Skip to main content

Posts

Showing posts from 2011

Using samba 3.6 with RHEL 6 and SELinux (OBSOLETE)

Update 2: No, it doesn't work with sernet samba, but I'll look at where it fails; perhaps I need a relabel.

Update 1: This used to be a problem when RHEL 6 came out. They have since updated the samba policies and it now works out of the box.

I have a default installation of RHEL 6, yet want to use samba 3.6 from sernet on it. This doesn't work -- nmbd gets killed by the samba selinux policy installed on RHEL 6.

A simple workaround is to change the smbd_t policy to permissive, this way you can investigate and create an additional policy module to fix it (admittedly I never bothered, RedHat fixed their policy to work with samba 3.6).

# semodule -d sambagui # semanage permissive -a smbd_t
# semanage permissive -a nmbd_t # semodule -l | grep '[sn]mb'
# should show permissive_[sn]mbd_t...

A somewhat more overreaching, and thus not recommended, workaround was to disable the samba policy modules:

# semodule -d sambagui
# semodule -d samba
# semodule -l | grep samba
# should show s…

Batch File Renaming in bash with Regexes/Regexps

The bash shell has a built-in POSIX regular expression matching facility. It also lets you extract parenthesized matching subexpressions within the regexp. Here's how to use it to rename a bunch of JPGs to jpegs:
for f in *.JPG; do [[ $f =~ ([^.]+)\.JPG ]] && mv $f ${BASH_REMATCH[1]}.jpeg; done
The [[ .. ]] test ensures that the rename is only executed when the file name matches the regexp. The BASH_REMATCH array is populated while the regexp match operator =~ does its job. The regular expression within the [[ .. ]] cannot be quoted, or else it won't work.

Migrating Zimbra 6 to Zimbra 7

I have a Zimbra 6.0.13 server running on a 32 bit CentOS 4 box. The goal is to migrate it Zimbra 7.1.1 on 64 bit CentOS 6.

I have got a bare installation of Zimbra 7.1.1 running on a CentOS 6 VM. I reused the /opt/zimbra/config.#### file from the old server to do a "kickstart" installation. The config file required a couple of tweaks. First of all, rpm package installs will fail if apache-core is not the first package listed in the set of packages that are to be installed. You also need to switch to a non-upgrade install, and add a quarantine account -- all of that belongs in the config file. You can simply run the installation once, let it fail, but it will create an updated config file. Then grab the config file before it disappears once you uninstall, and tweak with all the new settings now visible.
I have tried the direct migration path using admin console's migration wizard on Zimbra 7. It works great to copy user accounts over, but it uses LDAP and is very lossy wh…

Two Analog Circuit Design Greats are Lost

What a sad week it was. Bob Pease has passed away on June 18th, 2011, in a car crash. Jim Williams has passed away on June 12th, 2011, two days after suffering a stroke. Two analog circuit design legends, great educators and explainers. I'll miss you, guys!

Bob Pease; below working on LM131 breadboard in the year I was born.

Jim Williams; above in front of Minuteman guidance package; below in his lab.


On Running tftpd (in.tftpd) as a Non-root User (DEPRECATED)

The preferred way of securing tftpd is to use the tftp SELinux targeted policy module. This post is now of historic interest only, I have SELinux enabled, using the targeted policy in enforcing mode. That is the right way of doing things.

On RHEL systems, tftpd is started from xinetd as a root user. The configuration is stored in /etc/xinetd.d/tftp. You may wish to run it as a different user for security purposes.  Let's assume that the tftpd user has been created, with login directory set accordingly to /tftpboot.

There are two ways you could try to set tftpd to run as non-root, and only one of them works. You may try to change the user entry in the xinetd configuration file. This will fail when in.tftpd tries to set its supplementary group to nobody, thus -- if you strace -- the following call fails:
[pid 16429] setgroups32(1, [99]) = -1 EPERM (Operation not permitted)

Instead, you should add the -u parameter to the tftpd's command line in its xinetd config file.
server_args =…

Qt Compilation Woes on Windows

I've had some tough luck compiling latest Qt 4.7.3 on Windows using VS 2008. I wanted to accomplish following:

compile both debug and release builds,have the release build optimized with link time code generation (LTCG),include OpenSSL support,include PostgreSQL support. Nokia offers a prebuilt Qt package, but I wanted to make sure that the build references the most recent VC runtime, and this requires recompilation of everything.

My setup is a VMware Fusion VM with 32 bit Windows XP.

First of all, LTCG requires plenty of memory, and linking/code generation for WebKit will fail on 32 bit windows unless you do the following:

set the VM to have at least 2G of memory,boot with the /3g option in boot.ini -- to do that go to System Properties, Advanced, Startup and Recovery.Settings, Edit the startup options file, and duplicate the existing entry in [operating systems] section, adding /3gb switch before /fastdetect, and change the name of the new entry.save boot.ini, reboot the VM, bootl…

Wire Stripper, Who Art Thou?

There is an 8-34AWG self-adjustable stripper, offered under Thomas&Betts, Molex and Cooper/Xcelite brands.

The prices offered for each of those can vary by a factor of 2 and more, even though every row in the table below seems to be exactly the same part.

The table below should help searching for the best deal out there.



T&BMolexCooper/XceliteStripper w/Straight BladeERG1-WS63817-0000SAS3210Straight Blade
for regular wireSBC-1 63817-0070SAS3210RBV-Shaped Blade
for teflon wireVBC-163817-0071SAS3210TRBPVC #10-#5 blade63817-0072