root - Page 106 - Developer IT

Remote Desktop Problem on Windows Server 2008 R2

- by lukiffer

Revised this question to be more concise, consolidating several revisions. Symptoms: From a domain-member Windows 7 Client: Domain credentials to a domain controller = success Domain credentials to a member server (by hostname or FQDN) = success Domain credentials to a member server (by IP) = fail Local credentials to a member server (by either) = success From a non-domain-member Windows 7 Client: Domain credentials to a domain controller = success Domain credentials to a member server = fail Local credentials to a member server = success (Identical behavior from a Mac RDC 2.1 client) Server Configuration Details: Windows 2008 R2 Datacenter w/ SP1 The domain in question is a subdomain of a Windows 2008 domain (forest root). Root has DCs in both Site A and Site B, subdomain only has DCs in Site B. RDP is operating normally on all root member-servers and DCs. No remote desktop settings are defined by GPOs. Network level authentication is enabled; all clients are compatible and the certificate exchange/SSL handshake completes successfully. Not catching any errors in netlogon log.

Read the article

mysql -e option with variable data - Pass the variable value to insert sql statement in shell script

- by Ahn

The following shell script is not inserting the data to the table. How to pass the variable value to insert sql statement in a shell script. id=0 while true do id=`expr $id + 1`; mysql -u root -ptest --socket=/data/mysql1/mysql.sock -e 'insert into mytest1.mytable2(id,name) values (' $id ',"testing");' echo $id >> id.txt done I have modified the script as below and tried, and still having the issue id=0 while true do id=`expr $id + 1`; # mysql -u root -ptest --socket=/data/mysql1/mysql.sock1 -e 'insert into mytest1.mytable1(name) values ("amma");' mysql -u root -ptest --socket=/data/mysql1/mysql.sock -e 'insert into mytest1.mytable2(id,name) values ( $id ,"testing");' echo $id >> id.txt done error : ]$ ./insert ERROR 1054 (42S22) at line 1: Unknown column '$id' in 'field list'

Read the article

ACL permissions not behaving as expected

- by Yarin

I set the following ACL on my web directory: setfacl -R -d -m mask:002 /var/www and then created a file as root that I expected to be readable by the default (apache) group. -rw--w-r--+ 1 root apache 0 Dec 17 22:32 newfile.py When I run getfacl on the file, I get: # file: newfile.py # owner: root # group: apache user::rw- group::rwx #effective:-w- mask::-w- other::r-- I'm not sure how to read this- but all I know is that the webserver is throwing a permissions error because apache can't read the file. Can anyone explain what is going on here?

Read the article

centos 6 nfs: logs not showing anywhere

- by ancillary

Can someone please tell me where NFS logs in centos 6? Or perhaps where I can tell NFS to send logs? At the present time, there appears to be no such setting. Trying to get the thing to work without logs is quite frustrating. [root@houston netshare]# locate nfs| grep log [root@houston netshare]# [root@houston netshare]# grep -Rni "nfs" /var/log /var/log/anaconda.storage.log:23:20:41:33,962 DEBUG : registered device format class NFS as nfs /var/log/anaconda.storage.log:24:20:41:33,962 DEBUG : registered device format class NFSv4 as nfs4 This is a day-old centos 6 install from livecd and yum update has been run.

Read the article

How does Amazon ec2-user get its sudo rights

- by Johan

I am looking for where the default Amazon AMI linux image sets up the privileges for the default ec2-user account. After logging in with this account I can use sudo successfully. Checking via the sudoers file, which I open by running visudo (with no other options) I see a few default settings and permissions for root ALL ALL So ... Where is the permissions for ec2-user assigned? I have not yet tried to add a new permission but ultimately I want to resign ec2-user for systems management tasks and use a non-full root user for administering the applications (stop and start mysql, httpd, edit apache's vhost files, and upload / edit web content under the web root)

Read the article

EC2 Amazon Linux AMI MySQL CPU @ 62% When Idle?

