May be proprietary/paid. Any suggestions? Best regards, Rafal. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Building a new backup server
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of Les Mikesell > Sent: den 5 november 2013 16:47 > To: CentOS mailing list > Subject: Re: [CentOS] [OT] Building a new backup server > > If you have some time to experiment, look on the backuppc development > list for the new alpha version. It is very different and does not > need the hardlinks for pooling. I haven't tried it myself yet, but > would (cautiously...) if I needed to set up a new system. It may > eliminate the single-filesystem requirement and will definitely make > it more feasible to rsync the whole archive to maintain an offsite > copy. I think it may also chunk up large files so unchanged blocks > can be pooled even where the file has some changes. While the server isn't in production yet, I've nothing but. I'll do that, thanks for the heads-up! -- //Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Building a new backup server
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of John R Pierce > Sent: den 5 november 2013 19:08 > To: centos@centos.org > Subject: Re: [CentOS] [OT] Building a new backup server > > other open source backup systems include things like Amanda, Bacula, > which are more tape oriented, although they can be used with disk > archives. Amanda uses tar for the actual backups, and manages/tracks > an archive of tar files.These use agents tha thave to be installed > on the client systems, while backuppc usually uses ssh+rsync so you just > need to do a ssh key exchange with the target (but on a per target basis > it can be configured to use various other methods) Thanks for the advice. Bacula: "Multi-volume saves. When a Volume is full, Bacula automatically requests the next Volume and continues the backup." This means I could create several eg 10 TB-volumes, skip the 16 TB-limitation and still get to use the whole 40 TB-diskspace available, right? Or is the referred "volumes" different tapes? -- //Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Building a new backup server
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of Les Mikesell > Sent: den 5 november 2013 22:10 > To: CentOS mailing list > Subject: Re: [CentOS] [OT] Building a new backup server > > >Thanks for changing the subject to OT. > > Errr... I just replied in gmail - I think it has been there all along. I did it from the beginning, wasn't sure if this topic was strictly CentOS. -- //Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] syslog-ng or rsyslog?
On 2013.11.06 14:22, Rafał Radecki wrote: > Hi All. > > I've used syslog-ng for some time. I like it. I have a project in which I > need to choose a central logging solution. What are your experiences with > rsyslog? Is it more complex to setup than syslog-ng? Or maybe does it have > some additional features? > > I am also thinking about using some gui tools for log parsing and graphing. > May be proprietary/paid. Any suggestions? > > Best regards, > Rafal. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Hello, as for GUI tools. Paid: Splunk. Unpaid: logstash/elasticsearch/kibana. There are also others. Ignas ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] syslog-ng or rsyslog?
On 11/06/2013 08:04 AM, ign...@vault13.lt wrote: > On 2013.11.06 14:22, Rafa? Radecki wrote: >> Hi All. >> >> I've used syslog-ng for some time. I like it. I have a project in which I >> need to choose a central logging solution. What are your experiences with >> rsyslog? Is it more complex to setup than syslog-ng? Or maybe does it have >> some additional features? >> >> I am also thinking about using some gui tools for log parsing and graphing. >> May be proprietary/paid. Any suggestions? >> >> Best regards, >> Rafal. >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > Hello, > as for GUI tools. > Paid: Splunk. > Unpaid: logstash/elasticsearch/kibana. > > There are also others. > > Ignas LogAnalyzer by the same people that do rsyslog -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Building a new backup server
