Chloe's questions

我的实例运行了多年，突然停止响应 6 月 1 日。我试图重新启动它，但它无法启动。它在系统日志中给出了错误：https ://pastebin.com/rSxr1kLs

Linux 版本 2.6.32-642.11.1.el6.x86_64 ([email protected]) (gcc 版本 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC)) #1 SMP Fri Nov 18 19:25:05 UTC 2016
内核命令行：root=/dev/xvde ro LANG=en_US.UTF-8 KEYTABLE=us
VFS：无法打开根设备“xvde”或未知块（0,0）
请附加正确的“root=”启动选项；以下是可用的分区：
内核恐慌 - 不同步：VFS：无法在未知块（0,0）上挂载根 fs

/dev/sda1我尝试根据文档分离 EBS 卷并重新附加它： https ://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html#FilesystemKernel

但是，它给出了一个错误Error attaching volume: Invalid value '/dev/sda1' for unixDevice. Attachment point /dev/sda1 is already in use，我无法附加它。我重新附加了它，/dev/sda但它仍然无法启动，并且它仍然在系统日志中给出错误。

我能够在完全相同的可用区中启动一个新实例，并将我的 EBS 卷附加为/dev/sdf. 它在实例内部显示为/dev/xvdj. 我用mount /dev/xvdj /xvdj. 我可以看到grub.conf文件：

[root@ip-172-31-4-249 grub]# cat /xvdj/boot/grub/grub.conf
default=0
timeout=1

title CentOS (2.6.32-642.11.1.el6.x86_64)
        root (hd0)
        kernel /boot/vmlinuz-2.6.32-642.11.1.el6.x86_64 root=/dev/xvde ro crashkernel=auto LANG=en_US.UTF-8 KEYTABLE=us
title CentOS (2.6.32-504.30.3.el6.x86_64)
        root (hd0)
        kernel /boot/vmlinuz-2.6.32-504.30.3.el6.x86_64 root=/dev/xvde ro crashkernel=auto LANG=en_US.UTF-8 KEYTABLE=us
        initrd /boot/initramfs-2.6.32-504.30.3.el6.x86_64.img
title CentOS (2.6.32-504.3.3.el6.x86_64)
        root (hd0)
        kernel /boot/vmlinuz-2.6.32-504.3.3.el6.x86_64 root=/dev/xvde ro crashkernel=auto LANG=en_US.UTF-8 KEYTABLE=us
        initrd /boot/initramfs-2.6.32-504.3.3.el6.x86_64.img
title CentOS (2.6.32-504.el6.x86_64)
        root (hd0)
        kernel /boot/vmlinuz-2.6.32-504.el6.x86_64 root=/dev/xvde ro crashkernel=auto LANG=en_US.UTF-8 KEYTABLE=us
        initrd /boot/initramfs-2.6.32-504.el6.x86_64.img
title CentOS (2.6.32-431.29.2.el6.x86_64)
        root (hd0)
        kernel /boot/vmlinuz-2.6.32-431.29.2.el6.x86_64 root=/dev/xvde ro crashkernel=auto LANG=en_US.UTF-8 KEYTABLE=us
        initrd /boot/initramfs-2.6.32-431.29.2.el6.x86_64.img
title CentOS (2.6.32-431.23.3.el6.x86_64)
        root (hd0)
        kernel /boot/vmlinuz-2.6.32-431.23.3.el6.x86_64 root=/dev/xvde ro crashkernel=auto LANG=en_US.UTF-8 KEYTABLE=us
        initrd /boot/initramfs-2.6.32-431.23.3.el6.x86_64.img

这与grub.conf正在运行的实例相比：

[root@ip-172-31-4-249 grub]# cat /boot/grub/grub.conf
default=0
timeout=1

title CentOS-6-x86_64-20130527-03 2.6.32-358.6.2.el6.x86_64
        root (hd0)
        kernel /boot/vmlinuz-2.6.32-358.6.2.el6.x86_64 root=/dev/xvde ro
        initrd /boot/initramfs-2.6.32-358.6.2.el6.x86_64.img

initrd第一个选项中没有行有关系吗？

我尝试使用 将 EBS 卷挂载到新实例/dev/sda，但仍然无法启动并出现相同的错误Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)。

中央操作系统 6

我设置了一个 cron 来更新certbot。它每天都会发送弃用警告。如何停止弃用警告？

Cron <root@ip-99-99-99-99> /root/certbot-auto renew --quiet

/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning

我试图提交错误报告，但他们关闭了它。https://github.com/certbot/certbot/issues/3984

我尝试安装 Python2.7，但无法让 certbot 与 Python2.7 一起运行。

[root@kizbit ~]# scl enable python27 "python --version"
Python 2.7.8

[root@kizbit ~]# scl enable python27 "/root/certbot-auto renew"
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning

它仍然使用 Python 2.6 并且仍然产生警告。我也试过：

[root@kizbit ~]# scl enable python27 "python /root/certbot-auto renew"
  File "/root/certbot-auto", line 18
    if [ -z "$XDG_DATA_HOME" ]; then
                           ^
SyntaxError: invalid syntax

使用 2.6 它可以工作，但会弃用：

[root@kizbit ~]# /root/certbot-auto renew
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning

Centos 6.8，证书机器人 0.12.0

我试过但它给出了一个错误。

# ls -l opendkim.pp
-rw-r--r--. 1 root root 1569 Jan  8 01:20 opendkim.pp

# ls -l /etc/selinux/targeted/modules/active/modules/opendkim.pp
-rw-r--r--. 1 root root 344 Jan  8 01:33 /etc/selinux/targeted/modules/active/modules/opendkim.pp

# semodule -r opendkim.pp
SELinux:  Could not load policy file /etc/selinux/targeted/policy/policy.24:  Invalid argument
/sbin/load_policy:  Can't load policy:  Invalid argument
libsemanage.semanage_reload_policy: load_policy returned error code 2.
SELinux:  Could not load policy file /etc/selinux/targeted/policy/policy.24:  Invalid argument
/sbin/load_policy:  Can't load policy:  Invalid argument
libsemanage.semanage_reload_policy: load_policy returned error code 2.
semodule:  Failed!

# ls -lZ /etc/selinux/targeted/policy/policy.24
-rw-r--r--. root root unconfined_u:object_r:semanage_store_t:s0 /etc/selinux/targeted/policy/policy.24

为什么需要 5m+ 才能失败？

CentOS 6.8 版（最终版）

为什么这个在线工具无法通过 SPF 检查

http://www.dnsstuff.com/tools#spf|type=ipv4&&value=155.133.82.39&&[email protected]

但是安装的 Perl SPF 检查软失败了 SPF 检查？

5 月 9 日 00:48:49 ip-172-31-15-65 postfix/policy-spf[5905]: Policy action=PREPEND Received-SPF: softfail (gmail.com ... _spf.google.com: 发件人不是默认情况下授权在“mfrom”身份中使用“[email protected]”，但是域当前尚未准备好应对错误故障（机制“~all”匹配））receiver=ip-172-31-15-99.us- west-2.compute.internal；身份=邮件发件人；信封发件人="[email protected]"; helo=gmail.com；客户端 IP=155.133.82.39

这是 gmail 的 SPF 记录：http ://mxtoolbox.com/SuperTool.aspx?action=spf%3agmail.com&run=toolpage#

我遵循了本指南（http://www.thenoccave.com/2013/05/08/centos-6-postfix-spf-checking/），但出现以下错误maillog：

May  8 22:15:13 ip-172-31-15-65 postfix/smtpd[1999]: warning: premature end-of-input on private/policy while reading input attribute name
May  8 22:15:14 ip-172-31-15-65 postfix/spawn[2037]: warning: command /usr/bin/perl exit status 2
May  8 22:15:14 ip-172-31-15-65 postfix/smtpd[1999]: warning: premature end-of-input on private/policy while reading input attribute name
May  8 22:15:14 ip-172-31-15-65 postfix/smtpd[1999]: warning: problem talking to server private/policy: Connection reset by peer

