Archive for the ‘misc’ Category

This problem may sound familiar to some people: You have an office (or a livingroom) filled with Macs and you want to share a common NFS volume from a linux machine that all OSX users can access. Linux’ kernel nfsd doesn’t support uid/gid-mapping beyond its rather tame idea of uid-squashing: mapping all file access over NFS to a specific userid and groupid combination. Although this sounds like a sensible approach for such a shared volume, unfortunately the OSX Finder is trying to be way too smart about things and will block any operations on a volume if the permissions look wrong. What this means is, if you use all_squash to map all access to, say, uid/gid 100/100, the Finder running for a user under uid 501 will refuse to copy files to the share, even while the NFS server will permit this.

So for months we resolved to just making sure everybody was running under the default userid 501 assigned to the primary (or actually, first created) user of an OSX system. This, of course, is unworkable for machines that have multiple accounts (onlyl the account with userid 501 will allow proper access to the share).

Then I ran across this post, documenting that the uid/gid combination of 99/99 is magic to OSX and the Finder: it will automatically map the ownership of a file/directory with these properties to that of the user that is currently looking, so problem solved. By exporting an NFS volume like this:


we no longer have to muck around making sure everybody has uid 501.

Alpha Version Launched

The alpha release of OpenPanel is now available for people who want to test it out. We’re trying to keep this first test run somewhat controlled, so you have to sign up to join the party. The beta release will be completely public, but if you can’t wait to take a look go to the site and sign yourself up.

State of the System

This month has been a really energetic one and we’re almost ready for a limited seed of the alpha release of OpenPanel to our testers. Now’s a good time to take a closer look at what it is that we’re shipping.

OpenPanel is not a monolithic product. Yes, you’re getting a complete control panel, but its architecture makes it extremely adaptable to more specific circumstances. Put into perspective, the project has the following components:

  • The opencore configuration daemon.
  • The authd privilege manager
  • The opencli command line shell
  • The openpanel AJAX-based web interface
  • A large number of opencore modules for configuring specific services
  • A software distribution for some necessary components

The flexible design means we will be able to adapt the OpenPanel system to new demands from the market easily. The open-ended architecture also allows this market to extend beyond the purposes for OpenPanel that we happen to find interesting; Users are free (and actually encouraged) to create their own modules.

The alpha release carries the following modules:

  • Apache2 virtual hosts
  • BIND9 DNS zones
  • Postfix and Courier-IMAP hosted mail domains
  • PureFTPd chrooted ftp-accounts
  • MySQL databases and user accounts
  • IPTables firewall configuration
  • Software updates through apt or yum
  • Amavis and SpamAssassin for mail protection
  • AWStats website statistics

Some more modules will make the mark before the public beta release.

[kml_flashembed movie="" width="425" height="350" wmode="transparent" /]

PowerEdge 1950 Xen Hate

We’re trying to get Xen running on our new, fresh, Dell PowerEdge 1950 servers. The install itself was pretty uneventful. Plenty of distros offer pretty decent support for the Xen Hypervisor from their default install (we’re currently testing it with FC6). A major bummer, though, was that the networking part of Xen just plain wouldn’t start in Dom0. The network bridge just plainly didn’t want to receive back packets coming to the interface, so stuff like ARP just didn’t work at all.

It turns out the problem lies with the built-in management firmware that Dell puts on these broadcoms. You can look here for a solution. Beware, the solution involves Windows to unpack the file and MSDOS to change the IPMI settings.

Pyrrhic Victory Dance

I hate to be the one saying I told you so, but I told you so. Hardware security is only now starting to get some serious consideration. Unfortunately, I think TPM and other hardware-lockdown systems that are currently being considered have too much focus on subverting user control, they are ultimately bound to be factors of aggrevation, not mitigation, when it comes to such new threats.

It seems clean enough, setting up multiple blogs is easy …

the inline mode lets you browse while typing the entry for your blog, I like that

To enable all the features for DesktopManager or VirtueDesktops (like being able to move windows across desktops) all you have to do is add yourself to the procmod group….

sudo niutil -appendprop “/” “/groups/procmod” “users” `id -un`


Project supported by CloudVPS a leading European cloud server provider.