[Novalug] Novalug Digest, Vol 92, Issue 27

Mark Smith mark@winksmith.com
Thu Jun 12 19:39:28 EDT 2014


on the next boot of course :-)  or you can juse "umount /tmp" and chmod
to make it happen immediately.  this may be an issue b/c some processes
may be keeping files open there.

On Fri, Jun 13, 2014 at 11:38:01AM +1200, Mark Smith wrote:
> probably just as easy as editing /etc/fstab.  look for tmpfs and delete
> that line.  /tmp will now be on the root filesystem.  you might have to
> chmod 7771 /tmp/ too to make it writable by others.
> 
> alternatively, setup a separate file system for it as you see fit.
> 
> On Thu, Jun 12, 2014 at 07:33:05PM -0400, Gary Knott wrote:
> > Dear Group,  Re the discussion of tmpfs, run, etc.  Can you
> > tell us how to disable the ramdisk filesystem use, and set them up
> > on the "real" disk?  I don't want to  use ram this way.
> > 
> > On 6/12/14, novalug-request@calypso.tux.org
> > <novalug-request@calypso.tux.org> wrote:
> > > Send Novalug mailing list submissions to
> > > 	novalug@calypso.tux.org
> > >
> > > To subscribe or unsubscribe via the World Wide Web, visit
> > > 	http://calypso.tux.org/mailman/listinfo/novalug
> > > or, via email, send a message with subject or body 'help' to
> > > 	novalug-request@calypso.tux.org
> > >
> > > You can reach the person managing the list at
> > > 	novalug-owner@calypso.tux.org
> > >
> > > When replying, please edit your Subject line so it is more specific
> > > than "Re: Contents of Novalug digest..."
> > >
> > >
> > > Today's Topics:
> > >
> > >    1. Re: /tmp partition on Fedora (Jon LaBadie)
> > >    2. Re: secure storage (Jon LaBadie)
> > >    3. Saturday (14 June) (greg pryzby)
> > >    4. Re: secure storage (greg pryzby)
> > >    5. Re: /tmp partition on Fedora (John Place)
> > >
> > >
> > > ----------------------------------------------------------------------
> > >
> > > Message: 1
> > > Date: Thu, 12 Jun 2014 01:52:46 -0400
> > > From: Jon LaBadie <novalugml@jgcomp.com>
> > > Subject: Re: [Novalug] /tmp partition on Fedora
> > > To: novalug@calypso.tux.org
> > > Message-ID: <20140612055246.GA30428@cyber.jgcomp.com>
> > > Content-Type: text/plain; charset=us-ascii
> > >
> > > On Wed, Jun 11, 2014 at 09:22:47PM -0400, Jay Hart wrote:
> > >> I've always had a separate /tmp partition, but if I understand the latest
> > >> documentation on Fedora
> > >> 20, its no longer necessary.  Is this correct? Are there any pros/cons
> > >> going with a /tmp
> > >> partition?
> > >>
> > >
> > > Supposedly better performance.
> > > /tmp cleared on reboot
> > >   pro if you like to start clean,
> > >   con if you expect files in /tmp to remain after reboot
> > > Default size is 1/2 memory.
> > >   may be limiting if you have 2GB of memory (1GB tmpfs)
> > >   not too bad if you have 32GB of memory
> > >   if your apps use most of your memory AND use /tmp,
> > >   may cause greater swapping
> > > Other tmpfs partitions (eg. /run, /dev/shm) are sharing
> > > that same 1/2 of memory
> > >
> > > jon
> > > --
> > > Jon H. LaBadie                  novalugml@jgcomp.com
> > >  11226 South Shore Rd		(703) 787-0688 (H)
> > >  Reston, VA  20190		(609) 477-8330 (C)
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 2
> > > Date: Thu, 12 Jun 2014 01:58:41 -0400
> > > From: Jon LaBadie <novalugml@jgcomp.com>
> > > Subject: Re: [Novalug] secure storage
> > > To: novalug@calypso.tux.org
> > > Message-ID: <20140612055841.GA5324@cyber.jgcomp.com>
> > > Content-Type: text/plain; charset=us-ascii
> > >
> > > On Thu, Jun 12, 2014 at 09:45:48AM +1200, Mark Smith wrote:
> > >> i'm thinking again about secure storage (banking records, receipts,
> > >> that sort of stuff).  i was curious about what you folks do.  i used to
> > >> have an encrypted image that i stored on my disk server and then exported
> > >> via NFS.  locally it was protected via normal unix DAC, but remotely it
> > >> was strongly encrypted.
