Re: Problems with greylistd and exim and gmail
Interesting thin is, that graylistd crashed twise yesterday evening: greylistd: ### Fatal event in /usr/sbin/greylistd, line 488: greylistd: >>> -1141431269 greylistd: ### Fatal event in /usr/sbin/greylistd, line 488: greylistd: >>> -1136431291 That has not happened before for me. But that should not be directly related, because /etc/greylistd/whitelist-hosts is handled by exim AFAIA. -- Virgo Pärna virgo.pa...@mail.ee -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnm56f54.573.virgo.pa...@dragon.gaiasoft.ee
Re: Preventing the computer from shutting down.
Hi On Thu, Oct 30, 2014 at 11:07:27PM -0700, Don Armstrong wrote: > On Thu, 30 Oct 2014, Joey Hess wrote: > > Don Armstrong wrote: > > > systemd-inhibit --who='backup script' --why='backup is running currently' > > > \ > > > --mode=block yourbackupscript; > > > > This doesn't currently prevent either /sbin/shutdown or eg, the > > lightdm menu item from shutting the system down. It does inhibit > > systemctl reboot/halt. > > Huh. That seems kind of unfortunate (and weird, because /sbin/shutdown > is symlinked to systemctl here; I would have expected /sbin/shutdown to > be a special case of systemctl halt.) molly-guard doesn't really mess with /sbin/shutdown and family. Instead it implements, e.g. /usr/sbin/shutdown. Since /usr/sbin precedes /sbin in $PATH this allows them to be overridden. A bit clumsy, I agree, but sufficient to prevent administrator mistakes. Personally, I would have preferred molly-guard to use dpkg-divert, but it works as it is. > This is probably at least a documentation bug, and possibly a real bug. In the case of molly-guard, I belive that is up for debate. It only intentds to be a safety net, not a security feature. After all, attempting to protect a system against the root user is nonsensical. Regards -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141031082118.GA22377@hawking
WLAN router doesn't provide fix IP addresses
Hi list, I have a problem with my (w)lan setup. We use telephone and internet over the cable network and the company gives us a wlan modem for free. Unfortunately this modem doesn't allow me to specify fix IPs in the internal network for all of our machines. Nevertheless I setup an owncloud server on one machine (which is somehow our "server" but not always running), including SSL encryption with a self-signed certificate for its IP address. That worked well for a couple of months because the IP addresses didn't change (although they were not fixed). Now due to a technical problem our modem got replaced all of the IP addresses changed. (I did expect that for sometime in the future... but not so early...) Since it's impossible to manually define the IP addresses, I've a problem. Of course I could create a new certificate, put it on all other machines and adjust all settings (owncloud server address...); but that's quite an hassle. So I wanted to ask if there are other possibilities? I can define one or two DNS server in the modem's config. Would it work to setup my main machine (which is not always running) as an internal DNS server and use the hostnames instead of the IP addresses? Thanks for any pointers to how I can proceed. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8a103117-37c7-4712-9804-d72d6e5b8...@gmx.ch
Re: Suggestion for systemd and /usr on seperate partition
On Thursday 30 October 2014 19:46:26 Elimar Riesebieter wrote: > * Hans [2014-10-30 10:27 +0100]: > > Dear maintainers, > > > > completely without starting any flamewars: > > > > I am using systemd and I have /usr mounted on a separate partition as well > > as /var, /home, /boot and /. > > > > Additionally /usr, /var and /home are luks encrypted. > > > > Due to this profile, I get a lot of annoying errors, as systemd does not > > find /usr when it is started, because it produces an error and then > > switches to verbose mode. This is very annoying! > > To mount /usr at boottime you need to boot with an initramfs. > > Therefor you need at least > > ii initramfs-tools 0.118 > ii util-linux 2.25.2-2 > > which are available in sid. I don't know wheather this works on an > encrypted /usr, but at the end it works on sysvinit, upstart and > systemd. Check the BTS for initramfs-tools and util-linux. > > Elimar Cool. I have not yet upgraded to 0.118 because of serious bugs. How might I set it up to mount /usr at boot time? (Alternatively: Used to be possible to demand certain modules be included in the initrd. Initramfs now defaults to "all/most." I used to use "dep." Were some item in /usr... be actually needed at boot, could that be specified for inclusion to initramfs?) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/3272561.cPzdJO1MBP@dovidhalevi
Re: Keep using Debian without GNOME and SystemD
Στις 22-10-2014 17:41, Steve Litt έγραψε: On Wed, 22 Oct 2014 09:01:17 +0300 "Dimitrios Chr. Ioannidis" wrote: Hi, after spending two days trying unsuccesfuly to have a usable Jessie with one of the defaults DE and with no systemd utilities, i decided the following. In the companie's pc's i support, i'll continue with Wheezy and if there is no a clear path to Jessie without a trace of systemd until Wheezy's support lifetime then bye - bye Debian. I'm even considering to try hard to convince those companies to contribute to LTS for Wheezy to keep it alive and systemd free for as long it's possible. Sorry, but no systemd for me. Systemd as init ( and only that ) i don't care. Hi Dimitrios, Before you cast aside Debian and move to [Gentoo | Funtoo | Slackware | BSD] (and I'm not saying I won't do the exact same thing), but, before you do that, humor me and try the non-systemd Jessie with Openbox plus a panel if you want a panel. If you can't make that work, yeah, I see your point. But it's just possible that a non-entangled window manager might work well with a no-systemd Jessie. And if that happens, that window manager can be made into an excellent and fast work environment, and I can show you how. Thank you for your suggestion. Currently i'm trying to see in what shape the Debian/Hurd is. It's my first choice to escape from systemd and still use Debian. Will see. Regards, -- Dimitrios Chr. Ioannidis -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/210a699db99ecc8f1b9a1ab53b60a...@nephelae.eu
Re: WLAN router doesn't provide fix IP addresses
Hi
On Fri, Oct 31, 2014 at 09:28:33AM +0100, B. M. wrote:
> Hi list,
>
> I have a problem with my (w)lan setup. We use telephone and
> internet over the cable network and the company gives us a wlan
> modem for free. Unfortunately this modem doesn't allow me to specify
> fix IPs in the internal network for all of our machines.
Well - even if it doesn't, surely it allows you to specify which
*range* of IP addresses should be used for DHCP?
There is nothing wrong with configuring a server with a fixed IP
address (=not use DHCP client), as long as you use the correct
network, netmask and default gateway.
> Nevertheless I setup an owncloud server on one machine (which is
> somehow our "server" but not always running), including SSL
> encryption with a self-signed certificate for its IP address. That
> worked well for a couple of months because the IP addresses didn't
> change (although they were not fixed).
Oh. certificates for IP addresses is a new one on me :-)
> Now due to a technical problem our modem got replaced all of the IP
> addresses changed. (I did expect that for sometime in the
> future... but not so early...)
>
> Since it's impossible to manually define the IP addresses, I've a
> problem. Of course I could create a new certificate, put it on all
> other machines and adjust all settings (owncloud server address...);
> but that's quite an hassle.
Do the machines use avahi (or mdns? I'm actually not sure of the name,
but having libnss-mdns installed and "mdns4" mentioned in
/etc/nsswitch.conf would indicate so).
If so, you should be able to use "${hostname}.local" instead of an IP
address, and the multicast DNS resolution would sort things out.
> So I wanted to ask if there are other possibilities? I can define
> one or two DNS server in the modem's config. Would it work to setup
> my main machine (which is not always running) as an internal DNS
> server and use the hostnames instead of the IP addresses?
That is also a possibility. But if it is only for facilitating a
single server, then it's overkill. And it adds a single point of
failure too: you would not be able to resolve IP addresses while the
machine is down.
If you already own/run a domain, you can also add a A record in the
DNS for this to point to it - e.g. "owncloud.example.com IN A
192.168.0.45".
Using an entry in /etc/hosts is also an option.
Hope this helps
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141031084541.GB22377@hawking
Re: Problems with greylistd and exim and gmail
This whitelisting seems not to work at all. So I'm trying to add 209.85.128.0/17 # GMail 74.125.0.0/16 # GMail to /var/lib/greylistd/whitelist-hosts which is used by greylistd itself. Hopefully it would allow mails throw. But I'm not sure, if those changes will survive updates. -- Virgo Pärna virgo.pa...@mail.ee -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnm56khc.573.virgo.pa...@dragon.gaiasoft.ee
Re: WLAN router doesn't provide fix IP addresses
Thanks a lot for the answer, I think I'll look deeper into avahi.
Le 31 oct. 2014 à 09:45, "Karl E. Jorgensen" a écrit :
> Hi
>
> On Fri, Oct 31, 2014 at 09:28:33AM +0100, B. M. wrote:
>> Hi list,
>>
>> I have a problem with my (w)lan setup. We use telephone and
>> internet over the cable network and the company gives us a wlan
>> modem for free. Unfortunately this modem doesn't allow me to specify
>> fix IPs in the internal network for all of our machines.
>
> Well - even if it doesn't, surely it allows you to specify which
> *range* of IP addresses should be used for DHCP?
>
> There is nothing wrong with configuring a server with a fixed IP
> address (=not use DHCP client), as long as you use the correct
> network, netmask and default gateway.
>
>> Nevertheless I setup an owncloud server on one machine (which is
>> somehow our "server" but not always running), including SSL
>> encryption with a self-signed certificate for its IP address. That
>> worked well for a couple of months because the IP addresses didn't
>> change (although they were not fixed).
>
> Oh. certificates for IP addresses is a new one on me :-)
>
>> Now due to a technical problem our modem got replaced all of the IP
>> addresses changed. (I did expect that for sometime in the
>> future... but not so early...)
>>
>> Since it's impossible to manually define the IP addresses, I've a
>> problem. Of course I could create a new certificate, put it on all
>> other machines and adjust all settings (owncloud server address...);
>> but that's quite an hassle.
>
> Do the machines use avahi (or mdns? I'm actually not sure of the name,
> but having libnss-mdns installed and "mdns4" mentioned in
> /etc/nsswitch.conf would indicate so).
>
> If so, you should be able to use "${hostname}.local" instead of an IP
> address, and the multicast DNS resolution would sort things out.
>
>> So I wanted to ask if there are other possibilities? I can define
>> one or two DNS server in the modem's config. Would it work to setup
>> my main machine (which is not always running) as an internal DNS
>> server and use the hostnames instead of the IP addresses?
>
> That is also a possibility. But if it is only for facilitating a
> single server, then it's overkill. And it adds a single point of
> failure too: you would not be able to resolve IP addresses while the
> machine is down.
>
> If you already own/run a domain, you can also add a A record in the
> DNS for this to point to it - e.g. "owncloud.example.com IN A
> 192.168.0.45".
>
> Using an entry in /etc/hosts is also an option.
>
> Hope this helps
> --
> Karl E. Jorgensen
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: https://lists.debian.org/20141031084541.GB22377@hawking
>
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/34b18072-a4bf-4c61-9d30-64924c7cf...@gmx.ch
Re: WLAN router doesn't provide fix IP addresses
On Oct 31, 2014 11:24 AM, "B. M." wrote:
>
> Thanks a lot for the answer, I think I'll look deeper into avahi.
>
>
> Le 31 oct. 2014 à 09:45, "Karl E. Jorgensen" a
écrit :
>
> > Hi
> >
> > On Fri, Oct 31, 2014 at 09:28:33AM +0100, B. M. wrote:
> >> Hi list,
> >>
> >> I have a problem with my (w)lan setup. We use telephone and
> >> internet over the cable network and the company gives us a wlan
> >> modem for free. Unfortunately this modem doesn't allow me to specify
> >> fix IPs in the internal network for all of our machines.
> >
> > Well - even if it doesn't, surely it allows you to specify which
> > *range* of IP addresses should be used for DHCP?
> >
> > There is nothing wrong with configuring a server with a fixed IP
> > address (=not use DHCP client), as long as you use the correct
> > network, netmask and default gateway.
> >
> >> Nevertheless I setup an owncloud server on one machine (which is
> >> somehow our "server" but not always running), including SSL
> >> encryption with a self-signed certificate for its IP address. That
> >> worked well for a couple of months because the IP addresses didn't
> >> change (although they were not fixed).
> >
> > Oh. certificates for IP addresses is a new one on me :-)
> >
> >> Now due to a technical problem our modem got replaced all of the IP
> >> addresses changed. (I did expect that for sometime in the
> >> future... but not so early...)
> >>
> >> Since it's impossible to manually define the IP addresses, I've a
> >> problem. Of course I could create a new certificate, put it on all
> >> other machines and adjust all settings (owncloud server address...);
> >> but that's quite an hassle.
> >
> > Do the machines use avahi (or mdns? I'm actually not sure of the name,
> > but having libnss-mdns installed and "mdns4" mentioned in
> > /etc/nsswitch.conf would indicate so).
> >
> > If so, you should be able to use "${hostname}.local" instead of an IP
> > address, and the multicast DNS resolution would sort things out.
> >
> >> So I wanted to ask if there are other possibilities? I can define
> >> one or two DNS server in the modem's config. Would it work to setup
> >> my main machine (which is not always running) as an internal DNS
> >> server and use the hostnames instead of the IP addresses?
> >
> > That is also a possibility. But if it is only for facilitating a
> > single server, then it's overkill. And it adds a single point of
> > failure too: you would not be able to resolve IP addresses while the
> > machine is down.
> >
> > If you already own/run a domain, you can also add a A record in the
> > DNS for this to point to it - e.g. "owncloud.example.com IN A
> > 192.168.0.45".
> >
> > Using an entry in /etc/hosts is also an option.
> >
> > Hope this helps
> > --
> > Karl E. Jorgensen
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
listmas...@lists.debian.org
> > Archive: https://lists.debian.org/20141031084541.GB22377@hawking
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmas...@lists.debian.org
> Archive:
https://lists.debian.org/34b18072-a4bf-4c61-9d30-64924c7cf...@gmx.ch
>
You could also look into building your own dns+dhcp server. I have a
Raspberry pi, which is always on and runs isc-dhcp-server and bind9.
Or you could try dnsmask, might prove easier to setup/maintain.
The list will assist with any of these.
Cheers!
--
Sent from my Brick(TM)
Re: Preventing the computer from shutting down.
also sprach Karl E. Jorgensen [2014-10-31 09:21 +0100]: > Personally, I would have preferred molly-guard to use dpkg-divert, > but it works as it is. It does, since 0.5-1, but that needs to be uploaded still. I am checking… -- .''`. martin f. krafft @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems "syntactic sugar causes cancer of the semicolon." -- epigrams in programming digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Re: Suggestion for systemd and /usr on seperate partition
* David Baron [2014-10-31 10:22 +0200]: > On Thursday 30 October 2014 19:46:26 Elimar Riesebieter wrote: [...] > > To mount /usr at boottime you need to boot with an initramfs. > > > > Therefor you need at least > > > > ii initramfs-tools 0.118 > > ii util-linux 2.25.2-2 > > > > which are available in sid. I don't know wheather this works on an > > encrypted /usr, but at the end it works on sysvinit, upstart and > > systemd. Check the BTS for initramfs-tools and util-linux. > > > > Elimar > > Cool. I have not yet upgraded to 0.118 because of serious bugs. > How might I set it up to mount /usr at boot time? Just upgrade to sid. Didn't found the way to jessie yet because of some RC bugs. > (Alternatively: Used to be possible to demand certain modules be > included in the initrd. Initramfs now defaults to "all/most." I > used to use "dep." Were some item in /usr... be actually needed at > boot, could that be specified for inclusion to initramfs?) It's your decision. MODULES=most should be okay. BUSYBOX=y is essential. Elimar -- We all know Linux is great... it does infinite loops in 5 seconds. -Linus Torvalds -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141031120827.gb1...@galadriel.home.lxtec.de
Re: WLAN router doesn't provide fix IP addresses
Hello,
On 31/10/14 09:45, Karl E. Jorgensen wrote:
On Fri, Oct 31, 2014 at 09:28:33AM +0100, B. M. wrote:
Hi list,
I have a problem with my (w)lan setup. We use telephone and
internet over the cable network and the company gives us a wlan
modem for free. Unfortunately this modem doesn't allow me to specify
fix IPs in the internal network for all of our machines.
Well - even if it doesn't, surely it allows you to specify which
*range* of IP addresses should be used for DHCP?
There is nothing wrong with configuring a server with a fixed IP
address (=not use DHCP client), as long as you use the correct
network, netmask and default gateway.
That seems the way to go to me.
Nevertheless I setup an owncloud server on one machine (which is
somehow our "server" but not always running), including SSL
encryption with a self-signed certificate for its IP address. That
worked well for a couple of months because the IP addresses didn't
change (although they were not fixed).
Now due to a technical problem our modem got replaced all of the IP
addresses changed. (I did expect that for sometime in the
future... but not so early...)
Since it's impossible to manually define the IP addresses, I've a
problem. Of course I could create a new certificate, put it on all
other machines and adjust all settings (owncloud server address...);
but that's quite an hassle.
Do the machines use avahi (or mdns? I'm actually not sure of the name,
but having libnss-mdns installed and "mdns4" mentioned in
/etc/nsswitch.conf would indicate so).
A quick research suggests you need avahi-daemon for propagation of
.local-domains, e.g. for machines that need to be discovered, and
libnss-mdns for discovery of the former.
For the name, the description of libnss-mdns says:
"Multicast DNS (using Zeroconf, aka Apple Bonjour / Apple Rendezvous )"
It seems to have many names.
If so, you should be able to use "${hostname}.local" instead of an IP
address, and the multicast DNS resolution would sort things out.
So I wanted to ask if there are other possibilities? I can define
one or two DNS server in the modem's config. Would it work to setup
my main machine (which is not always running) as an internal DNS
server and use the hostnames instead of the IP addresses?
That is also a possibility. But if it is only for facilitating a
single server, then it's overkill. And it adds a single point of
failure too: you would not be able to resolve IP addresses while the
machine is down.
Maybe I'm mistaken, but wouldn't this just shift the problem to the
internal DNS? It will still need a static IP or mDNS. Adding to that, it
would need to be the only DNS in the router's config, as you cannot
guarantee which one the router will use otherwise and the owncloud
server wouldn't be discoverable via the second(public) DNS. And having
your only DNS on a machine "which is not always running" seems a bad idea.
If you already own/run a domain, you can also add a A record in the
DNS for this to point to it - e.g. "owncloud.example.com IN A
192.168.0.45".
That would need dynamic DNS if the IP is still obtained via DHCP. And
having a public DNS propagating a private IP will make reverse lookups
impossible, I think. Correct my if I'm wrong.
Using an entry in /etc/hosts is also an option.
This seems the way to make the machine discoverable by name, but would
still need a fixed IP for the owncloud server.
Summarizing, mDNS generally seems to be the easiest way. But if you use
a static IP for your owncloud server you will need to change less with
your current setup, it seems.
Best wishes,
Simon
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5453890d.8010...@gmail.com
Re: Problems with greylistd and exim and gmail
On Fri, 31 Oct 2014 09:11:08 + (UTC), Virgo Pärna wrote: > This whitelisting seems not to work at all. So I'm trying to add > 209.85.128.0/17 # GMail > 74.125.0.0/16 # GMail > > to /var/lib/greylistd/whitelist-hosts which is used by greylistd itself. > That does not seem to work also... WTF is going on... I had mail graylisted, that was from server, that is in /etc/greylistd/whitelist-hosts by exact IP: 209.85.212.187 Greylisting was installed with greylistd-setup-exim4. And I even removed it and then added it with -netmask=24. I did try setting singlecheck and singleupdate to true. But I'm tuning them to false again. -- Virgo Pärna virgo.pa...@mail.ee -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnm572mt.dcb.virgo.pa...@dragon.gaiasoft.ee
Debian on Panasonic laptop
Hi, Can I install debian on a PANASONIC laptop ( Panasonic Toughbook CF T8) with tactil screen? Thanks Regards Alex
Re: Debian on Panasonic laptop
On 31/10/14 09:28 AM, apado...@padoly.besaba.com wrote: Hi, Can I install debian on a PANASONIC laptop ( Panasonic Toughbook CF T8) with tactil screen? Thanks Regards Alex I assume you are really asking "what features may not work if I install ...". Why not test it with a live CD to see if everything works? If you are asking to determine if you want to purchase one, try googling the particular feature(s) you want along with "debian" and/or "linux". In general, laptops work fairly well but the peculiarities of the hardware may mean that some features don't work will all, or in some cases any, distributions. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/545397d9.4020...@torfree.net
Re: Debian on Panasonic laptop
On Fri, Oct 31, 2014 at 01:28:47PM +, apado...@padoly.besaba.com wrote: > > > Hi, > > Can I install debian on a PANASONIC laptop ( Panasonic > Toughbook CF T8) with tactil screen? Yes. You may need to spend a while afterwards configuring the touch screen. -dsr- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141031135821.ga23...@randomstring.org
apt as a user
I'm trying to allow an apt user to run apt* commands. I've got this polkit: /etc/polkit-1/localauthority/30-site.d/10-org.com.foo.apt.pkla [Configuration] AdminIdentities=unix-user:apt Action=org.debian.apt.* ResultAny=no ResultInactive=no ResultActive=yes However when I: su - apt it looks like nothing has changed: $ apt-get update E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied) E: Unable to lock directory /var/lib/apt/lists/ E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied) E: Unable to lock the administration directory (/var/lib/dpkg/), are you root? I've got aptdaemon installed. Any idea what I'm doing wrong here? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cah_obidzwkugqo++pgcvau-u2fwszt+ro+xcmmtn0jtgnj4...@mail.gmail.com
Re: Problems with greylistd and exim and gmail
On Fri, 31 Oct 2014 09:11:08 + (UTC) Virgo Pärna wrote: > This whitelisting seems not to work at all. So I'm trying to add > 209.85.128.0/17 # GMail > 74.125.0.0/16 # GMail > > to /var/lib/greylistd/whitelist-hosts which is used by greylistd > itself. Hopefully it would allow mails throw. But I'm not sure, if > those changes will survive updates. > Does it work in /etc/exim4/local_host_whitelist? The callout to greylistd may occur after exim's own whitelist is checked. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141031160319.16e8e...@jresid.jretrading.com
Re: apt as a user
On Fri, Oct 31, 2014 at 12:05 PM, Mario Castelán Castro wrote: > El 31/10/14 09:29, shawn wilson escribió: > >> I'm trying to allow an apt user to run apt* commands. I've got this >> polkit: >> >> /etc/polkit-1/localauthority/30-site.d/10-org.com.foo.apt.pkla >> >> [Configuration] >> AdminIdentities=unix-user:apt >> Action=org.debian.apt.* >> ResultAny=no >> ResultInactive=no >> ResultActive=yes >> >> However when I: su - apt >> it looks like nothing has changed: >> >> $ apt-get update >> E: Could not open lock file /var/lib/apt/lists/lock - open (13: >> Permission denied) >> E: Unable to lock directory /var/lib/apt/lists/ >> E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission >> denied) >> E: Unable to lock the administration directory (/var/lib/dpkg/), are you >> root? >> >> I've got aptdaemon installed. Any idea what I'm doing wrong here? > > > I'm not an expert in Debian package management, but I think that the error > is what it says, the user lacks appropriate permissions for those files and > directories. I recommend that you configure sudo to allow those users to > invoke at least apt-get. You can also use sudo to log the commands and even > the command line interaction. See the man page of sudo and sudoers. > Arg, I forgot to mention the reason I'm doing this: Right now I only allow http(s) out to repo servers on certain times that we do updates: -A FORWARD -d -i eth5 -p tcp -m tcp --sport 1024:65535 --dport 80 -m time --weekdays --datestop -j ACCEPT What I want is a way to limit it to a command. The only way I know how to do that is to specify --uid-owner in iptables > Bear in mind that users who can install and uninstall packages can make the > system unusable or purposely install a vulnerable package to perform > privilege escalation. If they can add repositories, they can easily direct > the package manager to a specially crafted package which will give them root > access without the need to exploit an existing package. If you wouldn't > trust root access to those users, don't give them package management > capabilities. > So my original thought was to use pkexec and set the user to /bin/false but pkexec wants to ask me for a password - since I don't have/know/want to use a password (all logins are ssh with keys) IDK that's going to work. So just a user to su into in order to run the command should be ok? Security wise - I'm always open to being checked. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cah_obifh3daadfyrup51dvl9in6fuyvcoq+dcy3qxr7mafm...@mail.gmail.com
Re: apt as a user
On Fri, Oct 31, 2014 at 12:17 PM, shawn wilson wrote: > On Fri, Oct 31, 2014 at 12:05 PM, Mario Castelán Castro > wrote: >> El 31/10/14 09:29, shawn wilson escribió: > -A FORWARD -d -i eth5 -p tcp -m tcp --sport 1024:65535 > --dport 80 -m time --weekdays --datestop -j ACCEPT > Also, that was from our firewall box - obviously in order to do this, I'll have to loosen that up and do the --uid-owner on the local box (which is fine - that rule should jump to a accept_log chain anyway). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cah_obifrpx7u8ejy8xjbdh-btwvyywrakqggrnncta_-hxr...@mail.gmail.com
Systemd and Unix
I have heard a lot of talk about how systemd deviates from the unix philosophy. What is the unix philosophy, how does debian follow it, and why does systemd break it?
Re: apt as a user
On 2014-10-31 17:17, shawn wilson wrote: > On Fri, Oct 31, 2014 at 12:05 PM, Mario Castelán Castro > wrote: >> El 31/10/14 09:29, shawn wilson escribió: >> >>> I'm trying to allow an apt user to run apt* commands. I've got this >>> polkit: >>> >>> /etc/polkit-1/localauthority/30-site.d/10-org.com.foo.apt.pkla >>> >>> [Configuration] >>> AdminIdentities=unix-user:apt >>> Action=org.debian.apt.* >>> ResultAny=no >>> ResultInactive=no >>> ResultActive=yes >>> >>> However when I: su - apt >>> it looks like nothing has changed: >>> >>> $ apt-get update >>> E: Could not open lock file /var/lib/apt/lists/lock - open (13: >>> Permission denied) >>> E: Unable to lock directory /var/lib/apt/lists/ >>> E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission >>> denied) >>> E: Unable to lock the administration directory (/var/lib/dpkg/), are you >>> root? >>> >>> I've got aptdaemon installed. Any idea what I'm doing wrong here? If I'm reading the description and documentation of aptdaemon right, you need to use an aptdaemon client, which would be aptdcon in the same package. But the fetching and installation would then be done by aptdaemon, which would still be run as root and not the user executing aptdcon. >> >> I'm not an expert in Debian package management, but I think that the error >> is what it says, the user lacks appropriate permissions for those files and >> directories. I recommend that you configure sudo to allow those users to >> invoke at least apt-get. You can also use sudo to log the commands and even >> the command line interaction. See the man page of sudo and sudoers. >> > Arg, I forgot to mention the reason I'm doing this: > Right now I only allow http(s) out to repo servers on certain times > that we do updates: > -A FORWARD -d -i eth5 -p tcp -m tcp --sport 1024:65535 > --dport 80 -m time --weekdays --datestop -j ACCEPT > > What I want is a way to limit it to a command. The only way I know how > to do that is to specify --uid-owner in iptables > >> Bear in mind that users who can install and uninstall packages can make the >> system unusable or purposely install a vulnerable package to perform >> privilege escalation. If they can add repositories, they can easily direct >> the package manager to a specially crafted package which will give them root >> access without the need to exploit an existing package. If you wouldn't >> trust root access to those users, don't give them package management >> capabilities. >> > So my original thought was to use pkexec and set the user to > /bin/false but pkexec wants to ask me for a password - since I don't > have/know/want to use a password (all logins are ssh with keys) IDK > that's going to work. So just a user to su into in order to run the > command should be ok? Security wise - I'm always open to being > checked. > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5453bb72.8010...@ulukai.org
Re: apt as a user
El 31/10/14 09:29, shawn wilson escribió: I'm trying to allow an apt user to run apt* commands. I've got this polkit: /etc/polkit-1/localauthority/30-site.d/10-org.com.foo.apt.pkla [Configuration] AdminIdentities=unix-user:apt Action=org.debian.apt.* ResultAny=no ResultInactive=no ResultActive=yes However when I: su - apt it looks like nothing has changed: $ apt-get update E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied) E: Unable to lock directory /var/lib/apt/lists/ E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied) E: Unable to lock the administration directory (/var/lib/dpkg/), are you root? I've got aptdaemon installed. Any idea what I'm doing wrong here? I'm not an expert in Debian package management, but I think that the error is what it says, the user lacks appropriate permissions for those files and directories. I recommend that you configure sudo to allow those users to invoke at least apt-get. You can also use sudo to log the commands and even the command line interaction. See the man page of sudo and sudoers. Bear in mind that users who can install and uninstall packages can make the system unusable or purposely install a vulnerable package to perform privilege escalation. If they can add repositories, they can easily direct the package manager to a specially crafted package which will give them root access without the need to exploit an existing package. If you wouldn't trust root access to those users, don't give them package management capabilities. Regards. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5453b364.5090...@yandex.com
Camera SD card mounting problems (defined by systemd)
I have a line in my /etc/fstab file: #/dev/sde1/ /media/lumix-photos vfat users,rw,auto,iocharset=utf8,umask=000 0 Anytime I want to add photos off the SD card in my camera, I comment out the hashmark add the SD card to the reader, and reboot the computer. The SD card is mounted (/dev/sde1/) inside the folder lumix-photos. I then use shotwell to add the new photos that can then be worked over in GIMP. This solution has worked flawlessly for years, until now: log: mount: special device /dev/sde1/ does not exist log: media-lumix\x2dphotos.mount has failed dependency has failed for local file system log: defined-by: systemd Since /dev/sde1 is listed and described from the fdisk -l command how can it 'not' exits? What is meant by media-lumix(back slash!)x2dphotos.mount(?) Adding the SD card into the card reader after editing /etc/fstab then rebooting, causes the computer to go into emergency (? WTF) mode. Ctrl+d doesn't fix it. Going to the command prompt with the root password is the only solution. (i.e. editing the /etc/fstab file back like it was, removing the SD card, and rebooting.) I think it's ludicrous that adding an SD card that even has its own line in /etc/fstab, throws the whole system into 'emergency' mode. -- CK -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cbi1kcf9sj...@mid.individual.net
Re: apt as a user
On Fri, Oct 31, 2014 at 12:40 PM, Vanessa wrote:
> On 2014-10-31 17:17, shawn wilson wrote:
>> On Fri, Oct 31, 2014 at 12:05 PM, Mario Castelán Castro
>> wrote:
>>> El 31/10/14 09:29, shawn wilson escribió:
>>>
I'm trying to allow an apt user to run apt* commands. I've got this
polkit:
/etc/polkit-1/localauthority/30-site.d/10-org.com.foo.apt.pkla
[Configuration]
AdminIdentities=unix-user:apt
Action=org.debian.apt.*
ResultAny=no
ResultInactive=no
ResultActive=yes
However when I: su - apt
it looks like nothing has changed:
$ apt-get update
E: Could not open lock file /var/lib/apt/lists/lock - open (13:
Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission
denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you
root?
