Redhat-install-list Digest, Vol 26, Issue 10
B.E Ramu Ram
robotics20002000 at yahoo.co.in
Tue Apr 11 06:29:29 UTC 2006
Hi
Please find the attachment in the mail which describes about the the Samba services. The attachement is in Word formate.
Thankyou
Ramu
redhat-install-list-request at redhat.com wrote:
Send Redhat-install-list mailing list submissions to
redhat-install-list at redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/redhat-install-list
or, via email, send a message with subject or body 'help' to
redhat-install-list-request at redhat.com
You can reach the person managing the list at
redhat-install-list-owner at redhat.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Redhat-install-list digest..."
Today's Topics:
1. iptables problem (lstar)
2. Re: kermit configuration file (Rick Stevens)
3. Re: iptables problem (Rick Stevens)
4. Fedora 5 (Bret Stern)
5. Re: Fedora 5 (Rick Stevens)
6. Reversing email contents (Jeff Kinz)
7. Re: Fedora 5 (Jeff Kinz)
8. more on bogged down server (Harold Hallikainen)
9. Re: Fedora 5 (J. Refugio Rodriguez)
10. Re: more on bogged down server (Steve Rieger)
11. Fedora 5 Install - Very Nice (Bret Stern)
12. Re: more on bogged down server (Harold Hallikainen)
13. Re: Reversing email contents (Rick Stevens)
14. Re: more on bogged down server (Rick Stevens)
15. Re: Reversing email contents (David Mackintosh)
16. Re: more on bogged down server (Steve Rieger)
----------------------------------------------------------------------
Message: 1
Date: Sat, 11 Mar 2006 00:23:39 +0800
From: "lstar"
Subject: iptables problem
To:
Message-ID: <001101c6445e$fdba2fd0$0a00a8c0 at lstar>
Content-Type: text/plain; charset="big5"
Hi All,
I would like to ask an " iptables" question
which port should i block if i need to restrict access samba services?
I have search the information from knowledgebase of redhat offical web site. it found following port
a.. Port 137 (UDP) - NetBIOS name service and nmbd
b.. Port 138 (UDP) - NetBIOS datagram service
c.. Port 139 (TCP) - File and printer sharing and smbd
d.. Port 389 (TCP) - for LDAP (Active Directory Mode)
e.. Port 445 (TCP) - NetBIOS was moved to 445 after 2000 and beyond, (CIFS)
f.. Port 901 (TCP) - for SWAT
Should I port all above port to restrict the access to samba services
or any specific port also enough ?
Regards
lstar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://www.redhat.com/archives/redhat-install-list/attachments/20060311/f0bac271/attachment.html
------------------------------
Message: 2
Date: Mon, 10 Apr 2006 10:08:14 -0700
From: Rick Stevens
Subject: Re: kermit configuration file
To: Getting started with Red Hat Linux
Message-ID: <1144688894.20728.3.camel at prophead.corp.publichost.com>
Content-Type: text/plain
On Sat, 2006-04-08 at 09:16 -0700, Bob Kinney wrote:
>
> --- Rick Stevens wrote:
>
> > On Mon, 2006-03-13 at 07:51 -0800, Bob Kinney wrote:
> > >
> > >
> > >
> > > > On Sun, 2006-02-19 at 15:46 -0800, Bob Kinney wrote:
> > > > > I've searched high and low for an answer to this; hopefully somebody
> > here
> > > > can
> > > > > help.
> > > > >
> > > > > I'm trying to get kermit to read two commands from a .mykermrc file in
> > my
> > > > home
> > > > > directory:
> > > > >
> > > > > SET LINE /dev/ttyS0
> > > > > SET CARRIER-WATCH OFF
> > > > >
> > > > > I also have an identical .kermrc.
> > > > >
> > > > > For some reason, the SET LINE command does not work.
> > > > >
> > > > > [bob at micron ~]$ kermit
> > > > > /var/lock
> > > > > C-Kermit 8.0.209, 17 Mar 2003, for Red Hat Linux 8.0
> > > > > Copyright (C) 1985, 2003,
> > > > > Trustees of Columbia University in the City of New York.
