/srv/irclogs.ubuntu.com/2008/01/04/#ubuntu-server.txt

kgoetzits installed, and has a file (+x) in /etc/cron.daily/00logwatch, but i dont get emails from it. when i run it manually i get mail from the script00:34
kgoetzs/its intalld/ i have logwatch installed00:34
sorensyslog tells you when cron runs something. Does it mention it?00:35
kgoetzlet me check00:37
kgoetzholy heck, how has syslog hit 32mb :S00:40
kgoetzJan  4 09:17:01 moon CRON[13505]: Authentication service cannot retrieve authentication info00:41
kgoetzlooks like syslog/cron has been broken since 27th of september00:42
kgoetzsoren: looks like thats the problem :/ i'll try and work out this cron+syslog issue00:48
kgoetzturns out shadow was misformed. fixed that and cron+other stuff starts working again.03:20
=== joerlend_ is now known as XiXaQ
XiXaQI want to setup a shared folder on my ubuntu server so that windows clients can connect using only a password. I've been reading and reading, but I don't understand how it's possible. I don't want to duplicate all users usernames and passwords between all windows clients and ubuntu.04:18
XiXaQcan someone explain this? I've tried setting security = share, but then it isn't password protected at all..04:18
XiXaQI wonder if irc would be as popular if everyone was required to read the irc protocol before they were allowed to run the client.. :)04:21
XiXaQit feels like samba is doing something similar to me.04:21
PanzerMKZwell I setup my samba install04:27
PanzerMKZand gave it one user04:27
PanzerMKZgive it a valid user = username04:29
XiXaQI don't want to tie it to usernames. Everybody that knows the password should be able to read and write, just like in windows. Isn't that possible?04:30
PanzerMKZI have one username04:31
PanzerMKZpanzer04:31
PanzerMKZso that line is set to valid user = panzer04:31
PanzerMKZand there is a password for user panzer04:31
PanzerMKZso I go to any of my windows boxen and pop that share and log in using panzer04:32
XiXaQok, so if a friend comes over for tea, brings his laptop and wants to open a file, then he just has to create a new user in his system, log out and back in with that user, then connect to the share?04:32
PanzerMKZno04:32
PanzerMKZyou come over to my pad04:33
PanzerMKZfor tea04:33
PanzerMKZyou got a windows box04:33
PanzerMKZyou log in as you on your box04:33
PanzerMKZyou go to start>run04:33
PanzerMKZtype in //companion04:34
PanzerMKZcompanion in this case being my ubuntu file server running samba04:34
PanzerMKZup pops in a user/password window04:34
PanzerMKZand you put in the user panzer and my super secret password of lace04:35
PanzerMKZand bam you have access to all the file shares04:35
XiXaQso I'll have to setup one user per share?04:35
PanzerMKZis that not what you wanted?04:36
PanzerMKZone user04:36
XiXaQdo you know how people share files in windows xp?04:36
PanzerMKZfor all your shares?04:36
PanzerMKZthere is a ten connection limit for xp file shares04:36
XiXaQI'd like to have a share with a password, another share with a different password. This means I have to create two different users, then share the resources as those users and give those usernames and passwords to the people who're supposed to access the shares?04:38
PanzerMKZbut smb users don't have to be system users04:38
XiXaQthey don't?04:38
PanzerMKZno04:38
XiXaQoh...04:39
PanzerMKZI could have smb user fred that is no where on my system04:39
XiXaQthen how do I add this user?04:40
PanzerMKZfirst answer is man samba04:40
PanzerMKZwhich is what I am going to do now04:40
XiXaQyou don't think I've been doing that for weeks?04:40
XiXaQeveryone has been explaining how to install single-signon setups with directory controllers, and ldap, dhcp and god knows. I only want my damn directory to be available to those who know the password :)04:41
XiXaQthe samba configuration guide has 47 chapters.04:42
PanzerMKZnice04:42
PanzerMKZman smbpasswd04:42
XiXaQwell, actually, that's just the howto :)04:42
PanzerMKZit will talk about adding users04:42
XiXaQthanks :)04:42
