/srv/irclogs.ubuntu.com/2008/04/01/#ubuntu-server.txt

WheelsOnFire	for example, in redhat after installing 3dm2 you simply run, service 3dm2 restart	00:00
WheelsOnFire	or whatever	00:00
WheelsOnFire	and when you init 0 or 6, the service is stopped	00:00
kirkland	WheelsOnFire: is there a script named that in /etc/init.d/* ?	00:01
kirkland	WheelsOnFire: RH's "server" command simply prepends "/etc/init.d/" onto the service you specify (3dm2) and passes it the action you specify (restart)	00:02
kirkland	WheelsOnFire: not "server", but "service" command	00:02
WheelsOnFire	yeah I get you	00:02
WheelsOnFire	so in other words if they didn't give an init script I need to make one	00:02
kirkland	WheelsOnFire: what format is the package you installed?	00:03
kirkland	WheelsOnFire: a .deb ? a .rpm ? a tarball ?	00:03
WheelsOnFire	=]	00:03
WheelsOnFire	originally it's installed with a java installer. however the installer is closed source and bugged. to get it to install on ubuntu I have to install it elsewhere and then with a custom script which builds a tar from the files on that computer and installs them on the ubuntu machine.	00:04
WheelsOnFire	but I'm pretty good with bash so I'll just script my way through it I guess	00:05
WheelsOnFire	alright thanks	00:05
Silvanov	http://www.ispconfig.org/ this looks similar to cpanel. not sure its a lamp config web gui like im looking for though.	00:12
andguen1	If anyone has a second, I would love comments on https://help.ubuntu.com/community/ShorewallBasics -- especially from people just starting into command line based firewalling, and especially experienced shorewall users as well, thanks	00:18
Silvanov	is there an ssh server installed with ubuntu server (lamp option) by default?	00:20
andguen1	nope	00:20
andguen1	sudo apt-get install openssh-server i believe	00:21
Silvanov	alright, thanks andguen1.	00:21
kirkland	Silvanov: when you choose the lamp option, ssh is in that list too, in the installer	00:21
Silvanov	I didnt see a way to select multiple options though, and I've already completed the installation, just get started learning commands and how to set it up	00:22
andguen1	Silvanov: sudo apt-cache search is a wonderful command to know -- try 'sudo apt-cache search php' or 'sudo apt-cache search openssh' -- any one of those entries there can be installed	00:24
Silvanov	nice. thank you very much. I also found aptitude which seems much more 'user friendly' repository/installer gui.	00:26
andguen1	Silvanov: There are always always always multiple ways to do it :) there wouldn't be thousands of Linux distros if we geeks didn't want some choice in the matter :)	00:27
Silvanov	hehe	00:27
andguen1	find a way that works and use it for a while, just be aware of what others use and check it out just in case	00:27
andguen1	I have to confess, I'm a bit of a hypocrite, or just lazy, some of my friends like zsh, I'm staying with bash shell for now :)	00:28
Silvanov	ive tried suse and red hat before in the past, but this will be my first serious foray with linux, and i wanted to start with ubuntu, because ill be selling and supporting ubuntu machines and my new job :D	00:30
Silvanov	alright, much easier now. dont have to get up and change chairs, have ssh installed and logged in from my main computer :)	00:34
andguen1	agreed, definitely a key first step. -- I have worked with Redhat and SUSE as well, I've gotten spoiled with how easy it is to install packages in Debian/Ubuntu, not to mention the speed of new releases....	00:39
Silvanov	so far i liked the new kubuntu, everything seemed fairly simple to use, and install and configuration was by far much easier than windows 98-vista. For the first time ive tried linux, all the hardware just worked as well. Now ive reinstalled hardy 8.04 server on that machine, and just trying to learn as i go, with the motive of tranferring my blog, which i host on my main pc via wampserver to this box.	00:44
andguen1	it definitely takes a good project to keep you learning and diving further into it	00:49
=== andguen1 is now known as andguent
Silvanov	the only commands I know thus far are sudo, apt-get, ls and ifconfig lol	00:51
andguent	locate is a nice one to know, grep, xargs..... hmmmm what else :)	00:52
Silvanov	figuring I'll learn a ton as i get different software installed and try to configure them.	00:53
