Discuss January 2014

discuss@lists.centos.org

194 participants
174 discussions

LVM thinpool snapshots broken in 6.5?
by Dennis Jacobfeuerborn 11 Jan '14

11 Jan '14

Hi, I just installed a CentOS 6.5 System with the intention of using thinly provisioned snapshots. I created the volume group, a thinpool and then a logical volume. All of that works fine but when I create a snapshot "mysnap" then the snapshot volume gets displayed in the "lvs" output with the correct information but apparently no device nodes are created under /dev/mapper/ or /dev/(volumge_group_name). Any ideas what might be going on here? Regards, Dennis

1 1

EL7 mirror: "There is no installed groups file."
by Warren Young 11 Jan '14

11 Jan '14

I installed the RHEL 7 beta here to test while waiting for CentOS 7 to arrive. On noticing that yum didn't work, I decided to set up a local mirror. I rsync'd ftp://ftp.redhat.com/pub/redhat/rhel/beta/7/x86_64/os/Packages/ to a local web server here, then regenerated the repodata directory with createrepo. Now yum works fine, for the most part. "yum search foo" pulls up a plausible list of packages, "yum install bar" chases dependencies as expected, etc. Unfortunately, "yum groupinstall" isn't working, which means I have no easy way to install Gnome on my minimal EL7 installation. Apparently I need some kind of "groups file" to feed to createrepo --groupfile, but I don't know where to get one, or how to construct one. I've dug around on ftp.redhat.com and can't find anything that looks plausible. I've tried manually installing packages to build up this GNOME desktop, but despite installing dozens of things, startx still doesn't give me something usable. I know I could get a GNOME desktop by reinstalling the OS, but that would wipe out a lot of the local work I've done on this VM so far. The only reason I need X in the first place is that system-config-printer no longer runs in text mode. (I'm trying to set up a CUPS server. So yeah, X11 is a prerequisite for installing a printer now. Lovely.)

3 3

Re: [CentOS] Can we trust RedHAt encryption tools?
by James B. Byrne 10 Jan '14

10 Jan '14

On Thu, January 9, 2014 17:52, m.roth(a)5-cent.us wrote: > Robert Moskowitz wrote: >> >> On 01/09/2014 05:28 PM, John R Pierce wrote: >>> On 1/9/2014 2:20 PM, Eero Volotinen wrote: >>>> It might be easier to compromise security of commercial products as >>>> source code is not available. they seem to have succeeded in compromising >>>>> STANDARDS and ALGORITHMS, to heck with implementations. >> >> Only algorithm they compromised was an RNG that got pretty strong thumbs >> down from the real cryptographers. They have not compromised any IETF >> standard; maybe kept quite about a problem, but have not put holes in >> any. Most of our problems with TLS is implementations and backwards >> compatiblity options. > > Not quite - anyone mandated to POSIX standards are effectively mandated to > use the compromised algorithms, as I understand it. > > mark Well, regardless of my thoughts on the ethics of this situation and my opinion about those who do these sorts of things, I have continued to research this issue. I have discovered that there is a great deal of literature respecting the weakness of the RNG and PRNG processes implemented on headless hosts, in particular headless hosts that are virtualised. Given the essential nature of true random number generation to cryptographically secure key creation this represents a significant weak point on such hosts. I am not going to reiterate or summarize any of this here because you can find these discussions easily enough via Google. However, I have developed a small script to alleviate the problem to some degree based on the writings and works of others. This requires the epel repository be enabled: #!/bin/bash cat /proc/sys/kernel/random/entropy_avail yum install dieharder haveged rng-tools -q -y cat /etc/sysconfig/rngd sed -i 's:EXTRAOPTIONS="":EXTRAOPTIONS="-r /dev/urandom":' /etc/sysconfig/rngd cat /etc/sysconfig/rngd chkconfig --level 2345 haveged on ; chkconfig --level 2345 rngd on service haveged start ; service rngd start cat /proc/sys/kernel/random/entropy_avail This increased the mean amount of entropy present in /dev/random on the systems I installed these packages on from ~176 bits to ~2048 bits. I continue to look into other related matters. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

1 0

Why does 'mysql' user has /bin/bash shell?
by Mihamina Rakotomandimby 10 Jan '14

10 Jan '14

Hello, Default MySQL installation on CentOS sets /bin/bash as shell. I'm on a user cleanup task where I want reduce unneeded privileges to users. What is the "mysql" user shell for? (What will happen if I change it to /bin/false or whatever would disable it's shell?) It's not only a matter of SSH (I'm aware I can AllowUsers in sshd_config for example).

5 7

Re: [CentOS] Why does 'mysql' user has /bin/bash shell?
by Warren Young 10 Jan '14

10 Jan '14

On 1/10/2014 13:09, Reindl Harald wrote: > > > i know that but the question is still WHY I don't think there is a good reason. Someone made a mistake. File a bug report upstream. I've now downloaded and examined the .src.rpm for every 6.x point release plus that for 5.10, and they all do this. On skimming the changelog section of the spec file, I can't see an entry that explains why this was done. However, I might have more success if I knew the first version where this changed -- if indeed it ever did behave differently -- but I haven't found that version yet. I don't think I'm going to spend any more time looking, though, since 6.0 takes me back 3 years. This behavior has been in there for quite a long time.

1 0

Re: [CentOS] Why does 'mysql' user has /bin/bash shell?
by Warren Young 10 Jan '14

10 Jan '14

On 1/10/2014 12:14, Reindl Harald wrote: > > Am 10.01.2014 20:11, schrieb Warren Young: >> >> I just tested here on an EL6 VM that didn't have mysql-server on it before: >> >> # grep mysql /etc/shadow >> mysql:!!:16079:::::: > > in the config file where the users shell is defined you may find more :-) > > grep mysql /etc/passwd You've misunderstood the point of that test. It is proof that John Doe's guess is right: the mysql user's account is locked (!!). This means that only way you can "log in as mysql" and thus make use of the /bin/bash setting is to first be root, then "su - mysql". You can't su to mysql from a non-root account since that would require a password. That's why I guess this is a symptom of a wooly-headed change to the spec file, rather than some nefarious security breach. By the way, vault.centos.org is back. Here's what we find in the spec file: /usr/sbin/useradd -M -N -g mysql -o -r -d /var/lib/mysql -s /bin/bash \ -c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || :

1 0

CentOS on HP DL360e with B120i
by tony＠softins.co.uk 10 Jan '14

10 Jan '14

I am trying to install CentOS5 on a new HP DL360e G8 with B120i disk controller. It appears that a proprietary HP driver is needed for it. I found a useful description at http://www.linuxhelp.in/2013/08/Installing-centos-on-HP-Proliant-DL360e-Gen… I have a pair of hard drives to use as a RAID1 mirror. My question to people who may have been this way already is: is it worth my fiddling around with that procedure to get the RAID controller working, performance-wise, or might I just as well use AHCI mode with kernel mdraid? I normally use Supermicro with AHCI and mdraid quite happily, but the customer wanted HP :( Cheers Tony -- Tony Mountifield Work: tony(a)softins.co.uk - http://www.softins.co.uk Play: tony(a)mountifield.org - http://tony.mountifield.org

6 8

Recomended Virtual Host setup
by Veljko 10 Jan '14

10 Jan '14

Hello, I want to ditch cPanel I currently have on my server, so I'm thinking of the way to implement virtual hosts with software provided by CentOS/RadHat. I know I can use additional repos to get mod_fastcgi for example, but what is the method recommended by RadHat? I want every virtual host php process to run as owner of that php file. I see that mod_suphp and mod_fastcgi are available on rpmforge, but how to achieve what I want using only RedHat provided software? Regards, Veljko

1 0

FYI: an selinux hack
by m.roth＠5-cent.us 10 Jan '14

10 Jan '14

We've got a website that was written years ago, and maintained by various people since. For some unknown reason, the original person or persons hard-coded, in a number of scripts, for these perl CGI scripts to write to a logfile... in the websites cgi-bin directory. *DUH* And the guy who was more-or-less maintaining it fixed one or two (I don't know how, he probably hardcoded), but the rest still wrote to the same log. No, I can't go in and fix it all. So, to shut up selinux, I moved the logs to /var/log/httpd/website/, and made a symlink from the cgi-bin location to there... and it worked. No garbage from selinux. Of *course* it's a hack, but I figured there are others out there in the same position - aren't allowed to go fix it *right* (as in, they should read a config file in /etc...), have to have selinux at least permissive, and want to cut down the noise in the logs. mark

1 0

Who deletes/edits my resolv.com ?
by Timothy Murphy 10 Jan '14

10 Jan '14

Every now and again the nameservers in /etc/resolv.conf on my CentOS-6.5 server are commented out. I used to think this was the fault of NetworkManager, but I've stopped running that on the server (using the network service instead) and the nameserver removal still occurs. I'm baffled by the motivation for this, as I can't think of any situation where it would be of advantage to have no nameservers listed. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland

4 7

← Newer
1
...
11
12
13
14
15
16
17
18
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss January 2014