Using systemd-coredumpctl as a regular user

Similar Messages

• Cannot use systemd-coredumpctl on Firefox cores

  My firefox process is dying regularly and is crashing and creating core dumps. I think it has something to do with an interaction between a few of my plugins and extensions, but it's only a theory so far.
  I didn't know where the corefiles went and I noticed core_pattern was a pipe!
  % cat /proc/sys/kernel/core_pattern
  |/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e
  So systemd is taking all cores instead of just the daemons/procs it runs. This is ... definitely a bit controversial for me, but I'll worry about that later. I've found the systemd-coredumpctl util, and I can find the firefox core files inside of it:
  % systemd-coredumpctl
  TIME PID UID GID SIG EXE
  [... snipped some lines ...]
  Sun 2014-04-20 23:15:33 PDT 21858 1000 100 11 /usr/lib/firefox/firefox
  Thu 2014-04-24 21:55:17 PDT 10059 1000 100 11 /usr/lib/firefox/firefox
  Mon 2014-04-28 16:17:37 PDT 25162 1000 100 11 /usr/lib/firefox/firefox
  Tue 2014-04-29 18:14:13 PDT 5607 1000 100 11 /usr/lib/firefox/firefox
  Wed 2014-04-30 13:22:20 PDT 30645 1000 100 11 /usr/lib/firefox/firefox
  Ok sweet, so it's there, let's try and use it..
  % systemd-coredumpctl gdb
  TIME PID UID GID SIG EXE
  Wed 2014-04-30 13:22:20 PDT 30645 1000 100 11 /usr/lib/firefox/firefox
  Failed to retrieve COREDUMP field: No such file or directory
  This *works* for corefiles other than firefox. Just call systemd-coredumpctl gdb blah and it brings up the proper gdb session. Not so for any firefox core. My next thought was to get the core file out, as maybe the firefox binary was a shell script or something, and didn't really reference the object that gdb wanted to look for.
  % systemd-coredumpctl dump
  TIME PID UID GID SIG EXE
  Wed 2014-04-30 13:22:20 PDT 30645 1000 100 11 /usr/lib/firefox/firefox
  Refusing to dump core to tty
  % systemd-coredumpctl dump > ~/firefox.core
  TIME PID UID GID SIG EXE
  Wed 2014-04-30 13:22:20 PDT 30645 1000 100 11 /usr/lib/firefox/firefox
  Failed to retrieve COREDUMP field: No such file or directory
  Ok so now I'm getting upset - let's look at the systemd-coredumpctl source code
  From: https://github.com/systemd/systemd/blob … ctl.c#L402
  r = sd_journal_get_data(j, "COREDUMP", (const void**) &data, &len);
  if (r < 0) {
  log_error("Failed to retrieve COREDUMP field: %s", strerror(-r));
  return r;
  Ok, so getting the data out of the journal is failing with an ENOENT it seems.. Let's look at sd_journal_get_data:
  https://github.com/systemd/systemd/blob … al.c#L1956
  _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void **data, size_t *size) {
  JournalFile *f;
  uint64_t i, n;
  size_t field_length;
  int r;
  Object *o;
  assert_return(j, -EINVAL);
  assert_return(!journal_pid_changed(j), -ECHILD);
  assert_return(field, -EINVAL);
  assert_return(data, -EINVAL);
  assert_return(size, -EINVAL);
  assert_return(field_is_valid(field), -EINVAL);
  f = j->current_file;
  if (!f)
  return -EADDRNOTAVAIL;
  if (f->current_offset <= 0)
  return -EADDRNOTAVAIL;
  r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
  if (r < 0)
  return r;
  field_length = strlen(field);
  n = journal_file_entry_n_items(o);
  for (i = 0; i < n; i++) {
  uint64_t p, l;
  le64_t le_hash;
  size_t t;
  p = le64toh(o->entry.items[i].object_offset);
  le_hash = o->entry.items[i].hash;
  r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
  if (r < 0)
  return r;
  if (le_hash != o->data.hash)
  return -EBADMSG;
  l = le64toh(o->object.size) - offsetof(Object, data.payload);
  if (o->object.flags & OBJECT_COMPRESSED) {
  #ifdef HAVE_XZ
  if (uncompress_startswith(o->data.payload, l,
  &f->compress_buffer, &f->compress_buffer_size,
  field, field_length, '=')) {
  uint64_t rsize;
  if (!uncompress_blob(o->data.payload, l,
  &f->compress_buffer, &f->compress_buffer_size, &rsize,
  j->data_threshold))
  return -EBADMSG;
  *data = f->compress_buffer;
  *size = (size_t) rsize;
  return 0;
  #else
  return -EPROTONOSUPPORT;
  #endif
  } else if (l >= field_length+1 &&
  memcmp(o->data.payload, field, field_length) == 0 &&
  o->data.payload[field_length] == '=') {
  t = (size_t) l;
  if ((uint64_t) t != l)
  return -E2BIG;
  *data = o->data.payload;
  *size = t;
  return 0;
  r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o);
  if (r < 0)
  return r;
  return -ENOENT;
  Ok - now I'm officially lost. I'm way too inexperienced with systemd source code to make decent progress this route.
  Either journal_file_entry_n_items returned 0 items, which is confusing because it's part of the systemd-coredumpctl listing?, or one of these calls to journal_file_move_to_object is returning -ENOENT.  I can't find anywhere that this is actually true in it's call graph.. so I'm going to assume that journal_file_entry_n_items returned 0.
  What does this mean? How do I fix this?
  As an aside - I'd like to debug my larger firefox issue without changing how corefiles are handled in a default arch install, as that seems a bit much.. but if anyone knows how to disable the systemd corefile handling on any process not launched by systemd, but keep using it for daemons (I can totally see the need for better corefile handling with these auto-started processes) please let me know!
  Last edited by codemac (2014-04-30 23:38:30)

