Re: SATA errors (only) when on battery

[Gordon Messmer]

On 02/08/2018 03:53 AM, Clemens Eisserer wrote:

Is there a way to disable SATA link power management at the kernel command line?



Start by checking the value of 
/sys/class/scsi_host/*/link_power_management_policy


See: 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/power_management_guide/alpm

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Please help me with samba or my brain will explode.

[Gordon Messmer]

On Mon, Feb 12, 2018 at 10:16 AM, Илья Коскин  wrote:
> Hello everybody. Here is my problem. I have two computers, both with fedora 
> workstation 27, both with selinux disabled, both fully updated. Both have the 
> same configuration of samba:
> [global]
> usershare max shares = 5
> usershare allow guests = yes

The "net" man page indicates that "usershare path" should be set here.

> Both computers have directories /var/lib/samba/usershares with sticky bit 
> enabled.

Please include the output of "getfacl /var/lib/samba/usershares"

> But on one machine everything works just fine, but on another machine i only 
> can create dirs or files in the root of the "Share".
> For example, if I create directory foo, cd to there, and try to create 
> directory bar, samba sais that I don't have permissions! And on another 
> machine it works just fine!

Please include the output of "getfacl /home/kasak/Share/foo"
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: samba share without authentication

[Gordon Messmer]

On 02/24/2018 02:24 AM, François Patte wrote:

I read a lot of smb.conf that are supposed to configure samba to share a
folder without authentication (ie. everybody connected to the LAN can
access this folder) but all these config files are wrong... ie. when I
try to connect to the samba server (f27), from a windows computer, user
name and password are required!



In the global section, you should set "map to guest = Bad User", and in 
the share or printer spool section, set "guest ok = Yes". If Windows 
prompts for credentials, enter nothing.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: samba share without authentication

[Gordon Messmer]

On 02/24/2018 11:57 AM, Tom Horsley wrote:

(which they either made impossible or made so obscure it
might as well be impossible).



# cat /etc/samba/smb.conf
[global]
...
   map to guest = Bad User
[music]
    path = /home/samba/Music
    guest ok = Yes

$ smbclient //storage/music/ -U ''
Enter SAMBA\guest's password:
Try "help" to get a list of possible commands.
smb: \> ls
  .   D    0  Sat Dec 10 21:27:32 2016
  ..  D    0  Mon Feb 19 11:19:10 2018

Logged in with no password.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: samba share without authentication

[Gordon Messmer]

On 02/24/2018 05:37 PM, Tom Horsley wrote:

But can a windows 10 box automatically mount it
with no user interaction like it once could do
with public shares before they got rid of the
public share mode?



Yes.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: cups sucks!!!

[Gordon Messmer]

On 02/25/2018 10:42 AM, François Patte wrote:

I opened firefox on one computer and miracle: the printer attached to
the other computer is discovered and cups admin interface asks me if I
want to add this printer. Nice: the job is easy!!*But*  this does not
work at all!!



If I recall correctly, discovery is a matter of multicast DNS 
announcement.  Since the source announces the printer, firewall rules 
don't need to be adjusted to allow that.  However, you do need to adjust 
firewall rules to allow incoming IPP connections. Have you done that?

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: samba share without authentication

[Gordon Messmer]

On 02/26/2018 12:16 AM, François Patte wrote:

Ok! But this is not enough, you have to create a kind of dummy user on
your system and make this user a samba user.

See:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server



Everything on that page related to the creation or use of a user account 
falls under a section that reads "To provide authentication."


You're not trying to provide authentication.  So you don't need a user 
account.  If you're creating a user account, then it's not a guest 
account and you have to provide a password.  I see why you're confused, 
but that's the purpose of the "map to guest" setting.  You don't need to 
create an account to provide anonymous shares.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: cups sucks!!!

[Gordon Messmer]

Edit /etc/cups/cupsd.conf.  Change "Listen localhost:631" to "Listen *:631"
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: RH rpms, and installing using hardlinks vs symlinks

[Gordon Messmer]

On Fri, Mar 9, 2018 at 2:57 PM, Stephen Morris  wrote:
> No, what I was mentioning here is what I have read as standard linux
> functionality with copying, when a file is copied, and it doesn't matter
> where to, rather than create a 2nd copy of the file, the "copy" is created
> as a hard link to the original file, for storage efficiency, and then when
> one of the files is updated the hardlink is broken and both files become
> physical.


The only process I can think of that works even remotely like that is
rsnapshot (and similar backup systems).  In those setups, rsync will
create new files for the first backup.  On the second backup, it
creates hard links to all of the files in the set, first, and then
runs rsync to refresh the directory holding the newest backup.  When
rsync runs, it does not modify files in place, it creates a new file
and merges data from the local file and data from the remote file in
order to save bandwidth, according to its specialized algorithm.  When
it's done, it moves the new file into place, atomically updating the
path in the backup.

As you describe, rsnsapshot uses hard links to conserve disk space and
breaks links when it updates files.  My guess is that at some point in
the past, you read about rsnapshot or a similar backup system, and
later remembered their mode of operation as standard functionality.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: RH rpms, and installing using hardlinks vs symlinks

[Gordon Messmer]

On 03/10/2018 05:24 PM, Stephen Morris wrote:
I can't find the documentation any more, but I have found 
documentation on how to use copy the create the target as a hard link 
or as a soft link. It is possible I have incorrectly remembered what I 
had read, or it is possible over time that the standard copy 
functionality has changed and now you have to explicitly specify that 
you want that functionality. 



I'd forgotten the other system that works as you described: reflink.

"cp" supports a --reflink option, and on a few filesystems that 
implement it (btrfs, OCFS2, maybe xfs and zfs, I'm unclear on their 
status), you can create a CoW copy of a file.


Again, not standard behavior, not widely implemented, and relatively 
new, but this might be what you were thinking of.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: du Weirdness - how is this possible

[Gordon Messmer]

On 03/11/2018 11:48 AM, Philip Rhoades wrote:

Where has ~37GB disappeared to?



"ls -la 20180216/phil"

Are there dot-files in there that aren't being matched by the shell 
glob?  If so:


shopt -s dotglob
du -s -BG 20180216/phil/*
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: du Weirdness - how is this possible

[Gordon Messmer]

On 03/13/2018 01:19 PM, Stephen Morris wrote:
It just seems counter intuitive to me to have to issue another command 
(even if one knows of its existence) to get a command to function 
"properly". 



Having read this thread, I think you may still not grasp what the shell 
does and what command (du, in this case) does.


So, let's illustrate with the standard interview question: "How do you 
remove a file called '-r'?"


Let's say that you're perusing your filesystem, and you find that 
someone has created a file called "-r".  You want to remove it. How?  
You might start by running "rm -r".


When you enter a command into a shell, it copies your input into a 
buffer.  First, it breaks your input into words.  It uses the value of 
the IFS variable to determine what characters separate words.  In the 
above example, it will produce an array like ["rm", "-r"].  It will then 
do expansion of shell variables and globs (the details are in the 
EXPANSION section of "man bash"), though in this case there are neither 
in the command.  Finally, it will search the directories in the PATH 
variable (and also its aliases, shell functions, and built-ins) for a 
command that matches the first word in the list.  It will execute that 
program with its list as arguments.  Argument 0 will be "rm" and 
argument 1 will be "-r".


That's what the shell does.

Now the command runs and parses its arguments.  "rm" sees "-r" as an 
option argument.  It doesn't find any non-option arguments (files to 
remove), so it tells you that an operand is missing.


That's what the command does.

You haven't removed the "-r" file, so you try again.  Many people will 
try quoting the filename.  They'll run "rm '-r'".


The shell breaks the input into words again.  This time, it consumes the 
quotes, because they are meaningful to the shell. The word list is 
["rm", "-r"], same as the last time.  The outcome is the same.


Some people will try using a glob.  They'll run "rm ?r" or "rm *r".

The shell breaks the input into words.  This time, the list is ["rm, 
"?r"].  There are glob characters this time, so the shell expands 
those.  "?r" matches a filename, so it gets replaced with "-r" and the 
word list is now ["rm", "-r"].  The list is the same as the last one, 
and the outcome is the same.


So, how does that apply to your situation?

When you run "du /path/*", the shell breaks that into words: ["du", 
"/path/*"].  Since there are globs present, the shell replaces those 
before it runs the command.  It expands into ["du", "/path/a", 
"/path/b", ...].  The "*" isn't passed to the command, it's expanded by 
the shell.


When you enter "shopt -s dotglob", you're not modifying the behavior of 
"du", you're modifying the behavior of the shell. You're changing the 
way the shell handles globs, so that files with a dot prefix will be 
matched by globs.  When dotglob is enabled, the shell expands the same 
word set differently.  This time it might be ["du", "/path/.config", 
"/path/.local", "/path/a", ...].  "du" behaves exactly the same.  It 
knows nothing of the dotglob option.  It only reports the use for the 
files and directories that are given to it as arguments.  In the 
standard configuration, the shell won't give dot-files as arguments when 
it expands "*", but it will when you enable dotglob.


(And if you want to remove a file named "-r" you need to use a complete 
path ("/path/-r"), or a relative path ("./-r") or tell rm to stop 
parsing option arguments by giving it the "--" argument, as in "rm -- -r".)

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Wow, KVM is great :-)

[Gordon Messmer]

On 03/14/2018 03:20 PM, Raman Gupta wrote:

1) It seems the networking is not quite as straightforward as VMWare for a 
single-VM use case.



It can be.  If you want to used bridged networking, you have to create a 
bridge in Linux.  KVM doesn't handle that internally (which is to say, 
it doesn't duplicate functionality that exists in the OS).


If your existing Ethernet interface is "eth0", you could create the new 
bridge interface by running this command as root:


virsh iface-bridge eth0 br0 --no-stp

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: OT:Question on NVME disk direct access?

[Gordon Messmer]

On 04/02/2018 11:30 AM, Michael D. Setzer II wrote:

The user though, with a real 256G disk doesn't seem to get any compression
of the disk or partitions. Them resulting images are close to the same size as
the disks or partitions??