On Tue, Nov 5, 2013 at 4:42 PM, wrote: > > Backuppc will match up identical content, no matter where it finds it. >> If it is a different copy or moved to a different location it does >> have to transfer it to the backuppc server, but then it will be >> discarded and replaced with a link to the existing pooled copy. > > Right. Moving things, though, for us is manual, esp. since it can > sometimes take days (like the 700+G I've been trying to copy from a 3TB > drive that was defective to another that seems ok...) But even little automated things like logfile rotation can add up when you catch it across a bunch of noisy hosts. You don't really need to store the whole contents of yesterday's messages.1 and today's messages.2 separately when they are the same thing, just renamed. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Building a new backup server
Les Mikesell wrote: > On Tue, Nov 5, 2013 at 4:42 PM, wrote: > >> > Backuppc will match up identical content, no matter where it finds it. >>> If it is a different copy or moved to a different location it does >>> have to transfer it to the backuppc server, but then it will be >>> discarded and replaced with a link to the existing pooled copy. >> >> Right. Moving things, though, for us is manual, esp. since it can >> sometimes take days (like the 700+G I've been trying to copy from a 3TB >> drive that was defective to another that seems ok...) > > But even little automated things like logfile rotation can add up when > you catch it across a bunch of noisy hosts. You don't really need to > store the whole contents of yesterday's messages.1 and today's > messages.2 separately when they are the same thing, just renamed. We don't back them up, except for /var/log on the central logging host. But to return to the first para, there's no identical identical content. There's similar content on development and prod servers for each team, but that's not identical, so it's really not an issue. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] echo 0> /selinux/enforce
On Tue, Nov 5, 2013 at 11:35 PM, Phil Gardner wrote: > > > On 11/05/2013 06:13 PM, Wes James wrote: > > On Tue, Nov 5, 2013 at 4:01 PM, Keith Keller < > > kkel...@wombat.san-francisco.ca.us> wrote: > > > >> On 2013-11-05, Wes James wrote: > >>> > >>> Why not use some other linux that doesn't use selinux then? > >> > >> If it were harder to disable (either temporarily or permanently) then I > >> could see someone making this case. But it's trivial to disable SELinux > >> in CentOS, so there's no real reason to use a different distro just > >> because it doesn't use SELinux. > >> > >> --keith > > > > > > Your right. I did a google search on "disable selinux" and got this on > the > > first hit: > > > > http://www.crypt.gen.nz/selinux/disable_selinux.html > > > > Seems pretty straight forward. > > > > Thanks, > > > > -wes > > http://stopdisablingselinux.com/ ;) > LOL :) Thanks, -wes ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Provide access to /home folder
On Tue, Nov 5, 2013 at 11:38 PM, Gopu Krishnan wrote: > When I set the setfacl, wordpress sites are giving 500 internal server > error. > I am planning to set a user 'developer' with the home directory as '/home' > Inside the /home directory, each site is having its own ownership. For > example, /home/site1 should have ownership user1:user1 and /home/site2 > should have user2:user2 and so on. If I create a user 'developer' with home > directory as /home, would he be able to access and modify the site files > inside /home/site1 and /home/site2 which is having different ownership. Its > not practical to add the user 'developer' to all the groups user1,user2 > etc. Any thoughts on this ? > > I'm no familiar with cpanel. Can you create a user for each web site? (but it seems like you are not doing/wanting that.) If so, you can use something like this for users to login without password: http://www.linuxproblem.org/art_9.html What is wrong with having a username for each site with separate password? -wes ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] echo 0> /selinux/enforce
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/05/2013 05:13 PM, Wes James wrote: First you should use setenforce 0/setenforce 1. Theoretically never. It should really be discouraged. It is like the Enterprise bringing it "Shields" down. SELinux in permissive mode will continue to do access checks but just logs them but does not block access. SELinux blocks "confined" processes, but usually does not block the administrator who is running as unconfined_t, and is allowed to do everything he could do if SELinux was disabled. Confined processes are targeted to system services. Stuff that is started at boot versus processes started by a logged in user. I blog on the topic alot at danwalsh.livejournal.com BTW, When do I need to setenforce 0? SELinux is a labeling system, if your labels get screwed up, you might need to setenforce 0 to get the system to run. Commands like restorecon/fixfiles can be used to restore the labels on your system to the default. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJ6XwwACgkQrlYvE4MpobMmMwCg5mhtu7o7m6gBvJBgyUkMwO8Y OpgAoOuUAvzGx6vG6bjs082iLtHbgY7L =O2TM -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] echo 0> /selinux/enforce