PanzerMKZand changing passwords04:42
PanzerMKZthe -a command adds a user04:44
PanzerMKZyou need example of my smb.conf file?04:45
XiXaQthat would be nice.04:45
PanzerMKZhttp://pastebin.com/d6421821c04:48
PanzerMKZis for a iso share I have04:48
XiXaQthat's the kind of share I want to setup. :)04:50
XiXaQbut panzer is a real user, right?04:51
PanzerMKZwell on that box yes04:51
XiXaQpanzer can login using ssh with that password, for instance?04:51
PanzerMKZbut the passwd for panzer on smb is different then the system04:51
PanzerMKZso the answer is no04:52
XiXaQhow do I do that?04:52
PanzerMKZsetup the share04:53
PanzerMKZand then work your magic with smbpasswd04:53
XiXaQoh.. Ok. Normal user doesn't automatically have access to their own shares? You must use smbpasswd first?04:53
PanzerMKZto add users and passwords04:53
PanzerMKZyea04:53
XiXaQaha..04:53
XiXaQdoes that make sense in anyway?04:54
PanzerMKZyea04:54
PanzerMKZbasicly you are asking if you have a samba server up04:55
XiXaQpardon?!04:55
PanzerMKZand you add a new user to the system does the system users home dir get shared out automatically04:55
XiXaQno. If I make normal user. I then add that users home directory as a share in /etc/samba/smb.conf. That users password will be invalid, because I haven't set a sambapassword for him yet?04:56
PanzerMKZyea04:56
XiXaQok.. Is that a requirement, or is it possible to use pam instead?04:58
PanzerMKZyou can set it up different ways by changing the smb.conf04:59
PanzerMKZthere should be things you uncomment04:59
XiXaQok, that's fine for my setup. However, if I wanted to let other unix users share their folders at will.. I really don't want to make all admins?05:01
XiXaQit seems to me strange that shares should be spesified in the main configuration file?05:02
PanzerMKZthere is parts for users to add05:02
XiXaQBy default, \\server\username shares can be connected to by anyone with access to the samba server.  Un-comment the following parameter to make sure that only "username" can connect to \\server\username This might need tweaking when using external authentication schemes05:08
XiXaQ   ;valid users = %S05:08
XiXaQdoes this mean that by default, all users can read from and write to other users homes?05:09
XiXaQPanzerMKZ, thanks. I think I got it.05:17
XiXaQit's the documentation that confused me. help.ubuntu.com's samba documentation seems to explain more about how Active Directory works and what LDAP is than how to setup a share.05:17
XiXaQthink maybe I'll write a simpler guide when I get this right.05:18
c1|freakydoes anyone know if theres a tool for windows which can knock on port? because i want to secure ssh using knockd05:22
c1|freakyand is there any good firewall solution for ubuntu server?05:23
c1|freakyi mean, configuration, standard mechanisms etc.?05:23
c1|freakyI also need some intrusion detection software ...05:30
ScottKiptables is built into the kernel.  That's your firewall.05:38
c1|freakyok05:39
ScottKIs it just you connecting via SSH?05:39
c1|freakyno05:39
ScottKOK.  I generally just rate limit SSH connections via iptables, but it doesn't scale well for lots of users.05:40
c1|freakyi want to secure ssh logins using knockd ... but i dont know if theres any software for windows which can knock on ports05:41
c1|freakylike knock does05:41
* ScottK doesn't use Windows. Sorry. Can't help on that.05:46
c1|freakyok thanks05:56
c1|freakyim waiting for my new server :D05:57
c1|freaky6GB DDR2, 2 750GB SATA II HDDs, AMD Athlon 64 X2 DualCore :D05:58
normanmhi all06:20
normanmWe use ubuntu on some servers here. We need to support php4 because of some old CRM. I saw feisty dropped the php4 support. Any idea if there are some sources where we can get the needed debs ?06:22
ScottKRun Dapper would be my suggestion.06:26
normanmScottK, dapper is really out of date :-/06:26
ScottKYes, but you want to run PHP4.06:26
ScottKI'm typing this on a Dapper desktop because it basically does what I need.06:27
ScottKDebian is, I think, also dumping PHP4, so it's a losing battle I think.06:28
