Postings by Kenneth Porter

CentOS 8 partiitioning for reliability

I was just given a Dell R720xd with 160 GB memory and 12x 900 GB drives
that I plan to deploy as my home mail/file/backup server to replace an
aging Supermicro server running CentOS 7. Yeah, it's gross overkill for
that and I expect to tuck most of the drives away for spares.

How should I RAID and partition this beast for maximum reliability?

My current C7 system is using 1 TB of 2 TB capacity on the root partition
(4x 1 TB drives in RAID 10). /boot is 300MB/50GB.

When should I reboot?

I reboot when I yum update to a new kernel or systemd, which seems to come
out about once a month. Should I do it for this week's glibc? Is that
"core" enough to justify a reboot or should I wait for the next kernel
update? I know the glibc update was mainly to handle the new Japanese
calendar, so that shouldn't affect my usage.

vsftpd rejects users set to nologin

I updated to CentOS 7.6 and something must have changed in the base OS
setup that prevents vsftpd from allowing logins for accounts with
/sbin/nologin as their shell. I had to add that to /etc/shells so that such
accounts could FTP again. That file is in the setup package. Did it include
/sbin/nologin before? I don't have anything in my notes from setting up the
system last year about changing that. What's the history of shells listed
in /etc/shells?

systemd automount of cifs share hangs

Running latest CentOS 7.5. Since I found out about automount unit files
I've had mixed results using them to mount shares from my NAS. Lately they
seem to hang if I touch the mount point, but I can start the mount unit
without problems. I had it working months ago, so I'm thinking something
changed in the systemd updates.

For each mount point, I have two files in /etc/systemd/system named with
the path of the mount point and with extensions .automount and .mount,
following the systemd documentation.

IPv6 fixed address using ip token

I'm about to publish a fixed IPv6 address and I understand I can use the ip
token command to lock the host part of the RA-assigned address to a fixed
value. But I can't see an obvious place to configure this. The logical
place would be in the ifcfg-<interface> file. Is there someplace else I
should set this? NetworkManager?

ipset-service save fails when module compiled into kernel

I want to use the ipset-service to store ipsets persistently across boots.
(For use by iptables rules. firewalld has direct support for persistent
ipsets but I need the more general capability of raw iptables.)

I'm using a kernel with ipsets compiled in, rather than loaded as a module.
The support script that saves ipsets checks if the module is loaded before
saving and finds nothing, so aborts.

Where are my /tmp and /var/tmp files?

I was pulling my hair out this morning trying to figure out why my PHP web
script could see files in /var/tmp/scriptname but I couldn't see them with
ls or my text editor. I was certain I'd gotten rootkitted. Then I thought
maybe it was a new chroot in the latest Apache config. It turns out it's
systemd's unit file for Apache, which containerizes /tmp and /var/tmp for
selected apps.

Packaging a library for 64-bit or multilib

How does "make install" with autotools decide which directory libraries
should go in?

I haven't packaged anything since 32-bit (ie. a few years ago), and I now
need to re-package a new version of a library I'd used before with CentOS 6
32-bit on CentOS 7 64-bit.

The library is pxlib (<a href="" title=""></a>), which reads and
writes old Borland Paradox database files.

I've managed to fix 64-bit issues in the C sources. When I go to package
the RPM, it runs configure and make and "make DESTDIR=${RPM_BUILD_ROOT}

Server disposal

Can anyone recommend a mailing list or other resource for finding a home
for old server hardware? I've got a growing bone pile of retired Dell and
Supermicro rack servers. I've stripped the drives and memory but hate to
see the other old parts go to waste, like old RAID controllers and other
proprietary parts.

OpenVPN server and firewalld

How do I insert the iptables rule below using firewalld?

I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to get
OpenVPN working to allow home workers to access PCs at the office. I've got
it all working but only by manually inserting an ACCEPT rule in the FORWARD
iptables chain:

iptables -I FORWARD 3 -i tun+ -j ACCEPT

This rule was extracted from my iptables firewall under CentOS6. The 3 puts
it after the accepts for established connections and loopback connections,
but before any firewalld sub-chains.

(Dovecot) Package repository now available (fwd)

If you use CentOS as a mail server, you can now get the latest version of
Dovecot (the IMAP and POP3 server) at the new Dovecot repo.

Dovecot now has package repository for Debian, CentOS and Ubuntu available
at <a href="" title=""></a>

Packages are provided for 2.3 series and forward.

Traffic shaping on CentOS

I'm deploying a CentOS 7 box as a gateway and I'm trying to figure out how
to set up traffic shaping. Historically I've used the Wondershaper script
but apparently it's not deprecated in favor of superior queue management. I
haven't yet found a packaged solution and I'm wondering what others do to
configure this kind of thing.

Apparently the new modules are available in many appliance router products
(eg. OpenWrt and Streamboost).

Partition advice

I'm setting up a new mail server (dovecot + sendmail + SpamAssassin +
ClamAV + MIMEDefang) to replace an aging CentOS 6 box. The new box is a
low-end PowerEdge with an SSD, 3 4TB red drives on a PERC RAID controller
which I'll probably set up RAID5, and possibly mirrored internal SD cards
as a boot device. I'm debating how to partition it and am soliciting advice.

My initial instinct is to put /boot and the OS on the SSD and the home
directories with their mail store on the RAID array. I might put a rescue
partition on the internal SD drive (which is normally intended for a VM

firewalld: whitelisting/blacklisting addresses allowed to connect to a service/port with ipset

I'm trying to figure out how to use firewalld on CentOS 7 to block access
to ssh (on a custom port to control log bloat) and smtp submission except
for specific source addresses, using ipset. I haven't been able to figure
out how to combine a port number or service name with an ipset, either as a
blacklist of nets or a whitelist of addresses. It looks like ipset with
type of "hash:net,port" might work but the current version of firewalld on
C7 doesn't support that type. I fear I'm going to have to write a direct
rule. Has anyone combined ipset with a port to achieve this?

External drive, BackupPC service, and booting

I'm using an external drive with BackupPC on CentOS 7. I currently have a
mount entry like this in fstab:

/dev/disk/by-label/backuppc4 /var/lib/BackupPC ext4
noauto,rw 0 0

This means I must manually mount the drive and then start the backuppc

Is there a way to set up hotplugging so that the drive is mounted if
present at boot time but doesn't stop the boot if it's not present or
otherwise fails? I see the fstab nofail option.

selinux & rsyncd: Allowing global read for backup

I want to set up rsyncd to expose the whole drive read-only to BackupPC
running on another machine. So I need to set selinux to allow this.
According to the Fedora wiki I can do so like this:

setsebool -P rsync_disable_trans 1


But when I run the command on CentOS 7.3 it tells me that this bool is not
defined. So what do I do now?

(Everything works fine if I set SELinux to permissive.)

dnf replacing yum?

I saw mention of dnf in a blog article about installing a package on
CentOS. Further investigation revealed that Fedora is replacing yum with
dnf, apparently a new and better yum. But it wasn't clear if dnf was a
drop-in replacement or if some migration setup was required.

Nvidia forcedeth stops working

I just installed CentOS 6.3 on a Tyan motherboard and the NIC stopped
talking after about 2 days of operation. It's connected to a Cisco 2950
switch. /var/log/messages has this in it:

nv_stop_tx: TransmitterStatus remained busy

I simply did an "ifdown eth0" and "ifup eth0" to bring it back to life

I think I have this issue:


Is this a regression?

grub.conf corrupt in boot grub, fine in rescue shell

I'm trying to load CentOS 6.3 on a used server based on a Tyan Tomcat
n3400b motherboard. The first 2 drives are configured as a RAID mirror in
the BIOS and the remaining 4 drives are not configured but apparently still
have RAID metadata on them. I hadn't yet figured out how to fix that but
went ahead and loaded the OS on the mirrored set.

After pulling out a drive from the unused set, grub stopped at the grub
prompt. I can find (hd0,0)/grub/grub.conf but when I cat it I get
corruption with recognizable fragments.

Monitoring services

What's available to remotely monitor services? What I'd like is something
that can run scripts for each service to connect to a port and verify that
it's up, and then send me an SMS message (phone text) to let me know which,
if any, are down.

Also, does a script exist that checks all the services listed by chkconfig
and reports those that should be up but are down?

Installing Ruby gems on RPM-based systems

When I first got involved with Red Hat (back with 5.2 in the early 90's) I
learned the hard way not to use language-specific packaging systems like
CPAN for Perl because they'd conflict with RPM's database and make it much
harder to manage what was installed on my system. If I now need a package
for which no RPM is available, I'll use a utility like cpanspec to
repackage it into an RPM and install that.

Now I'm starting to work with Ruby and apparently it has its own packages
called "gems".

Virtual RPM howto?

Can someone point me to a howto or an example of a virtual package?

I'm building Diaspora (the open source competitor to Facebook) and I
figured it would be handy to gather all the prereqs into a virtual package.

I'm working from these instructions, which seemed to go fine on CentOS 6:


WINS server (nmbd) puzzle

My client Windows XP boxes are failing to register with my WINS server
(running nmbd from Samba). I'm puzzled how to figure out what I'm doing

Background: I'm setting up BackupPC to back up my Windows clients using
rsync. I've installed cwRsync to the clients. BackupPC uses nmblookup to
find the client's IP address given its Windows NETBIOS name.

I'm distributing the WINS server address via DHCP and see it on the client
using "ipconfig /all".

Installing 6.0 via USB

I'm using LiveUSB-Creator to create a bootable USB drive from
CentOS-6.0-i386-netinstall.iso, and it gives me an error at startup:

vesamenu.c32: Not a COM32R image

I can hit tab and select "linux" and then it loads vmlinux and the initrd,
says "Ready", and then just hangs. I'm not sure what's supposed to happen
next. "vesa" and "rescue" do the same thing.

The error message above apparently is caused by the syslinux in the ISO not
matching the one that LiveUSB-Creator installs to boot from:


The system has 512 MB of memory.

PHP 5.3: IUS vs CentOS repos

I need to upgrade PHP because the latest WordPress requires one at least at
5.2.4. What are the tradeoffs of using the php53 packages provided by
CentOS versus IUS? I've seen that installing the RHEL-derived php53
requires removing php first and it creates package conflicts because it
doesn't provide a virtual php-common package. That suggests I should
install the IUS package.

Interactive PXE install

I've got a system (Supermicro P8SCT) that lacks a floppy or CD and it's old
enough that it won't boot from a USB stick. Before I scrounge an optical
drive to plug in, I thought perhaps I could install over the network, as I
see "legacy LAN boot" in the BIOS menu.

The guides for a LAN install I've found all want to do an automated
kickstart install. Are there any guides that explain how to use eg.

Lock files in scripts

I was about to ask here how to do proper locking in a bash script when I
found a page that addressed my objections to the race conditions I was
finding in most sample code:


I just wanted to pass on the link to anyone else that needs this.

One thing not addressed is how to deal with an orphaned lock file (eg. if
the system crashes with the lock held). He stores the PID in the lock file,
so one could look up the matching process and see if it's the script that's
expected to create it.

Triggering script from cron or web client

I have a Bash script, currently run a couple times an hour from cron, that
pulls data from an old Windows DB by rsync, converts it to SQL, and injects
it into a MySQL DB for display in a LAMP-based app.

text-mode system and /media

I'm running a headless server, so no GUI, just ssh logins. I don't seem to
have the mechanism that automounts USB drives to a subdirectory of /media,
and from googling around I think that's a feature of a GUI-based system.
What implements it? Right now I manually create a mountpoint in /mnt and
then manually mount by label from /dev/disk/by-label after plugging the
drive in. It would be convenient if the drive automounted when plugged in.

Patent attack on Linux kernel

RHEL is mentioned in this attack on Google's use of the Linux kernel in
back-end servers.