> > >>
> > >> well, i have a new NAS now... i'm quite happy with OpenMediaVault so
> > >> far, but i don't know what to do with my securte stuff.
> > >>
> > >> i'm trying out spideroak right now and just using the cloud.  that seems
> > >> to be working, but i'm afraid that one cross command by myself or my wife
> > >> will delete all copies of an important file and poof, it's gone.  i could
> > >> do some backups of it, but that sort of defeats the purpose.
> > >>
> > >> i could expose a disk image via NFS, but i have found that to be
> > >> problematic because multiple people can mount it at the same time.
> > >> alternatively, i can mount the disk and then export NFS and then i'm
> > >> in the same boat as i was in.  plus, my new NAS doesn't like doing that
> > >> sort of thing (no facilities for encryption).
> > >>
> > >> anyone out there doing the same sort of thing?  got any ideas?
> > >
> > > Perhaps switch from homegrown rsync to a backup manager that allows
> > > for encryption and storage on the cloud.  An example is "amanda".
> > >
> > > --
> > > Jon H. LaBadie                  novalugml@jgcomp.com
> > >  11226 South Shore Rd		(703) 787-0688 (H)
> > >  Reston, VA  20190		(609) 477-8330 (C)
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 3
> > > Date: Thu, 12 Jun 2014 09:00:27 -0400
> > > From: greg pryzby <greg@pryzby.org>
> > > Subject: [Novalug] Saturday (14 June)
> > > To: Novalug <novalug@calypso.tux.org>
> > > Message-ID:
> > > 	<CAPxJcXL8M16u3ALuyw-ubqom=RF+7g-MNErrbcA7dawwKKhEmg@mail.gmail.com>
> > > Content-Type: text/plain; charset="utf-8"
> > >
> > > There is a meeting this Saturday and Peter Larsen will be talking about
> > > OpenShift.
> > >
> > > http:/www.novalug.com/ for details!
> > >
> > >
> > >
> > > --
> > > greg pryzby                              greg at pryzby dot org
> > > http://www.linkedin.com/in/gpryzby
> > >
> > > TWTR: gpryzby
> > > WEB:  http://www.MakeRoomForArt.com/
> > > BLOG: http://lonetrikerphotography.tumblr.com/ (photos)
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL:
> > > http://calypso.tux.org/pipermail/novalug/attachments/20140612/8556e1b1/attachment-0001.html
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 4
> > > Date: Thu, 12 Jun 2014 09:03:53 -0400
> > > From: greg pryzby <greg@pryzby.org>
> > > Subject: Re: [Novalug] secure storage
> > > To: mark <mark@winksmith.com>, Novalug <novalug@calypso.tux.org>
> > > Message-ID:
> > > 	<CAPxJcXJy=hOxwkawY4WuCqX5s8t7KvvHDcch84zwKzq-kRODbw@mail.gmail.com>
> > > Content-Type: text/plain; charset="utf-8"
> > >
> > > I use SpiderOak and they have a "corporate" version.
> > >
> > > They do NOT have the key and all info is encrypted local (iirc) before
> > > transmitted. It is decrypted of the other side, where you can use the
> > > key/passphrase to decrypt. The copies at SpiderOak are encrypted and
> > > SpiderOak does not have your key. As a matter of fact, if you forget your
> > > key, you can NOT get the data. I finally remembered mine after a few months
> > > ;)
> > >
> > >
> > >
> > > On Thu, Jun 12, 2014 at 12:43 AM, Mark Smith <mark@winksmith.com> wrote:
> > >
> > >> i don't have a lot of time using spideroak, but they seem to be
> > >> cryptographically sound from everything i've read.  perhaps someone else
> > >> can make comments on it?  it works like dropbox, monitoring a particular
> > >> directory, but it's all cryptographic.  the assertion is that they can't
> > >> look at the originals because they don't have the key.
> > >>
> > >>
> > >> On Thu, Jun 12, 2014 at 12:33:26AM -0400, William Sutton wrote:
> > >> > hmmm...