normanmScottK, Dapper not works on the x4100 servers with the "supported" kernel06:28
normanmScottK, well I don't want... I need :-/06:28
ScottKAh.06:28
ScottKI don't know enough about PHP to have a useful opinion then.06:29
normanmThe company i'm workin for is using a self devolped crm wich only support php406:29
normanmbtw.. Is dapper still getting security updates ?06:29
lamonthrm... do I want to turn on IDN support in bind9, I wonder?06:35
lamontnormanm: only until june of 2011 (for ubuntu-standard portions), or June of 2009 (for desktop stuff)06:35
lamont:-)06:35
normanmlamont, hmm thats not bad..06:36
normanmSo now i need to think about if i want to use dapper drake or i want to use freebsd06:36
normanmon the webservers06:36
lamontnormanm: or stall until april and put hardy on, which will have server security support until april of 2013 :-)06:40
normanmlamont, ;-)06:41
lamontor I suppose you could just dist-upgrade from dapper to hardy once it's out. (That'll be tested/supported)06:41
normanmlamont, well i don't think hardy will support php406:41
lamontah, there is that.06:42
normanmlamont, :-P06:42
lamontyou do know that it stands for "Please Hack Promptly", right?06:42
normanmI allready upgraded all servers except the webservers to gutsy06:42
normanmlamont, tell me something new... But what should i do if my boss wants it :-P06:43
lamontnormanm: short term?  do it.  longer term?  resume.06:43
normanmlamont, yes.06:43
normanmBTW, do you know if there is something like kernel security level planed for ubuntu ?06:44
lamontijiot circumstances require change... :-)06:44
lamontas in C2 or B1 or such?06:44
lamontorange-book levels?06:44
lamontno clue on that one.06:44
lamontsecurity fixes? already happens06:44
normanmSomething like in freebsd which prevent modules to be loaded. don't allow the the time to be set more then 1 second in the past/future. Don't allow raw access to block devices etc06:45
lamontah.  one could use selinux to do that, quite possibly could use apparmor (which is there by default in gutsy...)06:47
* lamont prefers selinux, wasn't consulted wrt what got turned on in gutsy's kernel06:47
lamonttime to sleep06:50
krautmoin08:57
_rubenmornin08:57
=== tku is now known as kraut
ScatterBrainBy default the snmp daemon runs as user "snmp".  How can I give that user permissions to read the log files in /var/log?15:44
ScatterBrainI've tried adding it to the "adm"group, but that doesn't seem to work.15:44
Kamping_Kaiserwhy do you want them to?15:45
ScatterBrainI need to run a script that greps the logs via snmp'd "pass" functionality so I can keep stats with Cacti.15:45
Kamping_Kaiserunsure. night mate15:46
ScatterBrainat this point, I'm looking to keep track of Postfix and Amavis.15:46
lamontScatterBrain: group adm should be sufficient.  OTOH, it probably requires restarting the daemon15:47
ScatterBrainlamont, yeah did that.15:48
ScatterBrainI'm still getting permission denied trying to read /var/log/mail.log15:48
ScatterBraineven with 644 permissions.15:48
ScatterBrainGo figure.15:48
lamontand what are the perms on /var/log :-)15:49
jetolehey guys, I need to know how badly I have just fsck'd myself15:51
ScatterBrainlamont: by default they are 640, with root/adm user/group ownership.15:51
jetoleroot didn't look twice before hitting enter and did a rm -f /var/log15:51
ScatterBrainWhen I change then 644, the script works.15:51
* jetole is currently waiting for the server to reboot15:52
lamontScatterBrain: ls -ld /var/log :)15:52
lamontit's not 640 by default15:52
jetolehmmm, it looks like most the files recreated themselves upon reboot... I think15:52
lamontjetole: mkdir /var/log; chmod 755 var/log; chown root:root /var/log15:53
lamont(or reboot and everything should just do the right thing)15:53
ScatterBrainlamont: mine was.15:53
lamontexcept maybe /var/log/ would wind up 555 instead of 755...15:53
lamontScatterBrain: the directory had no execute permissions?15:53
lamontthat would explain why you couldn't open any file under it...15:53
lamont(since exec is needed to open a file...)15:53
ScatterBrainoh, the lod directory itself.15:54
lamonter..15:54
ScatterBrainnot the file.15:54
ScatterBrains/lod/log15:54
lamontexec permission on a directory is needed to open files in the directory15:54
lamontScatterBrain: yes.15:54
jetolelamont: rm -f /var/log/15:54
lamontjetole: that shouldn't do anything, should it?15:54
jetoledoesn't delete the directory or any subdirs15:54
jetolejust all flat files in /var/log15:54
lamontmkdir x; rm -f x15:55
lamontrm: cannot remove `x': Is a directory15:55
jetoleright, well I wasn't sure if all logs recreated themselves or not15:55
ScatterBrainlamont: blue tmp # ls -ld /var/log15:55
ScatterBraindrwxr-xr-x 8 root root 2048 2008-01-04 10:37 /var/log15:55
lamontScatterBrain: which is what it should be,.15:55
jetolesince I know logrotate has options for logs that need to be touched after an old one is moved15:55
ScatterBrainso If I change the directory so that root/adm owns it will that be OK?15:55
lamontScatterBrain: anyone in the world is allowed to open files in that directory, depending on the permissions15:56
lamontis apparmour bitching about anything?15:56
jetoleI have an apparmor dir in var/log so I am not sure why I would change perms on var/log for a file that has it's own var/log/apparmor15:57
lamontjetole: if there are any logs that don't rebuild after a restart of the daemon (so that a reboot of the system is sufficient....), then it's a bug in the daemon15:57
jetolelamont: any known bugs in server common packages that I may need to be aware of? ;)15:57
lamontapparmor does all kinds of neat funky stuff with permissions totally independent of the filesystem permissions15:58
lamontjetole: not personally, no15:58
jetolealright, well thanks for the help15:59
lamontScatterBrain: if the file is mode 644 and you can read it but the snmp daemon can't, then it's something outside of FS permissions15:59
* lamont finally heads off to get to work for the dasy15:59
ScatterBrainlamont: like what?15:59
lamontlike apparmor15:59
lamontor selinux15:59
ScatterBrainthe script works as root and if I set the perm to 644.15:59
ScatterBrainon a dapper box?15:59
lamontroot skips all kinds of perm checks16:00
lamontdapper.16:00
lamontif the daemon can't open it, I16:00
lamont'm pretty sure it's FS perms somewhere.16:00
lamontanyway, gotta run16:00
ScatterBrainlamont: OK, I'll keep looking.16:00
ScatterBrainthanks.16:01
=== rodneykk is now known as rodpod
=== macd_ is now known as macd
sergevnDoes anyone has any experience with denyhosts?18:19
=== Gamble6x is now known as gamble|fude
nealmcbsergevn: what's your question?19:21
=== gamble|fude is now known as gamble6x
hangthedji just upgraded to hardy, how to i change the shell to say hardy instead of gutsy 7.10 Tribe 3?22:14
delphiukcan someone help me with a 6.06 upgrade problem? I have an output if you need to see it?22:22
=== mindframe- is now known as mindframe
Kamping_Kaiserdelphiuk, what is the problem?22:35
Kamping_Kaiserhangthedj, not sure, try /etc/issue, but be sure you know what your doing before messing with stuff like htat22:35
hangthedjok thanks22:37
delphiukKamping_Kaiser: http://paste.ubuntu-nl.org/50774/22:46
Kamping_Kaiserdelphiuk, hm22:54
Kamping_Kaiserare you using offical repositories?22:54
delphiukKamping_Kaiser: Oh yes, nothing is "non standard"22:54
Kamping_KaiserBTW, try running `export LANG=C` to get rid of those locale/perl errors (makes things easier to read)22:55
Kamping_Kaiserdelphiuk, try `export LANG=C && apt-get -f install`22:57
Kamping_Kaisertell me what that outputs22:57
delphiukrichard@sugar:~$ sudo export LANG=C && apt-get -f install22:58
delphiuksudo: export: command not found22:58
Kamping_Kaiser`export LANG=C && sudo apt-get -f install`23:03
Kamping_Kaiserexport is a shell built in (see help export in the shell if you want to see more)23:03
delphiukKamping_Kaiser: http://paste.ubuntu-nl.org/50778/23:05
Kamping_Kaisertry `sudo apt-get --purge remove apache2-utils` (it may remove a bunch of stuff, i'm not sure)23:07

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!