Does the user have LUKS encrypted partitions?  Encrypting the system is 
trivial, and I would imagine common.  If the user had selected the 
option to encrypt their system, a direct disk image would compress very 
little.


___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: HW and SW threats: how to block?

[Gordon Messmer]

On 04/10/2018 06:46 PM, Rick Stevens wrote:

Yes, I probably didn't say it well. I was inferring that if an outgoing
UDP destination port 53 request was sent, then I think the iptables
conntrack plugin opens incoming UDP traffic with a source port of 53
for some period of time, since this was (theoretically) a DNS request
that's expecting an answer.



It's slightly more intelligent than that.  Only "related" traffic will 
be allowed to return.  In the case of UDP, that means that the source 
and destination IP address must match, and the source and destination 
ports must match the original request as well.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: NFS server setup -

[Gordon Messmer]

On 04/13/2018 12:34 PM, Bob Goodwin wrote:
I am attempting to set up an NFS server on a new Fedora 27 computer I 
have assembled using instructions I found, "Fedora 
Administration_Guide_Draft/NFS" and I am having a problem accessing it.


Sadly, that document is both incomplete and badly out of date.


$ cat /etc/exports
/var/ftp/pub  192.168.1.0/255.255.255.0(ro)
/home/public  192.168.1.0/255.255.255.0(rw)
var/ftp/pub 192.168.54.0/255.255.255.0(ro,sync,no_subtree_check)
/var/ftp/pub 
192.168.54.0/255.255.255.0(ro,sync,no_wdelay,no_subtree_check,nohide)


Several things to note:

1: NFSv4 is the default option on contemporary Fedora systems.  In 
NFSv4, the first export must be a "root" for all other exports. That is, 
if your first export is /var/ftp/pub, then all subsequent exports *must* 
be a subdirectory of /var/ftp/pub.  Typically, /export is the first 
export listed, and subdirectories follow.
2: The third line lacks a leading "/" and will cause exportfs to print 
an error.  I'm mostly sure that line is simply disregarded.
3: It doesn't make sense to export one directory twice, to the same set 
of clients.  If you fix the missing leading "/" on the third line, I'm 
mostly sure the fourth will then be disregarded.


You probably want:

/export   192.168.1.0/255.255.255.0(ro,sync)
/export/var/ftp/pub 192.168.1.0/255.255.255.0(ro,sync)
/export/home/public 192.168.1.0/255.255.255.0(rw,sync)
/export 192.168.54.0/255.255.255.0(ro,sync)
/export/var/ftp/pub 
192.168.54.0/255.255.255.0(ro,sync,no_wdelay,no_subtree_check,nohide)




Then from the client I get a refusal:

# mount 192.168.1.86:/home/public  /mnt/test/
mount.nfs: Connection refused


Using NFSv4, the client must be able to reach TCP port 2049.  You can 
verify that this is or is not the case using telnet at the client.  Make 
sure the service is running, and port 2049 is open on the server. (Use 
"ss -t -l -n" on the server and look for port 2049.)  Telnet to that 
port from the client.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: NFS server setup -

[Gordon Messmer]

On 04/13/2018 01:57 PM, Rick Stevens wrote:

By default F27 uses NFSv4. The access is far more restrictive.


I tend to think it is less so, since it uses fewer ports, which are 
predictable.  That wasn't the case with v3 and older, which tended to 
require much more permissive firewall policies.



If you're
NFS mounting a filesystem as a normal user on the client, then you have
to make sure that user has the same UID and GID on the server and has
access to that exported directory.


NFSv4 uses idmap, so UID and GID mapping are unnecessary.  In v3 and 
older, they needed to match.



If you're mounting it as root on the client (as seems to be true by the
"#" in the example command), make sure you add "no_root_squash" to the
export at the server:


Mounting an NFS filesystem can only be done by root on a typical UNIX 
system, since the NFS client is in the kernel, not in userspace.  The 
no_root_squash doesn't affect mounting at all, only accessing files 
after a filesytem is mounted.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: NFS server setup -

[Gordon Messmer]

On 04/13/2018 04:38 PM, Joseph Loo wrote:

Have you tried showmounts -e 192.168.1.x to see if the nfs server is
exporting the directories.


Note that showmounts uses the portmapper.  It may only work if your 
system supports the use of NFSv3.  If you're using only NFSv4, and don't 
have the portmapper services running, you cannot use showmounts.



My exports looks like this:

/export *(fsid=0,crossmnt,rw,root_squash,sync,no_subtree_check)
/export/home0   192.168.21.0/24(rw,root_squash,sync,no_subtree_check)
127.0.0.0/8(rw,root_squash,sync,no_subtree_check)
/export/home1   192.168.21.0/24(rw,root_squash,sync,no_subtree_check)
127.0.0.0/8(rw,root_squash,sync,no_subtree_check)

I believe you need the first line since nfs version 3



Since version 4.  V3 did not require a root export.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: NFS server setup -

[Gordon Messmer]

On 04/13/2018 04:38 PM, Mark C. Allman wrote:

This was probably already suggested, but:
-- on the server side, run "sudo netstat -antp | grep 111" to see if the
nfs server is there & listening.
-- on the client side, try the classic "telnet  111" to see
if you can at least connect.



Port 111 is the portmapper service, which isn't used in NFSv4.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: NFS server setup -

[Gordon Messmer]

On 04/13/2018 07:26 PM, Joseph Loo wrote:

Don't forget to restart the nfs server whenever you do changes on the
/etc/exports.



You don't need to restart anything, just run "exportfs -r" to rebuild 
the binary export file.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: NFS setup -

[Gordon Messmer]

On 04/17/2018 02:42 AM, Bob Goodwin wrote:

/dev/mapper/fedora-home 2.7T  4.8G  2.5T   1% /home

As you can see it is putting the stored data in "/" [19G in a 49G 
space]. Those partitions were setup selecting "custom/standard 
partitions] in the installer. It looks to me like I should've used the 
2.7T of space in "/" but that's not easy for me to do now.


So I guess it boils down to how do I tell NFS to store data in /home 
instead of "/"? I've been looking at this and can't see what to 
change, or maybe it can';t be fixed that way? 



If you are using NFSv4, this is trivial.  Make a directory, 
/home/exports, and use that as your NFS root.  Create 
/home/exports/var/ftp/pub and /home/export/home/public and move the 
required content to those locationos.  In /etc/exports:


/home/export 192.168.1.0/255.255.255.0(ro)
/home/export/var/ftp/pub  192.168.1.0/255.255.255.0(ro)
/home/export/home/public  192.168.1.0/255.255.255.0(rw)
/home/export 192.168.54.0/255.255.255.0(ro,sync)
/home/export/var/ftp/pub 192.168.54.0/255.255.255.0(ro,sync)

If you want to export those directories via NFSv3, you'd create the same 
directory structure, and then bind mount those directories into place.  
Create the directories, move the content, and then add to /etc/fstab:


/home/export/var/ftp/pub /var/ftp/pub none bind 0 0
/home/export/home/public /home/public none bind 0 0

After setting up fstab, you can "mount /var/ftp/pub" and "mount 
/home/public".  Those will be mounted automatically each time you reboot.


In that case, /etc/exports should look like:

/var/ftp/pub  192.168.1.0/255.255.255.0(ro,mountpoint)
/home/public  192.168.1.0/255.255.255.0(rw,mountpoint)
/var/ftp/pub 192.168.54.0/255.255.255.0(ro,sync,mountpoint)

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: NFS setup -

[Gordon Messmer]

On 04/18/2018 08:43 AM, Bob Goodwin wrote:


bobg]# mount 192.168.1.86:/home/exports/home  /mnt/test
mount.nfs: access denied by server while mounting 
192.168.1.86:/home/exports/home


What am I missing and/or doing wrong? 



If you are using NFSv4, remember that the first export is the *root*. 
That is, clients refer to filesystems relative to that export.  If your 
/etc/exports looks like this:


/home/export 192.168.1.0/255.255.255.0(ro)
/home/export/home  192.168.1.0/255.255.255.0(rw)

...then clients would mount "server:/home" not "server:/home/export/home".

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Any trick to booting off a eufi USB flash drive?

[Gordon Messmer]

On 05/05/2018 08:43 AM, Patrick O'Callaghan wrote:

On Sat, 2018-05-05 at 05:16 -0700, ToddAndMargo wrote:


Well, it looks like Virt-manager won't let me configure it
after the VM is created.

You can edit the XML file (after shutting down the VM of course) using
'virsh edit . IIRC I've done this in the past, though it's
been a while. See 'man virsh' for more detail.



You can, but the bootloader for BIOS is different from the bootloader 
for UEFI, so odds are pretty good that your VM won't boot if you change 
that.


It *is* possible to construct a system that will boot under both, so 
that you can switch from one firmware to the other, but it's kind of a pain.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Dell laptop for Fedora (XPS 13 or Latitude 7490) or worthier alternatives?

[Gordon Messmer]

On 05/09/2018 07:49 PM, Ranjan Maitra wrote:

The XPS13 has a slightly lower spec for the processor (maybe, because it 
appears to be of slightly earlier stock - 8550U versus 8650U) but the specs are 
fairly comparable. The resolution is no doubt better for the XPS13. This 
configuration will cost me $700 more than the Latitude. Which I am willing to 
pay unless there are technical reasons for preferring the Latitude. The XPS13 
is about a pound lighter from what I can tell.



My personal machine is an XPS 13 9370.  My employer provides me with a 
Latitude 7390.  Pretty close to the two models you're considering...  
Right now I'm waiting for a BIOS update for both, because the keyboard 
loses some key events and the fix is due out .. soon.


For my use, the two are extremely similar.  I like the Latitude slightly 
better, since I'd rather have actual buttons for the mouse.  I don't 
like clicking trackpads.  Having some USB-A ports is useful, too.  Other 
than that, there are no noticeable differences.