I've got aptdaemon installed. Any idea what I'm doing wrong here?
>
> If I'm reading the description and documentation of aptdaemon right, you
> need to use an aptdaemon client, which would be aptdcon in the same
> package. But the fetching and installation would then be done by
> aptdaemon, which would still be run as root and not the user executing
> aptdcon.
>
Ahha, that sorta worked:
$ aptdcon --safe-upgrade
The following packages will be upgraded (31):
[.]
Do you want to continue [Y/n]?Y
ERROR: You are not allowed to perform this action.
('system-bus-name', {'name': ':1.50'}): org.debian.apt.upgrade-packages
So, I'm guessing there's something wrong with my polkit rule?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/CAH_OBidMMDPKcr9NScW7=bpabfs_k2cqh9j_ct2+zx+aqy+...@mail.gmail.com
Re: Perfect Jessie is something like this...
Don Armstrong writes: > On Tue, 28 Oct 2014, lee wrote: >> As to package management: When you don't have a software installed, >> other software you have installed shouldn't depend on the software you >> don't have installed when the installed software doesn't use the >> software which is not installed. > > Except that it the software does depend on the shared library being > installed. Binaries which link against shared libraries must have the > shared library present to run. Otherwise they have a linker failure, and > never start running in the first place. Then the software shouldn't depend on a library it doesn't need. I don't consider it "need" when a library is merely there to do nothing. It's like keeping a trailer connected to your car all the time, with the main fuse of the trailers' circuit removed, just because the electricity could decide to want to try to flow through the outlet at the hitch in case you hit the break pedal. You don't use and don't need the trailer, yet you must have it because otherwise you couldn't drive around with the fuse removed. See how silly and what a bad solution this is? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87wq7g6t7s@gulltop.yagibdah.de
Re: Need help setting up printing in Jessie
Paul E Condon writes: > information? What happens is basically nothing. I select the B+W > print buffer from the file menu in the Emacs23-lucid window, and... > nothing comes out of my printer, and nothing is added to the jobs > list in CUPS. You might need to set a default printer, or use something like 'lpr -P my-printer'. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87sii46s8h@gulltop.yagibdah.de
Re: Preventing the computer from shutting down.
Mario Castelán Castro writes: > Hello. > > I can set up a script for backup with cron or anacron, but how can I > prevent the computer from shutting down while the backup is being > performed so as to not to leave it incomplete?. I'd try to fix the bug that makes it shut down. Do you have broken hardware or power failures, or is there something running that randomly shuts it down? PS: Look into /etc/X11 for some freedesktop.org directory. It may have some policy xml files you could modify to disable the shutdown. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87fve46qxl@gulltop.yagibdah.de
Re: Understanding DNS, Create an "Failover"
basti writes: > Hello, > last weekend my primary DNS-Server goes down, and some of my server > can't find each other. > > [...] > > How can I fix this? Set up a second name server which operates as slave of your primary one and use the slave as fallback? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87k33g6rfl@gulltop.yagibdah.de
Re: Perfect Jessie is something like this...
On Fri, 31 Oct 2014, lee wrote: > Don Armstrong writes: > > Except that it the software does depend on the shared library being > > installed. Binaries which link against shared libraries must have ^^ > > the shared library present to run. Otherwise they have a linker ^ > > failure, and never start running in the first place. > > Then the software shouldn't depend on a library it doesn't need. It needs the code paths of the library in some cases, therefore it links with the library, therefore the library must be installed if the binary is to run. > It's like keeping a trailer connected to your car all the time, with > the main fuse of the trailers' circuit removed, just because the > electricity could decide to want to try to flow through the outlet at > the hitch in case you hit the break pedal. If we're going to make car analogies, a more apt one is It's like a car manufacturer making a car which comes with a hitch mount even though you don't ever plan on using a trailer You can build your own car without it, but it's perfectly reasonable for the manufacturer to not offer that model without it. -- Don Armstrong http://www.donarmstrong.com I will not make any deals with you. I've resigned. I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own. I resign. -- Patrick McGoohan as Number 6 in "The Prisoner" -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141031190751.gm14...@teltox.donarmstrong.com
Re: Understanding DNS, Create an "Failover"
lee wrote: basti writes: Hello, last weekend my primary DNS-Server goes down, and some of my server can't find each other. [...] How can I fix this? Set up a second name server which operates as slave of your primary one and use the slave as fallback? bind, and dns in general, are designed for this: 1. you designate multiple nameservers with your registrar - which in turns forwards those records to the root nameservers (generally, you're expected to designate at least a primary and secondary) - so, right off the bat, when all of your nameservers are "published" (NS records are returned) 2. the trick is keeping the data synchronized - typically, you'll maintain the records in one of your nameservers and then enable synchronization between that server and your secondary server(s) -- bind supports both push and pull 3. a common practice is to have a "hidden" nameserver, where you maintain your records (e.g., on your own server), and then push/pull the definitive data to several other servers (e.g., heavy duty machines maintained by your data center operator or a commercial service) - that way you can manage the records on a system you control, but not have to eat the data load (and potential DOS attacks) of queries from the outside world It's a bit tricky to set up the first time, then it just runs itself, except when you change records. (If I'm a little foggy on the details, it's because I haven't had to touch our nameservers in a long time. They just hum along). I would recommend getting a good book on the subject - "DNS & Bind" from O'Reilly is pretty good, though I don't know when they've last updated it. Several other notes: - While BIND is the definitive nameserver, there are others (e.g., PowerDNS). Some of the others might be easier to administer (GUI vs. text files, that sort of thing). - Webmin has a nice admin interface for bind. - dnsstuff.com has some nice tools for monitoring and troubleshooting DNS, and their free toolset is enough for most things Or.. you could just farm it all out to someone else. Pretty much every registrar will provide DNS for you, as well as as lots of other services. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5453e031.8070...@meetinghouse.net
Re: Perfect Jessie is something like this...