- by Jeff

I am running MySQL on an Amazon Linux AMI. There is nothing connected to it. There are no connections and no other applications running that use MySQL. It is completely idle, but yet, top is reporting that mysql is using 62% of the CPU? Why is this happening and how do I fix it? Cpu(s): 0.2%us, 0.2%sy, 0.0%ni, 97.8%id, 0.0%wa, 0.0%hi, 0.0%si, 1.7%st Mem: 1738504k total, 390708k used, 1347796k free, 56888k buffers Swap: 917500k total, 0k used, 917500k free, 229804k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2959 mysql 20 0 466m 39m 5244 S 62.2 2.3 4:00.67 mysqld 1 root 20 0 19252 1504 1212 S 0.0 0.1 0:00.20 init 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd There are no connections... mysql> show processlist; +----+------+-----------+------+---------+------+-------+------------------+ | Id | User | Host | db | Command | Time | State | Info | +----+------+-----------+------+---------+------+-------+------------------+ | 5 | root | localhost | NULL | Query | 0 | NULL | show processlist | +----+------+-----------+------+---------+------+-------+------------------+

Read the article

Is it necessary to change the default users and groups in VMware esxi 4.0 in order to have a secure

- by Teevus

By default esxi creates a number of users and groups including: daemon nfsnobody root nobody vimuser dcui How secure is this default security setup? Besides changing the root password, is it advisable to modify the default users and groups? E.g. does esxi use default passwords for the accounts or anything else that could be exploited by malicious users? My scenario is very basic and I don't require any custom users or groups as only sysadmins will ever need to administer the virtual infrastructure, and they can do so using the root account. Thanks

Read the article

Accessing SVN Repository on external drive

- by Stephen

I've installed SVN on my Raspberry PI and configured it to access the repository on an external hard drive. In /etc/fstab, I've have the following: //192.168.1.12/SHARE/repos /media/repos cifs sec=ntlm,username=Guest,password=,_netdev,dir_mode=0777,file_mode=0777 0 0 This mounts with no issues. When I go to add a project to the repository using the following command: sudo svn import mywebsite/ file://media/repos/mainrepository/mywebsite/ -m "Initial Upload" I get the following error: svn: E170000: Unable to connect to a repository at URL 'file://media/repos/mainrepository/mywebsite' svn: E170000: Unable to open an ra_local session to URL svn: E170000: Local URL 'file://media/repos/mainrepository/mywebsite' contains unsupported hostname The only thing I think maybe causing the issue is the file settings: drwxrwxrwx 2 root root 0 Jun 11 2009 repos As you can see the owner is root, I think it needs to be www-data, but for some reason I can't change it. Any help appreciated.

Read the article

why in /proc file system have this infomation

- by liutaihua

run: lsof|grep delete can find some process open fd, but system dis that it had to delete: mingetty 2031 root txt REG 8,2 15256 49021039 /sbin/mingetty (deleted) I look the /proce filesystem: ls -l /proc/[pid] lrwxrwxrwx 1 root root 0 9? 17 16:12 exe -> /sbin/mingetty (deleted) but actually, the executable(/sbin/mingetty) is normal at /sbin/mingetty path. and some soket like this situation: ls -l /proc/[pid]/fd 82 -> socket:[23716953] but, use the commands: netstat -ae|grep [socket id] can find it. why the OS display this infomation??

Read the article

Setting Environment Variable for Tomcat 6 Servlet

- by amaevis

I'm using Ubuntu's default installation of Tomcat 6. I'm deploying a ROOT.war, and trying to set an environment variable specific to it, i.e. accessible from System.getenv() in the Servlet.init(config). According to the docs (http://tomcat.apache.org/tomcat-6.0-doc/config/context.html), I can specify this in a Context element in conf/Catalina/localhost/ROOT.xml. I've created that with these contents: <Context> <Environment name="FOO" value="bar" type="java.lang.String" override="false"/> </Context> And I've deployed the webapp as usual, i.e. to webapps/ROOT.war. Server.getenv("FOO") in the Servlet.init(config) still returns null. What am I missing?

Read the article

Tomcat directly serve static (css, js) files shared by multiple applications

- by Josvic Zammit

I'm using the ExtJS framework which has a bulk of js and css files that are used for all apps. I intend to share these between a number of web applications (different war files). For this reason I would like to serve ExtJS js and css directly from the web server, in my case Tomcat6, which can be used to serve static files, as in this helpful link. Therefore I put my files under /var/lib/tomcat6/webapps/ROOT/extjs/. The static files that are directly under that directory are served correctly, e.g. /extjs/ext.js correctly serves the file at /var/lib/tomcat6/webapps/ROOT/extjs/ext.js. However files in lower-level directories, for example /extjs/welcome/css/welcome.css, which should serve the file at /var/lib/tomcat6/webapps/ROOT/extjs/welcome/css/welcome.css, return a 404. TL/DR Tomcat serves static files only at top-level directory. A 404 is returned for files deeper in the hierarchy. Config file contents: server.xml application's web.xml

Read the article

Serving a default image with nginx

- by ustun

I have the following configuration in nginx: location /static/ { root /srv/kose/; expires 2w; access_log off; } location / { proxy_pass http://127.0.0.1:8089; } If a file is not found in /static/, I want to serve a default image, and not proxy_pass to 8089. Currently, it looks for the file in the root for static, if it cannot find it, it tries the proxy. I have tried the following, but it doesn't work. How can I tell nginx to serve the default image? I have also tried try_files to no avail. location /static/ { root /srv/kose/; expires 2w; access_log off; error_page 404 /srv/static/defaultimage.jpg; } location / { proxy_pass http://127.0.0.1:8089; }

Read the article

Is disabling password login for SSH the same as deleting the password for all users?

- by Arsham Skrenes

I have a cloud server with only a root user. I SSH to it using RSA keys only. To make it more secure, I wanted to disable the password feature. I know that this can be done by editing the /etc/ssh/sshd_config file and changing PermitRootLogin yes to PermitRootLogin without-password. I was wondering if simply deleting the root password via passwd -d root would be the equivalent (assuming I do not create more users or new users have their passwords deleted too). Are there any security issues with one approach verses the other?

Read the article

vsftpd per group configuration

- by roqs

I want to configure a vsftpd in a per group fashion instead of per user configuration. It's possible? Suppose i have two groups: groupA and groupB, so my goal is: users in groupA have permission (wrx) to all files in directory dir1 users in groupB have permission (wrx) to all files in directory dir2 users of the system have permission (wrx) to all files in directory dir3 For example: ftp@test:/home/ftp# ls -l drwxrwxr-x 16 root groupA 4096 Jun 3 10:45 dir1 drwxrwxr-x 2 root groupB 4096 Jun 3 10:56 dir2 drwxrwxr-x 8 root users 4096 Jun 3 11:01 dir3 How to do that with vsftpd?

Read the article

How can I move an existing VM's files to a new directory in the same datastore?

- by blade

Hi, I have some VMs deployed on ESX. In vSphere 4, I want to move these VMs into another directory in the datastore. So the VM directories are under root, but I want them in root/MyNewFolder. I tried this by turning off a VM, copying the VM's file (VMDK etc) into the directory I want, deleting the hard drive from the VM's settings, adding a new hard drive and then selecting the new path to the VMDK. When I press ok on the settings dialog box, having made this modification to the settings, I get the following error: not found. What I am trying to do also does not seem to be possible when making a new VM. I can only make VMs under root.

Read the article

Truecrypt on Linux (permission confusion)

- by xcross

I am pretty inexperienced with Linux... So please bare with me here. I keep running into permission problems when working with truecrypt on Linux. Currently, I run truecrypt as root to mount my encrypted devices and containers. This all works fine, but I have to interact with the mounted volumes in the terminal as root, and I can't seem to use many of my applications on the files... Either because they can't be run as root or I don't know how to use them from the terminal. This seems really inconvenient to me. How do people deal with this? Am I missing something, or is this just the way things have to be? I am on Fedora 17 (KDE spin) now but I have this trouble with any distro I try.

Read the article

sticky bit on NFS file system

- by Kris_R

I have a system where to the main server (homes, nfs, ntp, queue...) can log-in only root – all the other users use front-end host with NFS-mounted home directories (RW) and all other software directories (read-only). My problem is, that time to time, if root or normal user with sudo makes some administrative works on front-end some homes of normal users getting sticky bits (drwsr-sr-x). If it happens usually the user can't log-in (as long as permission for his home are not changed to drwxr-xr-x). The last time I saw it after compiling some new software (normal user configure;make) and installation from the same directory as root (su and make install or direct as normal user sudo make install). Can somebody explain me why it happens and what should I do to get rid of this problem? p.s. I'm using CentOS 5.7

Read the article

Cannot log-in in the install of phpmyadmin on Ubuntu

- by Sylario

I just installed phpmyadmin and i am trying to login in /phpmyadminpath/setup. I am greeted by an invite similar to an apache protected folder (log/password displayed in a browser pop-up, not an html popup) asking for login pass. I cannot login using system password(root) or mysql passsword(also root) I already have rails app using this mysql, and i checked the mysql password in the config files. I cannot run any mysql command in my console because of the following error : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) What is wrong with phpmyadmin and mysql?

Read the article

sudo like in Ubuntu (for Debian and other Linuxes)

- by chris_l

Hi, I personally like the default sudo behavior of Ubuntu: - Root login impossible - "admin" group granted "ALL=(ALL) ALL" - users in the "admin" group are asked for their user password (not a root password) when using sudo. [I like it, because this way, there's no root password to be shared among several people. There may be good reasons for other opinions, too - but that shouldn't be the topic of this question.] Now I'm trying to re-create this behavior in Debian Etch. It basically works, but there's one important difference: Debian doesn't ask for a password. It should ask for the user's password. I edited the sudoers file to be exactly the same as in Ubuntu, and I added a user to the newly created "admin" group. What else do I have to do to get the Ubuntu behavior in Debian (and other Linuxes)? Thanks Chris

Read the article

We have a Solaris 9 server running Oracle 10G and have been getting memory consumption errors for a few weeks now

- by another_netadmin

We recently upgraded our Enterprise application and everything worked ok until one weekend when we did a server reboot, ever since then we have run into memory errors. The server has 4GB of physical memory installed and the kernel parameters are set to the following (/etc/system). I'm not an Oracle guy so I'm not sure where to start looking but any informaiton is greatly appreciated. Thanks in advance. There are two databases running on this server, one is a production database and the other is a pre-production database. [root@bandb /]# cat /etc/system | grep seminfo set semsys:seminfo_semmni=100 set semsys:seminfo_semmns=2048 set semsys:seminfo_semmsl=400 set semsys:seminfo_semopm=100 set semsys:seminfo_semvmx=32767 [root@bandb /]# cat /etc/system | grep shminfo set shmsys:shminfo_shmmax=4294967295 set shmsys:shminfo_shmmin=1 set shmsys:shminfo_shmmni=100 set shmsys:shminfo_shmseg=10 [root@bandb /]#

Read the article

Why is this server redirecting to another page???

- by Mike L.

I am building a site for a client. For a reason unknown to me www.domain.com forwards to www.domain.com/directory/home.html. If i type www.domain.com/index.php it works correctly. I have checked .htaccess there was nothing there, so I set the index to index.php which works fine in every directory other than the root directory. I have root access and have checked the httpd.conf (did a search in VI for the document that I was being redirected to) and anything else I could think of. Where should I look next? The server is a VPS running CentOS 5.5 with multiple domains, has CPanel WHM 11 for root access and CPanel X installed for each domain.