Your price note seems odd, though.  My XPS cost about $850 , and a 
Latitude 7390 with similar specs was close to twice that much. If the 
Latitude were similar in cost or less expensive than the XPS, I'd have 
definitely purchased that one.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Dell laptop for Fedora (XPS 13 or Latitude 7490) or worthier alternatives?

[Gordon Messmer]

On 05/09/2018 10:06 PM, Ranjan Maitra wrote:
I agree with the XPS trackpad issue. There is no noticeable difference 
between the two otherwise? I think that the XPS is about one pound 
lighter. And also the screen resolution is HD as opposed to QHD for 
the XPS. I am told that the XPS has more bezel space. 


As to the weight, that's probably correct.  Remember, I'm using the 
Latitude 7390, the 13" model.


I'm looking at Dell's site right now, and it looks like the Latitude 
7490 has HD (1366 x 768) and FHD (1920 x 1080) options, while the XPS 
has FHD and Ultra HD (3840 x 2160) options.


The XPS has a much smaller bezel, but that comes at the cost of having 
the webcam below the screen rather than above the screen where pretty 
much every other laptop puts it.  Personally, I don't care about the 
bezel *or* the webcam.  :)


The Latitude 7490 with specs that I quoted is priced at $1410 but that 
may be somewhat less because of bulk purchasing. This is the standard 
issue for our work. If we want XPS 13 with similar specs, it costs 
around $2000 with 4-year warranty (which is a requirement for a 
purchase to be approved). Are you sure that your specs are similar to 
what I am pricing -- 512 GB SSD, 16GB RAM? $850 seems a bargain, it looks!


No, my specs aren't those.  What I meant was that at my spec (8th Gen 
i5, 8GB RAM, 128GB SSD), I recall the XPS being *much* less expensive.  
The warranty might actually explain that, since adding a 4-year on the 
XPS is, by itself, more than $400.  The Latitudes look like they default 
to longer warranties.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Gnome keyring and ssh passphrase

[Gordon Messmer]

On 05/21/2018 06:37 AM, Gianluca Cecchi wrote:
I was in Mate up to some days ago and the ssh passphrase was in need 
to be inserted only once in mater-terminal, because I had this in my 
.bashrc (I think)


export SSH_ASKPASS="/usr/bin/ksshaskpass"


Not exactly.  The "askpass" setting only controls which UI will be used 
to prompt you for your passphrase when adding a key to the agent.  It 
doesn't determine whether or not an agent is running.


In GNOME, you should see a process named gnome-keyring-daemon, and a 
child process named ssh-agent.  The agent process is the one that holds 
your keys in memory temporarily and handles public key authentication.


Now I see that my gnome-terminal continues to ask my passhprase 
without giving chance to save it into its keyring.


It seems there is a bug in the current release of gnome-keyring which 
will cause you to be unable to use any ssh keys if you have one or more 
"bad" public keys in ~/.ssh.  Check that directory for any file whose 
name ends in ".pub".  If you find any that don't have a matching private 
key, or any in the old RSA1 format, move them to a different directory 
or delete them.


If you don't see any bad public keys, check the output of the "echo 
$SSH_AUTH_SOCK" command in a terminal, as well as the output of "ssh-add 
-l".

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/ZCZ5YNCWJW3UUGG635GWG5DIUGC6RFEC/

Re: battery discharging whilelaptop powered off?

[Gordon Messmer]

On 05/21/2018 09:06 AM, Wolfgang Pfeiffer wrote:


I'd try retraining the battery for longer run-time until empty:


Depleting the battery fully does not extend the run-time of the 
battery.  It will sometimes re-calibrate the battery controller and 
improve its estimates, but it does reduce the battery's ability to hold 
a charge.


https://arstechnica.com/gadgets/2014/04/ask-ars-the-best-way-to-use-a-lithium-ion-battery-redux/
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/OU2GRNDH5TX5QUX7J6AQRPYRGPAX74AT/

Re: Gnome keyring and ssh passphrase

[Gordon Messmer]

On 05/22/2018 06:41 AM, Gianluca Cecchi wrote:


Do you have number of bugzilla?


https://bugzilla.gnome.org/show_bug.cgi?id=795699

https://bugzilla.redhat.com/show_bug.cgi?id=1568895
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/7U5IQ4HIKLG75A2UYGXN6Y576BF62DCW/

Re: Docker warning - Your kernel does not support cgroup rt runtime

[Gordon Messmer]

On 05/28/2018 09:58 PM, Robbi Nespu wrote:

I am curious what is cgroup rt runtime? Can anyone explain what it about?



https://docs.docker.com/config/containers/resource_constraints/#configure-the-realtime-scheduler

If your kernel has a realtime scheduler, you can use it for your 
containers.  Fedora does not ship with the realtime scheduler enabled.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/CEZYTACN2AGRGMLTQHYXACU6LH3NWQ5C/

Re: Gnome keyring and ssh passphrase

[Gordon Messmer]

On 05/24/2018 01:24 AM, Gianluca Cecchi wrote:
Actually latest updates brought in better (if you mind usability) or 
worse (if you mind security) behavior, not covered in the two bugs...


In fact now if I connect to a system with the key that has a 
passphrase from gnome-terminal, I can log in without even being asked 
about passphrase the first time???

I supposed at least across reboots there should be any cache m



When you enter your passphrase for an ssh key in GNOME, there is a 
checkbox labeled something like "unlock this key automatically at 
login".  If you click on that box, the passphrase for your key will be 
stored in the GNOME keyring, and the key will be unlocked without 
prompting you.  You can use "seahorse" (aka "Passwords and Keys") to 
find and remove that stored passphrase if you prefer not to have that 
stored.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/T3LTJY5ETZW2PO3YDRNS4KMIJMPLS4UT/

Re: Gnome keyring and ssh passphrase

[Gordon Messmer]

On 05/30/2018 01:20 AM, Gianluca Cecchi wrote:
Thanks, indeed I find it in the section "OpenSSH Keys" of the Gnome 
Tool you referred.



There is an ssh keys section, but I'm actually not sure that's used any 
more.  As far as I know, the newest release of GNOME has actually done 
away with internal ssh key support rather than add support for ED25519 
keys.  GNOME keyring now simply runs the system ssh-agent for SSH key 
support.


The passphrase to unlock keys is one of those in the Passwords/login 
section, I just don't remember what it was labeled.


___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/LZ7FWLNHMPAHP5HKZS26YFMEFDCJDODH/

Re: libesmtp-devel

[Gordon Messmer]

On 06/09/2018 12:37 PM, Paolo Galtieri wrote:
Is there anyway to re-install the libesmtp-devel and net-snmp-devel 
packages? 



yum install mock
cp /etc/mock/epel-7-x86_64.cfg /etc/mock/build-bro.cfg
# Fix the first line (the "root") in /etc/mock/build-bro.cfg
mock -r build-bro --install compat-openssl10-devel

Use "mock -r build-bro --shell" (and then "su - mockbuild" in the mock 
shell) to build the bro monitor.


Use "mock -r epel-7-x86_64 --shell" to build everything else.

Periodically, mock will decide that the root is too old and will throw 
it away.  You can manually install it as above, or you can add it to the 
chroot_setup_cmd line:


config_opts['chroot_setup_cmd'] = 'install @buildsys-build 
compat-openssl10-devel'

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/XKCBVQ5AYZMY5VFGDDC6NOMBRJ2N5AFN/

Re: Display cmd within shell

[Gordon Messmer]

On 06/11/2018 05:40 AM, bruce wrote:

#-- this doesn't quite work.. as it generates the complete "ls...
output" but it does display the cmd and the resulting num of the ls
files..
(set -x; ls -al /cloud_nfs_parse/austincc*__parse.dat | wc -l )


Bash doesn't have a mode in which it echos a command before expansion 
and substitution occur, as far as I know.  The command you're seeing, 
with the wildcard expanded, is the command that bash is actually executing.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/NM3QCJTLITZTSFRU7TJT57XUF4ZE4735/

Re: Display cmd within shell

[Gordon Messmer]

On 06/11/2018 02:31 PM, Bev in TX wrote:


It’s an option of the builtin set command.

set …
… When  options  are  specified,  they set or unset shell attributes. ….
-v  Print shell input lines as they are read.


Yeah, that also *kinda* works.  That'll print lines as they're read, not 
as they're executed, so you *do* get the lines before expansion, but you 
won't get quiet what is expected (I think) if those lines appear in a 
loop or a function.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/HDWI6F22DELTRPEFUBK5WVJMZYFYQEHQ/

Re: Looking for dell dock compatible with fedora 28 on SPX 13 (9360)

[Gordon Messmer]

On 06/12/2018 09:50 PM, Danishka Navin wrote:

I am using Dell SPX 13 (9360) with Fedora 28. I have removed Windows.


XPS.  :)

I highly appreciate if you can recommend suitable dock which perfectly 
working with fedora on 9360.  I need to plug dual monitors using HDMI 
and ethernet is a must.


Dell Business Dock - WD15 with 130W adapter



Works 100%.  One DisplayPort and one HDMI output.  I use this one daily.


TB16



I tested this one before F28.  At the time, I had to adjust the BIOS 
settings to allow Thunderbolt devices without authentication.  F28 
*should* support this, since it worked in F27 without authentication.  
And it should support higher resolution multi-monitor setups, but it's 
been a while since I tested it.



D6000 
D3100 



These wont' work at all.  Their video is driven by a display adapter 
called DisplayLink that has no X11 or Wayland drivers that I'm aware of.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/5V73WZ2POVDW26A4JTNHTVBPNPDFYMCI/

Re: Looking for dell dock compatible with fedora 28 on SPX 13 (9360)

[Gordon Messmer]

On 06/13/2018 06:24 PM, Eyal Lebedinsky wrote:

On 14/06/18 00:25, Gordon Messmer wrote:
These wont' work at all.  Their video is driven by a display adapter 
called DisplayLink that has no X11 or Wayland drivers that I'm aware of.