> > >> >
> > >> > I'd be worried that anything in "the cloud" can be read by whoever
> > >> > has access to the servers, unless the files get put there encrypted
> > >> > in the first place.  I suppose an alternative solution could be
> > >> > rsync+gpg. google has a number of links for that combination.  One
> > >> > of the first seems to be something called duplicity (that name kind
> > >> > of scares me, frankly):
> > >> > http://www.rsync.net/resources/howto/duplicity.html
> > >> >
> > >> > Alternatively, you could write something that does a quick rsync of
> > >> > your files to another location, note the ones that changed, gpg sign
> > >> > them, and rsync the gpg signed versions up to the cloud.
> > >> >
> > >> > William Sutton
> > >> >
> > >> > On Thu, 12 Jun 2014, Mark Smith wrote:
> > >> >
> > >> > >hmm... that's a good idea, but i don't like it that i have to manually
> > >> > >do something, like periodically pull a disk and i really want offsite
> > >> > >storage (in case my machine breaks or is stolen).
> > >> > >
> > >> > >i'd be tempted to create a volume with snapshot capability and
> > >> > > nightly,
> > >> > >snap and rsync a copy to spideroak.  meanwhile, just export on my
> > >> > > local
> > >> > >lan.  that solves some problems, but if a crook steals my machine they
> > >> > >still get my unencrypted information.
> > >> > >
> > >> > >I wonder if there's some integrated openmediavault plugin for that.
> > >> > >I guess there's always the "meat" problem... someone has to put in a
> > >> > >password during a NAS boot.  that coupled with a snapshot rsync to
> > >> > >spideroak cloud storage might solve everything.
> > >> > >
> > >> > >On Wed, Jun 11, 2014 at 11:09:46PM -0400, William Sutton wrote:
> > >> > >>run dm-crypt on top of RAID1 on hot-swap drives and periodically
> > >> > >>pull the spare? :-)
> > >> > >>
> > >> > >>William Sutton
> > >> > >>
> > >> > >>On Thu, 12 Jun 2014, Mark Smith wrote:
> > >> > >>
> > >> > >>>that's an obvious answer.  i never wanted to do that since i have
> > >> really
> > >> > >>>been used to incrementals that rsync give me.  the disk is sort of
> > >> > >>> big
> > >> > >>>so doing that for a big disk is a bit of a pain in time and usage.
> > >>  being
> > >> > >>>able to do that on the fly with rsync for backup, restore, and
> > >> inspection
> > >> > >>>is really useful.  i'd hate to move away from that.
> > >> > >>>
> > >> > >>>On Wed, Jun 11, 2014 at 07:45:08PM -0400, William Sutton wrote:
> > >> > >>>>I don't suppose you could gpg-encrypt your data as you spin it off
> > >> > >>>>to tape?  At the very least, you could periodically tar the files
> > >> > >>>>you want, gpg-sign the tarball, and copy that straight to tape.
> > >> > >>>>
> > >> > >>>>William Sutton
> > >> > >>>>
> > >> > >>>>On Thu, 12 Jun 2014, Mark Smith wrote:
> > >> > >>>>
> > >> > >>>>>i'm thinking again about secure storage (banking records,
> > >> > >>>>> receipts,
> > >> > >>>>>that sort of stuff).  i was curious about what you folks do.  i
> > >> used to
> > >> > >>>>>have an encrypted image that i stored on my disk server and then
> > >> exported
> > >> > >>>>>via NFS.  locally it was protected via normal unix DAC, but
> > >> remotely it
> > >> > >>>>>was strongly encrypted.
> > >> > >>>>>
> > >> > >>>>>well, i have a new NAS now... i'm quite happy with OpenMediaVault
> > >> > >>>>> so
> > >> > >>>>>far, but i don't know what to do with my securte stuff.
> > >> > >>>>>
> > >> > >>>>>i'm trying out spideroak right now and just using the cloud.  that
> > >> seems
> > >> > >>>>>to be working, but i'm afraid that one cross command by myself or
> > >> my wife
> > >> > >>>>>will delete all copies of an important file and poof, it's gone.
> > >> > >>>>> i
> > >> could
> > >> > >>>>>do some backups of it, but that sort of defeats the purpose.
> > >> > >>>>>
> > >> > >>>>>i could expose a disk image via NFS, but i have found that to be
> > >> > >>>>>problematic because multiple people can mount it at the same time.
> > >> > >>>>>alternatively, i can mount the disk and then export NFS and then
> > >> > >>>>> i'm
> > >> > >>>>>in the same boat as i was in.  plus, my new NAS doesn't like doing
> > >> that
> > >> > >>>>>sort of thing (no facilities for encryption).
> > >> > >>>>>
> > >> > >>>>>anyone out there doing the same sort of thing?  got any ideas?
> > >> > >>>>>
> > >> > >>>>>--
> > >> > >>>>>Hei kon? mai
> > >> > >>>>>Mark Smith
> > >> > >>>>>mark@winksmith.com
> > >> > >>>>>_______________________________________________
> > >> > >>>>>Novalug mailing list
> > >> > >>>>>Novalug@calypso.tux.org
> > >> > >>>>>http://calypso.tux.org/mailman/listinfo/novalug
> > >> > >>>
> > >> > >>>
> > >> > >>>--
> > >> > >>>Hei kon? mai
> > >> > >>>Mark Smith
> > >> > >>>mark@winksmith.com
> > >> > >>>
> > >> > >
> > >> > >
> > >> > >--
> > >> > >Hei kon? mai
> > >> > >Mark Smith
> > >> > >mark@winksmith.com
> > >> > >
> > >>
> > >>
> > >> --
> > >> Hei kon? mai
> > >> Mark Smith
> > >> mark@winksmith.com
> > >> _______________________________________________
> > >> Novalug mailing list
> > >> Novalug@calypso.tux.org
> > >> http://calypso.tux.org/mailman/listinfo/novalug
> > >>
> > >
> > >
> > >
> > > --
> > > greg pryzby                              greg at pryzby dot org
> > > http://www.linkedin.com/in/gpryzby
> > >
> > > TWTR: gpryzby
> > > WEB:  http://www.MakeRoomForArt.com/
> > > BLOG: http://lonetrikerphotography.tumblr.com/ (photos)
> > > -------------- next part --------------
> > > An HTML attachment was scrubbed...
> > > URL:
> > > http://calypso.tux.org/pipermail/novalug/attachments/20140612/beeb6b6a/attachment-0001.html
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 5
> > > Date: Thu, 12 Jun 2014 10:32:32 -0400
> > > From: John Place <jplace@unixsage.com>
> > > Subject: Re: [Novalug] /tmp partition on Fedora
> > > To: novalug@calypso.tux.org
> > > Message-ID: <5399BA00.1070601@unixsage.com>
> > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> > >
> > > Oddly enough one of the first things I used to do on a new install was
> > > change /tmp from a filesystem to tempfs.. f19 started doing that by
> > > default...
> > >
> > > Personally I like it being a tmpfs file system, when ever the box is
> > > shutdown it gets cleaned. my kerberos tickets and other key material is
> > > extracted there and when I shutdown or restart it is gone.. It is also
> > > where I work with keymaterial in general...
> > >
> > > My use case my not be common though... YMMV
> > >
> > > On 06/11/2014 09:22 PM, Jay Hart wrote:
> > >> I've always had a separate /tmp partition, but if I understand the latest
> > >> documentation on Fedora
> > >> 20, its no longer necessary.  Is this correct? Are there any pros/cons
> > >> going with a /tmp
> > >> partition?
> > >>
> > >> TIA,
> > >>
> > >> Jay
> > >>
> > >> _______________________________________________
> > >> Novalug mailing list
> > >> Novalug@calypso.tux.org
> > >> http://calypso.tux.org/mailman/listinfo/novalug
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > _______________________________________________
> > > Novalug mailing list
> > > Novalug@calypso.tux.org
> > > http://calypso.tux.org/mailman/listinfo/novalug
> > >
> > > End of Novalug Digest, Vol 92, Issue 27
> > > ***************************************
> > >
> > _______________________________________________
> > Novalug mailing list
> > Novalug@calypso.tux.org
> > http://calypso.tux.org/mailman/listinfo/novalug
> 
> -- 
> Hei konā mai
> Mark Smith
> mark@winksmith.com
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug

-- 
Hei konā mai
Mark Smith
mark@winksmith.com



More information about the Novalug mailing list