  Yep, looks like that's the problem. journalctl:
  Jun 06 01:11:25 bspararch systemd-coredump[10820]: Core too large, core will not be stored.
  Jun 06 01:11:25 bspararch systemd-coredump[10820]: Process 10814 (chrome) dumped core.
  I don't know how I missed that before... Thanks for the tip
  Now, how would I work to fix that? I've done a little research on my own, but I'll have to look into it more tomorrow - it's getting late over here. And I'm not too familiar with all of ulimit, but I'm still having problems with this configuration:
  bspar@bspararch:/x/BITS/src/ > ulimit -a
  -t: cpu time (seconds) unlimited
  -f: file size (blocks) unlimited
  -d: data seg size (kbytes) unlimited
  -s: stack size (kbytes) unlimited
  -c: core file size (blocks) unlimited
  -m: resident set size (kbytes) unlimited
  -u: processes 2000
  -n: file descriptors 4096
  -l: locked-in-memory size (kbytes) 64
  -v: address space (kbytes) unlimited
  -x: file locks unlimited
  -i: pending signals 94126
  -q: bytes in POSIX msg queues 819200
  -e: max nice 20
  -r: max rt priority 0
  -N 15: unlimited

• AppV 5 HF5 packages using /appve fail for regular users on Win 7

  Hello,
  I've been struggling with some App-V packages that fail to start on Win 7 machines provided trough Xendesktop.
  All packages in question make use of locally installed Internet Explorer 9 and /appve switch  :
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"  /appvve:D89030F5-436B-4A82-A104-A5E5E8089824_6C521CD6-5116-4587-B9E8-E386075F7A79
  All other streamed apps can be started fine (the ones not using /appve switch)
  If I run this package as  a regular user I always get an error that "Internet Explorer has stopped working" and a error message in the application log:
  Faulting application name: iexplore.exe, version: 9.0.8112.16599, time stamp: 0x5473964b
  Faulting module name: AppVEntSubsystems32.dll, version: 5.0.3404.0, time stamp: 0x537e6b1f
  Exception code: 0xc0000005
  Fault offset: 0x00084444
  Faulting process id: 0xecc
  Faulting application start time: 0x01d0348e2b754fcb
  Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
  Faulting module path: C:\Program Files\Microsoft Application Virtualization\Client\Subsystems\AppVEntSubsystems32.dll
  Report Id: 6adc7087-a081-11e4-96bf-001dd8f22044
  If I start the application on the same machine using a domain account user the app starts fine.
  Internet explorer works fine for the regular users.
  On a machine running  Windows server 2008 R2 the same user can start the packages without any problems.
  I've been looking at the permissions needed but can't seem to get to the end of this...
  Has anyone seen the issue or has any clue what I can do?
  Thanks!

