[CentOS] Cluster gets stopped

[Jatin Davey]

Hi

I am using a two node cluster to achieve high availability.

I am basically testing a scenario where in if i shutdown my node 
(node-1) then the other node (node-2) should start functioning like 
node-1. Currently what i am observing is that the entire cluster gets 
into "Stopped" state.


Here is my cluster.conf file






















ipaddr="x.x.x.x" lanplus="on" login="admin" name="node-103" 
passwd="*" privlvl="ADMINISTRATOR"/>
ipaddr="x.x.x.x" lanplus="on" login="admin" name="node-105" 
passwd="**" privlvl="ADMINISTRATOR"/>





fstype="nfs" host="x.x.x.x" mountpoint="/test/test/test" name="test123"/>

[CentOS] Centos security update

[Venkateswara Rao Dokku]

Hi,

I was using CentOS 7 and when I ran some custom commercial security scan on
my machine, I found about 122 vulnerabilities.

Can you help me on how to get security upgrades on top of my existing
CentOS?

# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)

Thanks for the help.

-- 
Thanks & Regards,
Venkateswara Rao Dokku.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Real sh? Or other efficient shell for non-interactive scripts

[E.B.]

I'm sure most people here know about Dash in Debian. Have there
been discussions about providing a more efficient shell in Centos
for use with heavily invoked non-interactive scripts?  

With sh being a link to bash in Centos I don't know if it would
explode if the link was changed to something else, but at least
the scripts we made on our own that run certain services could
be changed and tested manually to another shell.

Are there other people who have experience in this and can
provide interesting guidance?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos security update

[Eero Volotinen]

2015-04-24 12:21 GMT+03:00 Venkateswara Rao Dokku :

> Hi,
>
> I was using CentOS 7 and when I ran some custom commercial security scan on
> my machine, I found about 122 vulnerabilities.
>
> Can you help me on how to get security upgrades on top of my existing
> CentOS?
>
> # cat /etc/redhat-release
> CentOS Linux release 7.1.1503 (Core)
>
> Thanks for the help.
>


... and most of them are misconfiguration(s) of your os and some possibly
false positives.

use yum to apply latest security patches and then fix misconfiguration of
os services and reboot machine & rescan


--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Pete Geenhuizen]

On 04/24/15 06:07, E.B. wrote:

I'm sure most people here know about Dash in Debian. Have there
been discussions about providing a more efficient shell in Centos
for use with heavily invoked non-interactive scripts?

With sh being a link to bash in Centos I don't know if it would
explode if the link was changed to something else, but at least
the scripts we made on our own that run certain services could
be changed and tested manually to another shell.

Are there other people who have experience in this and can
provide interesting guidance?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Why go to that extreme if you tell a script on line 1 which shell to run 
it will do so.

#!/bin/dash
or what ever shell you want it to run in.  I always do that to make sure 
that the script runs as expected, if you leave it out the script will 
run in whatever environment it currently is in.


Pete

--
If money can fix it, it's not a problem.
 -- Click and Clack the Tappet brothers

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[mark]

On 04/24/15 06:57, Pete Geenhuizen wrote:


On 04/24/15 06:07, E.B. wrote:

I'm sure most people here know about Dash in Debian. Have there
been discussions about providing a more efficient shell in Centos
for use with heavily invoked non-interactive scripts?

With sh being a link to bash in Centos I don't know if it would
explode if the link was changed to something else, but at least
the scripts we made on our own that run certain services could
be changed and tested manually to another shell.

Are there other people who have experience in this and can
provide interesting guidance?


Why go to that extreme if you tell a script on line 1 which shell to run it
will do so.
#!/bin/dash
or what ever shell you want it to run in.  I always do that to make sure that
the script runs as expected, if you leave it out the script will run in
whatever environment it currently is in.



I'm confused here, too, and this has been bugging me for some time: why sh, 
when almost 20 years ago, at places I've worked, production shell scripts went 
from sh to ksh. It was only after I got into the CentOS world in '09 that I 
saw all the sh scripts again.


mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos security update

[Jim Perrin]

On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
> Hi,
> 
> I was using CentOS 7 and when I ran some custom commercial security scan on
> my machine, I found about 122 vulnerabilities.
> 
> Can you help me on how to get security upgrades on top of my existing
> CentOS?

The short answer: 'yum update'

The long answer: nearly all commercial scanners test via version number,
not actual vulnerabilities. You can take the list of 'vulnerable'
packages and the related CVEs and 'rpm -q  --changelog | grep
-i cve' to see that it's been addressed.

Alternatively, upstream maintains a cve database at
https://access.redhat.com/security/cve/ where you can search the CVE and
match related (or newer) versions.

I have a very long profanity-laden rant about commercial scanning
software and practices that I'll spare folks from. TL;DR it's all
terrible, and the vendors have little to no incentive for fixing it.



Note: we (CentOS) do not validate CVE closure separately. We rebuild
source provided by RH, assuming that they have done the due diligence.



-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Scott Robbins]

On Fri, Apr 24, 2015 at 08:02:56AM -0400, mark wrote:
> On 04/24/15 06:57, Pete Geenhuizen wrote:
> >
> >On 04/24/15 06:07, E.B. wrote:
> >>I'm sure most people here know about Dash in Debian. Have there
> >>been discussions about providing a more efficient shell in Centos
> >>for use with heavily invoked non-interactive scripts?
> >>
> >>Are there other people who have experience in this and can
> >>provide interesting guidance?
> >>
> >Why go to that extreme if you tell a script on line 1 which shell to run it
> >will do so.
> >#!/bin/dash
> >or what ever shell you want it to run in.  I always do that to make sure that
> >the script runs as expected, if you leave it out the script will run in
> >whatever environment it currently is in.
> >
> 
> I'm confused here, too, and this has been bugging me for some time:
> why sh, when almost 20 years ago, at places I've worked, production
> shell scripts went from sh to ksh. It was only after I got into the
> CentOS world in '09 that I saw all the sh scripts again.

Wasn't Solaris, which for awhile at least, was probably the most popular
Unix, using ksh by default?


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Eckert, Doug]

It was the mid/late-90s, but I seem to recall Bourne being the default
shell, although sh/ksh/csh were all available with a typical install.