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/05/2013 05:13 PM, Wes James wrote: > When does echo 0 > /selinux/inforce need to be used? I.e., where is > selinux enforcing itself on the system to protect it? When I do yum > install of some package, it seems to work (not being blocked). When would > doing something not work because selinux is watching it (or whatever that > process is doing)? > > Thanks, > > -wes ___ CentOS mailing list > CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos > First you should use setenforce 0/setenforce 1. Theoretically never. It should really be discouraged. It is like the Enterprise bringing it "Shields" down. SELinux in permissive mode will continue to do access checks but just logs them but does not block access. SELinux blocks "confined" processes, but usually does not block the administrator who is running as unconfined_t, and is allowed to do everything he could do if SELinux was disabled. Confined processes are targeted to system services. Stuff that is started at boot versus processes started by a logged in user. I blog on the topic alot at danwalsh.livejournal.com BTW, When do I need to setenforce 0? SELinux is a labeling system, if your labels get screwed up, you might need to setenforce 0 to get the system to run. Commands like restorecon/fixfiles can be used to restore the labels on your system to the default. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJ6XwwACgkQrlYvE4MpobOeiwCfeBWEzs+qJwsRds7TswCfJP92 H74AnjEuUoHXYDt3O5aujDE9bUGZGMCA =mcYt -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Building a new backup server
On Wed, Nov 6, 2013 at 8:34 AM, wrote: > >> >> But even little automated things like logfile rotation can add up when >> you catch it across a bunch of noisy hosts. You don't really need to >> store the whole contents of yesterday's messages.1 and today's >> messages.2 separately when they are the same thing, just renamed. > > We don't back them up, except for /var/log on the central logging host. Are they rotated by renaming there? > But to return to the first para, there's no identical identical content. > There's similar content on development and prod servers for each team, but > that's not identical, so it's really not an issue. If the data is compressible, you'd still likely get 2x+ space saving from compression on the backup server side. If the data sets are something like time series data that just change as additional samples are added it might be worth working out a scheme to chunk it up so only the 'current' time range changes and all of the historic instances would stay identical. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] echo 0> /selinux/enforce
On Wed, Nov 6, 2013 at 9:23 AM, Daniel J Walsh wrote: > > SELinux blocks "confined" processes, but usually does not block the > administrator who is running as unconfined_t, and is allowed to do everything > he could do if SELinux was disabled. > > Confined processes are targeted to system services. Stuff that is started at > boot versus processes started by a logged in user. Is there a way to configure things so tomcat or other java web containers can unpack the war files used for code deployment and compile/cache jsp code on the fly but not be able to write anything else (like from the several instances of struts vulnerabilities)? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] echo 0> /selinux/enforce
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/06/2013 11:55 AM, Les Mikesell wrote: > On Wed, Nov 6, 2013 at 9:23 AM, Daniel J Walsh wrote: >> >> SELinux blocks "confined" processes, but usually does not block the >> administrator who is running as unconfined_t, and is allowed to do >> everything he could do if SELinux was disabled. >> >> Confined processes are targeted to system services. Stuff that is started >> at boot versus processes started by a logged in user. > > Is there a way to configure things so tomcat or other java web containers > can unpack the war files used for code deployment and compile/cache jsp > code on the fly but not be able to write anything else (like from the > several instances of struts vulnerabilities)? > We can control the directory that an application can write to and directories that they can execute. We can do this at the process level. Not sure if we can do what you describe. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJ6dgEACgkQrlYvE4MpobO/PgCfTiqY3nZQRMDJu5EFBV+R/hIm SREAoID7lpD1bx5zcoe7IMMnJ1nNeLMU =1Pck -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] echo 0> /selinux/enforce