> > > > > Type ? or HELP for help.
> > > > > (/home/bob/) C-Kermit>show file
> > > > >
> > > > > Transfer mode: automatic
> > > > > File patterns: automatic (SHOW PATTERNS for list)
> > > > > File scan: on 49152
> > > > > Default file type: binary
> > > > > File names: converted
> > > > > Send pathnames: off
> > > > > Receive pathnames: auto
> > > > > Match dot files: no
> > > > > Wildcard-expansion: kermit
> > > > > File collision: backup
> > > > > File destination: disk
> > > > > File incomplete: auto
> > > > > File bytesize: 8
> > > > > File character-set: ascii
> > > > > File default 7-bit: ascii
> > > > > File default 8-bit: latin1-iso
> > > > > File UCS bom: on
> > > > > File UCS byte-order: little-endian
> > > > > Computer byteorder: little-endian
> > > > > File end-of-line: lf
> > > > > File eof: length
> > > > > File download-directory: (none)
> > > > > Send move-to: (none)
> > > > > Send rename-to: (none)
> > > > > Receive move-to: (none)
> > > > > Receive rename-to: (none)
> > > > > Initialization file: /home/bob/.kermrc
> > > > > Root set: (none)
> > > > > Disk output buffer: 32768 (writes are buffered, blocking)
> > > > > Stringspace: 500000
> > > > > Listsize: 102400
> > > > > Longest filename: 255
> > > > > Longest pathname: 4096
> > > > > Last file sent: (none)
> > > > > Last file received: (none)
> > > > >
> > > > > Also see:
> > > > > SHOW PROTOCOL, SHOW XFER, SHOW PATTERNS, SHOW STREAMING, SHOW
> > > > CHARACTER-SETS
> > > > > (/home/bob/) C-Kermit>show comm
> > > > >
> > > > > Communications Parameters:
> > > > > Line: /dev/tty, speed: unknown, mode: remote, modem: generic
> > > > > Parity: none, duplex: full, flow: none, handshake: none
> > > > > Carrier-watch: off, close-on-disconnect: off
> > > > > Lockfile directory: /var/lock
> > > > > Typical port device name: /dev/ttyS0
> > > > >
> > > > > Modem signals unavailable
> > > > >
> > > > > Type SHOW DIAL to see DIAL-related items.
> > > > > Type SHOW MODEM to see modem-related items.
> > > > >
> > > > > (/home/bob/) C-Kermit>
> > > > >
> > > > >
> > > > > If I rename .kermrc to hide it, the CARRIER-WATCH line changes to the
> > > > > system default of "auto".
> > > > >
> > > > >
> > > > > Using FC3 on kernel 2.6.12-1.1381_FC3.
> > > > >
> > > > > Anyone have any advice?
> > > >
> > > > First, swap the "SET CARRIER-WATCH OFF" and the "SET LINE /dev/ttyS0"
> > > > lines. You have to turn off carrier watch before swapping to a line
> > > > without carrier.
> > > >
> > >
> > > Thanks for the advice Rick. I tried it, without success. This seems to
> > > be something that broke between RH9 and FC3 distros. I had it working on
> > > RH9, but I did FC3 as a fresh install.
>
>
> Hmmm...here's a clue: When invoking kermit as a non-root user, I get this:
>
> [bob at micron ~]$ kermit
> /var/lock
> C-Kermit 8.0.209, 17 Mar 2003, for Red Hat Linux 8.0
> Copyright (C) 1985, 2003,
> Trustees of Columbia University in the City of New York.
> Type ? or HELP for help.
> (/home/bob/) C-Kermit>set line /dev/ttyS0
> /var/lock
> Sorry, write access to UUCP lockfile directory denied.
>
>
> What's /var/lock look like?
