Search Results

Search found 26179 results on 1048 pages for 'linux from scratch'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 340/1048 | < Previous Page | 336 337 338 339 340 341 342 343 344 345 346 347  | Next Page >

  • xinet vs iptables for port forwarding performance

    - by jamie.mccrindle
    I have a requirement to run a Java based web server on port 80. The options are: Web proxy (apache, nginx etc.) xinet iptables setuid The baseline would be running the app using setuid but I'd prefer not to for security reasons. Apache is too slow and nginx doesn't support keep-alives so new connections are made for every proxied request. xinet is easy to set up but creates a new process for every request which I've seen cause problems in a high performance environment. The last option is port forwarding with iptables but I have no experience of how fast it is. Of course, the ideal solution would be to do this on a dedicated hardware firewall / load balancer but that's not an option at present.

    Read the article

  • Why does my $LD_LIBRARY_PATH get unset when using screen with bash?

    - by UltraNurd
    This is related to http://superuser.com/questions/27376/why-does-my-ld-library-path-get-unset-launching-terminal, but a different set of symptoms. First, /usr/bin/screen is setuid as per the other question. Second, the default shell on this system is /bin/tcsh for various historical reasons, and we're not allowed to chsh to /bin/bash, so I typically run bash manually immediately after login. Third, I almost always use screen, but I want ctrl-a ctrl-c in screen to create a new bash "tab", so I always invoke bash first. That is: {~} $ echo $SHELL /bin/tcsh {~} $ bash [~] echo $SHELL /bin/bash [~] screen -U [~] ...and when reconnecting: {~} $ echo $SHELL /bin/tcsh {~} $ screen -dUr [~] echo $SHELL /bin/bash [~] However, my $LD_LIBRARY_PATH is there in tcsh, there in bash, but empty once I run screen; it is still present if I just run screen from tcsh, but then I get new tcsh "tabs" when I use ctrl-a ctrl-c in screen. Any ideas?

    Read the article

  • Openldap with ppolicy

    - by nitins
    We have working installation of OpenLDAP version 2.4 which is using shadowAccount attributes. I want to enable ppolicy overlays. I have gone through the steps provided at OpenLDAP and ppolicy howto. I have made the changes to slapd.conf and imported the password policy. On restart OpenLDAP is working fine and I can see the password policy when I do a ldapsearch. The user object looks like given below. # extended LDIF # # LDAPv3 # base <dc=xxxxx,dc=in> with scope subtree # filter: uid=testuser # requesting: ALL # # testuser, People, xxxxxx.in dn: uid=testuser,ou=People,dc=xxxxx,dc=in uid: testuser cn: testuser objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowMax: 90 shadowWarning: 7 loginShell: /bin/bash uidNumber: 569 gidNumber: 1005 homeDirectory: /data/testuser userPassword:: xxxxxxxxxxxxx shadowLastChange: 15079 The password policy is given below. # default, policies, xxxxxx.in dn: cn=default,ou=policies,dc=xxxxxx,dc=in objectClass: top objectClass: device objectClass: pwdPolicy cn: default pwdAttribute: userPassword pwdMaxAge: 7776002 pwdExpireWarning: 432000 pwdInHistory: 0 pwdCheckQuality: 1 pwdMinLength: 8 pwdMaxFailure: 5 pwdLockout: TRUE pwdLockoutDuration: 900 pwdGraceAuthNLimit: 0 pwdFailureCountInterval: 0 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: FALSE I do not what should be done after this. How can the shadowAccount attributes be replaced with the password policy.

    Read the article

  • Connect devices plugged into Raspberry Pi ethernet to WiFi network

    - by Tom
    I'm just starting out on a mission to learn more about networking and I've followed a tutorial (http://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/) to turn my Raspberry Pi into a wifi router. That worked really well so I modified it slightly so that I can use a tethered iphone for the internet connection - I just switched all "eth0" references to "eth1" (the iphone interface) and added a script to set everything up when the phone is plugged in. This setup has freed up the Pi's ethernet port so I'd like to try and take this a step further and allow devices plugged into it to connect to the network. If possible, I'd like to try adding a switch so I can connect multiple devices. I've tried fiddling around with nat & iptables with no luck so my question is, how can I connect devices on eth0 to my wlan network?