  It looks like some others have had issues with the /appvve switch in Citrix environments too:
  http://discussions.citrix.com/topic/348733-publishing-app-v-50-app-with-appvve-switch/
  I wonder if you've approached Citrix about this? I would assume it's something about the way Citrix pass the command
  PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog:
  rorymon.com Twitter: @Rorymon

• Restrict regular users to use only certain ldm command options

  I would like to restrict regular users to use only certain ldm command options, for example only list, bind/unbind, stop/start
  What is the best practice to do it?
  Thanks

  Solution provided by one of my colleagues:
  Installing sudo and configure sudoers file "User privilege specification" section similar to the following example:
  # User privilege specification
  root ALL=(ALL) ALL
  user1 host1 = /opt/SUNWldm/bin/ldm ls *
  user1 host1 = /opt/SUNWldm/bin/ldm stop *
  user1 host1 = /opt/SUNWldm/bin/ldm stop -f *
  user1 host1 = /opt/SUNWldm/bin/ldm start *
  user1 host1 = /opt/SUNWldm/bin/ldm bind *
  user1 host1 = /opt/SUNWldm/bin/ldm unbind *
  **Note*: asterisk should be at the end of each row. They are not displayed in the posted message...*

• How to enable x11vnc at startup using systemd ?

  Hi everyone,
  This is what i tried:
  copy /usr/lib/systemd/system/x11vnc.service to /etc/systemd/system/x11vnc.service
  edit /etc/systemd/system/x11vnc.service, added the Install section and changed ExecStart
  [Unit]
  Description=VNC Server for X11
  Requires=graphical.target
  After=graphical.target
  [Service]
  Type=forking
  ExecStart=/usr/bin/x11vnc -rfbauth /etc/x11vnc.pass -rfbport 5900 -display :0 -auth /var/run/lxdm/lxdm-\:0.auth \
  -forever -bg -o /var/log/x11vnc.log -xkb -noxrecord -noxfixes -noxdamage -nomodtweak
  [Install]
  WantedBy=multi-user.target
  systemctl daemon-reload
  systemctl enable x11vnc
  But after reboot, x11vnc was not started automatically, while starting the x11vnc service manually afterwards worked. It turned out I had produced a dependency cycle.
  root@archlinux:~# journalctl --this-boot | fgrep cycle
  Aug 24 13:09:21 archlinux systemd[1]: Found ordering cycle on graphical.target/start
  Aug 24 13:09:21 archlinux systemd[1]: Walked on cycle path to multi-user.target/start
  Aug 24 13:09:21 archlinux systemd[1]: Walked on cycle path to x11vnc.service/start
  Aug 24 13:09:21 archlinux systemd[1]: Walked on cycle path to graphical.target/start
  Aug 24 13:09:21 archlinux systemd[1]: Breaking ordering cycle by deleting job x11vnc.service/start
  Aug 24 13:09:21 archlinux systemd[1]: Job x11vnc.service/start deleted to break ordering cycle starting with graphical.target/start
  But I am unsure how I can resolve the cycle. Here are the other units envolved in the cycle (both unchanged):
  /usr/lib/systemd/system/multi-user.target:
  [Unit]
  Description=Multi-User System
  Documentation=man:systemd.special(7)
  Requires=basic.target
  Conflicts=rescue.service rescue.target
  After=basic.target rescue.service rescue.target
  AllowIsolate=yes
  [Install]
  Alias=default.target
  /usr/lib/systemd/system/graphical.target:
  Description=Graphical Interface
  Documentation=man:systemd.special(7)
  Requires=multi-user.target
  After=multi-user.target
  Conflicts=rescue.target
  Wants=display-manager.service
  AllowIsolate=yes
  [Install]
  Alias=default.target
  My intention was to start x11vnc.service after graphical.target is reached. How can I achieve this ?
  Altering my Install section to
  [Install]
  Alias=default.target
  screws up the system and leads me to an emergency shell at next boot because /etc/systemd/system/default.target was symlinked to /etc/systemd/system/x11vnc.service by systemctl enable x11vnc.
  Any ideas / suggestins ?
  Thanx
  Last edited by Markus.N2 (2013-08-24 16:15:48)