On Fri, Apr 24, 2015 at 8:32 AM, Scott Robbins  wrote:

> On Fri, Apr 24, 2015 at 08:02:56AM -0400, mark wrote:
> > On 04/24/15 06:57, Pete Geenhuizen wrote:
> > >
> > >On 04/24/15 06:07, E.B. wrote:
> > >>I'm sure most people here know about Dash in Debian. Have there
> > >>been discussions about providing a more efficient shell in Centos
> > >>for use with heavily invoked non-interactive scripts?
> > >>
> > >>Are there other people who have experience in this and can
> > >>provide interesting guidance?
> > >>
> > >Why go to that extreme if you tell a script on line 1 which shell to
> run it
> > >will do so.
> > >#!/bin/dash
> > >or what ever shell you want it to run in.  I always do that to make
> sure that
> > >the script runs as expected, if you leave it out the script will run in
> > >whatever environment it currently is in.
> > >
> >
> > I'm confused here, too, and this has been bugging me for some time:
> > why sh, when almost 20 years ago, at places I've worked, production
> > shell scripts went from sh to ksh. It was only after I got into the
> > CentOS world in '09 that I saw all the sh scripts again.
>
> Wasn't Solaris, which for awhile at least, was probably the most popular
> Unix, using ksh by default?
>
>
> --
> Scott Robbins
> PGP keyID EB3467D6
> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 

*Doug Eckert*
*Technical Architect*

*Global Business Technology*
*Dow Jones* | *A News Corporation Company*
P.O. Box 300 | Princeton NJ 08543-0300
(W) 609.520.4993 (C) 732.666.3681
*Email: **doug.eck...@dowjones.com* 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos security update

[Eero Volotinen]

2015-04-24 15:31 GMT+03:00 Jim Perrin :

>
>
> On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
> > Hi,
> >
> > I was using CentOS 7 and when I ran some custom commercial security scan
> on
> > my machine, I found about 122 vulnerabilities.
> >
> > Can you help me on how to get security upgrades on top of my existing
> > CentOS?
>
> The short answer: 'yum update'
>
> The long answer: nearly all commercial scanners test via version number,
> not actual vulnerabilities. You can take the list of 'vulnerable'
> packages and the related CVEs and 'rpm -q  --changelog | grep
> -i cve' to see that it's been addressed.
>

Usually security scanners like nessus, openvas .. detect os
misconfigurations like weak ciphers and some basic os misconfigurations

"easy" way to get PASS result is usually just turn off version numbers from
services and disable weak ciphers like sslv3, sslv2 and so on...

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Pete Geenhuizen]

Initially Bourne was used because it was typically a static binary, 
because the boot process didn't have access to any shared libraries.  
When that changed it became a bit of a moot point, and you started to 
see other interpreters being used.


Even though Solaris started using ksh as the default user environment, 
almost all of the start scrips were either bourne or bash scripts.  With 
Bash having more functionality the scripts typically used the 
environment that suited the requirements best.


Bottom line is use what ever script suits your needs just be sure to 
tell the environment which interpreter to use.  Personally I never write 
a script that doesn't include the interpreter on the first line.


Pete

On 04/24/15 08:42, Eckert, Doug wrote:

It was the mid/late-90s, but I seem to recall Bourne being the default
shell, although sh/ksh/csh were all available with a typical install.

On Fri, Apr 24, 2015 at 8:32 AM, Scott Robbins  wrote:





--
If money can fix it, it's not a problem.
 -- Click and Clack the Tappet brothers

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Les Mikesell]

On Fri, Apr 24, 2015 at 7:02 AM, mark  wrote:
>
>>> I'm sure most people here know about Dash in Debian. Have there
>>> been discussions about providing a more efficient shell in Centos
>>> for use with heavily invoked non-interactive scripts?
>>>
>>> With sh being a link to bash in Centos I don't know if it would
>>> explode if the link was changed to something else, but at least
>>> the scripts we made on our own that run certain services could
>>> be changed and tested manually to another shell.
>>>
>>> Are there other people who have experience in this and can
>>> provide interesting guidance?
>>>
>> Why go to that extreme if you tell a script on line 1 which shell to run
>> it
>> will do so.
>> #!/bin/dash
>> or what ever shell you want it to run in.  I always do that to make sure
>> that
>> the script runs as expected, if you leave it out the script will run in
>> whatever environment it currently is in.
>>
>
> I'm confused here, too, and this has been bugging me for some time: why sh,
> when almost 20 years ago, at places I've worked, production shell scripts
> went from sh to ksh. It was only after I got into the CentOS world in '09
> that I saw all the sh scripts again.
>

The original ksh wasn't open source and might even have been an
extra-cost item in AT&T unix.   And the early emulations weren't
always complete so you couldn't count on script portability.  I
generally thought it was safer to use perl for anything that took more
than bourne shell syntax.

But as for efficiency, I'd think a script would have to do quite a lot
of work to offset the need to page in different code for the
interpreter.  Any unix-like system should almost always have some
instances of sh running and other instances of the same executable
should run shared-text, where invoking a shell that isn't already
loaded will have to load the code off the disk.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Stephen Harris]

On Fri, Apr 24, 2015 at 08:32:45AM -0400, Scott Robbins wrote:
> Wasn't Solaris, which for awhile at least, was probably the most popular
> Unix, using ksh by default?

Solaris /bin/sh was a real real dumb version of the bourne shell.
Solaris included /bin/ksh as part of the core distribution (ksh88 was a
part of the SVr4 specification) and so many scripts were written with
#!/bin/ksh at the start (including tools like "patchadd").

Note Solaris had bugs in those tools because they didn't start
"#!/bin/ksh -p" so if you had a $ENVFILE that included lines like "set
-o noclobber" or had aliases then scripts would break (patchadd was a
perfect example).  Many of these got fixed by Solaris 8 :-)

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos security update

[Johnny Hughes]

On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
> Hi,
> 
> I was using CentOS 7 and when I ran some custom commercial security scan on
> my machine, I found about 122 vulnerabilities.
> 
> Can you help me on how to get security upgrades on top of my existing
> CentOS?
> 
> # cat /etc/redhat-release
> CentOS Linux release 7.1.1503 (Core)
> 
> Thanks for the help.
> 

You will need to address each individual issue as one event an track it.

Most security software for ubuntu does not understand the concept of Red
hat backporting:

https://access.redhat.com/security/updates/backporting/

Therefore, to check CentOS or RHEL properly for security issues, the
software need to be designed to understand what version of a package
that Red hat fixed an issue in via their backport .. not how it was
fixed in the main upstream project code.

As an example, here is CVE-2014-0226:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226

Red Hat fixes that in these updates:

EL5 and EL6:
https://rhn.redhat.com/errata/RHSA-2014-0920.html

EL7:
https://rhn.redhat.com/errata/RHSA-2014-0921.html

That means, because of backporting, this issue is fixed in:

EL5:
httpd-2.2.3-87.el5_10.src.rpm

EL6:
httpd-2.2.15-31.el6_5.src.rpm

EL7:
httpd-2.4.6-18.el7_0.src.rpm


If you look at the apache web page for vulnerabilities for httpd 2.2
(http://httpd.apache.org/security/vulnerabilities_22.html) and if you
you search for CVE-2014-0226 you will find it is fixed in version 2.2.28
upstream .. but Red Hat fixed it in versions 2.2.3-87 and in version
2.2.15.