On Wed, Nov 6, 2013 at 11:01 AM, Daniel J Walsh wrote: >>> SELinux blocks "confined" processes, but usually does not block the >>> administrator who is running as unconfined_t, and is allowed to do >>> everything he could do if SELinux was disabled. >>> >>> Confined processes are targeted to system services. Stuff that is started >>> at boot versus processes started by a logged in user. >> >> Is there a way to configure things so tomcat or other java web containers >> can unpack the war files used for code deployment and compile/cache jsp >> code on the fly but not be able to write anything else (like from the >> several instances of struts vulnerabilities)? >> > We can control the directory that an application can write to and directories > that they can execute. We can do this at the process level. > > Not sure if we can do what you describe. The problem is that web developers normally package sites as war files to deploy/update (basically a zip of the configs/jars/jsps, etc.) and the servers unpack them directly into the working locations, then execute them. Also as jsp pages are hit the first time, they are compiled into java byte code and cached for repeated executions. So unless you do some extra work like pre-building things on a host that isn't on line and rsyncing the results over to the live servers, the running process needs to be able to write in the same location where it will execute code. So, things like the vulnerabilities in the struts framework that let you execute more or less arbitrary code would let you add new sites or pages to a server that remain even after a restart. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] syslog-ng or rsyslog?
"Rafał Radecki" a écrit : >Hi All. > >I've used syslog-ng for some time. I like it. I have a project in which >I >need to choose a central logging solution. What are your experiences >with >rsyslog? Is it more complex to setup than syslog-ng? Or maybe does it >have >some additional features? > AFAIK, CentOS includes an old release of rsyslog. You may have a look to rsyslog recent release/features/changelog. I do prefer rsyslog for a main reason: all features in a single edition. You pay for support, if you need one. -- Laurent CREPET ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Running MacOSX as VM under CentOS 5.10?
Is it even remotely possible to run MacOSX (or Darwin) as VM under CentOS 5.10 / xen? Or am I better off not even trying and just getting a MacMini or MacBook to just jack into my LAN? I just need a 'build box' and possibly something to do light testing (eg does the program run? Does the GUI come up?). I don't really have the *physical* room for an iMac, unless the screen is tiny. I can cross-build for MS-Windows using mgwin32 and I have VMs for CentOS 6, Fedora, Ubuntu, Debian, etc. Only MacOSX is missing from the 'mix'. -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running MacOSX as VM under CentOS 5.10?
It is more likely to work on a later Kernel and then and more likely with KVM. KVM shipped with 5.x and 6.x Enterprise linux is now old and fusty. A bit like your Unix beard :) I had all kinds of horrible problems running FreeBSD on these hypervisors. Try Fedora 19. This is sparkly and fresh. Ta, Andrew On 6 November 2013 19:21, Robert Heller wrote: > Is it even remotely possible to run MacOSX (or Darwin) as VM under CentOS 5.10 > / xen? Or am I better off not even trying and just getting a MacMini or > MacBook to just jack into my LAN? I just need a 'build box' and possibly > something to do light testing (eg does the program run? Does the GUI come > up?). I don't really have the *physical* room for an iMac, unless the screen > is tiny. > > I can cross-build for MS-Windows using mgwin32 and I have VMs for CentOS 6, > Fedora, Ubuntu, Debian, etc. Only MacOSX is missing from the 'mix'. > > > -- > Robert Heller -- 978-544-6933 / hel...@deepsoft.com > Deepwoods Software-- http://www.deepsoft.com/ > () ascii ribbon campaign -- against html e-mail > /\ www.asciiribbon.org -- against proprietary attachments > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running MacOSX as VM under CentOS 5.10?
On Wed, Nov 6, 2013 at 1:21 PM, Robert Heller wrote: > Is it even remotely possible to run MacOSX (or Darwin) as VM under CentOS 5.10 > / xen? Or am I better off not even trying and just getting a MacMini or > MacBook to just jack into my LAN? I just need a 'build box' and possibly > something to do light testing (eg does the program run? Does the GUI come > up?). I don't really have the *physical* room for an iMac, unless the screen > is tiny. > > I can cross-build for MS-Windows using mgwin32 and I have VMs for CentOS 6, > Fedora, Ubuntu, Debian, etc. Only MacOSX is missing from the 'mix'. If someone else is paying, get an imac for your own desktop and run anything else you need under virtualbox or hook to your work Centos via NX or X2go. Or use a mac mini. OSX likes to do hardware checks to make sure it is on Apple hardware. I think virtualbox has some hooks to make a virtual OSX run under real OSX by passing the hardware check through to the hardware, but otherwise you will need some kind of hack to bypass the check that is likely to break with updates. I think those hacks exist but I've never been patient enough to get anything to work. And if you aren't using it already, you probably want Jenkins to run all these builds for you. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running MacOSX as VM under CentOS 5.10?
Gah! Top posting... On Wed, Nov 6, 2013 at 2:26 PM, Andrew Holway wrote: On 6 November 2013 19:21, Robert Heller wrote: > Is it even remotely possible to run MacOSX (or Darwin) as VM under CentOS 5.10 > / xen? Or am I better off not even trying and just getting a MacMini or It might actually be possible to run OSX as a Xen VM (DomU). [2] [3] But I'd suspect it requires hardware virt support (not paravirt). > MacBook to just jack into my LAN? I just need a 'build box' and possibly > something to do light testing (eg does the program run? Does the GUI come > up?). I don't really have the *physical* room for an iMac, unless the screen > is tiny. It is more likely to work on a later Kernel and then and more likely > with KVM. KVM shipped with 5.x and 6.x Enterprise linux is now old and > fusty. A bit like your Unix beard :) > > I had all kinds of horrible problems running FreeBSD on these > hypervisors. Try Fedora 19. This is sparkly and fresh. > I considered attempting an OSX install for testing a while back, but ended up moving on to other projects. I recall that KVM had to emulate certain hardware -- requiring a patched version of the KVM hypervisor. I can't speak for the accuracy or completeness of the following information, but here it is. [0] [1] [0] http://www.contrib.andrew.cmu.edu/~somlo/OSXKVM/ [1] http://d4wiki.goddamm.it/index.php?title=Howto:_Mac_OSX_on_KVM [2] http://www.bisente.com/blog/2011/03/15/macos-xen-snow-leopard-as-guest-on-a-xen-domu/ [3] http://www.gossamer-threads.com/lists/xen/users/295693 -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running MacOSX as VM under CentOS 5.10?
On 11/6/2013 12:21, Robert Heller wrote: > Is it even remotely possible to run MacOSX (or Darwin) as VM under CentOS 5.10 > / xen? Darwin isn't going to do you any good, since you need to test GUIs. Darwin is OS X minus everything Apple proprietary, including Cocoa, Finder, Dock... > Or am I better off not even trying and just getting a MacMini or > MacBook to just jack into my LAN? Yes. :) The OS X license doesn't allow installing it on non-Apple hardware, even inside a VM. This means that you *can* install OS X in a VM on a Mac, so if you need several Mac instances, you don't necessarily need several physical Macs. > I don't really have the *physical* room for an iMac, unless the screen > is tiny. OS X comes with VNC, configured and ready to go. You just have to check one box, in the Sharing settings pane, I believe. With a Mac Mini on WiFi, you can put it anywhere in WiFi range with a power plug. There are mounting brackets available for them, too. So, you could screw it to the wall of a utility closet, if you wanted. Being a real Unix[*] it also has ssh, and everything else you'd want for remote administration. SSH access is also off by default, but like VNC, just a checkbox away from being enabled. I believe they call it Remote Access or some such, also in the Sharing pane. > I can cross-build for MS-Windows using mgwin32 OS X makes a fine VM host, by the way. There are three major VM systems for it, VMware Fusion, Parallels Desktop, and VirtualBox. All three run Windows nicely. By the way, it's MinGW, not mgwin. Minimal GNU for Windows. "Minimal" here refers to the fact that it was created as an alternative to Cygwin, which is much more heavyweight, but also a lot more capable. There is a complete Cygwin cross-compilation toolchain for Fedora: https://sourceforge.net/projects/fedora-cygwin/ It may be possible to port it to CentOS. Since there are MinGW cross-compilers in Cygwin, you could probably build for Windows through that. It's a lot less up front work to build on Windows, though. [*] http://unix.stackexchange.com/questions/1489/is-mac-os-x-unix ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running MacOSX as VM under CentOS 5.10?
On 11/6/2013 17:29, Warren Young wrote: >> I don't really have the *physical* room for an iMac, unless the screen >> is tiny. > > OS X comes with VNC, configured and ready to go. Although OS X does make a reasonable server, it's even better as a client OS. Have you considered flipping this problem around, replacing your current desktop machine and using it to access everything *else* remotely? I wrote an article outlining the gotchas: http://unix.stackexchange.com/questions/723/726#726 If your CentOS boxes need the full power of dedicated hardware, OS X makes a fine remote terminal for them. In the previous message, I mentioned that OS X has built-in SSH and VNC servers, but it also has built-in clients. The built-in SSH client is OpenSSH from the Terminal. I find OS X's Terminal much more functional and usable than Gnome Terminal on CentOS. For an even better user experience, I recommend SecureCRT, a commercial GUI SSH client for Windows, OS X, and Linux. I *live* in SecureCRT 5 days a week. It is rock solid, and much more capable than Terminal + OpenSSH. OS X's includes an VNC client. You can run it directly, but it's quicker to just say Cmd-G from Finder, then enter vnc://my.box.address in the box that pops up. You can save these URLs for later use, so you don't have to keep retying them. There are several more capable VNC clients, including Apple's own ARD: https://www.apple.com/remotedesktop/ If you can put your CentOS boxes in VMs, OS X is probably the least troublesome VM host I've ever used. OS X is great GUI platform with strong usability norms, but is also a real Unix underneath so VM systems can do everything they need in order to be transparent hosts. Linux fails the first criterion, and Windows fails the second. A particularly nice feature of OS X is the full-screen app mode, which lets you put your VMs on dedicated virtual screens, kind of like virtual desktops feature of some X window managers, except that they are not hosting desktops, but instead app windows that take over the screen completely. Then you can Ctrl-Arrow around to switch OSes, with the keyboard and mouse moving between them seamlessly. I almost never physically touch a CentOS box, even though I use them pretty much every day. Between VNC and SSH, I don't need to. Also consider that a Macbook Pro is plenty powerful enough to run VMs at reasonable speed. In clamshell mode, an MBP is kind of like a mini: http://support.apple.com/kb/ht3131 A mini is far more compact, though, and cheaper. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running MacOSX as VM under CentOS 5.10?
On 2013-11-07, Warren Young wrote: > > The built-in SSH client is OpenSSH from the Terminal. I find OS X's > Terminal much more functional and usable than Gnome Terminal on CentOS. > For an even better user experience, I recommend SecureCRT, a > commercial GUI SSH client for Windows, OS X, and Linux. I *live* in > SecureCRT 5 days a week. It is rock solid, and much more capable than > Terminal + OpenSSH. If you hate Terminal, but are too cheap to spring for SecureCRT, you can try iTerm 2. It has support for profiles, and probably a bunch of other stuff Terminal doesn't that I can't think of at the moment. I've used OS X as a host for a CentOS VM, but it's usually for a fairly limited task (e.g., I need to access an Avocent KVM remotely, but perhaps all of my local servers are down, and these devices for some reason support linux but not OS X). I spend much more of my time accessing my CentOS machines over XQuartz or NX. --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