  If you are not set completely on using x11vnc but want vnc to run as a server so that you can remotely access a machine even before login, then one way which I used to use regularly is to start the vncserver from the tigervnc package by adding a section to the xorg.conf file. This needs tigervnc to be installed on both local and remote machine.  It is a while since I have used this method but when I did so I used to put something like the following in the xorg.conf file:
  Section "Module"
  Load "vnc"
  EndSection
  and later in the file:
  Section "Screen"
  Identifier "Screen0"
  Device "Videocard0"
  DefaultDepth 24
  SubSection "Display"
  Viewport 0 0
  Depth 24
  Option "SecurityTypes" "VncAuth"
  Option "UserPasswdVerifier" "VncAuth"
  Option "passwordFile" "/opt/Local/etc/vnc/passwd"
  EndSubSection
  EndSection
  If you already have an xorg.conf file then you only need to add the load "vnc " and Option  "passwordFile" to the existing xorg.conf. If not, then you can create a minimal xorg.conf to get the vnc module loaded (xorg module not kernel module just to be clear)
  Then use the vncpasswd command to create a password file, and have this accessible at /opt/Local/etc/passwd or whathever path and name for the file is suitable for your machine.
  Then reboot the computer and the vnc module should be running on the "remote" machine. Check the org log to see if that is the case.
  The most secure way to then access the machine remotely is to ssh to the machine from the client in a first terminal window, port forwarding say local port 55900 to the default remote port at 5900 which is the default port on which the vncserver is listening on the remote end.
  After making sure you have a copy of the password file on the local client machine that wants access to the remote machine, then in a second terminal window run the usual vnc command "vncviewer --passwd path/to/password-file localhost:55900" to access the remote machine using the local port in this case at 55900 which will tunnel the vnc traffic down the ssh tunnel. 
  If this is set up correctly then even from a remote reboot if the remote machine has booted up and has a graphical login screen awaiting the username and password, making the vnc connection as above should allow you to "see" the remote machine screen on the local client, and if the window focus is in this vnc window you should be able to login and use the remote machine in the same way as if you were accessing the remote machine with its mouse and keyboard. If the remote machine is already running a user session then you should see a copy of the remote screen and have mouse and keyboard control remotely.
  I ran this technique for some years using different flavours of linux including arch linux but I have not needed to use it for about 9 months now so I have not existing setup with a current arch linux to check that this still works, but I would be surprised if this does not work with arch with up to date packages.
  One important note though is that if anyone has the address of the machine and the vnc password file then essentially they can log in and do what they like at the other end within the privileges of the logged in user at the remote machine - so care is needed to ensure that nobody has access to the password file that you would not trust making the connection! Of course also once the vnc server is running at the remote end then the machine is continuously accessible with the above method since it is running without reference to a specific user login.
  I hope this helps.
  Last edited by mcloaked (2014-06-03 15:21:18)

• SSIS package issues when running as a regular user

  Hello
  I have one package which is getting data from MSSQL server and putting it to the excel (2007 format).
  When started as an administrator from Visual studio, IS, command line or SQL Agent job it works just fine.
  But when using regular user (SSIS proxy in SQL Agent job) it does not return any errors, but result Excel file is just empty. It puts only firs row with headers into it.
  Only difference I've found when executing as admin and regular user is a warning in package execution detailed log:
  OnWarning,SERVERNAME,USERNAME,PACKAGE_NAME,{GUID},{GUID},2014.03.21 15:23:22,2014.03.21 15:23:22,-2147183868,0x,Warning: Could not open global shared memory to communicate with performance DLL; data flow performance counters are not available.  To resolve,
  run this package as an administrator, or on the system's console.
  If I add user to local administrators group it runs just fine.
  Trying to search the web I've found that most causes of thet could be UAC enabled on the server. But it is not enabled.
  SQLserver - Microsoft SQL Server 2012 - 11.0.2383.0 (X64)
  Windows Server 2008 R2
  Thanks in advance,
  Olegas

  It could be also an issue with the access to the %temp% directory.
  But I suggest again, you do not rely on turning the logging on that is built into DTEXEC, you need to provide this package right now with thorough logging to find the root cause of the issue. E.g. no access to a shared drive may an issue, too.
  Arthur My Blog

• What file/registry permissions are required to run MultiSim 7 as a regular user?

  I want to be able to run MultiSim 7 as a regular user (since our students obviously do not have administrative permissions/rights).
  I can't quite figure out what file and registry permissions are required to be able to do this (despite using Filemon and Regmon).

  Hi,
  If you are refering to the "failed to update registry" warning message, do this:
  1.  Click Start-->Run
  2.  Type "regedt32"
  3.  Locate HKEY_Classes_Root/Multisim.Document
  4.  On the menu, select Security-->Permission (win 2000), For  XP select Edit-->Permission
  5.  Give full control for everyone
  6.  Repeat step 3-->5 for:
  HKEY_Classes_Root/CLSID/{2D964073-9BC9-11D1-840B-006008AC6551}
  Regards,
  Tien Pham
  EWB Support
  Tien P.
  National Instruments

• Mounting USB drive as regular user (with ntfs-3g)