    Read the article

  • Problem with PXE boot

    - by user70523
    I followed the following link for PXE boot, http://www.howtoforge.com/setting-up-a-pxe-install-server-on-ubuntu-9.10-p3 and I was able to ping the client from the server and also when I booted up the client It is getting the IP address from the server. But later,I got this error PXELinux 3.82 2009-06-09 . . . [other informations] !PXE Entry point found (we hope) at 9D3B:0109 via plan A UNDI code segment at 9D3B len 16C2 UNDI data segment at 933B len A000 Getting cached packet 01 02 03 . . . [other informations] TFTP prefix: Trying to load: pxelinux.cfg/ec5db4c0-74fe-d511-b9e7-3d9235afe5a1 Trying to load: pxelinux.cfg/01-00-17-31-b6-5e-a8 Trying to load: pxelinux.cfg/0A64491E Trying to load: pxelinux.cfg/0A64491 Trying to load: pxelinux.cfg/0A6449 Trying to load: pxelinux.cfg/0A644 Trying to load: pxelinux.cfg/0A64 Trying to load: pxelinux.cfg/0A6 Trying to load: pxelinux.cfg/0A Trying to load: pxelinux.cfg/0 Trying to load: pxelinux.cfg/default Unable to locate configuration file Boot failed: press a key to retry or wait for reset I have put all the files mentioned in the link in tftpboot. Can anyone explain what could be the problem. Thanks in advance

    Read the article

  • Why should krfb use so much cpu when I never use it?

    - by Newton Falls
    I was playing around with KSysGuard and I noticed the process using the most cpu was krfb, which is the server process for desktop sharing. I never use desktop sharing so I suppose it is a default loaded process. Why would this process use so much juice (around 15%) when I never use it and it really shouldn't be doing much of anything? I don't see any network activity so I don't think I am being hacked. I have suspended the process and nothing bad seems to have happened. Can I assume this is a safe thing to do?

    Read the article

  • Running git-svn with cron results in garbage in .git

    - by Paul
    I've setup a git-svn repo with cron to fetch from the svn repo daily. I have a script to do the fetching, and this is what is invoked by cron. Everything is fine with the repo, and the script works fine when executed manually. However, when it runs under cron, empty files get dropped into the .git directory. The files have names that look like they are some base64 output, e.g. juTrvjP6m8 and kcKf3hu3b4. Two of these files show up for every cron run. I thought these might be commit hashes, but they're not, git-show says it's an unknown revision. I set-up the repo as follows: git svn init http://svn.ip.addr/repo git svn fetch svn-remote My script looks like this: cd /gitsvn/dir git svn fetch svn-remote git svn push pub The last line pushes the repo to a separate (bare) public repo from which others can clone. I'm piping the output from the cron job to a file, which looks like this: fatal: unable to run 'git-svn' Counting objects: 21, done. Delta compression using up to 2 threads. Compressing objects: 100% (10/10), done. Writing objects: 100% (11/11), 59.08 KiB, done. Total 11 (delta 8), reused 0 (delta 0) To /gitpub/repo.git 360faf5..a153b0d trunk -> trunk The line "fatal: unable to run 'git-svn'" is alarming, but the fetch seems to go ahead anyway. Any suggestions? Where are these empty garbage files coming from, and how to stop them? Am I in for bigger problems in the future? BTW, I'm using git 1.6.3.3.

    Read the article

  • could corosync can support unicast heartbeat mode?

    - by Emre He
    could corosync can support unicast heartbeat mode? from another thread in serverfault, some guy raised below corosync conf: totem { version: 2 secauth: off interface { member { memberaddr: 10.xxx.xxx.xxx } member { memberaddr: 10.xxx.xxx.xxx } ringnumber: 0 bindnetaddr: 10.xxx.xxx.xxx mcastport: 694 } transport: udpu } is this conf type means unicast mode? thanks, Emre

    Read the article

  • Virtualized Screen Resolution

    - by Jim R
    I have a 64 bit Ubuntu 9.10 workstation with two virtualized guest OSes using KVM/QEMU. Also both 64-bit. One is Fedora 12 the other is beta of Ubuntu 10.04. The problem is that I would like to use a larger size display that is configured by default. Both guest OSes have a maximum screen resolution of 1024x768. I would like to increase this to something like 1280x900 or 1440x900. The resolution of the host system is 1920x1080. This configuration appears to be a result of the installation detecting the resolution being reported by the virtual screen during installation. The only information I have found on the subject suggests modifying the xorg.conf file in the /etc/X11 directory. Neither guest system has this file. I tried creating one by hand in the Fedora system and managed to render it completely unusable. Not a big deal as this is recently installed and can be reinstalled easily. Is what I want to do possible? If so, how do I accomplish it?

    Read the article

  • How do I enable write access for an sFTP only user under Ubuntu?

    - by Jon Cage
    I'm running Ubuntu 12.04 and am trying to configure a user to allow chroot'd sFTP connections to another section of the filesystem. I've added the following to my /etc/ssh/sshd_config file: Match Group mygroup X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ChrootDirectory /home/%u I've set their home directory so that it's owned by root but has their group. I've created a mount --bind from /home/myuser/transfers to /my/filesystem which appears to be navigable. The problem I'm having is that I'm not able to write to any part of the filesystem which makes this pretty useless as an FTP server. What am I missing? What can I check?

    Read the article

  • cgconfig.conf : setting root control group parameters

    - by delerious010
    I've got cpu, cpuacct and memory cgroups configured via /etc/cgconfig.conf ( cgconfig-bin on Lucid ). I can add new control groups, and assign processes to them however there does not seem to be a facility for changing the paramters of the root level memory cgroup ( the actual mount point ). How would one best set such parameters in a clean manner withoput c For example, I've the memory cgroup mounted to /var/run/cgroup/memory. I'd like to have /var/run/cgroup/memory/memory.use_hierarchy set to 1 on boot.

    Read the article

  • How to keep groups when pulling with git

    - by mimrock
    I have a staging site that is a working directory of a git repository. How to set up git to let a developer pull out a branch or release without changing the group of the modified files? An example. Let's say I have two developers, robin and david. They are both in git-users group, so initially they can both have write permissions on site.php. -rw-rw-r-- 1 robin git-users 46068 Nov 16 12:12 site.php drwxrwxr-x 8 robin git-users 4096 Nov 16 14:11 .git After robin-server1$ git pull origin master: -rw-rw-r-- 1 robin robin 46068 Nov 16 12:35 site.php drwxrwxr-x 8 robin git-users 4096 Nov 16 14:11 .git And david do not have write permissions on site.php, because the group changed from 'git-users' to 'robin'. From now on, david will get a permission denied, when he tries to pull to this repository.

    Read the article

  • Use inotifywait and lftp to synchronize servers

    - by KBoek
    I have two servers: Server A (CentOS), where people can upload files to (upload root is /files) Server B (Win 2008), with FileZilla FTP Server (FTP root is C:\content) I want that whenever a file is uploaded to Server A, to any subfolder under /files, the file is automatically copied to the exact same subfolder on Server B. Thus, if a user uploads "flowers.jpg" to /files/photos/12345/ then the file must be copied over FTP to C:\content\photos\12345 So far I have this bash script, it does copy the files to server B, but all files are placed in C:\content, and not in the corresponding subfolders. Who can help me find the correct syntax? #!/bin/bash cd /files inotifywait -q -r -m -e close_write,moved_to . --format %w%f | while read FILE; do lftp -e "put $FILE; exit" -u user,password -p 2121 ftp.server-a.com done

    Read the article

  • Simultanious process mysteriously ending

    - by Matt
    I'm trying to run a large air quality model, written in FORTRAN, setup with bash scripts, and run in a work queue (slurm.) The first part of the modeling is to run an "entry" model, this runs with MPI in the work queue but only on one process. At one point in the logs, there's a mysterious FORTRAN STOP, and then later the model fails because something wasn't set up properly. This FORTRAN STOP isn't from the main process, which continues running. This is a huge model, but as far as I know there should not be any other processes running at the same time. It consistently fails at the exact same spot. (I can move it by adding debug, but the debug is in the main process) How can I determine what this process is? I've tried added a call to strace -feprocess $SHELL in the run script, but I'm new to this, so if it has offered any info, I haven't been able to use it yet. The is no trace output around the FORTRAN STOP. The whole process occurs so fast that I can't seem to observe it by using ps. Is there a way I can somehow monitor all the processes being initiated from the time the work queue starts? Or some other way I can figure out what is failing? This is running on CentOS 6.4, with Slurm, compiled with PGI 13.

    Read the article

  • Apache strace to hunt down a memory leak

    - by Zipp
    We have a server with a memory issue: the server keeps allocating itself memory and doesn't release it. We're running Apache. I set MaxReqsPerClient to a really low value just so the threads don't hold a lot of memory, but has anyone seen calls like this? Am I wrong in thinking that it's probably Drupal pulling too much data back from the cache in DB? read(52, "h_index\";a:2:{s:6:\"weight\";i:1;s"..., 6171) = 1368 read(52, "\";a:2:{s:6:\"author\";a:3:{s:5:\"la"..., 4803) = 1368 read(52, ":\"description\";s:19:\"Term name t"..., 3435) = 1368 read(52, "abel\";s:4:\"Name\";s:11:\"descripti"..., 2067) = 1368 read(52, "ions\";a:2:{s:4:\"form\";a:3:{s:4:\""..., 16384) = 708 brk(0x2ab554396000) = 0x2ab5542f5000 mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab55f653000 brk(0x2ab554356000) = 0x2ab5542f5000 mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab55f753000 brk(0x2ab554356000) = 0x2ab5542f5000 mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab55f853000 brk(0x2ab554356000) = 0x2ab5542f5000 mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab55f953000 brk(0x2ab554356000) = 0x2ab5542f5000 mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab55fa53000 brk(0x2ab554356000) = 0x2ab5542f5000 mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab55fb53000 brk(0x2ab554356000) = 0x2ab5542f5000 mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab55fc53000 poll([{fd=52, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout) write(52, "d\0\0\0\3SELECT cid, data, created, "..., 104) = 104 read(52, "\1\0\0\1\5E\0\0\2\3def\23drupal_database_nam"..., 16384) = 1368 read(52, ";s:11:\"granularity\";a:5:{s:4:\"ye"..., 34783) = 1368 read(52, ":4:\"date\";}s:9:\"datestamp\";a:9:{"..., 33415) = 1368 read(52, "\";i:0;s:15:\"display_default\";i:0"..., 32047) = 1368 read(52, "e as an integer value.\";s:8:\"set"..., 30679) = 1368 read(52, "label' pairs, i.e. 'Fraction': 0"..., 29311) = 1368 top (the procs just keep growing in memory..): 12845 apache 15 0 581m 246m 37m S 0.0 4.1 0:17.39 httpd 12846 apache 15 0 571m 235m 37m S 0.0 4.0 0:12.13 httpd 12833 apache 15 0 420m 117m 37m S 0.0 2.0 0:06.04 httpd 12851 apache 15 0 412m 113m 37m S 0.0 1.9 0:05.32 httpd 13871 apache 15 0 409m 109m 37m S 0.0 1.8 0:04.90 httpd 12844 apache 15 0 407m 108m 37m S 0.0 1.8 0:04.50 httpd 13870 apache 15 0 407m 108m 37m S 0.3 1.8 0:03.50 httpd 14903 apache 15 0 402m 103m 37m S 0.3 1.7 0:01.29 httpd 14850 apache 15 0 397m 100m 37m S 0.0 1.7 0:02.08 httpd 14907 apache 15 0 390m 93m 36m S 0.0 1.6 0:01.32 httpd 13872 apache 15 0 386m 91m 37m S 0.0 1.5 0:03.13 httpd 12843 apache 15 0 373m 81m 37m S 0.0 1.4 0:02.51 httpd 14901 apache 15 0 370m 75m 33m S 0.0 1.3 0:00.78 httpd 14904 apache 15 0 335m 29m 15m S 0.0 0.5 0:00.26 httpd

    Read the article

  • IP address reuse on macvlan devices

    - by Alex Bubnoff
    I'm trying to create easy to use and possibly simple testing environment for some product and got some strange behaviour of macvlan's. What I'm trying to achieve: make a toolset for one-line start/stop of lxc containers(via docker) bound to external ip(I have enough of it on host machine). So, I'm doing something like this: docker run -d -name=container_name container_image pipework eth1 container_name ip/prefix_len@gateway and pipework here does this: GUEST_IFNAME=ph$NSPID$eth1 ip link add link eth1 dev $GUEST_IFNAME type macvlan mode bridge ip link set eth1 up ip link set $GUEST_IFNAME netns $NSPID ip netns exec $NSPID ip link set $GUEST_IFNAME name eth1 ip netns exec $NSPID ip addr add $IPADDR dev eth1 ip netns exec $NSPID ip route delete default ip netns exec $NSPID ip link set eth1 up ip netns exec $NSPID ip route replace default via $GATEWAY ip netns exec $NSPID arping -c 1 -A -I eth1 $IPADDR And it works for first time per IP. But for second time and later packets for containers IP isn't getting into container, while all configuration seem fine. So it looks like this: External machine ? ping 212.76.131.212 ....silence.... Host machine root@ubuntu:~# ip link show eth1 2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:c9:e1:c9 brd ff:ff:ff:ff:ff:ff root@ubuntu:~# ip addr show eth1 2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:c9:e1:c9 brd ff:ff:ff:ff:ff:ff root@ubuntu:~# tcpdump -v -i eth1 icmp tcpdump: WARNING: eth1: no IPv4 address assigned tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 00:00:46.542042 IP (tos 0x0, ttl 60, id 9623, offset 0, flags [DF], proto ICMP (1), length 84) 5.134.221.98 212.76.131.212: ICMP echo request, id 6718, seq 2345, length 64 00:00:47.549969 IP (tos 0x0, ttl 60, id 9624, offset 0, flags [DF], proto ICMP (1), length 84) 5.134.221.98 212.76.131.212: ICMP echo request, id 6718, seq 2346, length 64 00:00:48.558143 IP (tos 0x0, ttl 60, id 9625, offset 0, flags [DF], proto ICMP (1), length 84) 5.134.221.98 212.76.131.212: ICMP echo request, id 6718, seq 2347, length 64 00:00:49.566319 IP (tos 0x0, ttl 60, id 9626, offset 0, flags [DF], proto ICMP (1), length 84) 5.134.221.98 212.76.131.212: ICMP echo request, id 6718, seq 2348, length 64 00:00:50.573999 IP (tos 0x0, ttl 60, id 9627, offset 0, flags [DF], proto ICMP (1), length 84) 5.134.221.98 212.76.131.212: ICMP echo request, id 6718, seq 2349, length 64 ^C 5 packets captured 5 packets received by filter 0 packets dropped by kernel 1 packet dropped by interface Host machine, netns of container root@ubuntu:~# ip netns exec 32053 ip link show eth1 48: eth1@if2: mtu 1500 qdisc noqueue state UNKNOWN link/ether b2:12:f7:cc:a1:9d brd ff:ff:ff:ff:ff:ff root@ubuntu:~# ip netns exec 32053 ip addr show eth1 48: eth1@if2: mtu 1500 qdisc noqueue state UNKNOWN link/ether b2:12:f7:cc:a1:9d brd ff:ff:ff:ff:ff:ff inet 212.76.131.212/29 scope global eth1 inet6 fe80::b012:f7ff:fecc:a19d/64 scope link valid_lft forever preferred_lft forever root@ubuntu:~# ip netns exec 32053 tcpdump -v -i eth1 icmp tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes ....silence.... ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel So, can anyone say, what can it be? Can this be caused by not a bug in macvlan implementation? Is there any tools I can use to debug that configuration?

    Read the article

  • How to convert aspell dictionary to simple list of words?

    - by rafalmag
    I want to get list of all words from aspell dictionary. I downloaded aspell and aspell polish dictionary, then unziped it using: preunzip pl.cwl I got pl.wl: ... hippie hippies hippiesowski/bXxYc hippika/MNn hippis/NOqsT hippisiara/MnN hippiska/mMN hippisowski/bXxYc ... but they appear with sufix like /bXxYc or /MNn. These suffixes are defined in pl_affix.dat, which looks like ... SFX n Y 5 SFX n a 0 [^ij]a SFX n ja yj [^aeijoóuy]ja SFX n a 0 [aeijoóuy]ja SFX n ia ij [^drt]ia SFX n ia yj [drt]ia ... It is connected to the declination and conjugation. How can I add to the first list all forms (with all corresponding suffixes as defined in .dat file ) ? BTW: I need this list to spell-checker jazzy.

    Read the article

  • Increase text size in Ubuntu 10.04 due to having large resolution/monitors

    - by Sridhar Ratnakumar
    I have 24" dual monitors with 1920x1080 resolution on both of them. Consequently the text appears so small. I use the following text-intensive applications frequently: Web browser (Google Chrome) IDE (Komodo) Terminal (Gnome Terminal) Email (Thunderbird) I can configure text size on IDE, Terminal and Email. But for Chrome, it is not a good idea to set proportional font size because often one wants to see the entire (not just proportional fonts) site to be zoomed. So I am asking: Is it possible to increase DPI in Ubuntu (much like on Windows) so as to increase the text size across all apps? OR Is it possible to set permanent 'zoom' in Google Chrome, using a third-party extension maybe? I am using Ubuntu 10.04 (Lucid Lynx)

    Read the article

  • Fedora14 serial console how-to needed

    - by lamba2
    Has anyone ever got a serial console working in fedora 14 ? Is it as simple as adding to grub: serial --unit=0 --speed=38400 terminal --timeout=10 serial console and add to the kernel lines: console=tty0 console=ttyS0,38400 ??? If so, this isn't working for me. I have agetty installed, and im using minicom, although i've heard you can also use "screen /dev/ttyUSB0" on the client side. The /etc/init/serial.conf file suggests it should be working, but nothing. Currently getting no joy from any of this after 2 days. Does anyone know a method that definitely works on fedora 14 ? (no /etc/event.d/ needed or such) edit: Client side im using a null modem cable and usb-serial adaptor.

    Read the article

  • Look strange on gvim after applying Source Sans Pro font

    - by abcdabcd987
    I downloaded the Source Sans Pro font and install on my Fedora17(Xfce). I did mkfontscale, mkfontdir, fc-cache -fv, and after fc-list, could see it on the list. Then I changed guifont in gvim to Source\ Sans\ Pro\ 10, but it looks quite strange. And then I changed it to DejaVu\ Sans\ Mono\ 10, it looks nothing strange. So, why would this happend? And how to solve it? Thanks! Source Sans Pro DejaVu Sans Mono

    Read the article

  • Concerns about Apache per-Vhost logging setup

    - by etienne
    I'm both senior developer and sysadmin in my company, so i'm trying to deal with the needs of both activities. I've set up our apache box, wich deals with 30-50 domains atm (and hopefully will grow larger) and hosts both production and development sites, with this directory structure: domains/ domains/domain.ext/ #FTPS chroot for user domain.ext domains/domain.ext/public #the DocumentRoot of http://domain.ext domains/domain.ext/logs domains/domain.ext/subdomains/sub.domain.ext domains/domain.ext/subdomains/sub.domain.ext/public #DocumentRoot of http://sub.domain.ext Each domain.ext Vhost runs with his dedicated user and group via mpm-itk, umask being 027, and the logs are stored via a piped sudo command, like this: ErrorLog "| /usr/bin/sudo -u nobody -g domain.ext tee -a domains/domain.ext/logs/sub.domain.ext_error.log" CustomLog "| /usr/bin/sudo -u nobody -g domain.ext tee -a domains/domain.ext/logs/sub.domain.ext_access.log" combined Now, i've read a lot about not letting the logs out of a very restricted directory, but the developers often need to give a quick look to a particular subdomain error log, and i don't really want to give them admin rights to look into /var/logs. Having them available into the ftp account is REALLY handy during development stages. Do you think this setup is viable and safe enough? To me it is apparently looking good, but i'm concerned about 3 security issues: -is the sudo pipe enough to deal with symlink exploits? Any catches i'm missing? -log dos: logs are in the same partition of all domains. got hundreds of gigs, but still, if one get disk-space dos'd, everything will break. Any workaround? Will a short timed logrotate suffice? -file descriptors limits: AFAIK the default limit for Apache on Ubuntu Server is currently 8192, which should be plenty enough to handle 2 log files per subdomain. Is it? Am i missing something? I hope to read some thoughts on the matter!

    Read the article

  • Virtualized Screen Resolution

    - by Jim R
    I have a 64 bit Ubuntu 9.10 workstation with two virtualized guest OSes using KVM/QEMU. Also both 64-bit. One is Fedora 12 the other is beta of Ubuntu 10.04. The problem is that I would like to use a larger size display that is configured by default. Both guest OSes have a maximum screen resolution of 1024x768. I would like to increase this to something like 1280x900 or 1440x900. The resolution of the host system is 1920x1080. This configuration appears to be a result of the installation detecting the resolution being reported by the virtual screen during installation. The only information I have found on the subject suggests modifying the xorg.conf file in the /etc/X11 directory. Neither guest system has this file. I tried creating one by hand in the Fedora system and managed to render it completely unusable. Not a big deal as this is recently installed and can be reinstalled easily. Is what I want to do possible? If so, how do I accomplish it?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 336 337 338 339 340 341 342 343 344 345 346 347  | Next Page >