这是一部分main.cf

smtpd_recipient_restrictions = reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  permit_sasl_authenticated,
  reject_unauth_destination,
  permit_inet_interfaces,
  check_policy_service unix:postgrey/socket,
  check_policy_service unix:private/policy policy_time_limit = 3600s

这是一部分master.cf

policy  unix  -       n       n       -       -       spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix-policyd-spf-perl

我也试过

  check_policy_service unix:postgrey/socket,
  check_policy_service unix:private/policy,
  policy_time_limit = 3600s

这是完整的master.cf。

postfix check不报告任何错误。

有一个类似的问题，但它是针对 Debian 和 Python 的。

CentOS 6.6，postfix-policyd-spf-perl 2.01。

我在/var/log/audit/audit.logfor中收到这些 SELinux 错误dovecot。

type=USER_AUTH msg=audit(1404794536.249:100679): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:authentication acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success'
type=USER_ACCT msg=audit(1404794536.260:100680): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:accounting acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success'
type=AVC msg=audit(1404794537.473:100681): avc:  denied  { read } for  pid=30020 comm="imap" name="starrychloe" dev=xvde ino=152404 scontext=unconfined_u:system_r:dovecot_t:s0 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1404794537.473:100681): arch=c000003e syscall=2 success=no exit=-13 a0=7fc64f910eb0 a1=0 a2=0 a3=0 items=0 ppid=20321 pid=30020 auid=0 uid=502 gid=501 euid=502 suid=502 fsuid=502 egid=501 sgid=12 fsgid=501 tty=(none) ses=2700 comm="imap" exe="/usr/libexec/dovecot/imap" subj=unconfined_u:system_r:dovecot_t:s0 key=(null)
type=USER_AUTH msg=audit(1404794537.925:100682): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:authentication acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success'
type=USER_ACCT msg=audit(1404794537.935:100683): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:accounting acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success'
type=USER_AUTH msg=audit(1404794553.944:100684): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:authentication acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success'
type=USER_ACCT msg=audit(1404794553.954:100685): user pid=28375 uid=0 auid=0 ses=2700 subj=unconfined_u:system_r:dovecot_auth_t:s0 msg='op=PAM:accounting acct="starrychloe" exe="/usr/libexec/dovecot/auth" hostname=99.99.99.99 addr=99.99.99.99 terminal=dovecot res=success'

我试过了

# sealert -a /tmp/dovecot5.log
100% donefound 1 alerts in /tmp/dovecot5.log
--------------------------------------------------------------------------------

SELinux is preventing /usr/libexec/dovecot/imap from read access on the directory starrychloe.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that imap should be allowed read access on the starrychloe directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep imap /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

然后

# cat /tmp/dovecot5.log | audit2allow -M dovecot
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i dovecot.pp

哪个产生了

# cat dovecot.te

module dovecot 1.0;

require {
        type dovecot_t;
        type home_root_t;
        class dir read;
}

#============= dovecot_t ==============
allow dovecot_t home_root_t:dir read;

但是我收到了这个错误

# semodule -i dovecot.pp
libsepol.print_missing_requirements: dovecot's global requirements were not met: type/attribute dovecot_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

这些是目录的权限

# ls -dZ /home/starrychloe
drwxr-xr-x. starrychloe starrychloe unconfined_u:object_r:home_root_t:s0 /home/starrychloe

我正在使用 CentOS 6.5。

我按照此处的建议设置了 Dovecot IMAP 以使用 PAM：

http://wiki2.dovecot.org/PasswordDatabase/PAM

PAM/鸽舍

[root@ip-172-31-15-65 pam.d]# cat dovecot
#%PAM-1.0
auth    required        pam_unix.so nullok
account required        pam_unix.so

/etc/dovecot/conf.d/auth-system.conf.ext

passdb {
  driver = pam
  args = failure_show_msg=yes

userdb {
  driver = passwd

当我尝试按照此处的建议进行测试和调试时http://www.courier-mta.org/authlib/README.authdebug.html

[root@ip-172-31-15-65 pam.d]# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login starrychloe vzcnfZVGW995G9nfuJWp
a NO [ALERT] Password:

/var/log/dovecot-info.log

Apr 06 05:12:28 auth: Debug: auth client connected (pid=5395)
Apr 06 05:12:41 auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured lip=127.0.0.1   rip=127.0.0.1   lport=143  rport=56956      resp=<hidden>
Apr 06 05:12:41 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Apr 06 05:12:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Apr 06 05:12:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Apr 06 05:12:41 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
Apr 06 05:12:41 auth: Debug: pam(starrychloe,127.0.0.1): lookup service=dovecot
Apr 06 05:12:41 auth: Debug: pam(starrychloe,127.0.0.1): #1/1 style=1 msg=Password:
Apr 06 05:12:43 auth: Info: pam(starrychloe,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?)
Apr 06 05:12:45 auth: Debug: client out: FAIL   1       user=starrychloe        reason=Password:
Apr 06 05:13:03 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<starrychloe>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

但是我可以通过 SSH 登录

[root@ip-172-31-15-65 conf.d]# ssh starrychloe@localhost
starrychloe@localhost's password:
Last login: Sun Apr  6 04:18:05 2014 from xxxxxxx.cable.mindspring.com
[starrychloe@ip-172-31-15-65 ~]$

我确实重新启动了 Dovecot。

我已经改过密码了。

尝试安装时出现此错误。我该如何安装它？Webmin 依赖于它。

[root@ip-172-31-15-65 home]# cpan Authen::Libwrap
CPAN: Storable loaded ok (v2.20)
Going to read '/root/.cpan/Metadata'
  Database was generated on Sat, 05 Apr 2014 04:41:02 GMT
Running install for module 'Authen::Libwrap'
CPAN: YAML loaded ok (v0.90)
Running make for D/DM/DMUEY/Authen-Libwrap-0.22.tar.gz
CPAN: Digest::SHA loaded ok (v5.47)
CPAN: Compress::Zlib loaded ok (v2.064)
Checksum for /root/.cpan/sources/authors/id/D/DM/DMUEY/Authen-Libwrap-0.22.tar.gz ok
Authen-Libwrap-0.22
Authen-Libwrap-0.22/Build.PL
Authen-Libwrap-0.22/ChangeLog
Authen-Libwrap-0.22/example.pl
Authen-Libwrap-0.22/Makefile.PL
Authen-Libwrap-0.22/MANIFEST
Authen-Libwrap-0.22/META.yml
Authen-Libwrap-0.22/ppport.h
Authen-Libwrap-0.22/README
Authen-Libwrap-0.22/lib
Authen-Libwrap-0.22/lib/Authen
Authen-Libwrap-0.22/lib/Authen/Libwrap.pm
Authen-Libwrap-0.22/lib/Authen/Libwrap.xs
Authen-Libwrap-0.22/t
Authen-Libwrap-0.22/t/01_inline.t
Authen-Libwrap-0.22/t/02_maintainer.t
Authen-Libwrap-0.22/t/03_pod.t
Authen-Libwrap-0.22/t/hosts.allow
CPAN: File::Temp loaded ok (v0.22)
CPAN: Module::Build loaded ok (v0.4205)

  CPAN.pm: Going to build D/DM/DMUEY/Authen-Libwrap-0.22.tar.gz

enter include directory to use: [/usr/include ]
/usr/include
enter library directory to use: [/usr/lib ]
/usr/lib
Created MYMETA.yml and MYMETA.json
Creating new 'Build' script for 'Authen-Libwrap' version '0.22'
Building Authen-Libwrap
Error: Function definition too short '/ * EOF * /' in Libwrap.xs, line 32
gcc -I/usr/lib64/perl5/CORE -DXS_VERSION="0.22" -DVERSION="0.22" -fPIC -I/usr/include -c -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -o lib/Authen/Libwrap.o lib/Authen/Libwrap.c
lib/Authen/Libwrap.xs:9:18: error: tcpd.h: No such file or directory
lib/Authen/Libwrap.xs: In function ‘XS_Authen__Libwrap__hosts_ctl’:
lib/Authen/Libwrap.xs:24: warning: implicit declaration of function ‘hosts_ctl’
error building lib/Authen/Libwrap.o from 'lib/Authen/Libwrap.c' at /usr/local/share/perl5/ExtUtils/CBuilder/Base.pm line 175.
  DMUEY/Authen-Libwrap-0.22.tar.gz
  ./Build -- NOT OK
Running Build test
  Can't test without successful make
Running Build install
  Make had returned bad status, install seems impossible
[root@ip-172-31-15-65 home]#


[root@ip-172-31-15-65 home]# yum search libwrap
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: mirrors.syringanetworks.net
 * extras: mirror.spro.net
 * updates: mirror.hmc.edu
Warning: No matches found for: libwrap
No Matches found
[root@ip-172-31-15-65 home]#

如何访问 Amazon Web Services 上的端口 10000？我将端口 10,000 添加到安全组，但我仍然无法访问它。

我只能在本地访问该服务。

[root@ip-172-31-15-65 ~]# curl -I http://localhost:10000
HTTP/1.0 200 Document follows
Date: Sat, 5 Apr 2014 03:03:40 GMT
Server: MiniServ/1.680

当我尝试从我的外部（到 AWS）IP 时，它不起作用。

$ curl -I http://54.186.222.91:10000
curl: (28) Connection timed out after 300138 milliseconds

这是网络统计

[root@ip-172-31-15-65 ~]# sudo netstat -tunlp |grep 10000
tcp        0      0 0.0.0.0:10000               0.0.0.0:*                   LISTEN      14258/perl
udp        0      0 0.0.0.0:10000               0.0.0.0:*                               14258/perl

这是iptables。这是一个全新的实例。

[root@ip-172-31-15-65 ~]# sudo iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

出于某种原因，此命令修复了它。我不明白为什么，因为第 1 行和第 3 行已经接受了所有内容。

iptables --delete INPUT 5 

这是详细的 iptables

[root@ip-172-31-15-65 postfix]# iptables -L -nv
Chain INPUT (policy ACCEPT 3348 packets, 173K bytes)
 pkts bytes target     prot opt in     out     source               destination
89357   80M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
  102  5883 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
   14  2248 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 50224 packets, 17M bytes)
 pkts bytes target     prot opt in     out     source               destination

如何在保留配置的同时从一个 VPS 迁移到另一个 VPS？

我看到了这个问题Best way to migrate data between two linux VPS

但这只是为了迁移数据。

我已经设置了一个很难设置的电子邮件服务器（Dovecot/Postfix）、Tomcat、PHP、Apache、Webmin 等，并且想为它们复制配置而无需重新设置所有内容。

我担心如果我复制根目录，会有像 /dev 这样的特殊文件不应该被复制。

为什么这个 ENom 名称服务器解析不正确？Earthlink 与我的 ISP 有关。

$ nslookup yahoo.com dns1.name-services.com
Server:  dns1.name-services.com
Address:  98.124.192.1

Name:    yahoo.com.earthlink.net
Address:  69.64.147.243


$ nslookup yahoo.com
Non-authoritative answer:
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  98.139.183.24
          206.190.36.45
          98.138.253.109


$ nslookup dns1.name-services.com
Non-authoritative answer:
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    dns1.name-services.com
Address:  98.124.192.1

如何在 Postgres 中授予权限？我遵循了文档，但是它不起作用。

$ psql tmadev
psql (9.2.4)
Type "help" for help.

tmadev=# grant all privileges on database tmadev to tma;
GRANT
tmadev=# \z sample
                           Access privileges
 Schema |  Name  | Type  | Access privileges | Column access privileges
--------+--------+-------+-------------------+--------------------------
 public | sample | table |                   |
(1 row)

tmadev=# \q

Chloe@xps /srv/www/htdocs
$ psql -U tma tmadev
psql (9.2.4)
Type "help" for help.

tmadev=> select * from sample limit 2;
ERROR:  permission denied for relation sample
STATEMENT:  select * from sample limit 2;
ERROR:  permission denied for relation sample
tmadev=>
tmadev=> \du
                             List of roles
 Role name |                   Attributes                   | Member of
-----------+------------------------------------------------+-----------
 Chloe     | Superuser, Create role, Create DB, Replication | {}
 tma       |                                                | {}

我更新了一些 Cygwin 包，现在我无法启动 Postgres：

$ /usr/sbin/postmaster
FATAL:  database files are incompatible with server
DETAIL:  The data directory was initialized by PostgreSQL version 8.2, which is not compatible with this version 9.2.4.

我尝试了 pg_upgrade但您需要同时指定新旧二进制文件。另外，pg_upgrade 说它只适用于 8.3。

我以为我可以使用 setup-x86.exe 来选择以前的版本，即 8.2.11-1，但是当我安装它时，我无法启动 Postgres：

$ /usr/sbin/postgres.exe
Bad system call (core dumped)

我安装了 xmlsec，当我尝试验证 XML 文档时它一直给我一个错误。

yum install xmlsec1
yum install xmlsec1-openssl


[vagrant@localhost SSO-ROR-development]$ xmlsec1 --verify ../tmp_SAML_Sample.xml
func=xmlSecCryptoDLLibraryCreate:file=dl.c:line=146:obj=lt_dlopenext:subj=unknown:error=7:io function failed:filename=libxmlsec1-openssl
func=xmlSecCryptoDLGetLibraryFunctions:file=dl.c:line=498:obj=unknown:subj=xmlSecCryptoDLLibraryCreate:error=1:xmlsec library function failed:crypto=openssl
func=xmlSecCryptoDLLoadLibrary:file=dl.c:line=449:obj=unknown:subj=xmlSecCryptoDLGetLibraryFunctions:error=1:xmlsec library function failed:
Error: unable to load xmlsec-openssl library. Make sure that you have
this it installed, check shared libraries path (LD_LIBRARY_PATH)
envornment variable or use "--crypto" option to specify different
crypto engine.
Error: initialization failed
Usage: xmlsec <command> [<options>] [<files>]

Report bugs to http://www.aleksey.com/xmlsec/bugs.html
Written by Aleksey Sanin <[email protected]>.
Copyright (C) 2002-2003 Aleksey Sanin.
This is free software: see the source for copying information.

func=xmlSecCryptoShutdown:file=app.c:line=69:obj=unknown:subj=cryptoShutdown:error=9:feature is not implemented:
func=xmlSecAppCryptoShutdown:file=crypto.c:line=48:obj=unknown:subj=xmlSecCryptoShutdown:error=1:xmlsec library function failed:
Error: xmlsec crypto shutdown failed.


[vagrant@localhost SSO-ROR-development]$ ls $LD_LIBRARY_PATH/*xmlsec*
/usr/lib64/libxmlsec1-openssl.so.1  /usr/lib64/libxmlsec1-openssl.so.1.2.16  /usr/lib64/libxmlsec1.so.1  /usr/lib64/libxmlsec1.so.1.2.16


[root@localhost SSO-ROR-development]# uname -a
Linux localhost.localdomain 2.6.32-279.14.1.el6.x86_64 #1 SMP Tue Nov 6 23:43:09 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

我正在尝试使用 Unison 同步两个目录，但是如果它遇到一个有错误的文件，那么它会跳过整个目录！我不认为它应该跳过整个目录，而应该只跳过那个文件。我没意见。我如何告诉它忽略错误并继续复制其余文件？

Unison 是 Windows 可执行文件，而不是 Cygwin。我可以用 Cygwin 读取文件。Unison 实际上确实遇到了文件错误，我可以跳过它们。

2.32 版比 2.40 版效果更好。2.40 版甚至无法启动。

我试过添加 -ignore，但这没有帮助。这是我尝试过的：

$ unison 'c:\cygwin' 'socket://xps:4321/c:/cygwin'
UNISON 2.32.52 started propagating changes at 02:53:35 on 27 Feb 2013
[ERROR] Skipping etc
  [root 1]: Error in digesting c:/cygwin/etc/ssh_host_dsa_key:
c:/cygwin/etc/ssh_host_dsa_key: Permission denied
[ERROR] Skipping home
  [root 1]: Error in digesting c:/cygwin/home/SYSTEM/.bash_history:
c:/cygwin/home/SYSTEM/.bash_history: Permission denied
...
Saving synchronizer state
Synchronization complete at 02:53:39  (3 items transferred, 2 skipped, 0 failed)
  skipped: etc
  skipped: home




$ unison 'c:\cygwin' 'socket://xps:4321/c:/cygwin' -ignore 'Path etc\ssh_host_dsa_key' -ignore 'Path home\SYSTEM\.bash_history'
Contacting server...
Connected [//dumbopc/c:/cygwin -> //xps/c:/cygwin]
Looking for changes
  Waiting for changes from server
Reconciling changes
local          xps
         error            etc
[root 1]: Error in digesting c:/cygwin/etc/ssh_host_dsa_key:
c:/cygwin/etc/ssh_host_dsa_key: Permission denied
         error            home
[root 1]: Error in digesting c:/cygwin/home/SYSTEM/.bash_history:
c:/cygwin/home/SYSTEM/.bash_history: Permission denied
...
Proceed with propagating updates? [] g
Propagating updates    
UNISON 2.32.52 started propagating changes at 04:11:26 on 27 Feb 2013
[ERROR] Skipping etc
  [root 1]: Error in digesting c:/cygwin/etc/ssh_host_dsa_key:
c:/cygwin/etc/ssh_host_dsa_key: Permission denied
[ERROR] Skipping home
  [root 1]: Error in digesting c:/cygwin/home/SYSTEM/.bash_history:
c:/cygwin/home/SYSTEM/.bash_history: Permission denied
...
UNISON 2.32.52 finished propagating changes at 04:11:28 on 27 Feb 2013
Saving synchronizer state
Synchronization complete at 04:11:30  (6 items transferred, 2 skipped, 0 failed)
  skipped: etc
  skipped: home



# Version 2.40
C:\Program Files\Unison>"Unison-2.40.102 Text.exe"  'c:\cygwin' 'socket://xps:4321/c:\cygwin'
Contacting server...
Fatal error: Wrong number of roots: 2 expected, but 4 provided ('c:\cygwin', 'socket://xps:4321/c:\cygwin', , )
(Maybe you specified roots both on the command line and in the profile?)


@REM DOS
C:\cygwin\etc>type ssh_host_dsa_key
Access is denied.

# Cygwin
$ ls -l /etc/ssh_host_dsa_key
-rw------- 1 SYSTEM None 668 Aug 30  2010 /etc/ssh_host_dsa_key

$ cat /etc/ssh_host_dsa_key
-----BEGIN DSA PRIVATE KEY-----

命令行参考：

http://www.cis.upenn.edu/~bcpierce/unison/download/releases/stable/unison-manual.html#prefs

当我从命令行发送邮件时，它应该在哪里结束？（我想退回所有来自外部的无效邮件，因为垃圾邮件。）有没有办法让它在询问主题之前给出一个错误，说用户不存在？

[root@308321 postfix]# mail notthere
Subject: should bounce
hello?
EOT

这是邮件日志

Oct 26 05:29:23 308321 postfix/pickup[6510]: 72F51D4775: uid=0 from=<root>
Oct 26 05:29:23 308321 postfix/cleanup[6805]: 72F51D4775: message-id=<[email protected]>
Oct 26 05:29:23 308321 postfix/qmgr[6511]: 72F51D4775: from=<[email protected]>, size=432, nrcpt=1 (queue active)
Oct 26 05:29:23 308321 postfix/virtual[6808]: 72F51D4775: to=<[email protected]>, orig_to=<notthere>, relay=virtual, delay=0.74, delays=0.48/0.01/0/0.25, dsn=5.1.1, status=bounced (unknown user: "[email protected]")
Oct 26 05:29:23 308321 postfix/cleanup[6805]: F277DD4776: message-id=<[email protected]>
Oct 26 05:29:24 308321 postfix/qmgr[6511]: F277DD4776: from=<>, size=2225, nrcpt=1 (queue active)
Oct 26 05:29:24 308321 postfix/bounce[6809]: 72F51D4775: sender non-delivery notification: F277DD4776
Oct 26 05:29:24 308321 postfix/qmgr[6511]: 72F51D4775: removed
Oct 26 05:29:24 308321 postfix/virtual[6808]: F277DD4776: to=<[email protected]>, relay=virtual, delay=0.56, delays=0.22/0/0/0.35, dsn=5.1.1, status=bounced (unknown user: "[email protected]")
Oct 26 05:29:24 308321 postfix/qmgr[6511]: F277DD4776: removed

Postfix 版本 2.6.6，Dovecot 版本 2.0.9

我想设置 Postfix + Dovecot。Dovecot 似乎正在工作。我可以验证。然而，邮箱是空的！什么都不会送达！我遵循了许多关于 Postfix + Dovecot 的教程，但他们似乎想通过使用 Dovecot LDA 或 MySQL 使事情复杂化。我只是希望它非常简单，让 Postfix 发送到虚拟邮箱就可以了。我也不需要 MySQL。我已经设置了 Dovecot 用于身份验证的自定义密码文件，我可以使用 SSL 登录 POP3。

我可以从日志中看到 Postfix 正在向系统用户帐户（包罗万象）传送，而不是我在 Dovecot 中设置的虚拟用户。SMTP + SSL 身份验证似乎也有效。

我还可以从日志中看到 Dovecot 正在检查正确的虚拟邮件文件夹。

我只需要弄清楚如何让 Postfix 发送到虚拟邮箱。我有以下我认为相关的内容。让我知道您还需要查看哪些其他设置：

alias_maps = hash:/etc/aliases
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = xxx.com
myhostname = mail.xxx.com
mynetworks = 99.99.99.99, 99.99.99.99
myorigin = $mydomain
relay_domains = $mydestination, xxx.com, domain2.net, domain3.com
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_recipient_domain permit_sasl_authenticated check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_mx_access cidr:/etc/postfix/bogus_mx reject_invalid_hostname reject_unknown_sender_domain reject_non_fqdn_sender
virtual_mailbox_base = /var/spool/vmail
virtual_mailbox_domains = xxx.com, domain2.net, domain3.com
virtual_minimum_uid = 444

后缀master.cf：

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  -o smtpd_sender_restrictions=reject_sender_login_mismatch
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject

鸽舍相关：

mail_location = maildir:~/Maildir
passdb {
  args = /etc/dovecot/users.conf
  driver = passwd-file
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
  }
}

虚拟邮件用户：

vmail:x:444:99:virtual mail users:/var/spool/vmail:/sbin/nologin

这是我尝试向自己发送内容时的 /var/log/maillog：

Oct 25 22:10:05 308321 postfix/smtpd[2200]: connect from user-999.cable.mindspring.com[99.99.99.99]
Oct 25 22:10:05 308321 postfix/smtpd[2200]: D224BD4753: client=user-999.cable.mindspring.com[99.99.99.99], sasl_method=LOGIN, [email protected]
Oct 25 22:10:06 308321 postfix/cleanup[2207]: D224BD4753: message-id=<7DC3C163CFFC483AB6226F8D3D9969D2@dumbopc>
Oct 25 22:10:06 308321 postfix/qmgr[2168]: D224BD4753: from=<[email protected]>, size=1385, nrcpt=1 (queue active)
Oct 25 22:10:06 308321 postfix/smtpd[2200]: disconnect from user-999.cable.mindspring.com[99.99.99.99]
Oct 25 22:10:06 308321 postfix/local[2208]: D224BD4753: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=1.1, delays=0.53/0.02/0/0.51, dsn=2.0.0, status=sent (delivered to mailbox)
Oct 25 22:10:06 308321 postfix/qmgr[2168]: D224BD4753: removed