Read the article

python/pip error on osx

- by Ibrahim Chawa

I've recently purchased a new hard drive and installed a clean copy of OS X Mavericks. I installed python using homebrew and i need to create a python virtual environment. But when ever i try to run any command using pip, I get this error. I haven't been able to find a solution online for this problem. Any reference would be appreciated. Here is the error I'm getting. ERROR:root:code for hash md5 was not found. Traceback (most recent call last): File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 139, in <module> globals()[__func_name] = __get_hash(__func_name) File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 91, in __get_builtin_constructor raise ValueError('unsupported hash type ' + name) ValueError: unsupported hash type md5 ERROR:root:code for hash sha1 was not found. Traceback (most recent call last): File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 139, in <module> globals()[__func_name] = __get_hash(__func_name) File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 91, in __get_builtin_constructor raise ValueError('unsupported hash type ' + name) ValueError: unsupported hash type sha1 ERROR:root:code for hash sha224 was not found. Traceback (most recent call last): File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 139, in <module> globals()[__func_name] = __get_hash(__func_name) File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 91, in __get_builtin_constructor raise ValueError('unsupported hash type ' + name) ValueError: unsupported hash type sha224 ERROR:root:code for hash sha256 was not found. Traceback (most recent call last): File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 139, in <module> globals()[__func_name] = __get_hash(__func_name) File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 91, in __get_builtin_constructor raise ValueError('unsupported hash type ' + name) ValueError: unsupported hash type sha256 ERROR:root:code for hash sha384 was not found. Traceback (most recent call last): File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 139, in <module> globals()[__func_name] = __get_hash(__func_name) File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 91, in __get_builtin_constructor raise ValueError('unsupported hash type ' + name) ValueError: unsupported hash type sha384 ERROR:root:code for hash sha512 was not found. Traceback (most recent call last): File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 139, in <module> globals()[__func_name] = __get_hash(__func_name) File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/hashlib.py", line 91, in __get_builtin_constructor raise ValueError('unsupported hash type ' + name) ValueError: unsupported hash type sha512 Traceback (most recent call last): File "/usr/local/bin/pip", line 9, in <module> load_entry_point('pip==1.5.6', 'console_scripts', 'pip')() File "build/bdist.macosx-10.9-x86_64/egg/pkg_resources.py", line 356, in load_entry_point File "build/bdist.macosx-10.9-x86_64/egg/pkg_resources.py", line 2439, in load_entry_point File "build/bdist.macosx-10.9-x86_64/egg/pkg_resources.py", line 2155, in load File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.5.6-py2.7.egg/pip/__init__.py", line 10, in <module> from pip.util import get_installed_distributions, get_prog File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.5.6-py2.7.egg/pip/util.py", line 18, in <module> from pip._vendor.distlib import version File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.5.6-py2.7.egg/pip/_vendor/distlib/version.py", line 14, in <module> from .compat import string_types File "/usr/local/Cellar/python/2.7.8/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.5.6-py2.7.egg/pip/_vendor/distlib/compat.py", line 31, in <module> from urllib2 import (Request, urlopen, URLError, HTTPError, ImportError: cannot import name HTTPSHandler If you need any extra information from me let me know, this is my first time posting a question here. Thanks.

Read the article

Problems with shutting down JBoss in Eclipse if I change JNDI port

- by Balint Pato

1st phase I have a problem shutting down my running JBoss instance under Eclipse since I changed the JNDI port of JBoss. Of course I can shut it down from the console view but not with the stop button (it still searches JNDI port at the default 1099 port). I'm looking forward to any solutions. Thank you! Used environment: JBoss 4.0.2 (using default) Eclipse 3.4.0. (using JBoss Tools 2.1.1.GA) Default ports: 1098, 1099 Changed ports: 11098, 11099 I changed the following part in jbosspath/server/default/conf/jboss-service.xml:    <mbean code="org.jboss.naming.NamingService" name="jboss:service=Naming" xmbean-dd="resource:xmdesc/NamingService-xmbean.xml">  <attribute name="CallByValue">false</attribute>  <attribute name="Port">11099</attribute>  <attribute name="BindAddress">${jboss.bind.address}</attribute>  <attribute name="RmiPort">11098</attribute>  <attribute name="RmiBindAddress">${jboss.bind.address}</attribute>  <depends optional-attribute-name="LookupPool" proxy-type="attribute">jboss.system:service=ThreadPool</depends> </mbean> <mbean code="org.jboss.naming.JNDIView" name="jboss:service=JNDIView" xmbean-dd="resource:xmdesc/JNDIView-xmbean.xml"> </mbean> Eclipse setup: About my JBoss Tools preferences: I had a previous version, I got this problem, I read about some bugfix in JbossTools, so updated to 2.1.1.GA. Now the buttons changed, and I've got a new preferences view, but I cannot modify anything...seems to be abnormal as well: Error dialog: The stacktrace: javax.naming.CommunicationException: Could not obtain connection to any of these urls: localhost:1099 [Root exception is javax.naming.CommunicationException: Failed to connect to server localhost:1099 [Root exception is javax.naming.ServiceUnavailableException: Failed to connect to server localhost:1099 [Root exception is java.net.ConnectException: Connection refused: connect]]] at org.jnp.interfaces.NamingContext.checkRef(NamingContext.java:1385) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:579) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572) at javax.naming.InitialContext.lookup(InitialContext.java:347) at org.jboss.Shutdown.main(Shutdown.java:202) Caused by: javax.naming.CommunicationException: Failed to connect to server localhost:1099 [Root exception is javax.naming.ServiceUnavailableException: Failed to connect to server localhost:1099 [Root exception is java.net.ConnectException: Connection refused: connect]] at org.jnp.interfaces.NamingContext.getServer(NamingContext.java:254) at org.jnp.interfaces.NamingContext.checkRef(NamingContext.java:1370) ... 4 more Caused by: javax.naming.ServiceUnavailableException: Failed to connect to server localhost:1099 [Root exception is java.net.ConnectException: Connection refused: connect] at org.jnp.interfaces.NamingContext.getServer(NamingContext.java:228) ... 5 more Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at java.net.Socket.connect(Socket.java:452) at java.net.Socket.connect(Socket.java:402) at java.net.Socket.<init>(Socket.java:309) at java.net.Socket.<init>(Socket.java:211) at org.jnp.interfaces.TimedSocketFactory.createSocket(TimedSocketFactory.java:69) at org.jnp.interfaces.TimedSocketFactory.createSocket(TimedSocketFactory.java:62) at org.jnp.interfaces.NamingContext.getServer(NamingContext.java:224) ... 5 more Exception in thread "main" 2nd phase: After creating a new Server in File/new/other/server, it did appear in the preferences tab. Now the stop button is working (the server receives the shutdown messages without any additional modification of the jndi port -- there is no opportunity for it now) but it still throws an error message, though different, it's without exception stack trace: "Server JBoss 4.0 Server failed to stop."

Read the article

How to sanely configure security policy in Tomcat 6

- by Chas Emerick

I'm using Tomcat 6.0.24, as packaged for Ubuntu Karmic. The default security policy of Ubuntu's Tomcat package is pretty stringent, but appears straightforward. In /var/lib/tomcat6/conf/policy.d, there are a variety of files that establish default policy. Worth noting at the start: I've not changed the stock tomcat install at all -- no new jars into its common lib directory(ies), no server.xml changes, etc. Putting the .war file in the webapps directory is the only deployment action. the web application I'm deploying fails with thousands of access denials under this default policy (as reported to the log thanks to the -Djava.security.debug="access,stack,failure" system property). turning off the security manager entirely results in no errors whatsoever, and proper app functionality What I'd like to do is add an application-specific security policy file to the policy.d directory, which seems to be the recommended practice. I added this to policy.d/100myapp.policy (as a starting point -- I would like to eventually trim back the granted permissions to only what the app actually needs): grant codeBase "file:${catalina.base}/webapps/ROOT.war" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/-" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/WEB-INF/-" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/WEB-INF/lib/-" { permission java.security.AllPermission; }; grant codeBase "file:${catalina.base}/webapps/ROOT/WEB-INF/classes/-" { permission java.security.AllPermission; }; Note the thrashing around attempting to find the right codeBase declaration. I think that's likely my fundamental problem. Anyway, the above (really only the first two grants appear to have any effect) almost works: the thousands of access denials are gone, and I'm left with just one. Relevant stack trace: java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat6/webapps/ROOT/WEB-INF/classes/com/foo/some-file-here.txt read) java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) java.security.AccessController.checkPermission(AccessController.java:546) java.lang.SecurityManager.checkPermission(SecurityManager.java:532) java.lang.SecurityManager.checkRead(SecurityManager.java:871) java.io.File.exists(File.java:731) org.apache.naming.resources.FileDirContext.file(FileDirContext.java:785) org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:206) org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:299) org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1937) org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:973) org.apache.catalina.loader.WebappClassLoader.getResource(WebappClassLoader.java:1108) java.lang.ClassLoader.getResource(ClassLoader.java:973) I'm pretty convinced that the actual file that's triggering the denial is irrelevant -- it's just some properties file that we check for optional configuration parameters. What's interesting is that: it doesn't exist in this context the fact that the file doesn't exist ends up throwing a security exception, rather than java.io.File.exists() simply returning false (although I suppose that's just a matter of the semantics of the read permission). Another workaround (besides just disabling the security manager in tomcat) is to add an open-ended permission to my policy file: grant { permission java.security.AllPermission; }; I presume this is functionally equivalent to turning off the security manager. I suppose I must be getting the codeBase declaration in my grants subtly wrong, but I'm not seeing it at the moment.

Read the article

Perl IO modules possibly causing issues in Net::DNS module

- by Rich

Hi! I’m porting some software that I wrote for a White Russian OpenWRT system to a new Kamikaze 8.09.1 OpenWRT system but I am having some serious issues that I’m hoping you can help me with. Old system Linux kernel 2.4.34 MIPSEL arch Perl 5.8.7 Net::DNS 0.48 IO 1.21 IO::Socket 1.28 IO::Socket::INET 1.28 New system Linux kernel 2.6.26.8 MIPS arch Perl 5.10.0 Net::DNS 0.66 IO 1.23_01 IO::Socket 1.30_01 IO::Socket::INET 1.31 First, let me provide some background information… I am trying to resolve my server (clearprobe.winbeam.com) from within my Perl program and see the following if I enable debugging in Net::DNS: resolve: Server 'clearprobe-ddns.winbeam.com' ;; query(clearprobe-ddns.winbeam.com) ;; setting up an AF_INET() family type UDP socket ;; send_udp(192.168.88.1:53) ;; send_udp(4.2.2.2:53) ;; send_udp(192.168.88.1:53) ;; send_udp(4.2.2.2:53) resolve: res->errorstring: query timed out Both of these servers resolve clearprobe.winbeam.com fine from the command line: root@cwb-2-11:~# echo “nameserver 192.168.88.1” > /etc/resolv.conf root@cwb-2-11:~# nslookup clearprobe-ddns.winbeam.com Server: 192.168.88.1 Address 1: 192.168.88.1 router Name: clearprobe-ddns.winbeam.com Address 1: 64.13.48.40 64-13-48-40.war.clearwire-dns.net root@cwb-2-11:~# echo “nameserver 4.2.2.2” > /etc/resolv.conf root@cwb-2-11:~# nslookup clearprobe-ddns.winbeam.com Server: 4.2.2.2 Address 1: 4.2.2.2 vnsc-bak.sys.gtei.net Name: clearprobe-ddns.winbeam.com Address 1: 64.13.48.40 64-13-48-40.war.clearwire-dns.net Using Perl’s call to the C gethostbyaddr() function works fine, but I need to do another lookup later in the software which requires that I specify the nameserver (clearprobe-ddns.winbeam.com is the authority for my internal DNS zone), hence my Net::DNS requirement. Now, here is the IO module-specific information: What I am seeing is that the reply is coming back from the nameserver (confirmed via tcpdump – I can send the captures if you’d like), but the UDP packets are sitting in the process’s UDP receive queue pending reception by Net::DNS (the approx 1752 bytes per response stay queued waiting for $sel-can_read()): root@cwb-2-11:~# netstat -una Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 1752 0 0.0.0.0:52680 0.0.0.0:* root@cwb-2-11:~# netstat -una Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 5256 0 0.0.0.0:52680 0.0.0.0:* If I force $sock[AF_INET]-recv($buf, $self-_packetsz) around line 803 of /usr/lib/perl5/5.10/Net/DNS/Resolver/Base.pm, instead of waiting for IO::Select’s can_read() function ( @ready = $sel-can_read($timeout)) to populate @ready, the response is received and processed. Any idea what could be causing this issue? In a possibly related matter, I noticed in another script that the following code fails in the same manner (network responses stay in the process’s TCP receive queue) with the new system: $sock = new IO::Socket::INET( PeerAddr => "$server", PeerPort => 37, Proto => 'tcp', Timeout => 5 ); Whereas the following code works: $sock = new IO::Socket::INET( PeerAddr => "$server", PeerPort => 37, Proto => 'tcp' ); I have looked through the NET::DNS code and don’t see a timeout passed for the UDP sockets, so I am not sure if that this is related or not. Please let me know if I can provide you with any further information in order to help diagnose this issue. Thanks! -Rich

Search Results

Search found 12017 results on 481 pages for 'root'.

Page 106/481 | < Previous Page | 102 103 104 105 106 107 108 109 110 111 112 113 | Next Page >

- by lukiffer

- by Ahn

- by Yarin

- by ancillary

- by Johan

- by Jeff

- by Teevus

- by Stephen

- by liutaihua

- by amaevis

- by Josvic Zammit

- by ustun

- by Arsham Skrenes

- by roqs

- by blade

- by xcross

- by Kris_R

- by Sylario

- by chris_l

- by another_netadmin

- by Mike L.

- by Ibrahim Chawa

- by Balint Pato

- by Chas Emerick

- by Rich

< Previous Page | 102 103 104 105 106 107 108 109 110 111 112 113 | Next Page >