Actually, Display Link did release a driver
http://www.displaylink.com/downloads/ubuntu.php
I tested in on ubuntu 16.04 i386 and it works. 


...OK, but I wouldn't even consider a binary-only driver.

I'd also note that there are a *lot* of these docks in use with MacBooks 
where I work, and driver compatibility is holding up security updates.  
They don't work in the current release of OS X. It isn't clear when or 
if that'll be resolved, or if we'll have to replace them all.


Generally, my advice remains: Avoid anything with DisplayLink.  It's not 
worth the hassle.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/IET7HDF2R67Z6BSYLGEQV6MGTDUUK6JI/

Re: F27 to F28 - Postgresql upgrade fails

[Gordon Messmer]

On 06/14/2018 09:43 AM, Clifford Snow wrote:
I just upgraded from Fedora 27 to 28. Everything working except the 
upgrade from Postgresql 9.6 to 10


Searching for help led me to manually add postgis-2.3.so 
 and rtpostgis-2.3.so  
to /usr/lib64/pgsql/ and /usr/lib64/pgsql/postgresql-9.6/lib/


Don't do that.  Make sure you haven't overwritten something, first:

rpm -qf /usr/lib64/pgsql/{postgis-2.3.so 
,rtpostgis-2.3.so } 
/usr/lib64/pgsql/postgresql-9.6/lib/{postgis-2.3.so 
,rtpostgis-2.3.so }


If rpm reports that those files aren't owned by a package, then remove 
them.  If they are, then use dnf to reinstall the package.


Once that's straightened out, install postgresql-upgrade and use that to 
upgrade your data files.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/IB6VYGR2XYGHP2MXNYLZ46Q5THR27CAZ/

Re: SSH private keys?

[Gordon Messmer]

On 06/22/2018 04:37 AM, Jeffrey Ross wrote:
Fast forward to today, the system had been reinstalled (new hardware, 
new disks, etc) and I no longer have that ability.  I'm currently runn 
Fedora 28 and the desktop is "Gnome", I'm sure it is just a matter of 
installing/configuring/running the correct application but which one? 


That's handled by gnome-keyring and, as of this version of GNOME, 
ssh-agent.  As far as I can tell, those are both required components, so 
they're probably not missing on your workstation. The problem *might* be 
that GNOME keyring will only automatically unlock private keys if there 
is a valid public key with the same name, and a .pub suffix.  So, you 
might not have the public keys. Or, you might have a .pub file that's 
*really* old and no longer valid.


There is an open bug concerning the fact that if there is an invalid 
.pub file in .ssh, GNOME keyring won't automatically unlock *any* keys, 
so remove any old key files.


https://bugzilla.redhat.com/show_bug.cgi?id=1568895
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/AOOGXAJJUVT4LAPHVIBD7LCYM4235IAL/

Re: SSH private keys?

[Gordon Messmer]

On 06/22/2018 01:04 PM, Tom Horsley wrote:

On Fri, 22 Jun 2018 12:45:08 -0700 Gordon Messmer wrote:


There is an open bug concerning the fact that if there is an invalid
.pub file in .ssh, GNOME keyring won't automatically unlock *any* keys,
so remove any old key files.

Yep, some forms of keys are no longer supported because security geeks decided 
they were insecure (like DSA and RSA version 1 keys). When this change first 
appeared I spent a lot of time getting rid of old keys and updating the 
authorized_keys file on lots of systems. This did happen a few fedora's ago, 
but if you didn't upgrade for a while, this may be the first time you've seen 
it.


RSA1 and DSA keys were dropped back in OpenSSH 7 (Fedora 23), in late 
2015.  I *hope* this isn't anyone's first experience with a system that 
doesn't support them.


The bug is new, though.  If you had any old files sitting around, in the 
past they'd just be ignored.  At the moment, they actually block 
gnome-keyring from loading *any* keys, including new keys that are 
supported.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/ICWXZWQXRHSMEO34ABFHS6KNC4Q3WEW5/

Re: SSH private keys?

[Gordon Messmer]

On 06/23/2018 01:35 PM, Jeffrey Ross wrote:
my .ssh directory has my private key in a file called "id_rsa" nothing 
with .pub on the end and if I understand correctly running ssh will 
look for the private key in a few different file names, none of which 
end with .pub. 



Yes, that's how ssh behaves.  However, as I said, gnome-keyring will 
only automatically load a private key if the public key is also present, 
with the same filename plus a .pub suffix.  If you don't have the public 
keys in your .ssh folder, then that is the reason that GNOME is not 
prompting you to unlock your private files.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/WHO3V4L7SDJSCOXPJKMWV2M2NI3G3IDW/

Re: SSH private keys?

[Gordon Messmer]

On 06/23/2018 01:40 PM, Jeffrey Ross wrote:

ok, I used the two commands -

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

and this works for the one terminal shell I entered the commands in, 
any other terminal I either need to re-run the commands in that shell 
or unlock my private key when I type ssh 


The "eval" line runs a new ssh-agent and replaces the environment 
variables that normally refer to the ssh-agent run by gnome-keyring.  If 
you exclude that line, and only run ssh-add, then you'll add keys to the 
gnome-keyring's ssh-agent, and those keys will be available in all of 
the terminals.


not sure if putting the commands in the rc file to run would be the 
best thing to do, I suspect I'll have to unlock every time I open a 
new window, plus this is not what I remember, I remember (maybe 
incorrectly) getting a graphical dialogue box asking me to unlock my key. 


Yes, gnome-keyring will do that if you have the public keys present.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/YDW3DSI2HR35GFKX6RWTDSUUA7KNAPFJ/

Re: Cannot establish a L2TP/IPSec VPN connection

[Gordon Messmer]

On 07/03/2018 11:39 AM, Samuel Sieb wrote:

On 07/03/2018 10:55 AM, Paul Smith wrote:

"915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: ignoring informational
payload NO_PROPOSAL_CHOSEN, msgid=, length=12
Jul 03 18:50:10 xhost NetworkManager[900]: 003
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: received and ignored
informational message


This seems like a message that shouldn't be ignored or else the other 
end is labelling it incorrectly.  According to that, it appears that 
your VPN client side isn't offering a connection setup that the server 
accepts.  Make sure you have the right configuration. 


Specifically, I think it means that either the phase 1 and phase 2 
algorithms proposed weren't accepted by the server, or the routes 
specified in your configuration aren't acceptable.


For an ipsec/l2tp connection, you don't need to add routes to the ipsec 
connection, or use it as the default route.  The routing will be 
handled/specified in the l2tp layer.


___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/TZV6IHDTJQ3JABILRQ6LIIKEWUAYG5LU/

Re: Cannot establish a L2TP/IPSec VPN connection

[Gordon Messmer]

On 07/04/2018 03:18 AM, Paul Smith wrote:

Jul 04 11:12:48 xhost NetworkManager[911]: 104
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: STATE_MAIN_I1: initiate
Jul 04 11:12:48 xhost NetworkManager[911]: 002
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: WARNING: connection
915d709a-49b3-4928-8d5e-0f7e7a4de99a PSK length of 0 bytes is too
short for sha PRF in FIPS mode (10 bytes required)



Your previous message warned that you were using a "weak PSK". Are you 
specifying a pre-shared key?  The error seems to indicate there isn't 
one, when one is required.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/373HIGGLY6ENH5IWBAKWJWET3BCYBQQ2/

Re: Cannot establish a L2TP/IPSec VPN connection

[Gordon Messmer]

On 07/06/2018 03:09 AM, Paul Smith wrote:

Thanks again, Gordon. Yes, I do have the pre-shared key specified. So,
the question is: Why is not the pre-shared key being read by the
remote server? Is that the case that the pre-shared key is not being
transmitted by my computer to the remote server?


I don't think PSKs are "sent", per se.  I might be mistaken.

In any case, while I've used the GNOME l2tp/ipsec plugin in the past, I 
actually can't connect to my own VPN with that plugin right now, and 
ipsec can be difficult to troubleshoot without the peer's logs.  You 
might need to get your VPN admin to help.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/F5VEGHDRJLCMEI4JQHGZ7GSOM2UFE4T7/

Re: https traffic monitoring from client

[Gordon Messmer]

On 07/13/2018 07:08 AM, bruce wrote:

I see different sites/articles on the need to setup a proxy
server/certs and to then install/insert the cert in the "browser"
location. In my case I'm using a test headless browser, so I'm trying
to get a basic model of how this can work.


Encryption algorithms with PFS are gaining more widespread use, and 
those make passive decryption of traffic more difficult.  That's why 
most of the advice you see on this topic right now involves the use of a 
proxy server that terminates the TLS connection and relays the 
requests.  (BTW, this is not the "normal" mode of operation for a proxy 
server, which simply passes-through the encrypted connection).


I don't have any such systems in operation, but I think this one does 
what you want to do:

https://mitmproxy.org/
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/VKDXTKDK463B2BISYYIZV3P74NBUQF3H/

Re: https traffic monitoring from client

[Gordon Messmer]

On 07/13/2018 11:12 AM, Ulf Volmer wrote:


The OP want to look into TLS encrypted traffic. tcpdump will not help in
this case. There is no way around to use a special proxy in between and
place a custom CA into the client.


It's complex, but not impossible.  Firefox, for example, can log the 
session keys, and those can be used in conjunction with a pcap file for 
analysis:

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format

Although, if Firefox is the "headless browser" that you're using, you 
can just log the HTTP traffic:

https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/HTTP_logging

Firefox makes an excellent test client, in general:
https://firefox-source-docs.mozilla.org/testing/marionette/doc/marionette/index.html
http://marionette-client.readthedocs.io/en/latest/interactive.html
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/3PZ57SDL7S3LFMGOR5TEQ3HNKR26BZAF/

Re: https traffic monitoring from client

[Gordon Messmer]

On 07/14/2018 03:34 PM, Dirk Gottschalk via users wrote:

To answer your question. Squid can do this for you. You can make it
decrypt the data end encrypt it with a certificate issued by yourself.
AFAIK you should even be able to let squid log what happens on the
https connection.

It should also be possible to use Apache as a reverse proxy to do the
same. Probably even without the need to encrypt the connection on "your
side".



I think this is the right document for Squid:

https://wiki.squid-cache.org/Features/SslPeekAndSplice

I don't see any document describing a similar feature in Apache. The 
normal mode of operation for proxy servers is to tunnel the TLS 
connection, so a standard HTTP proxy won't be able to inspect encrypted 
connections.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/CELH6QTBMJCBNH2MPVQQYQ65ZH5XUF7N/

Re: gnome @wayland would not login...

[Gordon Messmer]

On 07/16/2018 12:10 PM, lejeczek via users wrote:
Somewhere along the long line of updates gnome stopped logging in 
wayland session - I type password in and screen just blinks and split 
second later I'm presented with the same login prompt



Run "journalctl -f" as root, using ssh or one of the local consoles 
while you attempt login.  Any logs or error output should be captured there.


___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/M5FYCQTYIRBN2ZDHCNKLUJZT2K7AFRRF/

Re: file permissions

[Gordon Messmer]

On 07/16/2018 12:05 PM, Max Pyziur wrote:


What's the final period indicate. 


The answer is in the "info" page for "ls":

 Following the file mode bits is a single character that specifies
 whether an alternate access method such as an access control list
 applies to the file.  When the character following the file mode
 bits is a space, there is no alternate access method.  When it is a
 printing character, then there is such a method.

 GNU ‘ls’ uses a ‘.’ character to indicate a file with a security
 context, but no other alternate access method.

 A file with any other combination of alternate access methods is
 marked with a ‘+’ character.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/S4LF5URMHHZ2QEI6S5NY3ND7PUI75WCY/

Re: auto-kill process using too much memory

[Gordon Messmer]

On 08/25/2018 09:47 AM, Frédéric wrote:


Thanks, it seems to work. I can put it in .bashrc.


Note: System policies belong in /etc/security/limits.conf. Otherwise, 
they're optional.  (Users can remove them).

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: automatically mount all luks partitions at startup, not only /home

[Gordon Messmer]

On 09/04/2018 11:05 PM, Frédéric wrote:

I have multiple partitions encrypted with luks and only the main one
with /home is decrypted at startup. How can I tell the system I want
to open all of them at startup?


The system will prompt you for the block devices listed in 
/etc/crypttab.  See "man crypttab"

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: efibootmgr?

[Gordon Messmer]

On 09/09/2018 05:32 AM, Tom Horsley wrote:

On Sat, 8 Sep 2018 20:43:46 -0600
Chris Murphy wrote:


Nope. There's no firmware state information saved to disk.

There must be something on disk, because I keep reading web pages that say 
things like:

You can create a new image file


The bootloader "file" is on the disk, but isn't firmware state information.


and add it to the efi menu with efibootmgr


The EFI menu is firmware state information, but it's not on the disk.  
That's held in non-volatile RAM.



Anyway, I think I've figured out my major problem with the USB stick testing 
I've been doing: The system I've been testing with apparently only claims to 
support UEFI, both GPT partitions and UEFI installs (even on a msdos partition) 
fail to work.

Only a traditional msdos partition and BIOS boot actually works.


Many UEFI systems support booting from either UEFI or "legacy" boot 
loaders.  Yours may have "legacy" prioritized so that it loads first, or 
it may be configured to only boot "legacy" mode for external devices.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: Slow performance when overwriting disk file (was Re: Slow performance when redirecting stdout to an existing disk file)

[Gordon Messmer]

On 9/28/18 2:28 PM, Dave Ulrick wrote:
Thanks, that makes sense. Any idea of why unlink()ing the file seems 
to be faster than truncating it? 



As best I understand it, one process is async and parallel:

unlink, clear block list, sync to disk
open, write, close, sync to disk

Where the other process is synchronous and linear:

open, truncate, clear block list, write, close, sync to disk

Filesystem benchmark tools (bonnie++ for example) test file write and 
file re-write separately, and it's normal for re-write to be slower.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: System upgrades. Where is the / filesystem?

[Gordon Messmer]

On 2024-04-30 10:58 AM, John Pilkington wrote:
(fedoraforum) has a suggestion of trimming the journalctl log, but 
neither that nor any other space-clearing actions that I have tried 
has made any difference.



Have you made snapshots of your system volume, or installed any 
applications that might create snapshots (something like timeshift or 
snapper)?


If your filesystem has snapshots, deleting files will not free up space 
until you also remove the snapshots that contain those files.

--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: how to 'rip apart' a rpm.

[Gordon Messmer]

On 05/15/2010 09:14 AM, Gene Heskett wrote:
> On Saturday 15 May 2010, Kevin J. Cummings wrote:
>> You really shouldn't be playing with source RPMs as root.  Look in your
>> user RPM sandbox:
>
> Then I'd suggest that doing so as a user be made possible.  I think its
> asinine that I am prevented from building my kernels as a user, simply
> because mkinird cannot be made to run if you are not root.

The last time I checked, building as a user was possible.  mkinitrd 
should be done at install time, not during the build of the package.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: graphics card on fire

[Gordon Messmer]

On 05/27/2010 07:51 AM, Philip Heron wrote:
> Of course this wouldn't have happened if the fan hadn't
> failed, but still makes me wonder why there was such a different between
> Windows and Fedora?

I don't believe that the Free drivers feature any power management 
functions of NVidia hardware, currently.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

RSS for F13 updates

[Gordon Messmer]

What's the appropriate contact to request new feeds at:
http://planet.fedoraproject.org/infofeed/

Should I file an RFE in bugzilla?
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SSH / permissions problem

[Gordon Messmer]

On 07/13/2010 08:56 AM, Gary Stainburn wrote:
> On Tuesday 13 July 2010 16:51:57 Dr. Michael J. Chudobiak wrote:
>> Try:
>> restorecon -r ~/.ssh
>
> The command ran without error but has made no difference.

Try "restorecon -r ~".
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: sshd Authentication refused

[Gordon Messmer]

On 07/13/2010 11:16 AM, David Highley wrote:
> New install of Fedora 13 we get the following /var/log/secure entry when
> we ssh from a Fedora 12 system to the Fedora 13 system:
> Authentication refused: bad ownership or modes for file 
> /home/dhighley/.ssh/authorized_keys

Post the permissions for all entries in the path:

ls -ld / /home /home/dhighley /home/dhighley/.ssh \
   /home/dhighley/.ssh/authorized_keys

For instance:

[gor...@herald:~]$ ls -ld / /home /home/gordon /home/gordon/.ssh 
/home/gordon/.ssh/authorized_keys
dr-xr-xr-x. 25 root   root   4096 Jul 14 09:25 //
drwxr-xr-x. 13 root   root   4096 Jan 26 13:41 /home/
drwxr-xr-x. 96 gordon gordon 4096 Jul 15 08:26 /home/gordon/
drwx--.  2 gordon gordon 4096 Jun 18 15:25 /home/gordon/.ssh/
-rw-r--r--.  1 gordon gordon 1226 Aug 21  2008 
/home/gordon/.ssh/authorized_keys

As far as I know, the rule is that group and others must not have write 
access to any item in the path.  The home directory, .ssh, and 
authorized_keys files must all be owned by the user logging in.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

suspend to RAM and NFS /home

[Gordon Messmer]

I have a workstation that mounts /home from an NFS server.  I'd like to 
be able to suspend it at night, but the system hangs before it suspends 
if I try.

It only seems to hang if I'm logged in and have files open on the NFS 
file system.  If I log in as root on a tty instead and run "pm-suspend", 
the system will suspend and resume perfectly as far as I can tell.

Is there a trick to suspend when using NFS, or is this just impossible 
these days?  I've tried it now and again for several years.  It works 
occasionally, but is broken most of the time.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: suspend to RAM and NFS /home

[Gordon Messmer]

On 07/16/2010 01:59 AM, JB wrote:
> perhaps you could do it yourself:
>http://palebluedot.nl/jml/computer-stuff/26-umountnfs.html

Can't very well unmount /home when I'm logged in, can I?
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: suspend to RAM and NFS /home

[Gordon Messmer]

On 07/16/2010 03:10 AM, Terry Barnaby wrote:
> I have found that I have to use the network init script rather than
> NetworkManager. NetworkManager tries to unmount all of the NFS file system
> before sleeping and this hangs.
>
> So I did "chkconfig NetworkManager off" and "chkconfig network on".

I've already done that.  You're using an NFS /home and this works for you?
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: suspend to RAM and NFS /home

[Gordon Messmer]

On 07/16/2010 10:29 AM, Gordon Messmer wrote:
> On 07/16/2010 03:10 AM, Terry Barnaby wrote:
>> I have found that I have to use the network init script rather than
>> NetworkManager. NetworkManager tries to unmount all of the NFS file system
>> before sleeping and this hangs.
>>
>> So I did "chkconfig NetworkManager off" and "chkconfig network on".
>
> I've already done that.  You're using an NFS /home and this works for you?

I think this was the hint I needed.  I reconfigured my ethernet 
interface to use a static address rather than DHCP, and the problem 
cleared up.  Thanks, Terry!

I don't think I'd have ever thought of that.  Watching the logs during a 
suspend, I could see that the ethernet device was suspended before a 
number of other things happened. I didn't really pay attention to the 
fact that dhclient was suspended by one of the pm-utils scripts.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: suspend to RAM and NFS /home

[Gordon Messmer]

On 07/17/2010 01:06 AM, Terry Barnaby wrote:
> No problem, but note that I use DHCP ok ...
> This is really a bug/feature in NetworkManager that I have already
> reported.

Got the bugzilla number?

It'd be nice if we could get some other tests.  My system will only 
suspend if the ethernet device is statically configured.  If Linux won't 
do otherwise, there is probably nothing that NetworkManager can do about 
the problem.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: eSATA removable drive

[Gordon Messmer]

On 07/11/2010 08:07 PM, D. Hugh Redelmeier wrote:
>
> All those marked settings look wrong to me.  I guess HAL rules could
> fix this.  Surely I'm not the first to hit this problem.

I think those are read-only values from the kernel.  I don't think 
there's anything you can do to add the "eject" capability to the eSATA 
drives.  As long as they're properly unmounted and your cables are 
hot-swap safe (the ground leads need to be longer than all of the 
others) you should be able to yank the drives.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: how to uninstall preload?

[Gordon Messmer]

On 07/20/2010 03:49 AM, Timothy Murphy wrote:
>
> I would imagine the "-y" would be rather dangerous,
> as "yum remove" often tries to remove many packages
> required by other applications.

I don't think that's quite true.  If you tell yum to remove a package, 
it'll remove that package and any package that requires it.  It doesn't 
descend the dependency tree in the opposite direction (normally, I 
believe there's a plugin that'll do that), and in no case will it ever 
do something inconsistent like removing a package which is required by 
something that yum leaves installed.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: [389-users] Preventing ssh keys from granting a user access when LDAP account is disabled.

[Gordon Messmer]

On 07/20/2010 09:45 AM, Gerrard Geldenhuis wrote:
> Hi There is a bugzilla raised concerns users still being able to
> login if they have ssh keys even if there ldap account is disabled.

Define "disabled".  If your only flag is the userpassword field, you 
won't find a good solution to this problem, since that field will never 
be used by an ssh session using keys.

I believe you can use pam_access(5) to grant login access only to 
members of a group in your directory, and remove users from that group 
when you disable their login access.
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: Verizon and Comcast email challenges

[Gordon Messmer]

On 07/20/2010 02:39 PM, Max Pyziur wrote:
>
> Recently (over the last six months?), Verizon has blocked smtp requests on
> port 25 to our mail server hosted on our machine (brama.com). It seems
> that this isn't just our box, but a policy that Verizon has implemented
> widely, forcing Verizon patrons to use someu...@verizon.net to send
> outbound email, or use a different port (587?).

That's fairly common for residential service.  More ISPs are doing so, 
and it's good practice for limiting spam.  If you run an SMTP server, 
ask your ISP for a business-class account.  You'll pay more, but you 
won't have filtered access.  I don't think there's any other way for you 
to run an MX for your domain on one of their lines.

If you want to allow users to send email through your server, you should 
definitely run an SMTP server on port 587.  It should require SMTP AUTH 
for relay privileges.  You will probably need to configure your server 
to use Verizon's SMTP servers as "smart hosts" to relay your mail.

> More recently, recipients with @verizon.net cannot receive emails from our
> hosted domain names. As yet, I only have bare knowledge with the
> indication that the Verizon problem rests with finding an answer at the
> following website:
> Sender Policy Framework
> http://www.openspf.org/

That's possible.  You did publish an SPF+ record for brama.com.  What 
leads you to believe that this is the source of the problem?
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: PostgreSql question

[Gordon Messmer]

On 07/20/2010 05:23 PM, Nermin Celik wrote:
> I've downloaded PostgreSql from http://yum.pgsqlrpms.org/8.3/, however
> when I try access it from the termnial line it doesn't work and gives
> the following warning.

Is there a reason you did that, when Fedora provides PostgreSQL packages?

# yum install postgresql postgresql-server
# chkconfig postgresql on
# service postgresql initdb
# service postgresql start

Running Fedora's packages means that you'll get updates via 'yum update' 
when there are bugfixes or security fixes available, and makes it easier 
to get help here on the list since you'll be using the same packages 
everyone else does.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: PostgreSql question

[Gordon Messmer]

On 07/20/2010 06:19 PM, Thierry Vanden Broucke wrote:
> #selinuxenabled 0

That's really not necessary.  Fedora's packages work just fine with 
SELinux enabled, and non-Fedora packages probably aren't even restricted 
by policy.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: [389-users] Preventing ssh keys from granting a user access when LDAP account is disabled.

[Gordon Messmer]

On 07/20/2010 11:32 AM, Gerrard Geldenhuis wrote:
> Good point... I define disabled as setting the user as disabled in in
> the console or the user having typed his password wrong to many times
> and then getting locked out.

I don't see "disable" in the console.  I do see "inactivate".  This adds 
the ldap entry to an "inactive" role.  As far as I know, any form of 
inactivation or lockout in LDAP is merely going to prevent binding to 
that ldap entry.  The trick is, that doesn't happen with ssh keys.  If 
you're logging in to a system over ssh, basically the only checks that 
matter are: 1) does the user exist and 2) is the key valid?  Since the 
password is never given, there's no attempt to bind to LDAP.

There are a number of pam_... options available in /etc/ldap.conf, but 
I'm not sure if those are used when doing ssh logins with keys.  That's 
probably worth checking out if you use nss_ldap.  There are probably 
similar options for nss_sss, but I haven't looked at that yet either. :)

> I still don't understand pam as well as I should but it would make
> sense to me for PAM to "check" LDAP before checking ssh... It does so
> when you don't have ssh keys and would deny a user if he/she is
> disabled. Maybe I should change a password sufficient to password
> required. I guess I need to play around a bit more.

It won't affect sshd.  I wouldn't modify the PAM configuration unless 
you really know what you're doing.  You're more likely to lock yourself 
out completely than anything else.  If you want sshd to require 
passwords, change sshd's configuration so that it doesn't allow key logins.

>> I believe you can use pam_access(5) to grant login access only to
>> members of a group in your directory, and remove users from that
>> group when you disable their login access.
>
> That was my plan but it is not perfect...

What's not suitable about that plan?
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [OT] Hardlinks and directories

[Gordon Messmer]

On 02/12/2010 09:00 PM, Suvayu Ali wrote:
>
> On some more experimentation I realised this is how `cat' behaves, it
> doesn't show the lines written the first time, it only shows the stdin
> which is perfectly reasonable. My apologies :-p

Actually, cat doesn't show anything at all.  Your terminal emulator 
usually does, though.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: [OT] Hardlinks and directories

[Gordon Messmer]

On 02/12/2010 05:56 PM, Patrick O'Callaghan wrote:
> One of the comments to the LWN article also mentions the case of Apple
> allowing these links for the sake of their Time Machine backup system (I
> think it's restricted to that special case so it doesn't run the risk of
> a general-purpose feature). Presumably that's the main reason TM doesn't
> work with non-Apple partitions, despite several NAS manufacturers
> advertising that it does. I just bought an Iomega NAS partly on the
> strength of this and it definitely doesn't work.

I believe that OS X is supposed to create a .dmg (more or less) file for 
Time Machine when used with non-local disks.  Even when using Apple's 
Time Capsule, that's what it will do.  OS X can then mount the dmg file 
locally and do whatever it wants, independent of the capabilities of the 
NAS device.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: fedora power management not working in f13

[Gordon Messmer]

On 07/29/2010 01:17 AM, Chris Rouch wrote:
> I think this was working for f13 too until the last time i applied
> updates, though it may just be that i didn't test it.

The first thing you should try is probably to boot the oldest F13 kernel 
that you've got and see if the system's behavior is any different.

On both the older kernel and the new one, check the state of your batteries:

$ cat /proc/acpi/battery/BAT*/state

Record the results while you are on AC power and on battery power. 
There may be an ACPI bug in your system.  You might also want to update 
the BIOS to see if that corrects the problem.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Loss of X

[Gordon Messmer]

On 07/29/2010 03:27 PM, binary...@comcast.net wrote:
> (EE) AIGX error: dlopen of /usr/lib64/dri/swrast_dri.so failed 
> (/lib64/libexpat.so1: invalid ELF header)

I'd suggest downloading the rpm for expat (x86_64), then 'rpm -e expat' 
and 'rpm -ivh expat-xxx.rpm'.  Maybe save a copy of the /lib64/libexpat* 
files for later examination to figure out what corrupted them.  If you 
don't see anything that might have, check the system RAM using 
memtest86+ and check the hard disk for problems.  If the hard disk 
supports SMART, you can look at 'palimpsest' to see if any failures are 
reported.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: savemail: cannot save rejected email anywhere

[Gordon Messmer]

On 08/14/2010 07:29 PM, Kevin J. Cummings wrote:
>
>   Can someone please tell me where I can either configure sendmail to
> save these somewhere for me, or how I can get SpamAssassin to not drop
> these system "logwatch" emails (and *only* these logwatch emails) on the
> floor.

Check the man page for Mail::SpamAssassin::Conf.  Locate the 
whitelist_from_rcvd option.  That option will help you whitelist only 
your logwatch messages.  You'll need the "From" address and the hostname 
of the machine which sends them, as recorded in the headers of a message 
that you successfully received.

Your other option is to simply not run SpamAssassin on messages that you 
receive from hosts under your control, but since you haven't told us how 
you run SA, I don't know how you'd do that.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: savemail: cannot save rejected email anywhere

[Gordon Messmer]

On 08/15/2010 04:40 PM, Kevin J. Cummings wrote:
>
> The "From" address is:  r...@kjc386.framingham.ma.us
> which makes sense since it is being run directly as a cron.hourly
> script.  I have added this whitelist_from_rcvd to
> /etc/mail/spamassassin/local.cf.

whitelist_from_rcvd also requires the hostname of the sending system, as 
recorded in the Received: header.  Take a look at one of the messages 
that you've received to get this value.

>> Your other option is to simply not run SpamAssassin on messages that you
>> receive from hosts under your control, but since you haven't told us how
>> you run SA, I don't know how you'd do that.
>
> I had already tried to do that by adding this line to my
> /etc/mail/spamassassin/local.cf file:
>
> trusted_networks 192.168.6/24

That's not quite what I meant.  That still filters mail from your 
internal hosts through spamassassin, but tells it to lower the message 
scores from those hosts.  If that didn't work, you'd probably need to 
snag one of the messages marked as SPAM, save the complete set of 
headers to a file, and send it to the list.  Don't modify anything in 
the headers.  Don't exclude any of the headers.  If you do, no one will 
be able to tell you what your host wasn't affected by the 
trusted_networks setting.

> and my mail server is on that network  Do I need to do the same for
> 127.0.0.1?  (since the email is originating on the same system as the
> mail server?)

I'm not entirely sure, honestly.  If the message was submitted with 
SMTP, you probably should.

> And, yes, I did state that spamassassin is running directly as a
> sendmail milter, but you neglected to quote that in your reply.

Yes, somehow I missed that.  Sorry. :)
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: iptables question

[Gordon Messmer]

The file you'll want to modify is /etc/sysconfig/iptables.  Others have 
already posted the appropriate rules.  Make sure you have backups; if 
you ever run the system-config-security tool again, it'll over write 
your changes.

You could go one level up that stack and modify 
/etc/sysconfig/system-config-firewall, but I don't know where the 
documentation for that is located...
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: savemail: cannot save rejected email anywhere

[Gordon Messmer]

On 08/15/2010 09:15 PM, Kevin J. Cummings wrote:
>
> My 11:00 email got marked as [SPAM], here are the email headers:
...
>> X-Spam-Status: No, score=0.3 required=4.0 tests=ALL_TRUSTED,BAYES_00,
>>  FRT_ADOBE2,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,SPF_PASS,URI_HEX 
>> autolearn=no
>>  version=3.3.1
>> Received: from kjc386.framingham.ma.us (localhost [127.0.0.1])
>>  by kjc386.framingham.ma.us (8.14.4/8.14.4) with ESMTP id o7G312re009755
>>  (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
>>  for; Sun, 15 Aug 2010 23:01:02 -0400
>> Received: (from r...@localhost)
>>  by kjc386.framingham.ma.us (8.14.4/8.14.4/Submit) id o7G312a1009752
>>  for root; Sun, 15 Aug 2010 23:01:02 -0400
...
> [I'm wondering *why* it says [SPAM] if the X-Spam-Status score is 0.3?]

We can see that the ALL_TRUSTED rule matched and the spam-status is 
"no", so I think what's happening is that the milter is being run twice. 
  The first run isn't hitting ALL_TRUSTED and is setting the standard 
SpamAssassin headers and modifying Subject: while the second run 
replaces the previous SpamAssassin headers with new results.

We can also see that you've got to Received lines.  The second indicates 
ESMTP transport and assigns a new queue ID.

> Do I need to use localhost or kjc386.framingham.ma.us as the hostname
> for the whitelist_from_rcvd line?

I think you want localhost.  If I'm reading it correctly, you're hitting 
the trusted_networks setting, but not the whitelist_from_rcvd that 
you've set.

> BTW, I get all of root's emails sent to me through a sendmail alias.  If
> that matters

Out of curiosity, what does the alias look like?  Re-sending the message 
by SMTP and running the milter twice is pretty inefficient.  I wonder if 
that's done by the milter in order to allow per-user configuration 
settings?  I don't know enough about the implementation of the SA milter 
to say...
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sendmail on a LAN

[Gordon Messmer]

On 08/16/2010 10:46 AM, JD wrote:
>
> Clearly, a full setup of DNS server for your domain
> must be set up, per this wiki, along with mx records ...etc.
>
> Does this prevent one from settiing up and using sendmail
> on a LAN to send and receive email to/from the outside world?

Not by itself, but I don't like the advice in that tutorial.  It 
suggests a configuration with a catch-all address.  Long-term, you'll 
find that you have to turn this off or else your catch-all will receive 
an enormous amount of spam sent by spammers who used a dictionary attack 
and found that every address they test is valid on your system.  Without 
a catch-all, there's no purpose in using the virtual user feature at 
all, so the howto is somewhat more complicated than it needs to be.

Beyond that, it does not address several practical concerns with setting 
up a mail server.  First, you'll need a static address and a proper PTR 
for it.  You won't be able to set up a PTR without a static address, and 
if the reverse lookup for your IP address isn't valid, many systems will 
refuse your mail.  The reverse lookup (PTR) for your address must be a 
hostname that resolves to your IP.

aa.bb.cc.dd -> PTR myhost.example.com
myhost.example.com -> A aa.bb.cc.dd

You should also look up your IP address on a blacklist watcher:
http://www.dnswatch.info/dns/rbl-lookup

If you're listed in one of the dynamic IP blacklists, you want to set up 
a smart host through which you'll relay mail.  Many sites will otherwise 
reject your messages.  Likewise, if your ISP prevents you from making 
outbound connections to port 25, you'll need to use a smart host, 
because you couldn't send mail any other way.

> I understand that some things need to  be set up so that sendmail
> sends headers that use a routable IP address as the source of
> the message. Is it possible to make sendmail use my router's
> public IP address in the message headers? How?

No, that's not quite right.  Sendmail should be configured to use a 
valid hostname for HELO, but the IP address will be recorded in a header 
which is set by the receiver of the message.  You can't do anything to 
change that.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sendmail on a LAN

[Gordon Messmer]

On 08/17/2010 09:33 AM, JD wrote:
> Re:  a.b.c.d ==>  valid.host.name
> and valid.host.name ==>  a.b.c.d
> does not seem to apply to the google smtp server I use for Thunderbird.

You did your test entirely backward.  You did a forward lookup first, 
and then checked the PTR of the IP which was returned.  There is no 
requirement for a PTR to match every hostname that resolves to its IP 
address.

Let's finish your test:

$ host smtp.gmail.com
smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
gmail-smtp-msa.l.google.com has address 74.125.155.109

The result of this test merely identifies an IP address.  Now, let's 
test to validate that the IP returns a PTR that resolves to the same IP:

$ host 74.125.155.109
109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
$ host px-in-f109.1e100.net.
px-in-f109.1e100.net has address 74.125.155.109

Yep, totally valid.  That IP address has a PTR record, and the hostname 
contained in that PTR resolves back to the same IP address.  This host 
is properly configured.

> So, Thunderbird client does not seem to mind that
> reverse lookup does not match the name smtp.gmail.com

Clients rarely do.  It's the servers to which you're going to try to 
deliver mail that will mind.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sendmail on a LAN

[Gordon Messmer]

On 08/17/2010 11:26 AM, JD wrote:
> Well, that would require that sendmail would have to listen
> on that alternate port. How is that accomplished?

That's probably a step you don't need to take.  You just need your 
router to forward a port other than 25 to your sendmail server's port 
25.  The ports you forward probably don't need to match (unless that's 
an odd limitation of your firewall).
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sendmail on a LAN

[Gordon Messmer]

On 08/17/2010 10:09 AM, JD wrote:
> But I think at&t is blocking port 25.

Normally they will, and that's good.  It prevents infected Windows 
desktops from sending spam directly.

You'll want to arrange a smart-host through which you can route all of 
your outbound mail.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sendmail on a LAN

[Gordon Messmer]

On 08/17/2010 02:28 PM, JD wrote:
> So, why would any mail client/server send an email message
> to my ip address on a port other than 25?

They never would.

> Seems that I would need to configure the dydns account to
> forward the email to me on that alternate port, no?

Yes.  I merely meant that if you configured the firewall to direct port 
8025 to your sendmail server's port 25, you wouldn't have to take the 
step of reconfiguring sendmail.  You'd only need to set up an external 
MX at DynDNS, configure your dns MX record to point to their servers, 
and configure your router to forward the appropriate port.  No small 
configuration, but one that doesn't modify sendmail.

On the other hand, if your ATT firewall's configuration is simply to 
forward all ports, then you *would* have to modify sendmail.  I normally 
don't do that.  I forward only specific ports, and most firewall will 
allow you to set the destination port to something other than the original.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Is swap really needed when RAM's aplenty

[Gordon Messmer]

On 08/18/2010 04:00 AM, Sam Varshavchik wrote:
> With this amount of RAM being sufficient, do I really need a swap
> partition set up? I do understand that a swap partition is needed for
> hibernation, but this server does not need to hibernate.

Depends on the purpose of the machine.  Desktops often don't.  If your 
system is dedicated to running a single very large application, it is. 
Although processes under Linux get a COW image of their parent's memory 
at the time they fork(), the default configuration requires that there 
is at least enough memory for a copy.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: savemail: cannot save rejected email anywhere

[Gordon Messmer]

On 08/17/2010 09:50 AM, Kevin J. Cummings wrote:
>
> I did that yesterday.  No new SPAM markings on my hourly emails, though
> some of my other admin emails are now getting marked as [SPAM], like a
> couple of denyhosts reports.  One of them had a -2.6 SPAM level

I suppose you could post those headers as well, so we could offer 
further advise.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Recent Mirror Drain Bamage?

[Gordon Messmer]

On 08/19/2010 06:53 PM, Chris Kloiber wrote:
> Is it just me, or are the Fedora 13 repos experiencing real problems
> lately? I have to run yum upgrade as many as 10 times in a row to pull
> down all the updates as I keep getting what amounts to transient 404
> errors (may/may not work the second or third time, probably trying a
> different mirror). Just wondering...

You're not alone.  I've seen it, too.  Usually it's while rebuilding my 
bcfg2 package list.  The repodata seems to be inconsistent among mirrors.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Recent Mirror Drain Bamage?

[Gordon Messmer]

On 08/19/2010 07:58 PM, Robert G. (Doc) Savage wrote:
>
> To minimize my WAN traffic, I rsync the F13 release and update mirrors
> from //download.fedora.redhat.com to local repos every day, then yum
> update all my systems using those locals (rather like RHEL's Satellite).
> I've not seen any difficulties like you describe. (I'd be happy to send
> you copies of those scripts if you'd like.)

Your scripts won't actually prevent the problem he's describing.  If you 
sync off of a mirror that's bad, your mirror will be bad, too.

I use mock to do something similar, but it saves a tremendous amount of 
bandwidth, because it'll only download the packages that are listed in 
the kickstart file that it uses for configuration.  It also builds its 
own repodata, so you actually are protected from odd mirrors.  Your data 
will always be consistent.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: savemail: cannot save rejected email anywhere

[Gordon Messmer]

On 08/20/2010 09:39 AM, Kevin J. Cummings wrote:
> It looks like sa-milt is getting a-hold of the message first, and
> marking it as [SPAM] with a score of 6.2.  Then it looks like its
> getting run again

Yeah, I'm not terribly sure.  Honestly, I haven't run Sendmail on a mail 
server in close to a decade.  I use Courier and pythonfilter (actually, 
I wrote pythonfilter) these days.  After looking through this milter 
stuff, I'm really glad that I do.  Courier and pythonfilter are far simpler.

I installed the spamass-milter package from EPEL, assuming that's what 
you use, to look at it more closely.  As far as I can tell, the milter 
is running before Sendmail adds its Received: header, which means that 
you can't use whitelist_from_rcvd (or at least, that it's not effective 
early on).  Furthermore, I'm not sure if spamc is being run a second 
time because the milter is called again after alias expansion, or if 
you're simply calling spamc from your procmailrc.

spamass-milter has an option to exclude IP ranges from filtering. 
You'll probably want to configure that *in addition to* the rules you've 
already set up.  You should be adding those options in 
/etc/sysconfig/spamass-milter.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: savemail: cannot save rejected email anywhere

[Gordon Messmer]

On 08/22/2010 01:49 PM, Kevin J. Cummings wrote:
>
> Hmmm, yes, /etc/procmailrc runs it through spamc 

If that's the case, then the milter only really needs to reject messages 
with a suitably high score.  You should probably also configure it not 
to modify the body or headers.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SELinux

[Gordon Messmer]

On 08/29/2010 08:27 AM, Patrick Dupre wrote:
> With fedora 13, when I use Math:GSL, I get an error message:
> Can't load '/usr/local/lib/perl5/auto/Math/GSL/Errno/Errno.so' for
> module Math::GSL::Errno:
> /usr/local/lib/perl5/auto/Math/GSL/Errno/Errno.so: cannot restore
> segment prot after reloc: Permission denied at

Try:

chcon -t texrel_shlib_t \
   /usr/local/lib/perl5/auto/Math/GSL/Errno/Errno.so
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SELinux - a call for end-of-life.

[Gordon Messmer]

On 09/01/2010 05:35 AM, JB wrote:
> This idea is so sick - any real sys admin wants to know her machine inside 
> out,

There are more than two thousand items in my $PATH.  Yours is probably 
similar.  Do you understand what every one of them do?  Are you 
experienced with development in C and assembly?  All of the APIs present 
in your systems?  Enough to contribute to the maintenance of your software?

I understand if you're frustrated by unfamiliarity with this specific 
component, but I find myself in doubt that anyone is familiar with every 
component of their system.

If you are, then you're probably also capable of writing a replacement. :)
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: GNOME Terminal alternatives?

[Gordon Messmer]

On 09/07/2010 08:15 AM, Alex wrote:
> Some time ago I posted the message below, and still haven't been able
> to find the answers to the Terminal configuration questions that I
> have, and hoped someone might have some ideas. Is there an alternative
> that might be better suited for what I want to do, without requiring
> creating an .xtermrc from the command-line?

I don't believe gnome-terminal uses xtermrc.

> - How can I disable the automatic conversion of email address and URLs
> to hyperlinks?

I don't believe you can.

> - How can I make the mouse scroll wheel be used for scrolling back
> through the terminal buffer, rather than acting as an up arrow?

That's what it does in the default configuration.

> - How can I change the terminal bell sound?

I don't believe you can.  You can turn it off if it bothers you.

> - How can I configure the terminal so copy is performed by simply
> highlighting the text with the mouse, and paste is done through
> shift-insert?

That's what it does in the default configuration.

 > I understand the default is to press the mouse scroll
> wheel, but I would prefer the method I've described, and the scroll
> wheel on my mouse apparently doesn't always properly work -- sometimes
> it simply does not paste, and I have to do it a few times. I don't
> understand why, because it's a brand new mouse (MS Wireless 5000).

The wheel is probably too sensitive.  If it sends scroll up or scroll 
down, you won't get a mouse-button-down event.

> - I found a link to copy and paste between a terminal and Windows
> running in a VM, but isn't there a better way than installing and
> running a separate program on both Windows and Linux for this purpose?
> http://www.linux-kvm.com/content/copy-and-paste-between-vm-and-host

No.  There's currently no direct way to do that.  The easiest way is 
probably to enable RDP on your Windows guest and use rdesktop to access 
it rather than the VNC console provided by kvm.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: How to pass two routers

[Gordon Messmer]

There's no need to use NAT, proxy servers, or oddball iptables rules to 
accomplish what roland described.

As Dario pointed out, you have two options:

1) Set up a static route on each server in LAN A so that they use 
192.168.0.99 as their default gateway and 192.168.0.98 as the gateway 
for the network in LAN B.  You can configure the route using Fedora's 
network configuration tools.

2) Set up a static route on the router at 192.168.0.99 using 
192.168.0.98 as the gateway for the network in LAN B.  This will 
simplify the configuration of all of the servers in LAN A, since they 
don't need a route of their own.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: GNOME Terminal alternatives?

[Gordon Messmer]

On 09/10/2010 12:37 AM, Alex wrote:
>>> - How can I make the mouse scroll wheel be used for scrolling back
>>> through the terminal buffer, rather than acting as an up arrow?
>>
>> That's what it does in the default configuration.
>
> Is there some kind of configuration file that I can reset, because it
> now appears that it has changed from the default.

None that I'm aware of.  Perhaps your mouse is configured oddly.  Run 
"xev" (install xorg-x11-utils if you need to).  Place the mouse over its 
window and scroll up and down.  You should see button events for button 
4 and button 5, like this:

ButtonPress event, serial 33, synthetic NO, window 0x5c1,
 root 0xf8, subw 0x0, time 195653491, (139,139), root:(144,210),
 state 0x0, button 4, same_screen YES

ButtonRelease event, serial 33, synthetic NO, window 0x5c1,
 root 0xf8, subw 0x0, time 195653492, (139,139), root:(144,210),
 state 0x800, button 4, same_screen YES

>>> - How can I configure the terminal so copy is performed by simply
>>> highlighting the text with the mouse, and paste is done through
>>> shift-insert?
>>
>> That's what it does in the default configuration.
>
> I don't think I changed anything intentionally, but that isn't how it
> currently works for me. How can I configure it now to do that?

Again, I don't see any options that control this behavior.  xev might 
shed some light on what's going on on your system.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: problems with gigabit speeds on dual network card

[Gordon Messmer]

A couple of users have reported problems with that specific model NIC 
which were caused by bad capacitors in the switch.  You might look at 
replacing that or opening it up to see if you can spot any bad caps:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/309211
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Are all cores unlocked?

[Gordon Messmer]

On 09/22/2010 09:54 AM, Michael Miles wrote:
> As far as the speed being low the units have power saving features so
> when your not at load the processors will clock down.
> Disable all the power saving features in the Bios and you will see your
> speed go up to normal.

You'll also find that your system runs hotter and uses more electricity.

It's bad advice anyway.  You don't need to disable your power saving 
features to demonstrate that the system works normally at its full rated 
speed.  Add the "cpu frequency scaling monitor" to your GNOME panel and 
you'll have the option to set your CPU to one of its frequency steps or 
to select one of the available dynamic frequency settings available in 
the kernel.  No reboot is required!
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Problem with chrt

[Gordon Messmer]

On 09/26/2010 12:22 PM, JD wrote:
>
> $ sudo chrt 0 "./freq -s120 -u0 -r"
> chrt: failed to set pid 0's policy: Invalid argument
> $ sudo chrt 0 './freq -s120 -u0 -r'
> chrt: failed to set pid 0's policy: Invalid argument

0 isn't valid for the default policy (SCHED_RR).  "chrt -m" displays the 
minimum and maximum values valid for each of the policies.

> #!/bin/sh
> sudo nice --60 ./freq -s120 -u0 -r&
> ps -ef | grep freq | egrep -v 'grep|sudo' | awk '{ print $2 }' | xargs
> sudo chrt -f -p 0
>
> When I ran it, I got:
> [1]11340<  This is the pid of the sudo, and not of ./freq
> pid 11348's current scheduling policy: SCHED_OTHER
> pid 11348's current scheduling priority: 0
>
> So, the  gist  of this is that I requested a FIFO scheduling policy by
> the -f option to chrt.
> Yet, chrt decided to use SCHED_OTHER.

I don't know about the output, but again, 0 isn't valid for the FIFO policy.

> The joke is, it does not even parse it's args for the command the user
> wants to run.

Yes, it does:

# chrt 5 ls
bin  boot  cgroup  dev  etc  home  lib  lib64  lost+found  media  mnt  opt 
  proc  rootsbin  selinux  srv  sys  tmp  usr  var

> To wit (from soource code):
>
>   while((i = getopt_long(argc, argv, "+bfiphmorvV", longopts,
> NULL)) != -1)

getopt_long won't return non-option arguments.  Those are parsed later. 
  getopt returns option arguments and modifies argv to remove them after 
parsing.  Non-option arguments are left in argv.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Announcing the release of Fedora 14 Beta!!

[Gordon Messmer]

On 09/29/2010 08:03 AM, Philip Rhoades wrote:
> Isn't that an odd thing to do?  I would have thought that the point of
> having different pre-final release versions, including release
> candidates, is to progressively improve the version ie reduce bugs - as
> it gets closer to a final release?

It's a common practice.  The name "release candidate" indicates that the 
package is deemed potentially suitable for release.  Testers check the 
RC for bugs that should block the release.  If any are found, those are 
fixed and a new RC is tested.  When no blocking bugs are found, the 
release candidate is published as the release.  If changes were made 
after the last RC, they'd be published without testing.  That would be 
bad. :)
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: NFS Buffering

[Gordon Messmer]

On 09/28/2010 07:07 AM, Simon Andrews wrote:
> Does anyone know how to either make this buffer smaller, or get rid of
> it all together so the scp can accruately report on its progress?

Mount the NFS filesystem with the "sync" option.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines