Don Branson's questions

Our team is using Azure PowerShell to create and initialize Linux VMs. I'm not at all familiar with Azure, but trying to help someone else set this up. Is there a way to provide a custom authorized_keys file and have Azure PowerShell drop it in ~/.ssh? We want this to occur automatically upon creation.

We noticed a change with named pipes after a linux kernel upgrade. Using the scripts from http://www.linuxjournal.com/content/using-named-pipes-fifos-bash, we were able to replicate the issue. The scripts work on

Linux TEST05 3.13.0-55-generic #94-Ubuntu SMP Thu Jun 18 00:27:10 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

but hang on

Linux TEST01 3.13.0-65-generic #106-Ubuntu SMP Fri Oct 2 22:08:27 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

There seems to be a difference in how named pipes work. Is that intentional or not?

We captured the two scripts as pipe_reader.sh:

#!/bin/bash

pipe=/tmp/testpipe

trap "rm -f $pipe" EXIT

if [[ ! -p $pipe ]]; then
    mkfifo $pipe
fi

while true
do
    if read line <$pipe; then
        if [[ "$line" == 'quit' ]]; then
            break
        fi
        echo $line
    fi
done

echo "Reader exiting"

and pipe_writer.sh:

#!/bin/bash

pipe=/tmp/testpipe

if [[ ! -p $pipe ]]; then
    echo "Reader not running"
    exit 1
fi


if [[ "$1" ]]; then
    echo "$1" >$pipe
else
    echo "Hello from $$" >$pipe
fi

Is there a fix?

EDIT:

We're running each script in its own terminal. They hang in the sense that the writer script never exists, and the reader script never shows the normal "Hello from..." output. We're executing them in an identical fashion under both kernel versions, so it's not an issue of running one script more than once, or any other procedural differences.

Tried running named as my own user on an Ubuntu box, and it couldn't read the named.conf file:

named -d 9 -c named.conf -g
19-Aug-2015 11:33:10.698 starting BIND 9.9.5-3ubuntu0.4-Ubuntu -d 9 -c named.conf -g
19-Aug-2015 11:33:10.698 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
19-Aug-2015 11:33:10.698 ----------------------------------------------------
19-Aug-2015 11:33:10.698 BIND 9 is maintained by Internet Systems Consortium,
19-Aug-2015 11:33:10.698 Inc. (ISC), a non-profit 501(c)(3) public-benefit 
19-Aug-2015 11:33:10.698 corporation.  Support and training for BIND 9 are 
19-Aug-2015 11:33:10.698 available at https://www.isc.org/support
19-Aug-2015 11:33:10.698 ----------------------------------------------------
19-Aug-2015 11:33:10.698 found 8 CPUs, using 8 worker threads
19-Aug-2015 11:33:10.698 using 8 UDP listeners per interface
19-Aug-2015 11:33:10.699 using up to 4096 sockets
19-Aug-2015 11:33:10.699 Registering DLZ_dlopen driver
19-Aug-2015 11:33:10.699 Registering SDLZ driver 'dlopen'
19-Aug-2015 11:33:10.699 Registering DLZ driver 'dlopen'
19-Aug-2015 11:33:10.700 decrement_reference: delete from rbt: 0x7fbd40eb6068 .
19-Aug-2015 11:33:10.703 loading configuration from '/tmp/name/named.conf'
19-Aug-2015 11:33:10.703 open: /tmp/name/named.conf: permission denied
19-Aug-2015 11:33:10.703 load_configuration: permission denied
19-Aug-2015 11:33:10.703 loading configuration: permission denied
19-Aug-2015 11:33:10.703 exiting (due to fatal error)

I opened up the permissions on named.conf:

drwxrwxrwx  2 don  don    4096 Aug 19 11:31 ./
drwxrwxrwt 26 root root 118784 Aug 19 11:35 ../
-rwxrwxrwx  1 don  don     387 Aug 19 11:33 named.conf*

I tried running as root with the same result:

sudo named -d 9 -c named.conf -g

The OS is ubuntu:

uname -a
Linux don-asus 3.16.0-46-generic #62~14.04.1-Ubuntu SMP Tue Aug 11 16:27:16 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

This all works fine on OSX and another Ubuntu box. What else on Linux can block access to open a file?

Edit:

>sudo apparmor_status
apparmor module is loaded.
24 profiles are loaded.
24 profiles are in enforce mode.
   /sbin/dhclient
...

So - it looks like it is active.

I'm trying to diagnose a problem on a CentOS machine in a corporate environment. It's a box someone else configured before leaving the company. The issue is that when we su to the user gitlab, we're actually the user gitauth. There's nothing in /etc or its subdirs that contains the string gitauth. What would cause this? Perhaps an external profile for the user in ActiveDirectory or LDAP? My core question is - what should I look for to point to where the gitauth user is coming from?

[me@blah ~]$ sudo su - gitlab
[gitauth@blah ~]$ id
uid=398473190(gitauth) gid=398473190(gitauth) ...

Output from authconfig, with org named changed:

caching is disabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = ""
 LDAP base DN = ""
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
 SMB workgroup = ""
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
 Winbind template shell = "/bin/false"
 SMB idmap uid = "16777216-33554431"
 SMB idmap gid = "16777216-33554431"
nss_sss is disabled by default
nss_wins is disabled
nss_mdns4_minimal is disabled
DNS preference over NSS or WINS is disabled
pam_unix is always enabled
 shadow passwords are enabled
 password hashing algorithm is sha512
pam_krb5 is disabled
 krb5 realm = "MGMT.OURDEPT"
 krb5 realm via dns is enabled
 krb5 kdc = "dc2mgmtdirqa01.mgmt.ourdept:88,dc2mgmtdirqa02.mgmt.ourdept:88"
 krb5 kdc via dns is enabled
 krb5 admin server = ""
pam_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = ""
 LDAP base DN = ""
 LDAP schema = "rfc2307"
pam_pkcs11 is disabled
 use only smartcard for login is disabled
 smartcard module = ""
 smartcard removal action = ""
pam_fprintd is disabled
pam_winbind is disabled
 SMB workgroup = ""
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
pam_sss is disabled by default
 credential caching in SSSD is enabled
 SSSD use instead of legacy services if possible is enabled
IPAv2 is disabled
IPAv2 domain was not joined
 IPAv2 server = ""
 IPAv2 realm = ""
 IPAv2 domain = ""
pam_cracklib is enabled (try_first_pass retry=3 type=)
pam_passwdqc is disabled ()
pam_access is disabled ()
pam_mkhomedir or pam_oddjob_mkhomedir is disabled ()
Always authorize local users is enabled ()
Authenticate system accounts against network services is disabled

When I run

find . -name "*.html" | xargs hunspell

hunspell displays the first file with an spelling error, but won't accept input. I have to ctrl-c to kill it. What causes this?

Is there a way to run hunspell across a list of files in a directory tree?

I originally asked this question on SO, but perhaps SF is a better place for traction on this question.

I'm having this problem with GWT when it's behind a reverse proxy. The backend app is deployed within a context - let's call it /context.

The GWT app works fine when I hit it directly:

http://host:8080/context/

I can configure a reverse proxy in front it it. Here's my nginx example:

upstream backend {
    server 127.0.0.1:8080;
}

...

location / {
   proxy_pass        http://backend/context/;
}

But, when I run through the reverse proxy, GWT gets confused, saying:

2009-10-04 14:05:41.140:/:WARN:  Login: ERROR: The serialization policy file '/C7F5ECA5E3C10B453290DE47D3BE0F0E.gwt.rpc' was not found; did you forget to include it in this deployment?
2009-10-04 14:05:41.140:/:WARN:  Login: WARNING: Failed to get the SerializationPolicy 'C7F5ECA5E3C10B453290DE47D3BE0F0E' for module 'https://hostname:444/'; a legacy, 1.3.3 compatible, serialization policy will be used.  You may experience SerializationExceptions as a result.
2009-10-04 14:05:41.292:/:WARN:  StoryService: ERROR: The serialization policy file '/0445C2D48AEF2FB8CB70C4D4A7849D88.gwt.rpc' was not found; did you forget to include it in this deployment?
2009-10-04 14:05:41.292:/:WARN:  StoryService: WARNING: Failed to get the SerializationPolicy '0445C2D48AEF2FB8CB70C4D4A7849D88' for module 'https://hostname:444/'; a legacy, 1.3.3 compatible, serialization policy will be used.  You may experience SerializationExceptions as a result.

In other words, GWT isn't getting the word that it needs to prepend /context/ then look for C7F5ECA5E3C10B453290DE47D3BE0F0E.gwt.rpc, but only when the request comes throught proxy. A workaround is to add the context to the url for the web site:

location /context/ {
    proxy_pass        http://backend/context/;
}

but that means the context is now part of the url that the user sees, and that's ugly.

Anybody know how to make GWT happy in this case?

Software versions:
GWT - 1.7.0 (same problem with 1.7.1)
Jetty - 6.1.21 (but the same problem existed under tomcat)
nginx - 0.7.62 (same problem under apache 2.x)

My suspicion is that perhaps GWT is picking up on the Referer header, and getting confused (is there a way for nginx to turn off that header?) or that there's a difference since the traffic between the proxy and GWT/Jetty is HTTP/1.0 instead of HTTP/1.1.