  Hello. First of all, I not asking to do the homework for me, rather is someone can help me understand why I can't get this work.
  I spent the last night trying to figure how mount an USB drive as a regular user, using ntfs-3g. I read the related wiki entries and researched quite a lot in the forums. I came up with this:
  fstab:
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  devpts /dev/pts devpts defaults 0 0
  shm /dev/shm tmpfs nodev,nosuid 0 0
  #/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
  #/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
  #/dev/fd0 /media/fl auto user,noauto 0 0
  /dev/sda1 / ext3 defaults,noatime 0 1
  /dev/sda2 /home ext3 defaults,noatime 0 2
  /dev/sda3 swap swap defaults 0 0
  /dev/sdb1 /mnt/usb ntfs-3g noauto,uid=0,gid=0,noatime,umask=000, 0 0
  I created a ntfsuser group, added my user to that group and trim permissions to the ntfd-3g executable (link in this post). That allows me mount the partition as root and read/write as regular user. It works, so (i think) not big deal here.
  However if I add user to the mount options the following error shows up:
  Mount is denied because setuid and setgid root ntfs-3g is insecure with the
  external FUSE library. Either remove the setuid/setgid bit from the binary
  or rebuild NTFS-3G with integrated FUSE support and make it setuid root.
  Please see more information at http://ntfs-3g.org/support.html#unprivileged
  What bugs me the most is I don't understand why I can't mount as regular user when the user option is set in the fstab. Shouldn't that allow regular users to mount and unmount? Is not like that I'm mounting and dismounting USB drives every 5', but I would like to get this done because I know it can be done
  Sorry for asking such trivial question, but I sense that I'm missing something really stupid and I just can't figure what it is

  Beware of the double post! (+1)
  Ok, I decided I'd get this to work, although the method and the implications it could have might not seem pretty to some. There are certain conditions for a user to mount any ntfs volume with ntfs-3g, I will name them here:
  1. ntfs-3g with integrated fuse support. You'll get this by:
      1A. Removing ntfs-3g and fuse from your system if you have them installed as separate packages, so do this as root:
  pacman -Rn ntfs-3g
  pacman -Rn fuse
  Now you can install the new package.
      1B. Getting a modified version of the PKGBUILD found in that AUR link previously mentioned by me, here's mine:
  # Maintainer: Gula <gulanito.archlinux.org>
  # Slightly modified by anderfs
  # Don't forget to setuid-root for the ntfs-3g binary after you install this
  pkgname=ntfs-3g-fuse-internal
  pkgver=2010.5.16
  pkgrel=1
  pkgdesc="Stable read and write NTFS driver (whit internal fuse suport)"
  url="http://www.tuxera.com"
  arch=('i686' 'x86_64')
  license=('GPL2')
  depends=('glibc')
  conflicts=('ntfs-3g')
  makedepends=('pkgconfig')
  options=('!libtool')
  source=(http://www.tuxera.com/opensource/ntfs-3g-${pkgver}.tgz
  http://aur.archlinux.org/packages/ntfs-3g-fuse-internal/ntfs-3g-fuse-internal/25-ntfs-config-write-policy.fdi)
  sha1sums=('895da556ad974743841f743c49b734132b2a7cbc'
  '200029f2999a2c284fd30ae25734abf6459c3501')
  build() {
  cd "${srcdir}/ntfs-3g-${pkgver}"
  ac_cv_path_LDCONFIG=/bin/true ./configure --prefix=/usr \
  --with-fuse=internal --disable-static || return 1
  make || return 1
  package() {
  cd "${srcdir}/ntfs-3g-${pkgver}"
  make DESTDIR="${pkgdir}" install || return 1
  ln -s /bin/ntfs-3g "${pkgdir}/sbin/mount.ntfs" || return 1
  install -m755 -d "${pkgdir}/usr/share/hal/fdi/policy/10osvendor"
  install -m644 "${srcdir}/25-ntfs-config-write-policy.fdi" "${pkgdir}/usr/share/hal/fdi/policy/10osvendor/" || return 1
  Save this as PKGBUILD, preferrably in an empty directory so it doesn't clutter things up when you build it.
      1C. Now go to the directory where you saved it and do this as a regular user:
  makepkg PKGBUILD
  After that's done, you'll get a package called ntfs-3g-fuse-internal-2010.5.16-1-i686.pkg.tar.xz, or something similar.
      1D. Install that package as root:
  pacman -U ntfs-3g-fuse-internal-2010.5.16-1-i686.pkg.tar.xz
  If all went well you now have ntfs-3g compiled with integrated fuse support.
  2. The ntfs-3g version must be higher than 1.2506, this is already covered, the package installed from AUR matches this requirement.
  3. The ntfs-3g binary must be set to setuid-root, to accomplish this you shall do the following as root:
  chown root $(which ntfs-3g)
  chmod 4755 $(which ntfs-3g)
  I used 4750 instad of 4755, I guess that last bit can be a matter of personal taste as long as it isn't something obnoxious like "7".
  4. The user must have the right access to the volume. Okay, this is the ugly part, volumes are owned by root and managed by the disk group with permissions brw-rw----, this means you have to add any users you want mounting this volume to the disk group.
      4A. So, do this as root:
  gpasswd -a [user] disk
  Where [user] is obviously the name of whichever user you're adding to the disk group, do this for any user you want mounting this volume.
      Any users currently logged in will have to log out and back in for these change to take effect, this most likely includes you.
      4B. Now that you logged back in, try this:
  groups
  One of the groups listed should be disk, if it's not there you didn't completely log out of all open sessions.
  5. The user must have the right permissions/access to the mount point. For a user to be able to mount something to a mount point, that user needs to have read permission (pretty self-explanatory), write permission (so the user can make any changes to the sub-structure of the mount point), and execute permission (so the user can change-dir to that mount point) to it. Mount points can be anywhere, so this really depends where you're mounting.
  In my case, I'm mounting these volumes on certain directories under /mnt/, for example /mnt/example. If you're mounting stuff there, you might as well take advantage of the fact your "mounting user" is already in the group disk, and do the following as root:
  chgrp disk /mnt/example
  chmod 774 /mnt/example
  Now users in the disk group will be able to manage these mount points.
  6. Mount it. That's it, you should now be able to mount ntfs volumes as an "unpriveleged enough" user. Here's an example of what you'd have to put in /etc/fstab:
  UUID=XXXXYYYYXXXXYYYY /mnt/example ntfs-3g noauto,noatime,user,uid=0,gid=6,fmask=137,dmask=027,rw 0 0
  uid=0 means root will be the owner of this mount-point and anything in it after it's mounted. This is due to the fact that even though users might own their mountpoints and have rwx permissions on them, you might still not want them to write to the mounted ntfs volumes. Remove this if you want them to be able to write to the volume.
  gid=6 means this will be managed by the disk group in my system. Perhaps the disk group has a different id in your system, run "id root" to find out, as root usually is part of this group.
  fmask = 137 means the owner (root) can do anything with files in this volume except executing files. Group members (disk) can only read files here, not create or execute them. And other users can't do anything in this volume.
  dmask = 027 means the owner can do anything with directories (execute here is needed to chdir), users can't write directories but they can read or execute in them (once again, needed by 'cd'), and finally other users still don't have any access.
  You can use whichever fmask and dmask makes sense to you, or use an umask instead.
  Last edited by anderfs (2010-07-15 11:34:48)

• HAL doesn't let regular users browse NTFS drives

  If I plug a USB hard drive into my computer that is using an NTFS filesystem, I get a dialog box saying "Failed to open directory "disk-1".  Permission denied."  Most of the time with flash drives and the like, I plug it in and it just works (wowee!).  But in this case, it's getting its unix on.  I haven't messed with the fstab if that's what I have to dink with.  What can I do to allow a regular user read and write to NTFS drives via HAL?

  I use both the policy rule and the mount.ntfs-3g workaround, as I have many files with greek characters on my removable NTFS volumes- and without the workaround they are invisible (despite the fact that the system default is el_GR.UTF8).
  I didn't need to apply the "ln -s /sbin/mount.ntfs-3g /sbin/mount.ntfs" workaround, as I had no issues (using a fairly standard kernel26).

• Learning to use systemd

  I've been a casual/slightly-technical user of linux for well over a decade now. I've always wanted to learn more about system administration, and I've started trying to really understand how systemd works. Unfortunately, as I've searched for help on that, I have not been able to find anything that starts at a simple level. The Arch Wiki is close, but might be one or two steps ahead of me. Most everywhere (including in the wiki) it seems they give a few examples without actually explaining what's happening, and then say "if you want more information, check the man pages". The man pages are... well... man pages. They seem written for people who already know what they're doing.
  I'm going to keep studying the wiki pages here, but I thought I'd inquire if anyone knows of a good resource for learning how to use systemd. Preferably something between the "for dummies" level and the wiki level. Does such a thing exist?

  Edit:  I see others have more succintly summed up what I was going to say in this post.  Follow ANOKNUSA's advice if you wish to skip my long-winded post.
  I'm going to attempt to answer some of these statements by putting into words my experiences of Linux/open source/how-to-learn-this-stuff-but-man-pages-suck.    I'm going to assume, based on what you've posted in this thread, that we think somewhat alike on this subject.  I'll be Canadian and apologise in advance if my assumption is dead wrong.  If that's the case you're free to light me on fire and watch me glow like a Christmas tree. 
  DrMag wrote:I've been a casual/slightly-technical user of Linux for well over a decade now.
  I've been using Linux since Mandrake 8.0 in 2001.  I know I'm dating myself here but I wanted you to know that I'm not some snot-nosed 12 year old who thinks she knows better than an elder Linux user.
  DrMag wrote:I've always wanted to learn more about system administration, and I've started trying to really understand how systemd works. Unfortunately ... I have not been able to find anything that starts at a simple level.
  And you'll never find something simple enough to explain things in all the detail you are likely to want either.  I learned this lesson the hard way when I began using Linux.  We want something that explains ... well, everything and goes about documenting what each part of whatever it is we wish to learn in discrete segments.  To use your example:
  DrMag wrote:It makes that jump to talking about "units" without ever explaining what is meant by that. What other types of units are there?
  I remember very clearly saying almost exactly these same words on the Mandrake mailing list.  The response I got was (inevitably) read the man pages.  And then I said (nearly word-for-word) that: 
  DrMag wrote:The man pages are... well... man pages. They seem written for people who already know what they're doing.
  You're right: they aren't meant for newbies and people who want things explained in a lot of detail so we can grasp the fine nuances of what this gear does when this cog goes in that direction.  This should sound familiar, I think. 
  DrMag wrote:  The Arch Wiki is close, but might be one or two steps ahead of me. Most everywhere (including in the wiki) it seems they give a few examples without actually explaining what's happening, and then say "if you want more information, check the man pages".
  I understand this statement very well because I remember saying something very close to this to another member of the mailing list who tried to take me under his wing for a while.  It took me about a year to realise that there really is only one way for people like us to learn these things: Doing it.
  Seriously.  Those two words were what helped me to learn-as-I-went-along. For example, I wanted to set up an ftp server and I had no idea how to do it.  I read man pages and newbie-esque websites for explanations.  Some helped and some didn't.  Mostly I learned by setting up what I thought would work but often-times failed.  So I'd go back and read up on what failed, why it failed, and what it is supposed to do that I obviously didn't understand.  Yes this took some reading and cogitating upon the seemingly arcane technical aspects that I wished to learn.  The result was that eventually I got an ftp server set up (after about 3 years of procrastinating, reading and absorbing strange technical concepts) but I did it. 
  In a way for you, I think, being an Archer will be to your advantage.  When I was looking for information and ideas back in the early 2000's there were no real references you could look at save some man pages, a few nice-to-newbies websites and some well-intentioned would-be Linux mentors.  Arch, on the other hand, has the wiki and a lot of good information on the forums.
  What I suggest you do is what I did:  Play with whatever it is you want to understand on a separate machine, figure out what your goal is and then implement what you think is the correct answer.  Don't try to understand everything you want to know about systemd at this point.  Just install it, your server setup you want working and see if it does what you need it to do.  If it does, great.  Poke at it to find out what a component you don't understand is supposed to be.  Find a few newbie-oriented web pages to discern this information.  Read the man page if you dare but don't expect to get all the answers you want to learn.  Instead focus on said component you need/want to learn and work to understand it by itself to your satisfaction.
  I also had to learn one more thing:  It's unlikely that you will learning everything about any aspect of Linux and, in your case, systemd itself.  You'll never be a systemd expert but if you're willing to try out these ideas it's likely that you will end up learning enough expertise to satisfy your needs and thirst for knowledge about Linux and systemd.
  Last edited by MoonSwan (2014-11-08 20:28:36)