If your software thinks that in order to be protected for CVE-2014-0226
that you need version 2.2.28 opr higher apache, then your software kicks
out a fail in EL5 if you have version httpd-2.2.3-87 .. but it is NOT a
fail.  So, bottom line, your software has to know how Red Hat did
backports for EL via backporting or it will give false positives.

The same is true for EL7 too .. apache fixes CVE-2014-0226 in 2.4.10 ..
Red Hat fixes it in httpd-2.4.6-18.el7_0 .. software needs to know
2.4.10 is not needed because of a backport.





signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Stephen Harris]

On Fri, Apr 24, 2015 at 08:54:48AM -0400, Pete Geenhuizen wrote:
> Even though Solaris started using ksh as the default user environment, 
> almost all of the start scrips were either bourne or bash scripts.  With 
> Bash having more functionality the scripts typically used the 
> environment that suited the requirements best.

Bash is a better command shell for many people, but ksh has better
scripting ability (eg typescript options bash has never seen).
Many Solaris provided scripts were ksh.

Bash was bigger than ksh in the non-commercial Unix world because of ksh88
licensing problems.  Back in 1998 I wanted to teach a ksh scripting
course to my local LUG, but AT&T (David Korn himsef!) told me I couldn't
give people copies of the shell to take home.

(Finally, too late in the day, they changed their licensing).

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Joerg Schilling]

Pete Geenhuizen  wrote:

> Initially Bourne was used because it was typically a static binary, 
> because the boot process didn't have access to any shared libraries.  
> When that changed it became a bit of a moot point, and you started to 
> see other interpreters being used.

When dynamic linking was intruduced in 1988, people did kno know what we now 
know and provided sh, mv, tar, ifconfig and mount as statib binaries in "/sbin".

Since Solaris 10 we know better and there is no static binary anymore.

BTW: the real Bourne Shell is now 100% portable and enhanced since a longer 
time. If you like to test the real Bourne Shell, check the latest schilytools:

https://sourceforge.net/projects/schilytools/files/

The Bourne Shell is also much faster than bash. In special on platforms like 
Cygwin, where Microsoft enforces extremly slow process creation.

> Even though Solaris started using ksh as the default user environment, 
> almost all of the start scrips were either bourne or bash scripts.  With 
> Bash having more functionality the scripts typically used the 
> environment that suited the requirements best.

There are no bash scripts on Solaris as bash has too many deviatioons from the 
standard.

Jörg

-- 
 EMail:jo...@schily.net(home) Jörg Schilling D-13353 Berlin
   joerg.schill...@fokus.fraunhofer.de (work) Blog: 
http://schily.blogspot.com/
 URL:  http://cdrecord.org/private/ 
http://sourceforge.net/projects/schilytools/files/'
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Joerg Schilling]

Stephen Harris  wrote:

> On Fri, Apr 24, 2015 at 08:32:45AM -0400, Scott Robbins wrote:
> > Wasn't Solaris, which for awhile at least, was probably the most popular
> > Unix, using ksh by default?
>
> Solaris /bin/sh was a real real dumb version of the bourne shell.
> Solaris included /bin/ksh as part of the core distribution (ksh88 was a
> part of the SVr4 specification) and so many scripts were written with
> #!/bin/ksh at the start (including tools like "patchadd").

The basic system had very few scripts that required ksh.

Jörg

-- 
 EMail:jo...@schily.net(home) Jörg Schilling D-13353 Berlin
   joerg.schill...@fokus.fraunhofer.de (work) Blog: 
http://schily.blogspot.com/
 URL:  http://cdrecord.org/private/ 
http://sourceforge.net/projects/schilytools/files/'
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Joerg Schilling]

Stephen Harris  wrote:

> Bash was bigger than ksh in the non-commercial Unix world because of ksh88
> licensing problems.  Back in 1998 I wanted to teach a ksh scripting
> course to my local LUG, but AT&T (David Korn himsef!) told me I couldn't
> give people copies of the shell to take home.

AFAIR, ksh was OSS (but not using an OSI approved license) since 1997. Since 
2001, ksh is under a OSI approved license.

Jörg

-- 
 EMail:jo...@schily.net(home) Jörg Schilling D-13353 Berlin
   joerg.schill...@fokus.fraunhofer.de (work) Blog: 
http://schily.blogspot.com/
 URL:  http://cdrecord.org/private/ 
http://sourceforge.net/projects/schilytools/files/'
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Stephen Harris]

On Fri, Apr 24, 2015 at 03:15:27PM +0200, Joerg Schilling wrote:
> Stephen Harris  wrote:
> 
> > Bash was bigger than ksh in the non-commercial Unix world because of ksh88
> > licensing problems.  Back in 1998 I wanted to teach a ksh scripting
> > course to my local LUG, but AT&T (David Korn himsef!) told me I couldn't
> > give people copies of the shell to take home.
> 
> AFAIR, ksh was OSS (but not using an OSI approved license) since 1997. Since 

In 1998 each user had to sign a license; you couldn't give away copies
to other people.

   Date: Wed, 20 May 1998 14:09:30 -0400 (EDT)
   From: David Korn 

   If you are going to make copies for use at your course there is
   no problem.  However, if users are to get their own copies
   to take home with them, then we need to get each of them
   to accpet the license agreement that is on the web.

[ snip other options, including printing out the license and having
  people sign it and sending the results back! ]

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Joerg Schilling]

Stephen Harris  wrote:

> Solaris /bin/sh was a real real dumb version of the bourne shell.

If you like to create portable scripts, you can do this by downloading:

https://sourceforge.net/projects/schilytools/files/

and using "osh" as a reference implementation. Osh is the old SunOS Bourne 
Shell with all bugs that people expect from a SVr4 Bourne Shell. It just has 
been rewritten to make it portable, e.g. by converting it from sbrk() to 
malloc() that makes it work on Cygwin. This code to convert to malloc() was 
written by Geoff Collyer for David Korn for converting the Bourne Shell based
ksh. In 2012, I have rewritten that code to make it fit the SVr4 version of 
the Bourne Shell and a month ago, this was tested by American fuzzy lop and so
I could fix a few left over bugs from that conversion.

If you use "osh", you get exactly the same behavior than from a SunOS /bin/sh 
up to Solaris 10 included.

The current maintained Bourne Shell installed as "sh" and "bosh" has many 
enhancements, including the following:

-   A history editor using my original design from 1982, that predates ksh.

-   enhanced aliases (much more than ksh implements), the original design
for this implementaion is also from 1982.

-   rcfiles "/etc/sh.shrc" "$HOME/.shrc" for interactive shells

-   the "repeat" builtin

-   true / false builtin

-   pushd / popd / dirs builtin && cd -

-   support for read -r

-   support for set -o

-   support for sh -v -x instead of just set -vx

-   support for umask -S

-   Support for i; do  with semicolon

-   Report a syntax error for "echo foo |;"

-   Bugfix for set -a; read VAR

-   Evaluate var2=val2 var1=val1 left to right

-   a much better man page

-   Support for vfork() to speed up things.