owh	Of course there is the server guide :)	00:53
owh	!guide	00:53
Silvanov	!guide	00:53
owh	!serverguide	00:53
owh	Hmm	00:54
Silvanov	bot dead again?	00:54
owh	So much for that.	00:54
owh	One mo.	00:54
owh	http://doc.ubuntu.com/ubuntu/serverguide/C/	00:54
owh	That won't answer all your questions, but it gets you started.	00:55
andguent	if one document answered all of my questions, I wouldn't read it :P	00:55
andguent	takes all of the fun out of life	00:55
Silvanov	im actually reading through that atm, but is it accurate for the 8.04 release as well?	00:55
* lamont isn't familiar with the 'ifconfig lol' command... :-)		00:55
andguent	alias ifconfiglol='echo Come again?'	00:56
owh	Silvanov: Some people would be insulted at that question, but yes, many hours were spent on making it so. Mind you, I'm not sure if that URL has the latest version of the docs, YMMV.	00:56
lamont	heh	00:56
* lamont uses 'ip' rather than 'ifconfig' anymore anyway		00:56
andguent	owh: insulted? mmmmkay, sounds like a reasonable question to me, shrug	00:57
Silvanov	owh: thanks, and sorry, didnt mean to insult or offend anyone.	00:57
JanC	doc.ubuntu.com = "development" server of the docs team	00:58
andguent	I asked this about an hour ago, but If anyone has a second, I would love comments on https://help.ubuntu.com/community/ShorewallBasics -- especially from people just starting into command line based firewalling, and especially experienced shorewall users as well, thanks	00:59
=== LjL-Temp is now known as LjL
JanC	andguent: did you test that with the new shorewall ?	01:00
owh	andguent: Silvanov: Ah, sorry, that's my sense of humour acting up. The insulted comment was really supposed to be in quotes and I should have added >:-) to the end :)	01:00
andguent	JanC: how new? there is always something newer, i just accept that sometimes, it should be good with the latest shorewall from the gutsy repositories	01:01
owh	JanC: So, you're saying that its the latest version?	01:01
* owh really, really wishes that the documentation team started including version strings on all the documents.		01:01
andguent	JanC: I assume you are referring to shorewall 4.0 & up? No, I'm testing it on 3.4.4 currently	01:03
JanC	andguent: according to http://packages.ubuntu.com/shorewall hardy has shorewall 4.x ?	01:03
andguent	still gutsy on my home computers, definitely good to know, thanks for pointing it out	01:04
JanC	you can try hardy in a VM ツ	01:04
andguent	yup, when the time arrives, but definitely good to try	01:06
Silvanov	alright, ive got the lamp setup, phpmyadmin, ssh and ftp servers installed, but not configured yet.	01:10
andguent	Silvanov: sounds like an excellent start, which ftp server did you go with? most everything else there usually configures itself	01:13
Silvanov	vsftpd via http://doc.ubuntu.com/ubuntu/serverguide/C/ftp-server.html	01:14
Silvanov	was able to turn it on, connect, see from my main pc, see there was no files and turn it off. Figure once I get lamp setup, and need to tranfer my wordpress blog over, ill figure that part out lol	01:16
andguent	yup, ftp can definitely do that for you, but one other piece of software to be aware of is scp/ssh, scp lets you copy files from one pc to another if ssh is running at the destination (and your username can get to the destination directory)	01:17
Silvanov	i'll check it out, but atm i don't know directory structures or default locations for anything on linux :S	01:19
Silvanov	im so acustomed to windows, im intrigued, but feel like a new born at the same time lol	01:20
andguent	if you know /home, /etc, and /var, the rest can be lower priority -- /home for your user's settings, /etc for global settings like server daemons, and /var is for files that change often like logs	01:21
Silvanov	so windows analogy wise, home is like my documents, etc is like my programs, and var is like temp?	01:22
andguent	mmm, /etc is probably closer to the registry then to program files	01:22
andguent	var is used for things that are around for a while, but might just change a lot, there is a /tmp directory, that is VERY temporary, and gets cleaned out every reboot	01:23
Silvanov	very good to know, and great explanations :D	01:25
Silvanov	how about opening/reading/editing text or config files. is there a command for that?	01:28
andguent	dozens	01:28