• ORA-12547 when using sqlpus or svrmgrl as any user except oracle

  I have Oracle 8.1.7 and Oracle 9.0.1 installed on a Slackware 8.0 Linux box. It used to work fine, but something changed one day. I have tried with the Oracle 8 and Oracle 9 binaries with the same problem.
  If I try svrmgrl or sqlplus as oracle, all is well, but no other user including root.
  here's what happens, this time as root:
  #/> ORACLE_HOME=/n/local0/oracle/OraHome1
  #/> LD_LIBRARY_PATH=$ORACLE_HOME/lib
  #/> PATH=$ORACLE_HOME/bin:$PATH
  #/> export ORACLE_HOME
  #/> export PATH
  #/> export LD_LIBRARY_PATH
  #/> svrmgrl
  oracle: error while loading shared libraries: cannot open shared object file: cannot load shared object file: No such file or directory
  oracle: error while loading shared libraries: cannot open shared object file: cannot load shared object file: No such file or directory
  ORA-12547: TNS:lost contact
  SVRMGR>
  Checking the library dependencies:
  #/> ldd `which svrmgrl`
  libwtc8.so => /n/local0/oracle/OraHome1/lib/libwtc8.so (0x40017000)
  libclntsh.so.8.0 => /n/local0/oracle/OraHome1/lib/libclntsh.so.8.0 (0x40019000)
  libdl.so.2 => /lib/libdl.so.2 (0x405cf000)
  libm.so.6 => /lib/libm.so.6 (0x405d3000)
  libpthread.so.0 => /lib/libpthread.so.0 (0x405f5000)
  libc.so.6 => /lib/libc.so.6 (0x4060b000)
  /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
  Any clues appreciated
  John Ryan

  I have found a very strange combination of settings that allows regular non-administrative user logged in via RDP to eject the removable drive:
  1) gpedit>Computer>Administrative Templates>System>Removable Storage Access>Allow
  direct access to removable storage in remote sessions.
  2) Local Security Policy>Local Policy>Audit Policy>Audit Object Access = Failure
  3) reboot is required.
  Once these options are changed - regular user can now eject the drive. Any other Audit policy does not
  allow eject.
  Jeremy, I think its clear that this is not hardware/hypervisor related. Is there anything I can provide
  to help track this issue to a proper resolution?
  thank you!

• SunStudio Newbie: Installed OK (as root), but cannot run as regular user

  All,
  Just installed SS12.1 with patches successfully on a box with root. Can execute various
  progs (CC, make, etc) as root OK. However when running as a regular user I get permission denied errorsor command not found errors. The path is set correctly (/usr/bin is part of the path).
  What am I missing here - must be something simple, I'm sure...
  Cheers,
  Bonny

  Igor,
  Thanks for the reply, I've managed to sort it earlier - it turned out the directory it was installed into did not allow regular user/world execute access - only root's.
  I've used the package installer btw, if it makes it useful for other people stumbling on this.
  Cheers,
  Bonny
  Edited by: bonnster on Nov 30, 2009 10:52 PM

• [SOLVED] systemd reboot and poweroff as user

  I decided to try systemd and all my services are working but I cannot reboot or poweroff as user.
  $ systemctl poweroff
  Failed to issue method call: Access denied
  Failed to issue method call: Access denied
  I also get that duplicate message for systemctl reboot.
  According to the systemd wiki article, I should be able to reboot and poweroff as user and even if not, I should be given the opportunity to provide the root password, but I was not.  Both commands work as expected if I su to root.  Any suggestions?  Thanks.
  Last edited by kekules_dream (2012-08-13 10:14:50)

  @Smasher816 - the op is right that he/she should be able to reboot, shutdown without superuser access with systemd.  I just began using systemd and mine seems to work fine.  You aren't logged in as root or another user in another terminal or tty are you?  I know that you should STILL be given the option to enter the root password and shutdown, but that is the best I can think of at the moment

• Installation requirements for regular user

  Hi,
  I'm building my first widget with Yahoo Widgets, Eclipse and the SAP Widget Foundation installed.
  I've got my widget working on my pc and can export the widget. Data retrieval from SAP is showing in the widget.
  I wonder what a regular user ( on an other pc) needs to install to use the widget? Only Yahoo widgets or more? Can he/she change the login settings?
  Any help will be appreciated. 
  Regards,
  Bert

  Hi Bert,
  You should install Yahoo widget Engine,SAP widget Foundation individually.
  My suggestion is you can install SAP widget foundation in one system and you can define the service provider in the same system so that it act as a server.
  Then from another PC you need to install only yahoo widget engine and consume the defined services.
  So this will be of  client/server model....
  please refer the below link for more details......I havent test the same scenario in case of  firewalls...
  /people/jaideep.srinivasan/blog/2008/02/09/enterprise-widgets-in-clientserver-environment
  thanks
  jaideep srinivasan

• Regular users lost Internet after upgrade

  After I installed 2007.05 and inmediately upgraded to 2007.08, I found that regular users were not able to log into the internet. As usual, regular users are members of the wheel, optical, audio and users groups.
  What gives?
  Thanks in advance.

  Lone_Wolf wrote:
  bored2k wrote:As usual, regular users are members of the wheel, optical, audio and users groups.
  The wheel group is normally used to give users root rights, a regular user should NOT have root rights.
  wheel=root rights? Rights like what? I've always added myself to wheel for over a year now and I've never had such rights...