Jörg

-- 
 EMail:jo...@schily.net(home) Jörg Schilling D-13353 Berlin
   joerg.schill...@fokus.fraunhofer.de (work) Blog: 
http://schily.blogspot.com/
 URL:  http://cdrecord.org/private/ 
http://sourceforge.net/projects/schilytools/files/'
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Joerg Schilling]

Stephen Harris  wrote:

> > AFAIR, ksh was OSS (but not using an OSI approved license) since 1997. 
> > Since 
>
> In 1998 each user had to sign a license; you couldn't give away copies
> to other people.
>
>Date: Wed, 20 May 1998 14:09:30 -0400 (EDT)
>From: David Korn 
>
>If you are going to make copies for use at your course there is
>no problem.  However, if users are to get their own copies
>to take home with them, then we need to get each of them
>to accpet the license agreement that is on the web.

OK, I remeber again: You had to click "accept" on the web to get your copy of 
the source. This need was removed in 2001.

Jörg

-- 
 EMail:jo...@schily.net(home) Jörg Schilling D-13353 Berlin
   joerg.schill...@fokus.fraunhofer.de (work) Blog: 
http://schily.blogspot.com/
 URL:  http://cdrecord.org/private/ 
http://sourceforge.net/projects/schilytools/files/'
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Resetting tcp timestamp

[James B. Byrne]

TCP timestamps on some (but not all?) of our CentOs hosts are being
reported as a vulnerability by OSSIM.  I have looked into the matter
briefly and cannot say that I consider this a serious security issue.

The vulnerability seems limited to determining the uptime of the
target host. The question therefore arises as to whether or not there
is any way to reset the tcp timestamp present value to zero or some
randomly determined value.  If not then what are the technical
impediments?

I am cognisant of the role of tcp timestamps in handling serial number
rollovers.  However, since the timestamp itself also must rollover,
given sufficient uptime (~288 days I believe I read), what prevents
one from manually forcing that event?  Is there such a means provided
in CentOS6?


-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[m . roth]

Stephen Harris wrote:
> On Fri, Apr 24, 2015 at 03:15:27PM +0200, Joerg Schilling wrote:
>> Stephen Harris  wrote:
>>
>> > Bash was bigger than ksh in the non-commercial Unix world because of
>> > ksh88 licensing problems.  Back in 1998 I wanted to teach a ksh
scripting
>> > course to my local LUG, but AT&T (David Korn himsef!) told me I
>> > couldn't give people copies of the shell to take home.
>>
>> AFAIR, ksh was OSS (but not using an OSI approved license) since 1997.
>> Since
>
> In 1998 each user had to sign a license; you couldn't give away copies
> to other people.
>
>Date: Wed, 20 May 1998 14:09:30 -0400 (EDT)
>From: David Korn 
>
>If you are going to make copies for use at your course there is
>no problem.  However, if users are to get their own copies
>to take home with them, then we need to get each of them
>to accpet the license agreement that is on the web.
>
> [ snip other options, including printing out the license and having
>   people sign it and sending the results back! ]

Fascinating. As I'd been in Sun OS, and started doing admin work when it
became Solaris, I'd missed that bit. A question: did the license agreement
include payment, or was it just restrictive on distribution?

Oh, and to clarify what I said before, our production shell scripts, in
the mid-nineties, were corporately required to go to ksh.

I didn't know bash till I got to CentOS (I don't remember it in RH 9...),
and it's what I prefer (my manager and some other folks here like zsh),
but bash lets me use all my c-shell-isms that I learned when I started in
UNIX in '91.

 mark !se



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 NFS client problems

[Matt Garman]

What does your /etc/idmapd.conf look like on the server side?

I fought with this quite a bit a while ago, but my use case was a bit
different, and I was working with CentOS 5 and 6.

Still, the kicker for me was updating the [Translation] section of
/etc/idmapd.conf.  Mine looks like this:

[Translation]
Method = nsswitch
GSS-Methods = nsswitch,static

You said you're not using Kerberos or LDAP, so I'm guessing you can
leave out the GSS-Methods line entirely, and make your Method line
"nsswitch,static".

Furthermore, in my /etc/idmapd.conf file, I have a [Static] section
which, according to my comments, maps GSS-authenticated names to local
user names.  So mine looks kind of like this:

[Static]
someuser@REALM = localuser

Again, since you're not using GSS, I'm not sure if you can get away
with something like

[Static]
joe = joe

But it's probably worth trying/experimenting.

I hope that can be of some help!





On Thu, Apr 23, 2015 at 3:11 PM, Devin Reade  wrote:
> #define TL;DR
>
> Despite idmapd running, usernames/IDs don't get mapped properly.
> Looking for a workaround.
>
> #undef TL;DR
>
> I'm trying to get a new CentOS 7.1 workstation running, and having
> some problems with NFS filesystems.  The server is a fully patched
> CentOS 6 server.
>
> On the NFS filesystem, there are two subdirectories owned by a
> regular user (joe). (There are actually more and by multiple users, but
> I'll just show the two.) That user exists on both the NFS server and this
> CentOS 7 NFS client.  However, the user on the client machine is unable
> to perform various operations.  (The operations work when logged into
> the server.)
>
> $ whoami
> joe
> $ cd /nfs
> $ ls -l
> drwx--. 6 joejoe 4096 Apr 23 11:20 one
> drwxr-xr-x. 4 joejoe 4096 Dec 14  2011 two
> $ cd one
> one: Permission denied.
> $ cd two
> $ ls
> subdir1 subdir2
> $ touch testfile
> touch: cannot touch testfile: Permission denied
>
> mount(1) shows that the filesystem is mounted rw.  The server has it
> exported rw to the entire subnet.  Other machines (CentOS 5) mount
> the same filesystems without a problem.
>
> Looks a lot like an idmapd issue, right?
>
> On the server:
> # id joe
> uid=501(joe) gid=501(joe) groups=501(joe)
>
> Back on the client:
>
> $ ps auxww | grep idmap | grep -v grep
> $ id joe
> uid=1000(joe) gid=1000(joe) groups=1000(joe)
> $ cd /nfs
> $ ls -n
> drwx--. 6 1000 1000  4096 Apr 23 11:20 one
> drwxr-xr-x. 4 1000 1000  4096 Dec 14  2011 two
>
> So it looks like even though the name/UID mapping is correct even though
> the idmapd daemon isn't running on the client.  (It looks like CentOS7
> only starts idmapd when it's running an NFS *server*.)
>
> # systemctl list-units | grep nfs
> nfs.mountloaded active mounted   /nfs
> proc-fs-nfsd.mount   loaded active mounted   NFSD configuration
> filesystem
> var-lib-nfs-rpc_pipefs.mount loaded active mounted   RPC Pipe File System
> nfs-config.service   loaded active exitedPreprocess NFS
> configuration
> nfs-client.targetloaded active activeNFS client services
>
> The behavior was tested again with SELinux in permissive mode; no change.
>
> Splunking a bit more shows some similar behavior for other distros:
>  
>  
>
> Yep, this is a situation where LDAP and Kerberos aren't in play. And
> the CentOS 5, CentOS 6, and other UNIXen boxes are using consistent
> UID/GID mappings.  However, CentOS7 (well, RHEL7) changed the minimum
> UID/GID for regular accounts, so when the account was created on the
> latter, the UID is out of sync.  So much for idmapd (without the
> fixes involved in the above URLs).
>
> Has anyone else run into this and have a solution other than forcing
> UIDs to match?
>
> Devin
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Joerg Schilling]

 wrote:

> Fascinating. As I'd been in Sun OS, and started doing admin work when it
> became Solaris, I'd missed that bit. A question: did the license agreement
> include payment, or was it just restrictive on distribution?