andguent	nano is an easy one to learn, vi is complicated but powerful, some people really like emacs, but thats another story :)	01:29
andguent	if you ever see documentation or menu shortcuts that say ^X -- that usually means Control+X, if you jump into nano you will see what i mean	01:29
Silvanov	i actually just figured that out, and am playing with nano right now :D	01:30
Silvanov	im guessing ^r (read file) is like open file	01:31
andguent	if you are working with text files on the computer you are at, you can try gedit too -- similar to notepad	01:31
andguent	most likely, I tortured myself and jumped right into vi/vim so i would have to learn a nano feature in order to explain it	01:32
Silvanov	thats cool, reading the ftp conf file now, looks like i can edit it through this as well.	01:33
Silvanov	btw, thanks for all your friendly help thus far and in advance :D im sure everything im asking is extremely newbish, but i do appreciate your answers.	01:34
andguent	here, quick tip for you then, I found it was 100 times easier to learn what files contained what settings once I learned how to search for text in files --- 'find /etc/\|xargs grep eth0' -- searches the /etc directory for anything that contains 'eth0'	01:36
andguent	I used to work as an IT helpdesk manager, we had a heavy amount of Ubuntu/Debian boxes, and a good deal of our techs were Windows guys, I have practice explaining this stuff, but it helps if you know at least some good 'ole DOS	01:38
andguent	so, you're welcome :)	01:38
Silvanov	:D im pretty comfortable in dos, wrote some dos scripts before, so I think I'll learn easier than most, I just tend to overwhelm myself sometimes lol.	01:39
Silvanov	i remember theres a way to look up what commands do, and thier syntax, is it command /? or man or something?	01:40
Silvanov	nvm, figured it out :D	01:41
Silvanov	man then the command	01:41
andguent	one of the absolute greatest things of linux is.... once you get your vsftp server running, take the config file /etc/vsftpd.conf or /etc/vsftpd/vsftpd.conf or whatever, and back it up, that usually allows you to duplicate the exact same setup on another box, or break it and reset it later	01:41
andguent	command --help, command -h, man command -- all of those should work, but some programs are older then others	01:42
pablodias	hello folks.. well. I have a question about "fsck". Is it a server question or should I move to #ubuntu?	01:43
andguent	its fine here, just ask, we can see what we can do	01:43
pablodias	thanks =p	01:43
pablodias	after a energy down, my filesystem got broken and then it said to run fsck manually	01:44
pablodias	I'm running it a long time ago, with "-y"	01:44
pablodias	It's actually on the Unattached Inode 819000 (and counting)	01:45
pablodias	it never stops	01:45
pablodias	something I can do to fix it?	01:45
andguent	If possible, try to keep multiple comments to one line, just in case others are talking in the middle of your explanation	01:45
pablodias	ah, ok. i'm sorry	01:46
andguent	how long does it stay on that inode? any weird noises from the drive itself as it hangs on that spot?	01:46
pablodias	It started at 16pm and is still running. I dont know about some noises because I'm on a remote connection	01:46
pablodias	I read about "temporary files" on lost+found, is it right? If yes, is there a way to delete all those files?	01:47
andguent	how many hours ago was it started? I'm on EasternUS time, but I hate to assume you are in the same time zone. :) Is there anyone near the box itself that could possibly hold a phone to the case as its working?	01:48
andguent	....or maybe just describe what noises they hear	01:48
pablodias	it's taking about 5 hours	01:48
pablodias	I think no at moment. maybe tomorrow	01:48
andguent	If fsck files parts of files and doesn't know how to repair the files, it often does drop them in lost+found, I'm not sure if that answers your lost+found question or not	01:49
pablodias	That number are counting quickly. Visually doesnt look like "finding errors" but it's just an impression	01:49
andguent	If the numbers are moving along, I would say let it do its work, it probably is aggressively checking for any errors it can find	01:50
owh	I'd check dmesg while this is going.	01:50
andguent	If the position on the drive has stopped, and stays at one area for a very long time, you may have a hardware problem, I would agree with owh, dmesg gives good info	01:51
