How to add a new LUKS partition and open it with the global passphrase.
by yudi v
I have a system setup with LUKS on top of LVM, I plan to add a new LUKS
logical volume.
Adding the entry for this LV into */etc/crypttab,* makes it ask for the
passphrase at boot.
Now, what I want to know is how to make this partition decrypt using the
existing "global passphrase".
--
Kind regards,
Yudi
12 years, 9 months
dnsmasq and bind both running
by Genes MailLists
I seem to have dnsmasq running on my laptop serving dns - which is
very weird as the laptop is configured to run bind as the local DNS
server and is so put in the network config (kde network manager applet)
- so why is dnsmasq running - can it be turned off ?
12 years, 9 months
Automounting/unavailability of devices...
by William W. Austin
This never bothered me until after (a) I upgraded to fc15 and (b) a
friend asked me how to turn it off.
I have a box with a drive (used for writing out bios files
and the like for pc's).
When I insert a floppy, a cd, or a dvd into a drive and try to
access it, fc15 seems to have to think about it and then MAYBE give me
permission to access the device - and some things like xmms which used
to play cd's no problems or xine which did the same with DVD's get
blocked. (If I reboot under fc14 the problem goes away.)
I remember turning this off in 14 but for the life of me I can't
remember how. The behavior in 15 seems a bit more rigid than it was
in 14, although I can't be certain. I did a search through both the
docs AND my notes from 14, but I haven't found it yet.
Any info on how to turn off this "automount" feature would be greatly
appreciated.
Thanks
-- wwa
--
william w. austin airedad(a)att.net
"life is just another phase i'm going through. this time, anyway ..."
12 years, 9 months
POSIX ACLs, NFSv4 and umask discrepancy
by Robert Marcano
I have a network environment using Fedora 15 as clients and EL 5 as an
NFSv4 Server. Everything running with Kerberos thanks to FeeIPA. The
question is more related to POSIX ACLs and NFS that any FreeIPA special
setup, so asking here first.
FreeIPA uses a default configuration for user creation than plain Fedora
15, it adds all users to the same primary group named ipausers and do
not create a group for each user (1). Fedora correctly detects this
configuration when the group is not named equals to the user and does
not set the default umask 002 instead it use 022 (2) (see /etc/profile)
############################################################
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi
############################################################
Trying to setup a NFS export with files that are shared by a group of
user, not using group sticky bit instead POSIX ACLs (3), I created it
with the following ACL
############################################################
# file: directory
# owner: root
# group: root
user::rwx
group::r-x
group:sharedgroup:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:sharedgroup:rwx
default:mask::rwx
default:other::---
############################################################
group 'sharedgroup' has access to rwx on 'directory' and default ACLs
for new files is the same for the same group. When creating a file on
the server and on the NFS client with umask 022 and the same user I get
the following ACLs on the files
############################################################
# file: client
# owner: test
# group: ipausers
user::rw-
group::r-x #effective:r--
group:sharedgroup:rwx #effective:r--
mask::r--
other::r--
# file: server
# owner: test
# group: ipausers
user::rw-
group::r-x #effective:r--
group:sharedgroup:rwx #effective:rw-
mask::rw-
other::r--
############################################################
So the first thing to notice is that everything is exactly the same with
the exception to the mask, when created from the client it is not
assigned the same mask that when it is created on the server.
I know Linux implements a NFSv4 ACL to POSIX ACL mapping as explained
here http://wiki.linux-nfs.org/wiki/index.php/ACLs#Strict_Mapping ,but
Why the difference in behavior? Is it right? how to share files via NFS
with an environment where the users has umask 022 (2) and not 002, with
anyone adding, reading and writing files simply using the directory
(that is the reason of using POSIX ACLs)?
Thanks in advance.
(1) I am not a fan of the ipausers default group, but the like or
dislike of a group per user generate discussions like vi vs emacs
(2) Or a more strict one like 077
(3) Not feasible using an umask 022 because file group is assigned
correctly but still only readable
12 years, 9 months
Updater doesn't work
by Smith, Herb
Hello,
I'm a little late to the party here, so I don't know what has been discussed since the advent of FC 15. The main problem I'm having is that the Updater keeps telling me that there are updates but then when I click it to go ahead and install, it runs into all sorts of problems with many of the updates and will not execute. One of the main issues seems to be with the fedora-15-3 update, but there seem to be dozens that it has troubles with.
At one point in this process the updater popped up another window with a couple long lists of programs that needed updating that it was having trouble with and the window was longer than my laptop screen and I could not see the entire bottom of the window where the response buttons were located. The window could not be resized or anything. The only choice I had was to cancel the update process.
I'm not that excited about the new Gnome 3, but it will be ok if it gets to the point where more options are available. Although bluecurve is all installed (according to YUM), there doesn't seem to be a way to get it activated in the appearances. Also what's with the huge icons? Is there a way to get smaller icons ?
I have been a Fedora/RedHat user for some time now and have generally been impressed with the releases up to FC14. I'm hoping that things will be a bit smoother when 16 is available.
Thanks for any light (hope) you can shed.
Herb
12 years, 9 months
TCP Reno Recovery meaning
by Dan Track
Hi,
I've got the following fields in netstat -a:
TCPRenoRecovery: 28
TCPForwardRetrans: 378
TCPRenoRecoveryFail: 45
I'm ondering what the numbers mean, what does a count mean for each. I
understand what each item represents but struggling to understand what
the numbers mean, can someone help?
Thanks
Dan
12 years, 9 months
bare xorg black screen with mouse cursor
by dabicho
Hello.
I am setting up a fedora 14 installation for a kiosk.
This is starting X at boot by setting a script as a DISPLAYMANAGER to
simply change to an unproviledged user and startx with fvwm2
I am having a couple of issues.
1. If I log out (Ctr+Alt+BackSpace), X is restarted but on a
different console. At boot, it is at console 7 (i.e. to switch you use
Ctrl+Alt+F7), but after a logout, it starts at console 8, and any
subsequent restart is at console 8 too. Not sure if I missed
something.
The script is as simple as
su - unpriviledged_user -c startx
2. Through .Xclients it starts a web browser, fvwm2, xscreensaver and
a helper app for some tasks not available through the browser.
After some time of inactivity, xscreensaver kicks in, and sometime
later the screen is blank, but the system won't wake up except for the
mouse pointer, so it's the mouse pointer on a blank screen.
I think I may have missing a service or that some configuration for X
could help avoid this. I have not been able to fix it by killing any
process or going back through the consoles. I have not come to a
solution through google searches or by myself.
Anyone has any idea?
Any pointer is appreciated
Thank you.
12 years, 9 months
Problems setting up SSSD to authenticate to Windows 2008 AD
by Oded Arbel
Hi List. First time poster, so I'm doing something wrong please let me
know.
I'm trying to set up SSSD for a laptop running Fedora 14 to authenticate
against an Active Directory domain running on a Windows 2008 server.
I've followed the instructions in this page:
https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%
20authenticate%20with%20a%20Windows%202008%20Domain%20Server
(except the part about anonymous searches - our security policy will not
allow that), and I still can't get authentication to work.
When I try to log in using ssh to the computer I get this in the sssd
log file for the AD connection:
[sssd[be[AD]]] [simple_bind_done] (3): Bind result: Success(0), (null)
[sssd[be[AD]]] [be_run_online_cb] (3): Going online. Running callbacks.
[sssd[be[AD]]] [sdap_control_create] (3): Server does not support the
requested control [1.3.6.1.4.1.42.2.27.8.5.1].
[sssd[be[AD]]] [sdap_get_generic_done] (2): Unexpected result from ldap:
Operations error(1), 00000000: LdapErr: DSID-0C090627, comment: In order
to perform this operation a successful bind must be completed on the
connection., data 0, vece
Where the last two lines repeat a lot, though not interchangeably - I
get a lot more "server does not support the requested control" then the
other message.
Looking at /var/log/secure I get this:
sshd[8581]: pam_unix(sshd:auth): authentication failure; logname= uid=0
euid=0 tty=ssh ruser= rhost=192.168.XXX.XXX user=oded.a
sshd[8581]: pam_sss(sshd:auth): system info: [Cannot find KDC for
requested realm]
sshd[8581]: pam_sss(sshd:auth): authentication failure; logname= uid=0
euid=0 tty=ssh ruser= rhost=192.168.XXX.XXX user=oded.a
sshd[8581]: pam_sss(sshd:auth): received for user oded.a: 4 (System
error)
sshd[8581]: Failed password for oded.a from 192.168.XXX.XXX port 33213
ssh2
I'm not sure which problem is the one that killing the authentication -
the KDC or the inability to bind even though bind was successful.
Does anyone have any suggestions as to what I may try?
Thanks in advance.
12 years, 9 months
F15: encrypted USB stick has wrong mount permissions
by Patrick Lists
Hi,
I've created an encrypted USB stick as follows:
# dd if=/dev/urandom of=/dev/sdb1
# cryptsetup luksFormat /dev/sdb1
# cryptsetup luksOpen /dev/sdb1 luks-usb
# mkfs -t ext4 -L Kingston8GB /dev/mapper/luks-usb
# cryptsetup luksClose /dev/mapper/luks-usb
Now I remove the USB stick, wait a bit and put it back into my laptop
with F15. I am asked for the passphrase and the USB stick opens in
Nautilus. The only problem is that the owner of /media/Kingston8GB is
root.root and the permissions on the mounted USB stick are 755 (or
drwxr-xr-x.)
I don't see this problem when using a regular unencrypted USB stick.
Anyone know how I can solve the permission problem?
Thanks!
Regards,
Patrick
12 years, 9 months
