The dot in ... --- ...

Chris Gerhard's Weblog

20091009 Friday October 09, 2009

Preparing for OpenSolaris @ home

Since the "nevada" builds of Solaris next are due to end soon and for some time the upgrade of my home server has involved more than a little bit of TLC to get it to work I will be moving to an OpenSolaris build just as soon as I can.

However before I can do this I need to make sure I have all thesoftware to provide home service. This is really a note to myself to I don't forget anything.

I'm going to see if I can jump through the legal hoops that will allow me to contribute the builds to the contrib repository via Source Juicer. However as this is my spare time I don't know whether the legal reviews will be funded.

Due to the way OpenSolaris is delivered I also need to be more careful about what I install. rather than being able to choose everything. First I need my list from my laptop. Then in addtion to that I'll need

Oh and I'll need the Sun Ray server software.


+ Tags

( Oct 09 2009, 07:07:53 PM BST ) Permalink
Comments [4]
Trackback

   

20081127 Thursday November 27, 2008

Adding dependancies to exim

I finally got around to adding dependancies to the smtp (mail) server I am using on my home server so that it depends on both spamassassin and the clam anti virus services. While there is probably a way to do this using individual commands it was much quicker to export the XML edit that and reimport it having added these lines:

    <dependency name='spamd' grouping='require_all' restart_on='error' type='service'>
      <service_fmri value='svc:/network/spamd'/>
    </dependency>
    <dependency name='clam' grouping='require_all' restart_on='error' type='service'>
      <service_fmri value='svc:/network/clam'/>
    </dependency>

Having refreshed the service and restarted I, it now shows as depending on the other two services:

: pearson FSS 3 $; svcs -d cswexim
STATE          STIME    FMRI
online         Nov_24   svc:/network/loopback:default
online         Nov_24   svc:/milestone/name-services:default
online         Nov_24   svc:/system/filesystem/local:default
online         Nov_24   svc:/network/clam:default
online         Nov_26   svc:/network/spamd:default
: pearson FSS 4 $;

and any failure of the dependant services results in cswexim being restarted after the dependant service restarts. Depressingly I had found that small amounts of spam could sneak through thanks to exim not depending on spamassasin.


+ Tags

( Nov 27 2008, 05:59:15 PM GMT ) Permalink
Trackback

   

20060913 Wednesday September 13, 2006

exim and pam authetication meets privileges

For reasons that I will go into later the new home server is using exim for it's mail transport rather than the standard sendmail. I wanted to be able to authenticate users sending email using their login and password from the local password and shadow files. This is a snip with exim with the following in the exim.conf file:

plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1

or so I thought. Since exim is security conscious it runs as it's own user and not as root so it is unable to read the /etc/shadow file so no matter what you enter as you login you can't. My quick solution to this was to give the exim daemon permission to read all files using privileges. So the start script now does:

ppriv -s PI+file_dac_read -e $DAEMON $EXIM_PARAMS

Which allows it to read any file on the system which is a risk but not as great a risk as having it run as root. I look forward to someone telling me a better way.


Tags:


+ Tags

( Sep 13 2006, 11:11:31 PM BST ) Permalink
Comments [8]
Trackback

   

Valid HTML! Valid CSS!

Except where otherwise noted, this site is
licensed under a Creative Commons License 2.0

This is a personal weblog, I do not speak for my employer.