>
> [bob at micron ~]$ ll -d /var/lock
> drwxrwxr-x 10 root lock 4096 Apr 8 11:01 /var/lock
> [bob at micron ~]$ ll /var/lock
> total 64
> drwx------ 2 root root 4096 Aug 9 2004 iptraf
> drwx------ 2 root root 4096 Sep 27 2005 lvm
> drwxrwsr-x 2 root mailman 4096 Mar 21 2005 mailman
> drwxr-xr-x 2 root root 4096 Apr 8 11:05 mrtg
> drwxr-xr-x 2 rpm rpm 4096 Feb 20 03:22 rpm
> drwxr-xr-x 2 root root 4096 Apr 7 20:22 subsys
> drwxr-xr-x 2 uucp uucp 4096 Oct 14 2004 uucp
> drwxrwxrwt 2 root root 4096 Feb 13 2005 xemacs
> [bob at micron ~]$
>
> What would be the security-conscious way to allow non-root users to access
> the serial port? Should I add myself to the "lock" group, or give universal
> write access to /var/lock? A better plan?
Either would work. The more restrictive thing (the least impact on
security) is to add yourself to the lock group. I can't recall if
kermit runs as the invoking user or as a user in and of itself. If it's
the latter, then add the user kermit runs as to the lock group.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- When in doubt, mumble. -
----------------------------------------------------------------------
------------------------------
Message: 3
Date: Mon, 10 Apr 2006 10:12:39 -0700
From: Rick Stevens
Subject: Re: iptables problem
To: Getting started with Red Hat Linux
Message-ID: <1144689159.20728.8.camel at prophead.corp.publichost.com>
Content-Type: text/plain
On Sat, 2006-03-11 at 00:23 +0800, lstar wrote:
> Hi All,
> I would like to ask an " iptables" question
> which port should i block if i need to restrict access samba services?
> I have search the information from knowledgebase of redhat offical web
> site. it found following port
> * Port 137 (UDP) - NetBIOS name service and nmbd
> * Port 138 (UDP) - NetBIOS datagram service
> * Port 139 (TCP) - File and printer sharing and smbd
> * Port 389 (TCP) - for LDAP (Active Directory Mode)
> * Port 445 (TCP) - NetBIOS was moved to 445 after 2000 and
> beyond, (CIFS)
> * Port 901 (TCP) - for SWAT
> Should I port all above port to restrict the access to samba services
> or any specific port also enough ?
To block Samba, UDP 137 and 138 and TCP 139 and 445 are all you need to
block. TCP 445 is not used just for Samba (anything using LDAP will use
that port including local logins if you use LDAP to authenticate), and
swat is an admin tool which you _may_ wish to block. The actual Samba
protocol is over the first four I mentioned.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- BASIC is the Computer Science version of `Scientific Creationism' -
----------------------------------------------------------------------
------------------------------
Message: 4
Date: Mon, 10 Apr 2006 10:33:12 -0700
From: "Bret Stern"
Subject: Fedora 5
To:
Message-ID:
Content-Type: text/plain; charset="iso-8859-1"
Anybody using Fedora 5?
Any major problems?
------------------------------
Message: 5
Date: Mon, 10 Apr 2006 10:55:42 -0700
From: Rick Stevens
Subject: Re: Fedora 5
To: Getting started with Red Hat Linux
, bret_stern at machinemanagement.com
Message-ID: <1144691742.20728.14.camel at prophead.corp.publichost.com>
Content-Type: text/plain
On Mon, 2006-04-10 at 10:33 -0700, Bret Stern wrote:
> Anybody using Fedora 5?
That was on my "list of things to do this weekend", but I decided to
go to the Long Beach Grand Prix instead. I'll try to get at it this
week.
> Any major problems?
I've not heard of any biggies with the latest release.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- "Swap memory error: You lose your mind" -
----------------------------------------------------------------------
------------------------------
Message: 6
Date: Mon, 10 Apr 2006 13:56:41 -0400
From: Jeff Kinz
Subject: Reversing email contents
To: Redhat install List
Message-ID: <20060410135641.A18661 at redline.comcast.net>
Content-Type: text/plain; charset=us-ascii
Hi all, I've inherited the job of coordinating games/practices and
fields for our local soccer league. (yeah!)
I'm getting emails with 30 emails in reverse order within them, typical
Outlook format.
In order to understand the issues + needs of the teams sequestered within
these emails it would be a lot easier if the discussion were in the
order it happened in.
Does anyone happen to have a tool, of any sort, that can reverse the
oder of the emails within one email ?
