--- Log opened Wed Jun 25 16:54:08 2003
--- Log closed Wed Jun 25 16:54:46 2003
--- Log opened Wed Jun 25 19:02:55 2003
-!- sweeper [~mbroome@moya.trilug.org] has joined #trilug-rhce
-!- Topic for #trilug-rhce: Next meeting: User and Host Security, Wed 25 Jun 2003, 8:00 PM EDT - IRC
-!- Topic set by jtate [] [Wed Jun 25 17:13:09 2003]
[Users #trilug-rhce]
[@ChanServ] [ jeremyp] [ jtate] [ sweeper] [ Tribot] [ tripaste]
-!- Irssi: #trilug-rhce: Total of 6 nicks [1 ops, 0 halfops, 0 voices, 5 normal]
-!- Channel #trilug-rhce created Sun Apr 6 17:01:25 2003
-!- Irssi: Join to #trilug-rhce was synced in 0 secs
< jtate> TallyHo sweeper
-!- gmontag [~Eclectic@cpe-024-211-155-213.nc.rr.com] has joined #trilug-rhce
-!- SinnerP [~sinner@ip68-101-8-79.nc.hr.cox.net] has joined #trilug-rhce
< SinnerP> how-dee
< jeremyp> Evening.
-!- Nivex [mystic_nat@adsl-157-45-25.rdu.bellsouth.net] has joined #trilug-rhce
< SinnerP> gutten evening
-!- ovrclokd [~lisa@moya.trilug.org] has joined #trilug-rhce
< ovrclokd> hello all
< SinnerP> jell-o ovrclokd
< ovrclokd> sorry i missed the meeting last week
< ovrclokd> i made it back from tampa to charlotte, then got stuck in charlotte. :(
< SinnerP> ovrclokd: a lot of airtravel sucks. The airports seem to be in a conspiration to cause delays, layovers and missing flights :(
< jeremyp> My mother flies to Philly once or twice a week. The last three weeks she said she hasn't gotten home on time, or even within an hour of on-time, ONCE!
< SinnerP> mmm
< ovrclokd> sinnerp: absolutely. i was on 13 planes in 2 weeks recently, and about half of them had some issue or another
< ovrclokd> jeremyp: my sympathies to your mother. OUCH.
< SinnerP> maybe all those lay-offs of airport workers are somehow affecting the QoS
< ovrclokd> sinnerp: i wouldn't doubt it. about half my problems were weather-based, but the other half were mechanical.
< ovrclokd> sinnerp: it's amazing to me that i haven't fallen out of the sky.
-!- cybertooth [~cybertoot@rdu57-31-133.nc.rr.com] has joined #trilug-rhce
< jtate> cybertooth: You were kicking my butt in there.
< jtate> So, does anyone have any questions about last week?
-!- jtower [~jason@moya.trilug.org] has joined #trilug-rhce
< cybertooth> Blame Jtower... he's my mentor
< ovrclokd> i've seen /sbin/false used instead of /sbin/nologin. do they do the same thing, or does /sbin/false disable the account?
< jtower> oops, forgot about this again, as usual
< SinnerP> ovrclokd: my sister was on an airplane that had a propeller fell down, when taxiing
< jtower> question - in top/uptime, what exactly does the load number actually correspond to?
< ovrclokd> sinnerp: i think i'd have gotten off the plane at that point. :(
-!- scott_l [~scott@user-0c8hpp4.cable.mindspring.com] has joined #trilug-rhce
< jtower> a moose once bit my sister
< SinnerP> answer: the number of processes waiting to be processed
< jtower> ah
< jtate> ovrclokd: not sure: their man pages are very different.
< ovrclokd> sinnerp: it's the average for 1 minute, 5 minutes, and 10 minutes - right?
< jtower> so it doesn't necessarily match up to cpu idle time
< SinnerP> so, load < 1.0 , there's no waiting in processes to be executed
< SinnerP> ovrclokd: sounds right. I don't remember the proper numbers
< jtower> i have this on a client server:
< jtower> 8:04pm up 40 days, 7:35, 1 user, load average: 1.35, 1.76, 1.33
< cybertooth> I've seen nologin used when they wanted to allow certain rights but no direct login to a box, false for when the user is simply used for a rights mask (like for an executing program), but they are similar enough to be interchangable
< jtower> that seems pretty high to me
< jtate> ovrclokd: nologin displays the message in /etc/nologin.txt and then exits.
< SinnerP> jtower: this means that there are more processes tob e executed than the capabilities of your CPU
< SinnerP> jtower: you want to check for any process going asstray and eating way too much CPU
< ovrclokd> jtate: cool, so you can customize the "go away" banner. :)
< jtate> false exits with an error code.
< jtate> Right.
< scott_l> is there a limit to the load ? ie: if a machine is just on it's knees is that load an absolute or relative number? could you see 9.9 as a load avg?
< jtower> SinnerP: there are just a lot of different processes - apache, named, sendmail, ftp, ...
< ovrclokd> jtate: will false still allow them to ftp / do something that doesn't need a shell login?
< jtower> ovrclokd: yes
< ovrclokd> scott_l: i've seen a load average of 53. (for real.)
< scott_l> as well you can customize the "welcome" banner in /etc/issue I think is where that is done.
< jtower> i usually change the login shell for people who only need email retrieval, for example
< ovrclokd> scott_l: the box fell over shortly afterwards.
< SinnerP> jtower: press 'P' to sort by CPU usage
< scott_l> or remove it if just want a login in prompt and no info.
< jtate> ovrclokd: what jtower said
< SinnerP> and check who is eating CPU
< scott_l> I was just curious.
< SinnerP> I use /bin/false for email retrieving
< jeremyp> scott_l: I've seen load averages in the hundreds before
< jtate> SinnerP: Yeah, that's probably a good one.
< jeremyp> On big FTP mirrors and such. Lots of FTP processes running and such
< jeremyp> and such
< jeremyp> :)
< scott_l> ouch.
< ovrclokd> jeremyp: d**n.
< ovrclokd> jeremyp: was that a "normal" (as in, the box was running and serving users consistently, not on its way down) load?
< jtower> one of my clients IMs me and says his web/mail server is very sluggish, and the loads are between 1 and 2. does that sound right?
< jeremyp> Yes. kickstart.linux.ncsu.edu after a RHL release
< SinnerP> jtower: nope
< jeremyp> jtower: depends, run 'iostat' and see where the load is. If its in IDE drive access, then yes that could be sluggish
< jtower> top shows that cpu idle time is hovering around 30-40% though
< jeremyp> kickstart is all scsi, so its load was just due to the very high number of vsftpd processes running
< SinnerP> jtower: which webmai program are they using?
< jtower> bash: iostat: command not found
< ovrclokd> jeremyp: makes sense. that's pretty impressive.
< ovrclokd> jtower: /usr/bin/iostat
< jtower> it's call an ensim server, it's a commercial virtual hosting package that runs on rh72
< jtower> butit uses standard daemons - apache, sendmail, proftp, and so on
< cybertooth> I've played with a lot of ensim servers. The sendmail is setup poorly on the boxes
< jtower> bash: /usr/bin/iostat: No such file or directory
< jeremyp> ovrclokd: the limitation on the kickstart server was network bandwidth in or out
< jtate> jtower: up2date iostat
< jtower> jtate: no can do
< jtate> Or however you install the package
< jtower> it's not my server
< jtower> although i do have root :)
< ovrclokd> jtate: when you say set /tmp as its own filesystem, do you mean make it a separate partition?
< jeremyp> ah, it's in the sysstat package
< jtate> Hmm. ovrclokd what's the package name for that?
< jtate> ovrclokd: Yes.
< jeremyp> apt-get install sysstat
< ovrclokd> jtate: is that just to keep someone who fills up /tmp from crashing the box, or are there other reasons?
< jtower> this is not good:
< jtate> That's one reason.
< jtower> [root@host sbin]# df -h
< jtower> Filesystem Size Used Avail Use% Mounted on
< jtower> /dev/hda1 4.4G 4.4G 44M 100% /
-!- RedWolfe [~ggw@durham-ar1-4-64-253-233.durham.dsl-verizon.net] has joined #trilug-rhce
< jtate> jtower: Yes, that's a problem.
< ovrclokd> jtower: not good any!
< jeremyp> only 44M available ?
< jtower> a big problem
< scott_l> is that on the box that's slow?
< jtower> well, i think that /dev/hda is only a virtual disk, not a physical one
* RedWolfe wave meekly
< ovrclokd> hi redwolfe! your brother is on his way home. :)
< jeremyp> hda = IDE ... IDE raid? or something strange with ensim ?
< jtower> the latter
< jtate> http://www.trilug.org/~lisa/rhce-security-talk.030618.txt are the notes from last week.
< RedWolfe> merci beaucoupe
< jtower> no way a P4 server is running a 4gb ide disk
< SinnerP> jeremyp: RAID is /dev/mdx
< jeremyp> SinnerP: I meant hardware IDE raid
< jtower> i think ensim "tricks" each virtual server into thinking it has /dev/hda of its own
< jeremyp> jtower: that just means the first partition is 4GB, not the whole disk
< jeremyp> jtower: run 'fdisk -l /dev/hda'
< SinnerP> then the device depends on the driver (module)
< jtower> that's the ONLY partition
< jtower> fdisk and parted don't work
< jeremyp> (that's safe, it just listens the partition table)
< jtower> that's why i think its a virtual disk
< jeremyp> no swap shows?
< jtower> no
< jtower> still, its a FULL virtual disk
< jtower> it's funky
< jeremyp> does 'free' show a swap partition ?
< SinnerP> jtower: for some reason, I believe that /dev/hda cannot be a virtual disk
< jtower> [root@host sbin]# free
< jtower> total used free shared buffers cached
< jtower> Mem: 262144 112228 149916 28696 0 18292
< jtower> -/+ buffers/cache: 93936 168208
< jtower> Swap: 131072 25828 105244
< jeremyp> SinnerP: it is, in the context of ensim
< jtate> jtower: Look for a link in /dev
< SinnerP> jeremyp: wierd
< jeremyp> Looks like ensim uses kernel patches to do wacky stuff. I've heard of this a little over on shrike-list
< SinnerP> jtower: cat /proc/memstat
< jtower> [root@host dev]# uname -r
< jtower> 2.2.19-6.2.1ensim-3.1.5-2
< ovrclokd> sinnerp: d'you mean /proc/meminfo?
< jtower> jeremy shoots and scores
< jtower> 2.2 kernel no less
< SinnerP> ovrclokd: cat /proc/mem[TAB]
< ovrclokd> sinnerp: *grin*
< ovrclokd> sinnerp: just wondering if there's something that should be in my /proc that isn't!
< SinnerP> hehehe
< jtower> jtate: there is a /dev/hda, not a symlink, but a block device
< jtate> Hmm.
< jtower> i mean, i can tell what the problem is. the disk is full and the server is being hammered
< ovrclokd> jtower: what's in /proc/partitions?
< jtower> that's all there is to it. 120+ processes, mostly httpd and sendmail
< ovrclokd> jtower: what's filling it up? can you relo some logs?
< jtower> proc is mostly empty, none of the usual stuff is there
< jtate> du -h might be useful
< jtower> ovrclokd: hard to tell, du won't return any results
< SinnerP> ovrclokd: a list of your partitions
< jtate> Doh. Nevermind.
< jtower> and i haven't poked around fully yet
< SinnerP> ovrclokd: /proc is very very useful to get *real* info about the systems
< ovrclokd> jtower: you could check /etc/httpd/logs
< ovrclokd> sinnerp: yes - i was wondering what it would tell jtower about the partitioning on the slow box
< jtower> i'm trying to talk the guy into letting me build him a new server, one that can handle the load better
< jtate> jtower: Where are the mail spools?
< jtower> no idea
< jtower> ensim does some wierd things with users
< jtower> and their mail and other personal files
< RedWolfe> ? ensim ?
< cybertooth> The spools are in the chroot.
< jtower> it's not meant to be managed via a shell, but rather by the web interface
< jtower> it's like a twilight zone linux server
< SinnerP> jeeeezzzzzz
-!- ccw [~ccw@durham-ar1-4-64-253-233.durham.dsl-verizon.net] has joined #trilug-rhce
< ovrclokd> jtower: try home/virtual/$siteadmin/var/spool/mail/$user
< ovrclokd> oops, dropped the leading /, sorry
< jtower> yup, that's where they are
< jtower> bunch of symlinks in /home/virtual
* SinnerP has a list of LDAP tools
* jtate wants a them
< ovrclokd> ensim docs says there's a cron job to move the mail to /var/spool/mail/$user every 5 min, too
< jtower> SinnerP: where were you and your list last night when we needed it?
< cybertooth> All the ensim servers I've worked on were risc processors ... very slow.
< cybertooth> We did okay!
< SinnerP> jtower: ... speeping?
< cybertooth> better than sleeling
< jtower> SinnerP: just joking. we had a minor ldap problem last night on a suse box
< jtower> we == cybertooth and i
* jtate wishes he could have gone
< jtower> jtate: it was pretty slick, although the installer was a tad buggy
< SinnerP> gq <http://biot.com/gq/> , Directory Administrator <http://diradmin.open-it.org/index.php> , KDirAdmin <http://www.carillonis.com/kdiradm/> , LDAP Browser/Editor, <http://www-unix.mcs.anl.gov/~gawor/ldap/download.html> , LDAPExplorerTool, <http://ldaptool.sourceforge.net/>
< ovrclokd> jtower: there's an ensim webappliance pdf guide at http://www.remarkablehosting.com/support/guides/wp23/WEBpplianceTechGuideBook.pdf
< cybertooth> josep, how about sending it to the rhce list?
< jtower> ovrclokd: neat, unfortunately that's for a really old version
< ovrclokd> jtower: d'oh! sorry.
< SinnerP> cybertooth: good idea
< SinnerP> (doh!)
< ovrclokd> jtower: what version are you running?
< SinnerP> cybertooth: who are you again?
< jtate> Of course it's a good idea
< cybertooth> tribot, who am i?
< Tribot> cybertooth is the amazing and incredible Jon Carnes
< RedWolfe> tribot: whois cybertooth
< Tribot> cybertooth is the amazing and incredible Jon Carnes
< cybertooth> jinx!
< SinnerP> doh!
< SinnerP> XDDDDDDDD
< jtate> Tribot: Who is amazing and incredible?
< Tribot> jtate: no idea
< jtower> ovrclokd: 3 point something
< jtower> and it's nearly two years old
< jeremyp> how many virtual servers?
< jtate> So, I think that we decided that a misconfigured /etc/hosts.allow & /etc/hosts.deny would be a great thing for the troubleshooting part of the RHCE
< jeremyp> yeah, misconfigured network files in general.. .hosts, exports, network-scripts/ifcfg-eth*
< jtate> Note that there are a ton of ways to screw up access to your system:
< ovrclokd> jtower: if you google for ensim webppliance technical guide 3 there're several versions...
< jeremyp> oh, and make sure you know how to do password recovery
< jeremyp> does everyone know how to do that? (password recovery)
< jeremyp> ie, boot in single user mode
< jtower> ovrclokd: it's not actually my server to admin, some other company runs it for my client. i just have the root pw for his virtual server, not the entire box
< jtate> tcpwrappers, xinetd, iptables as well as the individual application can limit access based on ip address.
< scott_l> I was thinking that was the answer, (single boot) I was sitting here wondering if there was another way
< jtate> scott_l: a reinstall, if you have /home in a separate partition.
< jeremyp> use 'a' in grub to add 'single' to the end of the boot line
< jtate> Tom's root boot.
< ovrclokd> jtower: mm, so you're supposed to debug it without having full access to it. i hope you're charging him enough. :)
< jtate> If you
< jeremyp> or "linux single" in LILO (assuming the boot image is called linux)
< jtate> 've forgotten the grub password.
< jtate> The Rescue disk should give you enough to get in to recover your password.
< jeremyp> Yes but you might not have the rescue disk or Tom's Root Boot on the RHCE
< ovrclokd> jeremyp: will they let you take tom's root boot in with you?
< jeremyp> Kknow single user mode!
< jtower> ovrclokd: not really, he just asked me to look into it
< ovrclokd> :)
< jtower> but i did tell him that his disk "slice" was totally full
< ovrclokd> jtower: that's fair. i'm just punchy tonight - had a cider with dinner.
< RedWolfe> no take-in's on RHCE, but the boot images might be available
< SinnerP> jeremyp: I thought that you did "e" (edit) and then added " single" to the end of grub's boot line
< jtower> ovrclokd: besides, i received his last big invoice payment today. that'll buy him some free troubleshooting :)
* SinnerP has just sent the email
< jeremyp> SinnerP: with e, you have to choose a line to edit and it's a pain
< jeremyp> SinnerP: with a, it's much easier
< ovrclokd> jtower: always a good thing. are you payday splurging at stayonline tomorrow? :)
< SinnerP> jeremyp: just edit the longest line. It always works (TM)
< jtower> ovrclokd: sure, meet me there at noon. if i'm a litle bit late just keep waiting...
< ccw> I found a fairly obsure way of lousing up X this week (talking about obsure ways of boluxing a system)...
< jeremyp> SinnerP: 'a' is much easier. Why make it difficult ?
< SinnerP> jeremyp: I knew 'e'. I didn't knew 'a'
< jtower> isn't e for making permanent changes, while a is only one time?
< SinnerP> 'e' is for editing the whole line... just that time
< SinnerP> so you can change boot partitions and kernel versions
< SinnerP> useful when grub.conf is botched
< jeremyp> I suppose you could use e if you really messed up your grub.conf
< ovrclokd> jtower: already indulged in my splurge for this month - 2 new WD1200JBs. :)
< jtate> ovrclokd: Are they the same Firmware?
< ovrclokd> ccw: whatja do?
< SinnerP> woohoo!
< RedWolfe> ccw: so tell us already
< jeremyp> but a is useful for adding/editing the kernel parameters, namely adding 'single' (or other test kernel parameters), so it's faster and easier for most purposes
< jtower> ovrclokd: i have one of those in my p166 backup server
< jtate> I've got two of those, but different firmware, and one drive has 31MB more than the other.
< jeremyp> ovrclokd: 120GB? Wussy! Go for the 160 ! :_
< ccw> the directory /tmp wasn't umask 1777 (it was 755). X wouldn't start because xfs couldn't make the unix/7100 socket and X couldn't find the "fixed" font and wouldn't start ...
< jeremyp> (that was supposed to be a :)
< jtower> jtate: want a matching set? i'll see what firmware mine has and trade you if you want
< SinnerP> ccw: that's a good trick
< jtate> Nah, I'
< ovrclokd> jtate: dunno - i'll have to check! how do you tell what firmware it has?
< jtate> ve already got the mirror all set up.
< SinnerP> another good trick is to have another :0 X session runing... in VT != 7 ,
< jtate> ovrclokd: You'll have to boot using the WD diag disk.
< ccw> it seems /tmp got set to 755 during RedHat 8.x to 9.0 upgrade ...
< ccw> It took me a little while to figure that one out ... :)
< ovrclokd> jeremyp: just couldn't bring myself to pony up the $$$.
< RedWolfe> oh, RH claims they dont support /usr/tmp as anything but a symlink the /var/tmp!
< jeremyp> ccw: that's odd, it should have been kept with the sticky bit
< ccw> jeremyp: sounds like famous last words... :) it was 1777 when we started and 755 when we finished ...
< jtate> There are some nifty LDAP scripts in /usr/share/openldap/migration
< jtate> ccw: Going back in time are we?
* ccw wonders how so ...
* RedWolfe does the "Time Warp"
< ovrclokd> jeremyp: the 120Gb were the same price i paid for my pair of 80s last year. ah, progress...
* ccw only does Rocky Horror on Fridays at the Realto ...
< jtate> Remember though you still have to set up the root entry in LDAP before you can add any of the output generated by those scripts.
< SinnerP> jtate: yes, there are. And MDK has an interesting tutorial for LDAP + Samba integration, by "Ranger"
< SinnerP> jtate: very true
< SinnerP> ccw: you going to the Realto?
< ovrclokd> jtate: is that their data lifeguard suite? i bought mine bare, so no disk - have to see if i can download it.
< jtate> ovrclokd: Yeah, that's the one
< jtate> ovrclokd: Sadly, there's no utility to update the firmware.
< cybertooth> think I'm just going to bz for a bit...
< ovrclokd> cybertooth: have fun storming the castle! :)
< ovrclokd> jtate: bummer. :(
< RedWolfe> s/Realto/Rialto/
-!- scott_l [~scott@user-0c8hpp4.cable.mindspring.com] has left #trilug-rhce []
< ccw> SinnerP: sorry, went and got a Coke. Rocky Horror at the RIALTO every Friday night at midnight ...
< SinnerP> cool
< SinnerP> say hi to mikem
* SinnerP goes for an iced tea
* jtate had an ex-girlfriend who used to go pretty frequently.
< ccw> SinnerP: don't forget your newspapers, umbrellas, rice, bics, what have you ... but I haven't been down there in a while ...
< jeremyp> jtate: um, not sure we wanna know that :)
< SinnerP> jejeje
* ccw too much information ...
< SinnerP> ...data overload
< jtate> Go to Rocky
* RedWolfe does the "Time Warp"
< ccw> we all could go Friday week ... ?
* ccw imagines an RHCE Rocky Horror excurssion ...
< SinnerP> my Fridays are pretty busy: drivin' drivin' and more drivin'
< ccw> At midnight ??
< SinnerP> RHCE Rocky Horror Certified Engineer ?
< RedWolfe> Sinner, going somewhere and back?
< SinnerP> RedWolfe: Winston-Salem <-> Greenville
< SinnerP> ccw: sometimes, I finish driving at imdnight, yes
< RedWolfe> Rocky Horror Certified Emoters
< SinnerP> sometimes, Greenville <-> Richmond
< ccw> EVERY Friday ??
< SinnerP> ccw: most of them
< SinnerP> I got awesome mileage, though
< RedWolfe> ovrclokd, any special questions?
< ovrclokd> sinnerp: sounds like you need a hybrid.
< SinnerP> ovrclokd: better than that, I have a TDi
< ccw> Well, does anybody else want to join in a RHCE RHE?
< RedWolfe> ?TDi
< ovrclokd> redwolfe: i looked over the notes; they look pretty thorough.
< SinnerP> RedWolfe: Audi's Turbo Direct Injection diesel engine
< RedWolfe> Ahh, cool
< SinnerP> RedWolfe: on a VW Jetta.
< ovrclokd> redwolfe: is there any way other than sudo to give a non-root user the ability to mount a drive?
< jtate> Automount in /etc/fstab
< RedWolfe> yep, usermount option in fstab
< jtate> You could probably also figure out a way to put the drive in /etc/security/console.perms
< ccw> write a SUID program that mounts the drive, unSUIDs and spawns a shell. Exit to unmount (scripts have too much potential for abuse...).
* ccw like jtates solution, too...
< ovrclokd> cool ideas. what about smbmounting a share on from another system?
< ccw> ovrclokd: me or jtate?
< SinnerP> you can specify that on /etc/fstab . same rules
< ovrclokd> ccw: anyone. :)
< jtate> ovrclokd: LUFS is supposed to allow user space mounting. I thought there was an option for using smbmount as non-root.
< ccw> ovrcclokd: want a generalizedd solution or fs specific?
< ovrclokd> ccw: yes. :)
< ovrclokd> ccw: i smbmount a share on mike's box to backup my digital images over thre
< ovrclokd> ccw: it'd prefer not to have to su to root every time to mount/unmount it
< ovrclokd> s/it'd/i'd
< RedWolfe> ovrclokd, the user option should work
< jtate> Of course you have to be root to edit the /etc/fstab.
< jtate> You could setup smbmount to be a console app.
< RedWolfe> that wasn't the problem, she didn't want to have to keep using su/sudo
< jtate> check out the files in /etc/security/console.apps
< ccw> ovrclokd: in that situation, automount ought to we just what you'd need...
< jtate> These are the applications that a "Console" user can run.
< jtate> A console user is the first person to log into a machine either on the TTY or GDM/KDM login screen.
< ovrclokd> jtate: hm. does that include all shell sessions for the logged-in user?
< ovrclokd> ccw: is there any way to force the drive to unmount when i'm done with it?
< jtate> ovrclokd: It should.
< ovrclokd> ccw: i know automount would unmount it eventually, but i don't want it hanging out there in case mike's box goes away
-!- Nivex [mystic_nat@adsl-157-45-25.rdu.bellsouth.net] has left #trilug-rhce ["Exit, stage right."]
< ccw> you can set the timeout period in fstab ...
< jtate> It sets perms on the files, no real magic.
< ovrclokd> jtate: sweet. i'll give that a try.
< SinnerP> jtate: Console user... is it always the same user? or is it the first user that logs in after a reboot?
< SinnerP> can root be the Console user?
< ovrclokd> ccw: mm, yes, but if i wander off while it's transferring, it might unmount before i'm ready
< jtate> The first one to log in, until all sessions for that user are terminated.
< jtate> Yes root can be the console user.
< ovrclokd> ccw: altho i guess if i try to access the directory it'll just re-mount it for me...
< jeremyp> if another user subsequently logs in, they'll get the perms
< jeremyp> rebooting doesn't have anything to do with it
< ccw> that's whoever logged in on console until session token is relinquished, I think ...
< RedWolfe> automount monitors activity and backs off if the fs is busy
< RedWolfe> ccw, right
< ovrclokd> redwolfe: *nods* i tend to kick off a copy, walk away, and check on it in 15 minutes or so. sometimes it only takes 3 of those minutes, tho. :)
< RedWolfe> it is limited to the physical console
* ccw nods to RW comment ...
< ovrclokd> jtate: i have redhat-config-services in /etc/console.apps - when i try to run it as lisa, it prompts me for root's pwd. is that because user=root is set in the file itself?
< ccw> OC: will not unmount if fs is in use. This includes current directories of a shell ... so, if you cd to fs, it will
< ccw> stay mounted until you cd out or exit ...
< jtate> ovrclokd: Yeah. Probably.
< ovrclokd> jtate: hm. just changed to user=lisa and i'm still getting the prompt for root's password. interesting...
< ccw> OC: you may have to restart the service ...
< jtate> Comment out the user= line, then log out of all consoles and log back in.
< ccw> or do what JT said ...
< RedWolfe> the rh-config-* programs use "userhelper" to get admin permissions, if you set sbin /usr/sbin before bin /usr/bin you'll get the real command
* ccw mumbles for a moment and then says, "or not"...
< ovrclokd> jtate: i'll try that after we're done, then - this is running in one of the consoles! :) (don't want to lose my log.)
< ccw> BTW, is anybody a GRUB expert? I got'a problem ...
-!- jimstigator [~jim@moya.trilug.org] has joined #trilug-rhce
< jtate> ccw: What's the problem?
< ovrclokd> thanks for your help, folks... :)
< SinnerP> I'm going to leave now
< ccw> GRUB won't automatically boot anymore. We bought a new HD and it came with a 133 Mbit IDE controller...
< jtate> I'm not an expert, but hopefully I can help.
< SinnerP> I gotta get up waay too early
< SinnerP> see you all next time
-!- SinnerP [~sinner@ip68-101-8-79.nc.hr.cox.net] has quit ["g'night"]
< ovrclokd> g'night sinner!
< RedWolfe> Sinner: happy driving
< jtate> ccw: You've probably got a HD controller order problem with your BIOS.
< ccw> We installed it, and put the IDEs on it and the CD-ROM and CD-RW on the old MB IDEs. Now, it won't boot without intervention ...
< RedWolfe> is there a way to make the off-board controller the first? (prob depends on the bios :(
< jtate> ccw: intervention meaning boot floppy or CD?
< ccw> jtate: OK, how do I fix it???
< RedWolfe> hand typing at GRUB or boot floppy
< jtate> RedWolfe: Yes, it'll depend on the bios.
< jtate> RedWolfe: So wait, the GRUB prompt comes up?
< ccw> Meaning that it comes up with a GRUB promt and I have to type "configfile /grub.conf" <return>
< jtate> Hmm. Is your old drive still /dev/hda or whatever?
< RedWolfe> hda=cd-rom hdc=cdrw hde=old drive hdg=new drive
< RedWolfe> no b,d,f
< jtate> Ok, in /etc/grub.conf what's the last commented out line before the start of the config? In mine, it's /dev/hda
< ccw> not, old drive was 100Mbit so we put it on the new controller...
< ccw> wait one ...
< ccw> #boot=/dev/hde
< RedWolfe> says #/dev/hde ids as (hd0,0) fine
< jtate> What was the old drive's letter before the HW upgrade?
< ccw> /dev/hda
< ccw> have re-insalled GRUB ...
< RedWolfe> (several times)
< ccw> (two, three times in fact)
< jtate> What did you use to do that?
< ccw> Grub
< RedWolfe> grub-install and grub
< jtate> so you did grub-install /dev/hde
< RedWolfe> (grub-install being a script frontend for grub) yes
< ccw> basically, said "info grub" and followed the directions for "natively installing" ...
< jtate> And you're sure that (hd0,0) is correct?
< RedWolfe> probs constatnly say so
< RedWolfe> s/constatnly/consistently/
< ccw> info grub->installation->installing GRUB natively
< RedWolfe> s/probs/probes/
< ccw> configfile /grub.conf finds it fine ...
< jtate> Hmm.
< ccw> kernel and root commands work peachy kean coool ...
< ccw> with (hd0,0)
< jtate> Do you have a /boot partition?
< ccw> yes, in an MD0
< ccw> RAID1
< ccw> set "e2label" /boot
< jtate> Did you have this before the HW upgrade? Or is this new?
< ccw> machine on the desk to the right of me has same but (HD0,0) is /dev/hda ...
< ccw> that is MD0 is /dev/hda and /dev/hdb ...
< jtate> I couldn't get that kind of setup to work under Grub. Had to use LILO.
* ccw looks at tembo machine and tells it that it shouldn't be working. It ignores him ...
* RedWolfe grins
< tripaste> "jtate" at 127.0.0.1 pasted "My grub.conf" at http://members.trilug.org/tripaste/5
< jtate> It seems to me that grub is installed correctly. Maybe you have the wrong path somewhere in your conf file?
* ccw thinks jtate probably is right and goes to look for a bigger hammer ...
< jtate> Can you post your grub.conf file to http://members.trilug.org/tripaste ?
< RedWolfe> RW thinks our confs are equiv except for hde
< ccw> hang on 2 seconds...
< ccw> Is now in http://wolves.homeip.net/~ccw/grub/grub.conf
< ccw> note, comment ain't the exact truth. Anaconda was run before IDE was changed ... I think (am I right RedWolfe?).
< RedWolfe> yes, hw change came after upgrade to RHL9
* ccw wonders idlely if anaconda can be run without running installation...
< jtate> So your boot partition is the first partition on /dev/hde
* ccw corrects himself. CCW wonders if the Disk Configuration GUI can be run seperately ...
< jtate> Nope.
< ccw> Jtate:correct
< jtate> Yeah, that's as far as I got with it. I switched to lilo and it works fine now.
< jtate> Sorry I can't be more help. Perhaps Jeremyp can be of more assistance.
< jtate> I've got to go.
-!- jtate [~jtate@rdu74-181-041.nc.rr.com] has left #trilug-rhce ["Laters"]
< RedWolfe> well, RW and so want to go karaoke....
< ccw> fdisk -l output in http://wolves.homeip.net/~ccw/grub/fdisk-l.hde.txt and http://wolves/homeip.net/~ccw/grub/fdisk-l.hdg.txt
< RedWolfe> ping jeremyp !!
< ovrclokd> yeah, i've gotta jet, too. hope you guys manage to wrestle grub into submission some day.
< ccw> oops, fdisk -l output in http://wolves.homeip.net/~ccw/grub/fdisk-l.hde.txt and http://wolves.homeip.net/~ccw/grub/fdisk-l.hdg.txt
-!- ovrclokd [~lisa@moya.trilug.org] has left #trilug-rhce []
< jeremyp> RedWolfe: pong, sorry
* ccw wonders if the RHCE logging is over ...
* ccw wonders if anybody is there ...
* ccw sings: Does anybody know what time it is ... ? Does anybody really care ... ?
* sweeper is still logging, but hasn't been paying any attention
< sweeper> jeremyp: is that you typing? it doesn't show a username
* ccw waves a hand in front of jate's glassy stare ...
< ccw> look to the immediate right of the asterisk for the user. i.e. me.
* sweeper just now notices that his color scheme makes some of the irssi highlighting unreadable
< sweeper> I see you now :)
< ccw> effect is produced by typing /me the rest of the text ...
< sweeper> anywho ... seems like things are pretty much done so I'm logging off. Ciao!
* ccw waves to sweeper as he departs ...
* ccw thinks he has gotten as much help with his GRUB problem as he's going to get ...
--- Log closed Wed Jun 25 22:36:51 2003
Generated by irclog2html.pl 2.1 by Jeff Waugh
- find it at freshmeat.net!