andguent	Whatever happens, always always have good backups, if your hard drive survives this, your next priority should be testing all of your backup systems, assuming you have them :)	01:52
pablodias	I'm using a remote system I think cannot show me multiple terminals. I'll keep it running until tomorrow. Many thanks for your help, guys =)	01:52
pablodias	haha, ok. thank you again	01:53
andguent	if signing in via ssh, you can always start a second session, also keep in mind if you started the fsck from a remote shell, that connection needs to stay open for the command to continue	01:53
andguent	shutting down your workstation for the night may kill your disk scan	01:53
andguent	depending on how you started it	01:54
pablodias	It's not SSH because the system is not starting. It's stopping on dis check, no services was started. I'm using a KVM remote access. Looks like a VNC	01:54
andguent	ahh, very nice --- don't suppose you have options for Ctrl-Alt-F2?	01:55
pablodias	I tried on the shurtcuts menu option, but didn't find. let me see again	01:55
andguent	I know for a fact that some of those integrated remote access cards will not have the option, so don't kill yourself looking for it	01:56
pablodias	Yep. No way to change terminal. And i dont know if a system that isn't started can show more terminals than the first one	01:58
pablodias	It looks like that free space counting on Gmail =p	01:59
andguent	if it isn't stopped, cross your fingers and go to bed :)	01:59
pablodias	I started on manually accept this Unattached Inodes, but I stopped at the 600th pressed "Y"	02:00
andguent	oh dear, 600??	02:00
pablodias	manually. after that I started fsck with "-y" option	02:00
andguent	i hope you have good backups man, that just doesn't sound good	02:01
pablodias	many thanks andguent. if I remember how to get back here I tell you about the end of fsck tomorrow. thanks!	02:03
andguent	good luck	02:03
Silvanov	!webmin	03:25
JaxxMaxx	How about a good recommendation for SSH client, windows based? Right now I use putty, but that seems to be limited to a single shell. Wonder if there's like, a multi windowed one	03:40
rhineheart_m	hmmm.. have you tried winscp	03:43
Silvanov	you can run multiple instances of putty as well	03:45
Silvanov	when searching for ssh clients for windows, i found a tabbed client earlier today as well.	03:46
faulkes-	eh?	03:46
faulkes-	putty + screen	03:47
JaxxMaxx	I've used WinSCP before, on my Smoothwall router... didn't seem that special	03:48
JaxxMaxx	Windows doesn't have Screen. I'm thinking of something like mIRC, with 4 tiled windows all to the same server	03:49
JaxxMaxx	got enough monitor resolution to handle it	03:49
rhineheart_m	JaxxMaxx, what would you like to accomplish?	03:53
JaxxMaxx	Seeing whatever the Debug Output is, while keeping my command window from scrolling back would be a good start.	03:54
JaxxMaxx	trying to troubleshoot why FreeRADIUS/dialupadmin and MySQL aren't happily married yet.	03:54
JaxxMaxx	maybe a packet monitor to discover what the Radius packet situation really is like	03:55
JaxxMaxx	I've got a test user that I provide the right credentials, but the result still comes back a failure, but with the success message	03:55
owh	I'm looking for some opinions. I've got a generic user.sh backup script. The way it is intended to be used is that you symlink to it from /etc/cron.daily. The symlink name will be used to determine which username to backup, using `basename $0` - pretty straight forward. So far so good.	03:57
owh	I've got the same for fstab mounted devices. Works in the same way, mounts stuff based on their name in fstab.	03:58
owh	Now for the challenge.	03:58
rhineheart_m	owh, good morning! :)	03:58
owh	If I want to write a generic script that needs other parameters, for example an rsync server and module, or a path to backup, or I need to order the things in /etc/cron.daily, I need to do some magic with the name if I use this idea.	03:59
owh	So, in the opinions stakes. Am I better off making a configuration file, finding a way to "split" the `basename $0` into parts, or do something else?	04:00
owh	The nice thing about doing it this way is that ls -l /etc/cron.daily shows exactly what is happening.	04:00
owh	And of course, the scripts are completely trivial, simple to maintain and common across all backup types.	04:01
owh	Hi rhineheart_m.	04:02
sommer	owh: seems to me that you have enough options to warrant a config file	04:02
Silvanov	got webmin set up finally :D	04:02
kgoetz	owh: make $1 hte user name, then in the script test for $2. if $2 is there require the extra params	04:02
owh	kgoetz: How would I do that if the way that the script is run is as a result of it being in the /etc/cron.daily/ directory.	04:05
kgoetz	owh: the only way it is run is via symlink? ah.	04:05
owh	sommer: A config file then requires parsing and other stuff. I'm not disagreeing, just trying to find the simplest solution.	04:05
owh	sommer: More accurately, the cleanest solution.	04:06
sommer	owh: ah, for me the cleanest would be to not use /etc/cron.daily, but an actual crontab file	04:06
sommer	then you could use a simpler script with more arguments	04:07
sommer	you can't ls the directory, but you can crontab -l the file :-)	04:07
owh	sommer: I understand what you're saying, but that then requires the administrator to understand the format of the crontab file. Something which you and I take for granted, others are flummoxed.	04:07
sommer	owh: heheheh, yep that changes things	04:08
owh	sommer: I like your argument of it allowing you to provide parameters though.	04:08
kgoetz	owh: replace teh symlink with a script?	04:08
owh	This discussion is precisely why I ventured here to ask for opinions :)	04:08
owh	kgoetz: What do you mean?	04:08
owh	Ah, create a script that calls the central code. That's possible, not as pretty, but possible.	04:09
sommer	owh: in that sort of situation maybe bacula would be a good fit, require's more back end configuration, but has gui client	04:09
kgoetz	owh: instead of /etc/cron.daily being a link farm put in a dumb script farm	04:09
owh	sommer: Ah, definitely no. Going down that path then introduces waaaay more complexity, other than an rsync with mount, etc.	04:10
sommer	heh, that's true	04:10
owh	kgoetz: You'll loose this though: /etc/cron.daily/user -> /opt/backups/user_backup.sh	04:11
owh	kgoetz: Which sort of tells you what is going on immediately.	04:11
kgoetz	owh: why will you?	04:11
owh	kgoetz: Then perhaps I do not understand what you are saying. I was showing you a line from ls -l /etc/cron.daily.	04:12
owh	Let me ask a different question as I've already come up against a limitation of my implementation.	04:12
kgoetz	owh: make the file /etc/cron.daily/user a shell script which calls /opt/backups/$0_backup.sh + your params	04:12
owh	kgoetz: No, because then there would be (n * 2) + 1 scripts, rather than one script and n symlinks.	04:13
kgoetz	(n * 2)?	04:14
Jester45	is there any package that i can use to monitor a remote server's resources like ram/swap cpu useage and bandwidth?	04:14
owh	My different question is. How do I order the scripts. Naming them 01-bob 00-judy is obvious, but how do I split off the numbering?	04:14
Jester45	i know i can just use cli tools via ssh but i would love to use a diffrent tool that i can add into conky	04:15
owh	kgoetz: You are suggesting a script in /etc/cron.daily/ for each user, one in /opt/backups/ for each user and the central backup script.	04:15
kgoetz	cut? sed? depends where they are being trimmed	04:15
Silvanov	jester45: webmin or ebox might be what your after	04:15
owh	kgoetz: Hmm, yes, I'm familiar with the concept, is there a cleaner way?	04:16
kgoetz	owh: perhaps i didnt understand yoru symlink then. i take it "/opt/backups/user_backup.sh" isnt your master backup script then?	04:16
kgoetz	Jester45: depends what you want. theres lots of options though	04:16
Jester45	ill look at ebox but i dont want webmin id rather keep it a bit more secure and use ssh+htop/iftop	04:16
owh	kgoetz: Let me show you a more accurate cron listing: /etc/cron.daily/kgoetz -> /opt/backups/user_backup.sh	04:16
Jester45	ebox looks like the same webui stuff	04:17
kgoetz	owh: cleaner way would depend on how broken my suggestion re sed/cut was ;)	04:17
rhineheart_m	Jester45, have you tried phpmyinfo?	04:17
rhineheart_m	Jester45, have you tried phpsysinfo rather?	04:17
kgoetz	owh: ah. and what happens in user_backup? it uses $0 to say 'backup kgoetz'?	04:17
owh	kgoetz: Well to be precise it uses USERNAME=`basename $0`, but yes.	04:18
Jester45	thats looks better	04:18
kgoetz	owh: and for some reason your going to need extra info per user?	04:18
Jester45	thanks rhineheart_m do you know any simpler ones? or maybe something like conky? cli only server	04:19
owh	kgoetz: Well, no, not for the user script, but for a path backup script, yes. That is, now I want to backup /home/fred/accounts/debtors, but I really don't care about fred's photos.	04:19
Silvanov	are you looking for webbased guis?	04:19
kgoetz	Jester45: a one off or lots of servers?	04:20
owh	kgoetz: And similarly, I want to backup to an rsync server with a named module.	04:20
Jester45	kgoetz, just one	04:20
rhineheart_m	Jester45, mmm Nagios	04:20
kgoetz	Jester45: for multiple i'd suggest nagios but not for one	04:20
kgoetz	owh: mmm. i see	04:20
owh	At that point it becomes more and more viable to use sommer's suggestion of config files. I could name them after $0 perhaps.	04:21
Jester45	Silvanov, if you where talking to me im not looking for webuis it jus that they seem to be the only good ones, i think all i really want is ram useage bandwidth and cpu useage in text, file based or via a sevice/pipe	04:22
kgoetz	a onfig file somwhere will be almost required	04:22
owh	Jester45: Then why not set up a password-less ssh and run some remote commands?	04:22
owh	kgoetz: Yuk. but yeah, it's beginning to look like that.	04:23
Jester45	owh, do they connect faster than passworded ssh? so i could enclude into conky?	04:23
kgoetz	owh: the reason i thought of using a script rather tehn a symlink is because you can drop extra info into them	04:23
owh	Jester45: Alternatively you could run MRTG.	04:23
owh	kgoetz: Yeah, but it leaves stuff all over the place, making it harder to maintain.	04:24
kgoetz	owh: yeah.	04:24
owh	kgoetz: It's not when you set it up the first time, it's when you set it up the next time. For example, if I wanted to add a new user to backup, I just create another symlink and off it goes. If I did it with an extra script, I'd need to copy it, then rename it, then edit it, check it for typos, etc.	04:25
kgoetz	owh: now think symlink+config file and its hardly any less complex	04:26
kgoetz	if you have a standard config that most clients use you wont have to edit teh script each time anyhow	04:26
owh	kgoetz: Ah, but I can make it fail if there is no config file and report back. That way I get told it's borked.	04:26
kgoetz	updating is harder then the symlink method though	04:27
kgoetz	thats a feature? ;)	04:27
owh	So, are there any dissenting/alternative opinions around?	04:27
kgoetz	make users do their own backups mwhahahah	04:28
kgoetz	</ot>	04:28
owh	kgoetz: Yeah, no.	04:28
kgoetz	lol	04:28
owh	Would this be evil: ln -s /opt/backups/path.sh /etc/cron.daily/home--fred--accounts--debitors	04:30
owh	Similarly, ln -s /opt/backups/rsync.sh /etc/cron.daily/hostname--module	04:31
kgoetz	-- would be more trouble then its worth. i'd think that would be a fairly fragile way to do it in general though	04:32
* owh just did "locate '--'" with no hits.		04:32
kgoetz	think parsing it	04:32
owh	kgoetz: Yes, it's not pretty.	04:32
* kgoetz expects theres no --'s for a reason		04:33
owh	kgoetz: So, that's good then :)	04:33
kgoetz	if your after a uniq string it should be :)	04:34
* kgoetz tries to work out making directories in perl		04:34
owh	kgoetz: What, mkdir isn't good enough for you?	04:34
sommer	kgoetz: `mkdir dirname` :)	04:35
kgoetz	owh: i'm asuming its harder then that :p	04:35
* owh is with sommer :)		04:35
* owh doesn't speak perl :)		04:36
* kgoetz neither ... yet		04:36
sommer	kgoetz: http://perldoc.perl.org/functions/mkdir.html	04:36
sommer	needs a module though	04:37
kgoetz	yegad. its not that hard o_0	04:37
owh	Well, the POSIX.pm has a mkdir function :)	04:38
owh	kgoetz: And the manual refers to Perl's build in mkdir function as well :)	04:40
owh	s/build/built/	04:40
kgoetz	perldoc -q mkdir didnt find anything, so i assumed it was going to be veeery hard	04:40
* owh grepped :)		04:41
owh	kgoetz: Very evil: locate perl \| while read n ; do grep mkdir $n ; done	04:41
* kgoetz wonders how many binaries owh just grepped		04:42
* owh didn't worry about it.		04:42
kgoetz	lackadasical fiend	04:42
owh	sommer: I'm going with your suggestion of the config files until I come across a better idea. Thanks.	04:43
owh	kgoetz: Nah, if a binary matched, it said so :)	04:43
owh	kgoetz: Sometimes close enough is good enough.	04:43