I know this is a long shot but I'm ever hopeful. They say you can find
anything on the internet.. :-)
--
Jeff Kinz, Emergent Research, Hudson, MA.
Speech Recognition Technology was used to create this e-mail
------------------------------
Message: 7
Date: Mon, 10 Apr 2006 14:00:02 -0400
From: Jeff Kinz
Subject: Re: Fedora 5
To: Getting started with Red Hat Linux
Message-ID: <20060410140002.B18661 at redline.comcast.net>
Content-Type: text/plain; charset=us-ascii
On Mon, Apr 10, 2006 at 10:55:42AM -0700, Rick Stevens wrote:
> On Mon, 2006-04-10 at 10:33 -0700, Bret Stern wrote:
> > Anybody using Fedora 5?
>
> That was on my "list of things to do this weekend", but I decided to
> go to the Long Beach Grand Prix instead. I'll try to get at it this
> week.
>
> > Any major problems?
>
> I've not heard of any biggies with the latest release.
I'm seeing some grumbling on #fedora irc channel on freenode. some
people are having severe issues and other are acknowledging those
issues.
I'm using centos these days so I haven't followed these issues closely.
If you would like I can send you a copy of the irc chat log to search
through.
--
Jeff Kinz, Emergent Research, Hudson, MA.
Speech Recognition Technology was used to create this e-mail
------------------------------
Message: 8
Date: Mon, 10 Apr 2006 11:55:17 -0700 (PDT)
From: "Harold Hallikainen"
Subject: more on bogged down server
To: redhat-install-list at redhat.com
Message-ID:
<42708.207.177.227.29.1144695317.squirrel at sujan.hallikainen.org>
Content-Type: text/plain;charset=iso-8859-1
Last week, I was out of town for the week and, of course, my FC4 system
slowed down to a crawl, and eventually I could not get into it at all. I
just bought and installed a "Web Power Switch" (under $100 at
http://www.digital-loggers.com/lpc.html), so I will always (I hope) be
able to reboot the system from anywhere.
I also reduced the number of clients (I think that was the term) in
httpd.conf from 150 to 50.
Based on Rick's suggestion, I also added this to /etc/sysctl.conf:
# below lines added 4/8/06 to try to prevent system bog downs due to
httpd. hh
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
My web server has a lot of large files that will take a while for people
to download. I suspect Apache is starting another thread for each of
these, and keeping it open a long time. As more and more requests come in,
the load just keeps getting bigger. Here's a recent top:
Cpu(s): 98.3% us, 1.7% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 1027640k total, 1013188k used, 14452k free, 8292k buffers
Swap: 2031608k total, 244252k used, 1787356k free, 224352k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
19089 apache 16 0 45120 17m 4780 S 17.0 1.8 0:04.59 httpd
14416 apache 24 0 60736 31m 4904 R 3.7 3.1 13:02.87 httpd
18425 apache 21 0 59872 30m 2996 R 3.7 3.0 2:58.17 httpd
8965 apache 25 0 59724 31m 4800 R 3.3 3.2 30:11.74 httpd
10263 apache 25 0 60896 32m 4664 R 3.3 3.2 17:42.99 httpd
10268 apache 25 0 60620 27m 4512 R 3.3 2.7 17:12.99 httpd
13121 apache 25 0 59540 31m 4648 R 3.3 3.2 15:00.67 httpd
13585 apache 25 0 51556 12m 4508 R 3.3 1.3 13:09.44 httpd
13802 apache 25 0 51364 19m 4504 R 3.3 1.9 13:28.15 httpd
14613 apache 25 0 60684 18m 4508 R 3.3 1.8 12:32.11 httpd
14682 apache 25 0 51284 10m 2960 R 3.3 1.0 13:36.44 httpd
14852 apache 25 0 51332 16m 4992 R 3.3 1.6 10:08.87 httpd
14853 apache 25 0 51144 18m 4620 R 3.3 1.9 11:20.88 httpd
14935 apache 25 0 51656 18m 5352 R 3.3 1.9 10:52.20 httpd
15134 apache 25 0 51360 18m 5364 R 3.3 1.8 10:00.45 httpd
15138 apache 21 0 51200 17m 5336 R 3.3 1.8 10:33.49 httpd
15504 apache 20 0 60708 20m 4512 R 3.3 2.0 10:24.10 httpd
15876 apache 20 0 51028 10m 4528 R 3.3 1.1 8:41.13 httpd
15877 apache 23 0 60520 20m 5448 R 3.3 2.1 5:43.60 httpd
16331 apache 20 0 60328 32m 5516 R 3.3 3.2 5:19.84 httpd
16633 apache 25 0 60420 32m 5408 R 3.3 3.2 5:15.28 httpd
17859 apache 25 0 60016 32m 5520 R 3.3 3.3 2:27.50 httpd
18089 apache 25 0 60040 32m 5512 R 3.3 3.3 3:17.04 httpd
18426 apache 21 0 59588 32m 5292 R 3.3 3.2 0:36.13 httpd
18503 apache 25 0 59800 32m 5460 R 3.3 3.3 0:57.90 httpd
Notice that a lot of those httpd processes have been running quite a while.