Everything other than ksh93 is closed source. The POSIX shell used by various 
commercial UNIXes is based on ksh88. Sun tried to make this OSS in 2005 but 
"OSS lovers" as HP and IBM prevented this from happening.

ksh93 exists in a 1997 version with restricted redistribution and a 2001 
version with OSI OSS compliance.

> Oh, and to clarify what I said before, our production shell scripts, in
> the mid-nineties, were corporately required to go to ksh.
>
> I didn't know bash till I got to CentOS (I don't remember it in RH 9...),
> and it's what I prefer (my manager and some other folks here like zsh),
> but bash lets me use all my c-shell-isms that I learned when I started in
> UNIX in '91.

Most if not all of these goodies are in the Bourne Shell now as well. 

And bash still comes with a history editor that gives less features than the 
one I prototyped in 1982 and that is now available in the Bourne Shell.

Jörg

-- 
 EMail:jo...@schily.net(home) Jörg Schilling D-13353 Berlin
   joerg.schill...@fokus.fraunhofer.de (work) Blog: 
http://schily.blogspot.com/
 URL:  http://cdrecord.org/private/ 
http://sourceforge.net/projects/schilytools/files/'
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 NFS client problems

[m . roth]

Matt Garman wrote:
> What does your /etc/idmapd.conf look like on the server side?
>
> I fought with this quite a bit a while ago, but my use case was a bit
> different, and I was working with CentOS 5 and 6.
>
> Still, the kicker for me was updating the [Translation] section of
> /etc/idmapd.conf.  Mine looks like this:
>
> [Translation]
> Method = nsswitch
> GSS-Methods = nsswitch,static
>
> You said you're not using Kerberos or LDAP, so I'm guessing you can
> leave out the GSS-Methods line entirely, and make your Method line
> "nsswitch,static".
>

Related, maybe: I *just* solved my problem with NFS on CentOS  7.0.1406
mounting home directories as nobody:nobody. Looking at the above, and
seeing mentions of [Translation], I reviewed the *entire* idpapd.conf
file, and found that the UMICH LDAP scheme is, by default, enabled. I'd
put our domain in the other day; now I commented out the UMICH, restarted
rpcidmapd and autofs, and everything was wonderful.

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[John R Pierce]

On 4/24/2015 3:07 AM, E.B. wrote:

I'm sure most people here know about Dash in Debian. Have there
been discussions about providing a more efficient shell in Centos
for use with heavily invoked non-interactive scripts?



perl or python are much better choices for complex scripts that need 
decent performance




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Les Mikesell]

On Fri, Apr 24, 2015 at 11:12 AM, John R Pierce  wrote:
> On 4/24/2015 3:07 AM, E.B. wrote:
>>
>> I'm sure most people here know about Dash in Debian. Have there
>> been discussions about providing a more efficient shell in Centos
>> for use with heavily invoked non-interactive scripts?
>
>
>
> perl or python are much better choices for complex scripts that need decent
> performance
>

Yes, the shell is great at launching other programs, redirecting i/o,
creating pipes, expanding wildcard filenames and generally automating
things with exactly the same syntax you'd use manually on the command
line.   But not so much at doing real computation itself.   Even with
perl if you have to do serious work you'll probably want modules that
link in compiled C libraries.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Gordon Messmer]

On 04/24/2015 03:57 AM, Pete Geenhuizen wrote:

if you leave it out the script will run in whatever environment it
currently is in.


I'm reasonably certain that a script with no shebang will run with 
/bin/sh.  I interpret your statement to mean that if a user is using ksh 
and enters the path to such a script, it would also run in ksh.  That 
would only be true if you "sourced" the script from your shell.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Steve Lindemann]

On 4/24/2015 10:47 AM, Gordon Messmer wrote:

On 04/24/2015 03:57 AM, Pete Geenhuizen wrote:

if you leave it out the script will run in whatever environment it
currently is in.


I'm reasonably certain that a script with no shebang will run with
/bin/sh.  I interpret your statement to mean that if a user is using ksh
and enters the path to such a script, it would also run in ksh.  That
would only be true if you "sourced" the script from your shell.


A script with no shebang will run in the environment of the account 
running the script.  If that account is root and root uses the bash 
shell then the script will run in the bash shell.  If that account uses 
the korn shell then the script will run in a korn shell... etc.  So it 
depends and Pete was more correct.


All the Sun systems I worked on (way in the past) had the bourne shell 
on the root account and I usually set my account up with a korn shell. 
On linux boxes both the root and personal account use the bash shell. 
Some systems will use a C shell, and, of course, other choices.


If you want a script to run under a specific shell you NEED the shebang 
line at the beginning.  Assuming the bourne shell as a default is not 
reliable.


If you use good coding practices you will have that shebang line at the 
beginning of all scripts.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[John R Pierce]

On 4/24/2015 9:47 AM, Gordon Messmer wrote:

On 04/24/2015 03:57 AM, Pete Geenhuizen wrote:

if you leave it out the script will run in whatever environment it
currently is in.


I'm reasonably certain that a script with no shebang will run with 
/bin/sh.  I interpret your statement to mean that if a user is using 
ksh and enters the path to such a script, it would also run in ksh.  
That would only be true if you "sourced" the script from your shell. 


oh fun, just did some tests (using c6.latest).   if you're in bash, 
./script (sans shebang) runs it in bash.  if you're in dash or csh, 
./script runs it in sh.if you're in ksh, it runs it in ksh.






