/dev/blog

Create a new image file (10GiB):

dd if=/dev/zero of=mailstore.img bs=1M count=10k

(Note: You can also create a sparse file with dd’s seek option. Have a look at the dd manpage or the examples on http://en.wikipedia.org/wiki/Dd_(Unix))

Create the new filesystem:

mkfs.ext3 mailstore.img

Label the filesystem:

e2label mailstore.img <new-label>

Edit the DomU’s config file, /etc/xen/<hostname>.cfg and add the new disk:

disk = [ "tap:aio:/vm/disk.img,xvda,w", \
         "tap:aio:/vm/mailstore.img,xvdb,w" ]

Start the VM:

xm create <hostname>.cfg

Edit DomU’s /etc/fstab & mount the disk:

[...]
LABEL=/<new-label>   /<mount-point>   ext3   defaults   0 1
[...]

Just a little memory hook:

When a Xen DomU hangs at “Checking for hardware changes”, it is probably due to a dead xenconsoled process on the Dom0. This happens from time to time but

[root@xen ~]# /usr/sbin/xenconsoled

should immediately fix the hanging DomUs.

Every X server internally manages an ACL (Access Control List) of those hosts, that are allowed to connect. The server only authorizes connections from X clients, whose host is on that list and rejects access to all others. The xhost program is used to add or revert access to the X server for specified hosts. It’s also possible to specify a user and a hostname pair.

Host-based Control (xhost)

To see if access control is enabled, type xhost. It displays the current ACL:

$ xhost
access control enabled, only authorized clients can connect
SI:localuser:user
SI:localuser:gdm
SI:localuser:root

If the access control is disabled, it prints:

$ xhost
access control disabled, clients can connect from any host

To disable the access control type xhost + which allows any host to access your X server. You probaly don’t want to do this because it allows the world to open windows on your screen and grab the keystrokes you type.

To enable the access control again type xhost - and only authorized clients/hosts are allowed to do the things mentioned above.

A simple example

Now let’s do something useful, e.g. grant another user on the local machine access to our X server. It’s pretty easy:

$ xhost +SI:localuser:anotheruser
localuser:anotheruser being added to access control list

And after that, anotheruser should show up in the ACL:

$ xhost
access control disabled, clients can connect from any host
SI:localuser:anotheruser
SI:localuser:user
SI:localuser:gdm
SI:localuser:root

To revoke the access right for anotheruser, use

$ xhost -SI:localuser:anotheruser
localuser:anotheruser being removed from access control list

For granting access to users on different hosts, have a look at the xhost manpage or the examples provided on http://linux.about.com/library/cmd/blcmdl_xhost.htm.

When an upgrade includes changes to a default configuration file, the package will write either a .rpmnew or a .rpmsave file instead of overwriting the configuration file on your system. Which file a package creates is up to the discretion of the package maintainer.

From “Dealing with .rpmnew and .rpmsave files” By Bruce Byfield:

An .rpmnew file contains the new default configuration file and leaves your original configuration file untouched. By contrast, and .rpmsave file is a copy of your original configuration file, which has been replaced by the new default file.

The following script can be helpful to find (and possibly merge) those files with your original configuration

for a in $(find /etc /var -name '*.rpm?*'); do diff -u $a ${a%.rpm?*}; done

You may also want to check on yum-merge-conf, a yum plugin to merge configuration files.

Sometimes, packages you never actually use get installed as dependency by yum (or even during initial installation by anaconda). package-cleanup is a great tool that helps you find packages not required by other packages. It it part of the yum-utils package which can easily be pulled with yum:

# yum install yum-utils

1. Find and review “unused” packages

You can find packages not required by other packages with

# package-cleanup --leaves

These packages could be candidates for removal, but check to see whether you use them directly or if they are used by applications not backed by rpm packages.

2. Find and review “lost” packages

You can find orphaned packages (i.e. packages not in the repositories anymore) with

# package-cleanup --orphans

This will also show packages which have been partially uninstalled but where the “%postun” script failed.

q.v. package-cleanup manpage

To update the initrd.img to load additional drivers early in the boot process, normally you would simply run /sbin/mkinitrd and let the script do the work. But what if the initrd.img used during the installation of CentOS lacks an important driver? Maybe you want to netboot CentOS, but the initial ramdisk CentOS provides doesn’t have the right modules for you NIC.

This article gives an example, how to modify the initrd.img to include the drivers for the Attansic L1 Gigabit Ethernet Adapter by hand. (If you just want to know, how to get CentOS working with the L1 without caring about netboot etc., have a look at CentOS and Attansic L1 Gigabit Ethernet)

Read more…

Just a quick note. As mentioned in the announce mail, a few post-release updates are still syncing to the CentOS mirrors.

Resources:
http://lists.centos.org/pipermail/centos-announce/2010-May/016638.html
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.5

I already wrote a little article, how to boot a FreeDos via PXE. Of course, you can boot Fedora (or CentOS) in like manner.

Read more…

I already wrote about sending mails with ssmtp, a simple alternative to sendmail. But since I got a few questions (and I tend to forget myself) how to use ssmtp’s revaliases-file, here is a short reminder:

/etc/revaliases, allows you to map a local user to a specific ‘From:’ address on outbound mail and to route that mail through a specific mailhub. But it will not rewrite the ‘To:’ address according to the local user who should receive the mail.

Usually, you would add aliases to /etc/aliases to ensure that a local user (receiving a mail) is mapped to a valid eMail address. But as the documentation clearly says (if you actually read it), ssmtp does not use /etc/aliases.

The solution turns out to be letting mail handle the alias – which is done by configuring aliases in /etc/mail.rc

set ask askcc append dot save crt
ignore Received Message-Id Resent-Message-Id Status Mail-From Return-Path Via Delivered-To
alias root root<yourname@domain.com>
alias localuser localuser<yourname@domain.com>

You can test it with with:

# echo test | mail -s "testing ssmtp" localuser

The mail will actually be delivered to yourname@domain.com (since ‘localuser’ is mapped to this address in /etc/mail.rc).

Enjoy!

Resources:
http://www.linux.com/archive/feature/132006
http://greybeardedgeek.net/?p=17

Because CentOS doesn’t pull all dependencies correctly, here is my little memory hook for installing phpmyadmin (and mysql, of course)

rpm -Uvh http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install php phpmyadmin php-mcrypt php-mbstring mysql-server

After installing the packages, edit /etc/httpd/conf.d/phpmyadmin.conf and add the IP of your admin workstation to the line that begins with Allow from.

For using phpmyadmin with cookie auth, you have to set a blowfish secret in /usr/share/phpmyadmin/config.inc.php:

[...]
$cfg['blowfish_secret'] = 'Secret_Password';
[...]

Update: Added php-mbstring