Don Armstrong wrote: It's like keeping a trailer connected to your car all the time, with the main fuse of the trailers' circuit removed, just because the electricity could decide to want to try to flow through the outlet at the hitch in case you hit the break pedal. If we're going to make car analogies, a more apt one is It's like a car manufacturer making a car which comes with a hitch mount even though you don't ever plan on using a trailer You can build your own car without it, but it's perfectly reasonable for the manufacturer to not offer that model without it. Well, if we're going to make car analogies... A lot of folks might observe that trailer hitches make parking in tight spaces difficult or impossible, increase the risk of backing into things, make it a lot harder to know where the back of your car is (unless, you also add a back-up camera), and possibly increase insurance costs as a result - making such a model unattractive to the bulk of car buyers who are more interested in city driving than hauling a trailer. One might go on to note that there are very few models of car (if any) that come standard with a trailer hitch. And one might go a bit further to suggest that: - a salesman who insisted on only showing vehicles with trailer hitches, would tick off a lot of potential customers, and probably be fired by the dealership - an automaker who only sold vehicles with trailer hitches, would probably be out of business pretty quickly Come to think of it, probably not a bad analogy at all. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5453e453.1040...@meetinghouse.net
Re: apt as a user
On 2014-10-31 19:36, shawn wilson wrote:
> On Fri, Oct 31, 2014 at 12:40 PM, Vanessa wrote:
>> On 2014-10-31 17:17, shawn wilson wrote:
>>> On Fri, Oct 31, 2014 at 12:05 PM, Mario Castelán Castro
>>> wrote:
El 31/10/14 09:29, shawn wilson escribió:
> I'm trying to allow an apt user to run apt* commands. I've got this
> polkit:
>
> /etc/polkit-1/localauthority/30-site.d/10-org.com.foo.apt.pkla
>
> [Configuration]
> AdminIdentities=unix-user:apt
> Action=org.debian.apt.*
> ResultAny=no
> ResultInactive=no
> ResultActive=yes
>
> However when I: su - apt
> it looks like nothing has changed:
>
> $ apt-get update
> E: Could not open lock file /var/lib/apt/lists/lock - open (13:
> Permission denied)
> E: Unable to lock directory /var/lib/apt/lists/
> E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission
> denied)
> E: Unable to lock the administration directory (/var/lib/dpkg/), are you
> root?
>
> I've got aptdaemon installed. Any idea what I'm doing wrong here?
>> If I'm reading the description and documentation of aptdaemon right, you
>> need to use an aptdaemon client, which would be aptdcon in the same
>> package. But the fetching and installation would then be done by
>> aptdaemon, which would still be run as root and not the user executing
>> aptdcon.
>>
> Ahha, that sorta worked:
> $ aptdcon --safe-upgrade
> The following packages will be upgraded (31):
> [.]
> Do you want to continue [Y/n]?Y
> ERROR: You are not allowed to perform this action.
>
> ('system-bus-name', {'name': ':1.50'}): org.debian.apt.upgrade-packages
>
>
> So, I'm guessing there's something wrong with my polkit rule?
After some experimenting (Thanks for the excuse to finally do some
polkit diggging :P ) it seems you need Identity instead of
AdminIdentities. Also the other Result* lines should be set to yes, too.
This worked for me:
[Configuration]
Identity=unix-user:apt
Action=org.debian.apt.*
ResultAny=yes
ResultInactive=yes
ResultActive=yes
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5453f138.7050...@ulukai.org
Re: Camera SD card mounting problems (defined by systemd)
On 10/31/2014 at 02:10 PM, Charles Kroeger wrote:
> I have a line in my /etc/fstab file:
>
> #/dev/sde1/ /media/lumix-photos vfat users,rw,auto,iocharset=utf8,umask=000
> 0
>
> Anytime I want to add photos off the SD card in my camera, I comment
> out the hashmark add the SD card to the reader, and reboot the
> computer. The SD card is mounted (/dev/sde1/) inside the folder
> lumix-photos. I then use shotwell to add the new photos that can then
> be worked over in GIMP. This solution has worked flawlessly for
> years, until now:
>
> log: mount: special device /dev/sde1/ does not exist
>
> log: media-lumix\x2dphotos.mount has failed dependency has failed for
> local file system
>
> log: defined-by: systemd
>
> Since /dev/sde1 is listed and described from the fdisk -l command how
> can it 'not' exits?
I suspect that /dev/sde1 exists, but /dev/sde1/ (with the trailing
slash) does not - i.e., /dev/sde1 is a device node, not a directory.
Assuming that trailing slash really is there in the fstab, I would
honestly not expect that fstab entry to work, just on that basis. It's
possible that older mount methods figured it out and accepted things
anyway ("be permissive in what you accept and rigid in what you emit"),
but that systemd is being more rigid and is not trying to do any such
gymnastics.
Try dropping the trailing slash from the fstab and see whether that
fixes anything.
> What is meant by media-lumix(back slash!)x2dphotos.mount(?)
I imagine that \x2 or \x2d is an escape code for some special character,
which is not being represented directly here for some reason. I don't
recognize the syntax or the context offhand, however.
> Adding the SD card into the card reader after editing /etc/fstab then
> rebooting, causes the computer to go into emergency (? WTF) mode.
> Ctrl+d doesn't fix it. Going to the command prompt with the root
> password is the only solution. (i.e. editing the /etc/fstab file back
> like it was, removing the SD card, and rebooting.)
>
> I think it's ludicrous that adding an SD card that even has its own
> line in /etc/fstab, throws the whole system into 'emergency' mode.
As I understand matters, systemd's logic is that it can't tell which
fstab entries are required for a "successful" boot unless the ones which
aren't are all labeled with "noauto", so whenever a boot-time mount of a
fstab entry fails systemd assumes that something might have gone wrong
and drops into emergency mode so that you can fix the problem. I believe
this is a side effect of systemd's "dependency-based" design.
If the mount failing isn't that critical, then the "right way" to fix
the problem under systemd's apparent design would probably be to add the
"noauto" label to the fstab, so that the device will not mount
automatically on boot.
If there's a way to configure a mount to be attempted at boot time, but
not fail the boot if the device is not present, I don't know what it is.
--
The Wanderer
The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw
signature.asc
Description: OpenPGP digital signature
Re: proofing searchable pdf files
On 10/30/2014 05:47 PM, Gary Roach wrote: Hi all, Problem: I am working on an archiving project and wish to archive documents to searchable pdf files but can't seem to figure out how to proof read and correct the text overlay. Any suggestions. Tesseract seems to do a really great job but I have no good way of proving this or correcting any mistakes. Some of the documents are 100 years old and may not be in such great shape. I can always retype everything but would like to avoid this, as much as possible, for obvious reasons. Gary R. OK more detail. First, searchable pdf files are a 2 layer file with the pdf vector graphics layer overlaying a text file. I have tried gimp but have not been able to separate the layers. Tesseract will show the text file but in box format. This seems to be Tesseract's native file structure (guessing) and is virtually unusable for proof reading. I have been able to use Dolphin and Okular to get rid of the boxes but Okular just replaces them with long strings of dots - also unusable for proof reading. Transfer of the pdf file to LibreOffice writer produces garbage. This is part of a medium sized, low budget archiving project that will process serveral thousand documents, all done by low tech volunteers. So I really need methods that are straight forward or can be automated to the idiot level. A method that will split the vector graphics and text files apart, allow editing of the text file and reassembling of the file is needed. I am having trouble believing that there isn't software out there that will do this but I have not been able to find it. Your comments so far have pointed me in several different directions but I still haven't found an efficient (or even viable) editing method. Your help is really appreciated. Gary R. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54540dde.2030...@verizon.net
Re: Debian on Panasonic laptop
On 01/11/14 00:28, apado...@padoly.besaba.com wrote: > Hi, > > > > Can I install debian on a PANASONIC laptop ( Panasonic Toughbook CF T8) > with tactil screen? Yes. For stable:- To enable sound you'll need:- echo >/etc/modprobe.d/alsa-base.conf 'options snd-hda-intel model=thinkpad' (and the usual unmute alsamixer) To enable the touchscreen you'll need xinput-calibrator (from Jessie), then (as root):- xinput-calibrator > /usr/share/X11/xorg.conf.d/99-calibration.conf Everything else "works out of the box(TM)" > > Thanks > > Regards > > Alex > > > > Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54541020.4050...@gmail.com
Re: Camera SD card mounting problems (defined by systemd)
On 31/10/14 21:31, The Wanderer wrote: If the mount failing isn't that critical, then the "right way" to fix the problem under systemd's apparent design would probably be to add the "noauto" label to the fstab, so that the device will not mount automatically on boot. If there's a way to configure a mount to be attempted at boot time, but not fail the boot if the device is not present, I don't know what it is. Use the well-documented fstab(5) option "nofail", which predates the creation of systemd. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54540e2b.7020...@zen.co.uk
Re: Preventing the computer from shutting down.
Am 31.10.2014 um 07:07 schrieb Don Armstrong: > On Thu, 30 Oct 2014, Joey Hess wrote: >> Don Armstrong wrote: >>> systemd-inhibit --who='backup script' --why='backup is running currently' \ >>> --mode=block yourbackupscript; >> >> This doesn't currently prevent either /sbin/shutdown or eg, the >> lightdm menu item from shutting the system down. It does inhibit >> systemctl reboot/halt. > > Huh. That seems kind of unfortunate (and weird, because /sbin/shutdown > is symlinked to systemctl here; I would have expected /sbin/shutdown to > be a special case of systemctl halt.) > > This is probably at least a documentation bug, and possibly a real bug. That sounds like a real bug, yes. And worth bringing up upstream. Feel free to file a bug against the Debian package, so we don't forget about this. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Re: Preventing the computer from shutting down.
Thanks everybody for their help. I will use molly-guard to guard from accidental shut down from the CLI. Is there something like molly-guard for the LXDE power off/close session button?. I must clarify that what I mean by “preventing the computer from shutting down” is preventing the operator from inadvertently shutting down or rebooting the system while it is undergoing a backup. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/545408c3.1090...@yandex.com
Re: proofing searchable pdf files
On 10/31/2014 06:31 PM, Gary Roach wrote: On 10/30/2014 05:47 PM, Gary Roach wrote: Hi all, This is part of a medium sized, low budget archiving project that will process serveral thousand documents, all done by low tech volunteers. So I really need methods that are straight forward or can be automated to the idiot level. A method that will split the vector graphics and text files apart, allow editing of the text file and reassembling of the file is needed. I am having trouble believing that there isn't software out there that will do this but I have not been able to find it. Your comments so far have pointed me in several different directions but I still haven't found an efficient (or even viable) editing method. Your help is really appreciated. Gary R. Inkscape uses vector graphics. Can you open the file in Inkscape? Don't know what it might do with two layers. I mentioned a drafting program earlier--DraftSight or AutoCAD LT. If you have one of these (DraftSight is free to non-commercial users) maybe you can cut and paste the two-layer file from whatever opened it into the cad program, and then separate the layers, since the cad program natively uses layers in its layout program, so as, for example, to show two sides of a circuit board, or whatever. It is designed to let you look at one layer or the other, or both together. The trick, obviously, is to separate the layers, and I don't have any idea if D/S will do that for you. Maybe you could convert the file from whatever type it is into a .dwg file, which would be native to the cad programs. Or a .dxf file. AutoCad and DraftSight should be able to read either format. (The native format is .dwg, but you can import a .dxf file. It's designed to do that. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/545417fb.1000...@optonline.net
Re: Camera SD card mounting problems (defined by systemd)
On 10/31/2014 at 06:33 PM, Martin Read wrote: > On 31/10/14 21:31, The Wanderer wrote: > >> If the mount failing isn't that critical, then the "right way" to >> fix the problem under systemd's apparent design would probably be >> to add the "noauto" label to the fstab, so that the device will not >> mount automatically on boot. >> >> If there's a way to configure a mount to be attempted at boot time, >> but not fail the boot if the device is not present, I don't know >> what it is. > > Use the well-documented fstab(5) option "nofail", which predates the > creation of systemd. Thanks. I don't recall having been aware of that, but it would be exactly what I was looking for on that note. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Perfect Jessie is something like this...
Don Armstrong writes: > On Fri, 31 Oct 2014, lee wrote: >> Don Armstrong writes: >> > Except that it the software does depend on the shared library being >> > installed. Binaries which link against shared libraries must have >^^ >> > the shared library present to run. Otherwise they have a linker > ^ >> > failure, and never start running in the first place. >> >> Then the software shouldn't depend on a library it doesn't need. > > > It needs the code paths of the library in some cases, therefore it links > with the library, therefore the library must be installed if the binary > is to run. It doesn't need these code paths. The library doesn't do anything unless you do have the software actually running which the library makes useable --- at least that's what was said. Of course, not all cases are the same, yet in this case, the library shouldn't be installed unless the software it is for is installed. >> It's like keeping a trailer connected to your car all the time, with >> the main fuse of the trailers' circuit removed, just because the >> electricity could decide to want to try to flow through the outlet at >> the hitch in case you hit the break pedal. > > If we're going to make car analogies, a more apt one is > > It's like a car manufacturer making a car which comes with a hitch > mount even though you don't ever plan on using a trailer > > You can build your own car without it, but it's perfectly reasonable for > the manufacturer to not offer that model without it. Like Miles said ... It's just the same as having to tow the trailer all the time. I'd get better mileage without the obsolete mount because the car would weigh less, and the mount would only catch rust. Why would I buy that? It's totally unreasonable. If you want another analogy: You have to buy a more powerful computer all the time because more and more obsolete things are being installed which slow it down. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/877fzf6608@gulltop.yagibdah.de
Re: bc menu files? (Re: Perfect Jessie is something like this...)
On Wed, Oct 29, 2014 at 11:59 PM, Christian Seiler wrote: > Am 2014-10-29 15:42, schrieb Joel Rees: >> >> And that tells me exactly zip about why bc doesn't show up in my XFCE4 >> menus. (I mean the pointy-clicky ones.) > > > I suspect XFCE4, like most DEs available, only parses XDG .desktop > files, and doesn't parse Debian's menu system. Yeah. That seems to be the case. > If you read through the > TC bug, you'll see that the current situation is complicated[tm]. Why do people make things so complicated? :) >> I suppose I should try booting non-gui and starting up a desktopless >> window manager to see if I can get those menus in one of those? > > > Probably, I haven't tried. Someday. Especially since ... >> Not that I'm interested in running bc from the menu. What I'm really >> interested in is a way not to lose track of all those cool hex editors >> and network analyzers that I've installed and forgotten about. > > > apt-get install pdmenu Nice. Thanks. (Kudos to Joey for making it, too.) That should be advertised more prominently. I'm almost inclined to think it should be part of the default install, although those who want to get rid of the debian menus would have a fit about it. But here's an argument in favor of keeping the debian menus -- those are a lot less involved than the desktop menus and provide a decent way to track non-gui executable applications. > Doesn't even need X11, has next to no dependencies. You could even > install it on a server without loosing your 'real server admins[tm] > don't use GUIs' credentials. ;-) Heh. Well, I don't find an "Applications" menu in my XFCE4 menus. So there's no place for the "Debian" menu that used to be there (and I remember it now) but has been hidden. So I thought, just for fun, I'd run update-menus as an ordinary user, and now the XFCE4 "Others" menu, which had only two items before, is packed with all the debian menu items in one flat list. That was not very friendly. I take it there's a developer somewhere that has taken an active dislike to debian menus and is deliberately trying to make everyone hate them. (Especially considering the TC bug you mention above.) -- Joel Rees Be careful when you see conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy. Arm yourself with knowledge of yourself. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caar43ini1fskowjo9+qo8d-nrh8xpy2_ozblntmu3ytseet...@mail.gmail.com
a perfect car analogy for a perfect Jessie is something like this...
On Sat, Nov 1, 2014 at 4:07 AM, Don Armstrong wrote: > On Fri, 31 Oct 2014, lee wrote: >> Don Armstrong writes: >> > Except that it the software does depend on the shared library being >> > installed. Binaries which link against shared libraries must have >^^ >> > the shared library present to run. Otherwise they have a linker > ^ >> > failure, and never start running in the first place. I think Lee is sanguine to this point, although his earlier posts seemed ambiguous. >> Then the software shouldn't depend on a library it doesn't need. > > It needs the code paths of the library in some cases, therefore it links > with the library, therefore the library must be installed if the binary > is to run. Which kind of belabors the point. >> It's like keeping a trailer connected to your car all the time, with >> the main fuse of the trailers' circuit removed, just because the >> electricity could decide to want to try to flow through the outlet at >> the hitch in case you hit the break pedal. > > If we're going to make car analogies, a more apt one is > > It's like a car manufacturer making a car which comes with a hitch > mount even though you don't ever plan on using a trailer > > You can build your own car without it, but it's perfectly reasonable for > the manufacturer to not offer that model without it. I would not have picked that analogy, Miles points out why for one style of hitch. But in-bumper hitches have been indicated as the failure point in a number of accidents involving trailers. I had a truck built back in the '70s, with an in-bumper hitch and holes in the bumper to attach chain hooks. It was a reinforced bumper, theoretically designed to take the strain. But a police officer advised me not to use the hitch, and I think my insurance company said they wouldn't insure me when I was driving with a trailer attached to it. The manual even specified limits that were ridiculously small -- six-foot overall length, quarter-ton load or something like that. We would have had to do some after-market work on the frame, add stronger springs, and change the bumper, to tow even a small RV or a real utility trailer. A better analogy would have been designing the chassis with a reinforced frame and built-in bracketing, so that mounting a real hitch would not require after-market alterations. And then things devolve into a morass of interpretations about how you define the structure, partition it into modules, and so forth. Not to mention the question of why debian should be only for truck-like recreational and pseudo-utility vehicles. And I think this is basically the problem. The people at opendesktop.org have a vision of Linux that is shared by a lot of people who are interested in desktop systems, and networks of desktop systems managed by managers who don't want to use the command line. That almost works for the Fedora crowd, especially now that most of those who didn't like it jumped ship. It works for the Mint crowd. I don't think it works for more than about half the debian crowd. (I personally would have chosen a metaphor about cars with built-in entertainment/communication/navigation systems, but that's me. :) -- Joel Rees Be careful when you see conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy. Arm yourself with knowledge of yourself. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAAr43iMpXEaVC34NpvV552ru162guQi7RQrPM11iix+7=y-...@mail.gmail.com
Re: bc menu files? (Re: Perfect Jessie is something like this...)
Joel Rees writes: > On Wed, Oct 29, 2014 at 11:59 PM, Christian Seiler wrote: >> I suspect XFCE4, like most DEs available, only parses XDG .desktop >> files, and doesn't parse Debian's menu system. > > Yeah. That seems to be the case. I asked about a similar issue and somebody told me how to create a second menu that has the debian menu. Just add another application menu to the panel, and then right click on it and select properties. At the bottom of the box select the custom menu file and set it to /etc/xdg/menus/debian-menu.menu. Close that and you should have a debian menu. -- Carl Johnsonca...@peak.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8761ez8tt3.fsf@elk.localnet
How to use the network-manager-strongswan
Hello, I want to use the network-manager-strongswan to connect ikev2 vpn server, but I can not find how to configure the network-manager-strongswan via UI or configuration file. Could you tell me how to use it if you know? Thank you very much! Gulfstream -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54545924.6060...@gmail.com
How to use the network-manager-strongswan
Hello, I want to use the network-manager-strongswan to connect ikev2 vpn server, but I can not find how to configure the network-manager-strongswan via UI or configuration file. Could you tell me how to use it if you know? Thank you very much! My debian version is testing, and the window manager is gnome 3.14. Gulfstream -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5454599d.4050...@gmail.com
Re: bc menu files? (Re: Perfect Jessie is something like this...)
On Sat, Nov 1, 2014 at 12:48 PM, Carl Johnson wrote: > Joel Rees writes: > >> On Wed, Oct 29, 2014 at 11:59 PM, Christian Seiler >> wrote: >>> I suspect XFCE4, like most DEs available, only parses XDG .desktop >>> files, and doesn't parse Debian's menu system. >> >> Yeah. That seems to be the case. > > I asked about a similar issue and somebody told me how to create a > second menu that has the debian menu. Just add another application > menu to the panel, and then right click on it and select properties. At > the bottom of the box select the custom menu file and set it to > /etc/xdg/menus/debian-menu.menu. Close that and you should have a > debian menu. Okay. Now I get it. In XFCE, it's a second application menu in the already overcrowded panel. In fact, I need a second auto-hiding panel anyway to uncrowd my primary panel, so I'll just put that applications panel there. Not pretty icons, but I can live with that. I can find the things I'd forgotten I'd installed. This is going to more than double debian's usefulness for me. Suddenly I have a reason not to let the systemd fooferall push me to jump ship. Why would anyone want to hide that instead of explaining it? -- Joel Rees Be careful when you see conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy. Arm yourself with knowledge of yourself. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAAr43iMR77nuxPo2-G+T9amOH7j=f2V-H=p4QnA3=n-abt5...@mail.gmail.com
Re: Camera SD card mounting problems (defined by systemd)
On Sat, 01 Nov 2014 00:30:02 +0100 The Wanderer wrote: >I suspect that /dev/sde1 exists, but /dev/sde1/ (with the trailing slash) does >not - i.e., />dev/sde1 is a device node, not a directory. Yes, the extra forward slash was there (indicating a directory)..interesting. Anyway. I removed the now offending symbol. Thanks for this information. Martin Read wrote: >Use the well-documented fstab(5) option "nofail", which predates the creation of systemd. I replaced 'auto' in the fstab line with 'nofail.' Thanks for this reminder. I will test out the new configuration tomorrow. If you don't hear from me again it worked. -- CK -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cbjc24f9sj...@mid.individual.net