--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Valeri Galtsev]

On Fri, April 24, 2015 12:04 pm, John R Pierce wrote:
> On 4/24/2015 9:47 AM, Gordon Messmer wrote:
>> On 04/24/2015 03:57 AM, Pete Geenhuizen wrote:
>>> if you leave it out the script will run in whatever environment it
>>> currently is in.
>>
>> I'm reasonably certain that a script with no shebang will run with
>> /bin/sh.  I interpret your statement to mean that if a user is using
>> ksh and enters the path to such a script, it would also run in ksh.
>> That would only be true if you "sourced" the script from your shell.
>
> oh fun, just did some tests (using c6.latest).   if you're in bash,
> ./script (sans shebang) runs it in bash.  if you're in dash or csh,
> ./script runs it in sh.if you're in ksh, it runs it in ksh.
>

Wow! Surprise ;-)

I just tested it on my FreeBSD workstation, and all works as expected
(i.e. the script obeys shebang). Just in case, here is the contents of my
test script:



#!/bin/sh

readlink /proc/$$/file


( note that that "file" is because I'm using FreeBSD /proc, for Linux you
may need to replace the line with something like:

readlink /proc/$$/exe

Now the fun part

in bash:

$ echo $0
bash

$ ./test
/bin/sh

in tcsh

% echo $0
tcsh

% ./test
/bin/sh

in zsh

% echo $0
zsh

% ./test
/bin/sh

But yet funnier thing:

$ bash ./test
/usr/local/bin/bash

$ tcsh ./test
/bin/tcsh

$ zsh ./test
/usr/local/bin/zsh


Well, no creepy surprises for me ! ;-)

(you can do the same on Linux of your choice and see if it behaves ;-)

Thanks.
Valeri


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[zep]

I believe if you re-read a little more closely, the whole point of the
exercise was not to have the #! at the top of the script.

On 04/24/2015 01:36 PM, Valeri Galtsev wrote:
> On Fri, April 24, 2015 12:04 pm, John R Pierce wrote:
>> On 4/24/2015 9:47 AM, Gordon Messmer wrote:
>>> On 04/24/2015 03:57 AM, Pete Geenhuizen wrote:
 if you leave it out the script will run in whatever environment it
 currently is in.
>>> >>>I'm reasonably certain that a script with no shebang will run with
>>> /bin/sh.<<<  I interpret your statement to mean that if a user is using
>>> ksh and enters the path to such a script, it would also run in ksh.
>>> That would only be true if you "sourced" the script from your shell.
>> oh fun, just did some tests (using c6.latest).   if you're in bash,
>> >>>./script (sans shebang)<<< runs it in bash.  if you're in dash or csh,
>> ./script runs it in sh.if you're in ksh, it runs it in ksh.
>>
> Wow! Surprise ;-)
>
> I just tested it on my FreeBSD workstation, and all works as expected
> (i.e. the script obeys shebang). Just in case, here is the contents of my
> test script:
>
>
> 
> #!/bin/sh
>
> readlink /proc/$$/file
> 
>
> ( note that that "file" is because I'm using FreeBSD /proc, for Linux you
> may need to replace the line with something like:
>
> readlink /proc/$$/exe
>
> Now the fun part
>
> in bash:
>
> $ echo $0
> bash
>
> $ ./test
> /bin/sh
>
> in tcsh
>
> % echo $0
> tcsh
>
> % ./test
> /bin/sh
>
> in zsh
>
> % echo $0
> zsh
>
> % ./test
> /bin/sh
>
> But yet funnier thing:
>
> $ bash ./test
> /usr/local/bin/bash
>
> $ tcsh ./test
> /bin/tcsh
>
> $ zsh ./test
> /usr/local/bin/zsh
>
>
> Well, no creepy surprises for me ! ;-)
>
> (you can do the same on Linux of your choice and see if it behaves ;-)
>
> Thanks.
> Valeri
>
> 
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

-- 
public gpg key id: AE60F64C

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Les Mikesell]

On Fri, Apr 24, 2015 at 12:04 PM, John R Pierce  wrote:
> On 4/24/2015 9:47 AM, Gordon Messmer wrote:
>>
>> On 04/24/2015 03:57 AM, Pete Geenhuizen wrote:
>>>
>>> if you leave it out the script will run in whatever environment it
>>> currently is in.
>>
>>
>> I'm reasonably certain that a script with no shebang will run with
>> /bin/sh.  I interpret your statement to mean that if a user is using ksh and
>> enters the path to such a script, it would also run in ksh.  That would only
>> be true if you "sourced" the script from your shell.
>
>
> oh fun, just did some tests (using c6.latest).   if you're in bash, ./script
> (sans shebang) runs it in bash.  if you're in dash or csh, ./script runs it
> in sh.if you're in ksh, it runs it in ksh.
>

If I'm doing cron jobs or a top-level control script I usually just
specify the interpreter explicitly like
 cd somewhere && sh some_script.sh
 cd somewhere_else && perl some_script.pl
so it works even if I forget to chmod it executable...

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos security update

[Alexander Dalloz]

Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:

I was using CentOS 7 and when I ran some custom commercial security scan on
my machine, I found about 122 vulnerabilities.


That's why those scans are wasted money. From a security management 
point of view they neither help you nor your manager.


Regards

Alexander

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos security update

[John R Pierce]

On 4/24/2015 12:14 PM, Alexander Dalloz wrote:

Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
I was using CentOS 7 and when I ran some custom commercial security 
scan on

my machine, I found about 122 vulnerabilities.


That's why those scans are wasted money. From a security management 
point of view they neither help you nor your manager. 


I call it 'security by bullet list'




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Gordon Messmer]

On 04/24/2015 09:59 AM, Steve Lindemann wrote:


A script with no shebang will run in the environment of the account
running the script.


Bad test on my part, apparently.

$ python
>>> import os
>>> os.execv('/home/gmessmer/test', ('test',))
Traceback (most recent call last):
  File "", line 1, in 
OSError: [Errno 8] Exec format error

So a script with no shebang will fail when the shell calls exec().  If 
that's so, then starting the executable script with an interpreter is 
probably shell-defined.  In other words, each shell might do something 
different to run a script that has no shebang.  Most probably do default 
to trying itself as the interpreter first.  Interesting.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[John R Pierce]

On 4/24/2015 12:32 PM, Gordon Messmer wrote:

On 04/24/2015 09:59 AM, Steve Lindemann wrote:


A script with no shebang will run in the environment of the account
running the script.


Bad test on my part, apparently.

$ python
>>> import os
>>> os.execv('/home/gmessmer/test', ('test',))
Traceback (most recent call last):
  File "", line 1, in 
OSError: [Errno 8] Exec format error

So a script with no shebang will fail when the shell calls exec().  If 
that's so, then starting the executable script with an interpreter is 
probably shell-defined.  In other words, each shell might do something 
different to run a script that has no shebang. Most probably do 
default to trying itself as the interpreter first.  Interesting. 


is file test chmod +x  ?

--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Stephen Harris]

On Fri, Apr 24, 2015 at 10:38:25AM -0400, m.r...@5-cent.us wrote:
> Fascinating. As I'd been in Sun OS, and started doing admin work when it
> became Solaris, I'd missed that bit. A question: did the license agreement
> include payment, or was it just restrictive on distribution?

In 1990, when I started using ksh88, it was totally commercial.  Binaries
were $$$ and source was .  We bought the source and compiled it for
SunOS, Ultrix and various SYSVr[23] machines (one machine was so old it
didn't understand #! and so needed it placed as /bin/sh).

By 1998, ksh93 was free (as in beer) but was restricted distribution.
Eventually ksh93 became properly free, but by this point bash was
already popular in the Free-nix arena and had even made it into
Solaris, AIX and others.

> I didn't know bash till I got to CentOS (I don't remember it in RH 9...),

Yes it was.  It was in RH(not EL) 4, which was the first RH I used.

Even the 0.11 "boot+root" combination from 1991 had a version of bash in it!
  http://gunkies.org/wiki/Linux_0.11
(that was the first Linux version I used)

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Stephen Harris]

On Fri, Apr 24, 2015 at 09:47:24AM -0700, Gordon Messmer wrote:
> On 04/24/2015 03:57 AM, Pete Geenhuizen wrote:
> >if you leave it out the script will run in whatever environment it
> >currently is in.
> 
> I'm reasonably certain that a script with no shebang will run with 
> /bin/sh.  I interpret your statement to mean that if a user is using ksh 

"It depends".

On older Unix-type systems which didn't understand #! then the shell
itself did the work.  At least csh did (sh didn't necessary).  If the
first character was a # then csh assumed it was a csh script, otherwise
it assumed a sh script.  That's why a lot of real old scripts began with :

> and enters the path to such a script, it would also run in ksh.  That 
> would only be true if you "sourced" the script from your shell.

So on CentOS 5 with ksh93 as my shell

  % cat x
  echo ${.sh.version}

Note that it's a simple one liner with no #!

  % ./x
  Version AJM 93t+ 2010-06-21

That's ksh output!

Let's change my shell to "bash" instead
  % bash
  bash-3.2$ ./x
  ./x: line 1: ${.sh.version}: bad substitution

So now it's bash that's trying to interpret it!

So "it depends" is still true :-)

Basically, without #! there (which allows it to be exec'd) the shell
determines how the file is interpreted.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos security update

[m . roth]

John R Pierce wrote:
> On 4/24/2015 12:14 PM, Alexander Dalloz wrote:
>> Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
>>> I was using CentOS 7 and when I ran some custom commercial security
>>> scan on
>>> my machine, I found about 122 vulnerabilities.
>>
>> That's why those scans are wasted money. From a security management
>> point of view they neither help you nor your manager.
>
> I call it 'security by bullet list'

I would be more interested if the OP had mentioned *what* "custom
commercial security scan" tool they'd used.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Jack Bailey]

On 04/24/15 05:59, Les Mikesell wrote:

The original ksh wasn't open source and might even have been an
extra-cost item in AT&T unix.   And the early emulations weren't
always complete so you couldn't count on script portability.  I
generally thought it was safer to use perl for anything that took more
than bourne shell syntax.


You're right about the extra cost.  In 1989 I bought the ksh source code 
from AT&T for $100.


Jack

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[m . roth]

Stephen Harris wrote:
> On Fri, Apr 24, 2015 at 10:38:25AM -0400, m.r...@5-cent.us wrote:
>> Fascinating. As I'd been in Sun OS, and started doing admin work when it
>> became Solaris, I'd missed that bit. A question: did the license
>> agreement include payment, or was it just restrictive on distribution?
>
> In 1990, when I started using ksh88, it was totally commercial.  Binaries
> were $$$ and source was .  We bought the source and compiled it for
> SunOS, Ultrix and various SYSVr[23] machines (one machine was so old it
> didn't understand #! and so needed it placed as /bin/sh).

I just (finally) got into Unix in '91, and didn't do any admin work, just
programming, until later in '95, and I had nothing to do with what
software got installed, at least to start (I sat there while someone else
was doing the installing). And that was a Sun, anyway.
>
> By 1998, ksh93 was free (as in beer) but was restricted distribution.
> Eventually ksh93 became properly free, but by this point bash was
> already popular in the Free-nix arena and had even made it into
> Solaris, AIX and others.
>
>> I didn't know bash till I got to CentOS (I don't remember it in RH
>> 9...),
>
> Yes it was.  It was in RH(not EL) 4, which was the first RH I used.

Ah. I don't remember if I was using csh, or ksh, and didn't realize about
bash. I *think* I vaguely remember that sh seemed to be more capable than
I remembered.

My first RH was 5, late nineties. First time I looked at linux and
installed, it was '95, and slack. (We'll ignore the Coherent that I
installed on my beloved 286 in the late 80's).

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[E.B.]

Interesting thread i started! Sorry if my question was too vague: -->

On Fri, 4/24/15, Joerg Schilling  wrote:

> The Bourne Shell is also much faster than bash. In special on platforms like
> Cygwin, where Microsoft enforces extremly slow process creation.

This gets at what I was thinking. For scripts that are not run interactively, it
seems wasteful to load all of Bash autocomplete, command history and all
its rich features.

For running in high volume mail server for example, *short* scripts that take
a few input args and invoke another program. Or do a mysql update (but
it has been pointed out invoking mysql from a shell script is also inefficient
since mysql client is also very feature rich with command history and things).
Or take some arguments and make a curl HTTP request somewhere.

So my question is should I install ksh (I see it is available in yum centos
base repo) and use that? Or should we consider to rewrite these short
scripts to perl? I read on the web that perl with a few typical libraries is
far slower to start up than a shell script.  ??  (no heavy computations)

Just a side tangent was question if it would be of interest to link /bin/sh
to something other than /bin/bash, if machine would implode or if it would
make machine faster in any way.

thanks everyone!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Les Mikesell]

On Fri, Apr 24, 2015 at 3:04 PM,   wrote:
> >
> My first RH was 5, late nineties. First time I looked at linux and
> installed, it was '95, and slack. (We'll ignore the Coherent that I
> installed on my beloved 286 in the late 80's).
> 

You mean you missed all the fun with Xenix on Radio Shack Model 16's
and SysV on AT&T's weird 3b machines?

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[Les Mikesell]

On Fri, Apr 24, 2015 at 3:45 PM, E.B.  wrote:
> Interesting thread i started! Sorry if my question was too vague: -->
>
> On Fri, 4/24/15, Joerg Schilling  wrote:
>
>> The Bourne Shell is also much faster than bash. In special on platforms like
>> Cygwin, where Microsoft enforces extremly slow process creation.
>
> This gets at what I was thinking. For scripts that are not run interactively, 
> it
> seems wasteful to load all of Bash autocomplete, command history and all
> its rich features.
>
> For running in high volume mail server for example, *short* scripts that take
> a few input args and invoke another program. Or do a mysql update (but
> it has been pointed out invoking mysql from a shell script is also inefficient
> since mysql client is also very feature rich with command history and things).
> Or take some arguments and make a curl HTTP request somewhere.
>
> So my question is should I install ksh (I see it is available in yum centos
> base repo) and use that? Or should we consider to rewrite these short
> scripts to perl? I read on the web that perl with a few typical libraries is
> far slower to start up than a shell script.  ??  (no heavy computations)

I'd do some serious timing tests in your typical environment before
believing anything about this.  The part that takes substantial time
is if you have to load code from disk.   Anything already running
(loaded from the same inode, so including hard links to different
names) should run shared-text without loading a new copy (also saving
memory...).  Anything that had been loaded recently but needs a new
copy should be reloaded quickly from cache.  Loading a new instance of
some little used interpreter is going to hit the disk.

Your most likely win would be to consolidate operations into longer
scripts and use perl where it can do work that would involve several
other programs as shell commands.   For example, I'd expect a single
perl program with several mysql operations to be much faster than a
shell script that needs to invoke mysql more than once - plus it is a
lot easier to access the data in a perl program.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Real sh? Or other efficient shell for non-interactive scripts

[m . roth]

Les Mikesell wrote:
> On Fri, Apr 24, 2015 at 3:04 PM,   wrote:
>> >
>> My first RH was 5, late nineties. First time I looked at linux and
>> installed, it was '95, and slack. (We'll ignore the Coherent that I
>> installed on my beloved 286 in the late 80's).
>> 
>
> You mean you missed all the fun with Xenix on Radio Shack Model 16's
> and SysV on AT&T's weird 3b machines?
>
Yep. Had a friend with a 3b, but I kept wanting *Nix, and only finally
made it in '91. Sun. Irix. HP-UX (once in a blue moon, and I tried to
avoid it when possible).

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 NFS client problems

[Devin Reade]

--On Friday, April 24, 2015 10:03:09 AM -0500 Matt Garman 
 wrote:


[...]

Still, the kicker for me was updating the [Translation] section of
/etc/idmapd.conf.  Mine looks like this:

[Translation]
Method = nsswitch
GSS-Methods = nsswitch,static

[...]


Again, since you're not using GSS, I'm not sure if you can get away
with something like

[Static]
joe = joe


Unfortunately, it looks like the answer is "no".  It'll still mess
up the mappings.

Thanks, though.

While on other machines that talk LDAP the mappings may come out
right (as yet unverified), in this case it looks like I'll have to
resort to moving to higher UIDs.  (I could force low UIDs on
the CentOS7 side, but it looks like too many things understand
the threshold of what makes a "system account".)

Ah well. The NFS server was scheduled to be replaced with a FreeBSD
box anyway.  I guess we'll just have to fast-track it and start
moving accounts and converting UIDs.

Devin

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 7 Installer Fail With 3Ware Controller

[Kirk Bocek]

I thought I'd post to the mail list because I know there are some that 
only respond this way.


I have a new SuperMicro X10-DRI host with a 3Ware controller that hangs 
when I try to install CentOS 7 on it. I've documented everything here:


https://www.centos.org/forums/viewtopic.php?f=49&t=52231

CentOS 6.6 installs just fine. I'd appreciate any feedback anyone has, 
either to the list or the forum.


Thanks,
Kirk Bocek
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] google-earth crashes on CentOS 6.6

[Mark LaPierre]

Hey all,

With google-earth-stable.x86_64 0:7.1.2.2041-0

[mlapier@peach /]$ /usr/bin/google-earth
[0425/000212:ERROR:net_util.cc(2195)] Not implemented reached in bool
net::HaveOnlyLoopbackAddresses()
Failed to load "/opt/google/earth/free/libinput_plugin.so" because
"/usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.14' not found (required
by ./libLeap.so)"
[0425/000213:ERROR:nss_ocsp.cc(581)] No URLRequestContext for OCSP handler.
[0425/000213:ERROR:nss_ocsp.cc(581)] No URLRequestContext for OCSP handler.

Another crash happened while handling crash!
[mlapier@peach /]$

NOTE: google-earth-stable.x86_64 0:7.1.2.2041-0 was running on my system
a couple of weeks ago.

With google-earth-stable.x86_64 0:6.0.3.2197-0

[mlapier@peach ~]$ /usr/bin/google-earth
libGL error: failed to load driver: swrast
[mlapier@peach ~]$

NOTE: GE starts and runs but there is no Earth in GE, just a black box.

Googling gets me no useful answers.  Do any of you CentOD 6.6 users have
GE operating on your system?  If so, what version are you using?

-- 
_
   °v°
  /(_)\
   ^ ^  Mark LaPierre
Registered Linux user No #267004
https://linuxcounter.net/

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] google-earth crashes on CentOS 6.6

[Mark LaPierre]

On 04/25/15 00:50, Mark LaPierre wrote:
> Hey all,
> 
> With google-earth-stable.x86_64 0:7.1.2.2041-0
> 
> [mlapier@peach /]$ /usr/bin/google-earth
> [0425/000212:ERROR:net_util.cc(2195)] Not implemented reached in bool
> net::HaveOnlyLoopbackAddresses()
> Failed to load "/opt/google/earth/free/libinput_plugin.so" because
> "/usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.14' not found (required
> by ./libLeap.so)"
> [0425/000213:ERROR:nss_ocsp.cc(581)] No URLRequestContext for OCSP handler.
> [0425/000213:ERROR:nss_ocsp.cc(581)] No URLRequestContext for OCSP handler.
> 
> Another crash happened while handling crash!
> [mlapier@peach /]$
> 
> NOTE: google-earth-stable.x86_64 0:7.1.2.2041-0 was running on my system
> a couple of weeks ago.
> 
> With google-earth-stable.x86_64 0:6.0.3.2197-0
> 
> [mlapier@peach ~]$ /usr/bin/google-earth
> libGL error: failed to load driver: swrast
> [mlapier@peach ~]$
> 
> NOTE: GE starts and runs but there is no Earth in GE, just a black box.
> 
> Googling gets me no useful answers.  Do any of you CentOD 6.6 users have
> GE operating on your system?  If so, what version are you using?
> 

Hey, I just discovered that google-earth-stable.x86_64 0:7.1.2.2041-0
starts and runs if you just keep trying.  Eventually it manages to avoid
"Another crash happened while handling crash!".  That doesn't mean it's
fixed though.

[mlapier@peach /]$ /opt/google/earth/free/google-earth %f
[0425/005314:ERROR:net_util.cc(2195)] Not implemented reached in bool
net::HaveOnlyLoopbackAddresses()
Failed to load "/opt/google/earth/free/libinput_plugin.so" because
"/usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.14' not found (required
by ./libLeap.so)"
[0425/005314:ERROR:nss_ocsp.cc(581)] No URLRequestContext for OCSP handler.
[0425/005314:ERROR:nss_ocsp.cc(581)] No URLRequestContext for OCSP handler.
[0425/005314:ERROR:nss_ocsp.cc(581)] No URLRequestContext for OCSP handler.


-- 
_
   °v°
  /(_)\
   ^ ^  Mark LaPierre
Registered Linux user No #267004
https://linuxcounter.net/

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos