similar to: Chroot issue with username to uid

On Thu, Sep 29, 2011 at 9:35 PM, Lucian <lucian at lastdot.org> wrote: > On Fri, Sep 30, 2011 at 2:22 AM, Trey Dockendorf <treydock at gmail.com> > wrote: > > I had a recent request to improve security on my web servers by having > each > > website use a different user to run the hosting service. So > > example1.comhas it's own Apache instance running

I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my

I had a recent request to improve security on my web servers by having each website use a different user to run the hosting service. So example1.comhas it's own Apache instance running as apache1 and then example2.com has its own instance of Apache as apache2. Is this even possible or realistic? I understand the idea of how that would be secure, much like creating a virtual machine to

I have decided to migrate my latest KVM server to CentOS 6.0 and am beginning to get a little frustrated with some issues that worked perfectly in 5.6. Right now I've given up on getting virbr0 and NAT to work, but now I need networking bridging to work, but nothing seems to fix the issue. I have not had much experience with troubleshooting KVM so could really use some pointers on resolving

Hi, I have written code which enables chroot environments for users. A new sshd onfiguration item ChrootUsers containts a list of users which has chroot environment.So if the user is not in the list it get's his normal environment. For users that are in the chrootusers list there homedir becomes / . Can you please apply this patch? With kind regards, Jeroen Nijhof -------------- next

On 8/29/2011 10:29 PM, Trey Dockendorf wrote: > Have you looked into using virt-manager? When I started using KVM I > found that new VM provisioning was much simpler with that interface. Alas, Virtmanager doesn't seem to be a supported program under Gentoo - the distribution I use. If its X-based, it wouldn't work anyhow - I'm strictly a command line shop. > > Once

hello all i am new to dovecot and i have a small problem. I use qmail as a pop3 server and dovecot as imap. my rc script is as follows: -----snip----- #!/bin/sh exec env - PATH="/var/qmail/bin:$PATH" \ qmail-start '|preline procmail' splogger qmai -----end----- thus i deliver mails through procmail so all mails are located to /var/spool/mail. The problem exists when i tested

Greetings! I am working on a patch that will support a "ChrootUsers" option in the v3.4p1 config file. I am wondering if there are already plans to support a chroot option on the go? Regards, _________________________________________ Open Text Corporation - HMS Division. John Furman Network Security Officer jfurman at opentext.com www.opentext.com/hms Voc: 519.888.7111 x2361 Fax:

I recently began getting periodic emails from SEalert that SELinux is preventing /usr/libexec/qemu-kvm "getattr" access from the directory I store all my virtual machines for KVM. All VMs are stored under /vmstore , which is it's own mount point, and every file and folder under /vmstore currently has the correct context that was set by doing the following: semanage fcontext -a -t

I'm setting up a shared web server running Apache. Each web root will belong to a department, which has a corresponding Active Directory group to give access. So far I've got samba working and such, but am having some trouble wrapping my head around the necessary permissions to make all this work, especially securely. So far I've found that both the POSIX and the ACL permissions

Hello, I am trying to execute virsh commands on a host but it is giving errors due to failure in acquiring lock. root at kvm01:~# virsh suspend blindone error: Failed to suspend domain blindone error: Timed out during operation: cannot acquire state change lock Any suggestions how can we figure out possible reasons. -- Jatin -------------- next part -------------- An HTML attachment was

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

Tried my first CentOS 6 install on a system currently running 5.6. My attempt was not an upgrade, but a full re-format. I have verified the checksums of the ISO and did the pre-install disk verify and everything checked out. However after the screen for setting up the bootloader I get the following error "Unable to read group information from repositories. This is a problem with the

I'm trying to install a gem named Fabulator on CentOS 6 CR x86_64. It's failing on libxslt-ruby. This is the error I get when trying the gem manually... ------------------------------ # gem install libxslt-ruby --no-rdoc --no-ri Building native extensions. This could take a while... ERROR: Error installing libxslt-ruby: ERROR: Failed to build gem native extension.

I have an oVirt engine node that currently runs the system on a qcow2 based virtual disk, and an NFS export volume on RAW. I'd like to take a snapshot before a somewhat risky upgrade of oVirt and can't with the raw image attached. Looking at the documentation for the snapshot XML, I created this XML file for the snapshot <domainsnapshot> <name>20120802</name>

I could use some help with clarification on the use of the libvirtd daemon with regards to managing remote KVM instances. Right now I have a CentOS 6 KVM server (libvirt-0.8.1), but would like to use some management applications that require higher version (0.8.8). First, is it possible to run the libvirtd daemon from within a VM, or does it require active kvm kernel module? Secondly, could a

Great news about CentOS 6.0 being available, and I figured I'd ask the most obvious question, what can I expect when upgrading from CentOS 5.6 to 6.0? I have not had to go from one major version of CentOS to another so this is new territory for me. Is the processes just like an install except there's an "Upgrade" option? Does an upgrade do a "yum update" of

I've created a very basic snapshot XML file, to allow for a description of the snapshot. However when running the virsh command, it doesn't like the formatting. # virsh snapshot-create proxy_0 /vmstore/proxy_0/proxy_0_ss.xml error: XML description for failed to parse snapshot xml document is not well formed or invalid This are the XML file contents... # cat proxy_0_ss.xml

What is the preferred method for submitting patches from upstream projects ? I have two patches for libvirt-0.8.1.el6_0.6. One adds ESX 4.1 support to things like virt-v2v ( http://www.redhat.com/archives/libvir-list/2010-July/msg00480.html) and the second fixes the broken "virsh snapshot-create" ( https://bugzilla.redhat.com/show_bug.cgi?id=727709). All I did really was get them to

I''ve begun using Hiera in combination with Foreman, primarily storing data that is best left in Array/Hash form. I''d like to be able to have a module, in this case BackupPC, query all the Hiera data for each node where the backup directories/databases are stored. Then use all that information on the BackupPC server to generate proper configuration files for each