My concern now is that while everything seems to be working, I think I'm
missing some incoming mail. Here's something from /var/log/maillog:
Apr 10 11:46:48 sujan sendmail[2316]: rejecting connections on daemon MTA:
load average: 33
So... what do I do?
THANKS!
Harold
--
FCC Rules Updated Daily at http://www.hallikainen.com
------------------------------
Message: 9
Date: Mon, 10 Apr 2006 13:00:48 -0700 (PDT)
From: "J. Refugio Rodriguez"
Subject: Re: Fedora 5
To: bret_stern at machinemanagement.com, Getting started with Red Hat
Linux
Message-ID: <20060410200048.54393.qmail at web514.biz.mail.mud.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"
Bret Stern
wrote: Anybody using Fedora 5?
Any major problems?
Corrupted 2nd ISO image has stopped my fresh installation several times. I have tried downloading that particular image from three(3) different mirrors and onto (two different file systems) and the corruption problem persists. Perhaps the DVD image does not "limp" from the same extreme ...but that will be next.
Trying to upgrade an older installation (Fedora 3) will hang on the first ISO image on an oldie dual booting Dell laptop.
Regards.
Jose R. Rodriguez
http://www.metztli-it.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://www.redhat.com/archives/redhat-install-list/attachments/20060410/db2e2f19/attachment.html
------------------------------
Message: 10
Date: Mon, 10 Apr 2006 13:04:46 -0700
From: Steve Rieger
Subject: Re: more on bogged down server
To: Getting started with Red Hat Linux
Message-ID: <443ABA5E.4030205 at gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Harold Hallikainen wrote:
> Last week, I was out of town for the week and, of course, my FC4 system
> slowed down to a crawl, and eventually I could not get into it at all. I
> just bought and installed a "Web Power Switch" (under $100 at
> http://www.digital-loggers.com/lpc.html), so I will always (I hope) be
> able to reboot the system from anywhere.
>
> I also reduced the number of clients (I think that was the term) in
> httpd.conf from 150 to 50.
>
> ...
>
> My web server has a lot of large files that will take a while for people
> to download. I suspect Apache is starting another thread for each of
> these, and keeping it open a long time. As more and more requests come in,
> the load just keeps getting bigger. Here's a recent top:
>
let me guess, i make a request for a file to your apache, apache looks
for the file, loads it into ram, then loads it into swap then starts
piping it to me.
thats the typical issue with large files, and at the end of the day you
have three copies of the same file in seperate locations, (not for very
long, but long enough to eat up all the swap and ram)
=== message truncated ===
---------------------------------
Jiyo cricket on Yahoo! India cricket
Yahoo! Messenger Mobile Stay in touch with your buddies all the time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-install-list/attachments/20060411/c82eb5d8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: How do I set permissions to Samba shares.doc
Type: application/msword
Size: 27136 bytes
Desc: 457397653-How do I set permissions to Samba shares.doc
URL: <http://listman.redhat.com/archives/redhat-install-list/attachments/20060411/c82eb5d8/attachment.doc>
More information about the Redhat-install-list
mailing list