owh	kgoetz: Of course that will only be true if it actually works, but by then you'll have used google :)	04:44
sommer	owh: np	04:44
kgoetz	mkdir "wikimangle"; ftw!	04:44
kgoetz	sommer: cheers mate	04:45
owh	ROTFL	04:45
owh	sommer: Did you get a reply about the Guide?	04:45
owh	sommer: Or did they try hard not to laugh?	04:45
sommer	oh ya, I did, since it's so far after SF committing the changes will mess with the translators	04:46
sommer	but, we can commit just the spelling changes right before release	04:46
sommer	wich will be after the translators are done	04:46
sommer	just need to make sure the translation doesn't change :-)	04:46
owh	So, that means we'll have it translated and spell checked?	04:47
sommer	yeppers	04:47
owh	sommer: So, do you want me to give you one without example.com, but leave the rest in?	04:47
sommer	I think I created one, did I forget to attach it when I replied?	04:47
* owh still thinks there should be a standard for example urls.		04:48
* owh checks.		04:48
sommer	sure, you just created the standard heh	04:48
owh	sommer: I mean across all the documentation, not just our little guide :)	04:49
owh	Yes, there was a .diff attached. I'm checking it now.	04:49
sommer	you mean not just the server guide?	04:49
owh	Yes	04:49
sommer	um for the diff for the standard?	04:49
owh	Huh?	04:50
sommer	for the using example.com as a standard it would probably be a good idea to post to the doc ml, but probably after hardy is released	04:51
JaxxMaxx	isn't example.com THE example URL?	04:51
owh	Yes. I think that needs looking at in more detail. Hostnames, user names, example users, urls, etc.	04:51
owh	JaxxMaxx, Yes, in very small examples, but not across the board.	04:52
sommer	sure, I'm sure other members of the doc team would agree, plus there are many "student" documentors that could handle that	04:52
owh	For example, what do you name the localhost's FQDN? What about a generic mail server? What username do you give?	04:52
JaxxMaxx	I prefer Testy McTesterson myself	04:52
JaxxMaxx	localhost.example.local?	04:53
JaxxMaxx	Opinions on SecureCRT?	04:53
owh	sommer: Your diff seems to have lots removed. I've not got time right now to check, but I'll have a look-see.	04:54
JaxxMaxx	Hmmm, any way I can get Alt-Fn to work in Putty/ =]	04:54
sommer	owh: sure, whenever you get a chance	04:54
owh	JaxxMaxx, that makes no sense. Alt-Fn, in the context of consoles is hardware specific. You're better off using screen.	04:54
sommer	well I'm off to sleepy time, have a good one all	04:54
owh	Later sommer	04:54
JaxxMaxx	ooh, I remember screen. not how to use it, mind, but I recall the command from University Unix shell days...	04:55
owh	Ctrl-A Ctrl-D = detatch, Ctrl-A Ctrl-C = create, Ctrl-A Ctrl-N = next.	04:56
owh	Have fun.	04:56
JaxxMaxx	sounds like orphaned processes to me.... =]	04:57
jetole	does anyone know what the ubuntu developer channel is?	05:03
ScottK	lamont: Here's a reminder about Bug #207526. I don't think we want to skip fixing this one before the release.	05:04
JaxxMaxx	is it -devel or -development ?	05:04
JaxxMaxx	what command do I use to display what a symlink points at? trying to find where stuff in init.d is pointing	05:05
jetole	devel	05:05
jetole	ls -l symlink	05:05
jetole	ls -l /dir will show long for all files including where symlinks point	05:06
JaxxMaxx	is green a symlink?	05:06
jetole	no	05:07
jetole	executable	05:07
jetole	sym links are light blue	05:07
jetole	if a file has x in it's permissions then it will be green	05:07
JaxxMaxx	Hmm. Then Ubuntu packages put the executables into the init.d dir?	05:07
jetole	they should be	05:07
JaxxMaxx	how do I tell what folder the conf files are in?	05:07
jetole	/etc	05:08
jetole	these are standard linux details	05:08
jetole	/etc/init.d is scripts that run when your computer starts	05:08
JaxxMaxx	Sorry for being such a fresh n00b . =]	05:08
JaxxMaxx	most I've done with Linux before is a Smoothwall Express box	05:08
jetole	however they do not run if they are in that directory but /etc/rc2.d like folders will link to them	05:08
jetole	I have never used it	05:09
jetole	smoothwall	05:09
jetole	"You call that a firewall? This is a bloody firewall"	05:09
* jetole points to custom iptables from hell		05:09
JaxxMaxx	I don't have the time for custom iptables =]	05:10
jetole	yes you do, you just don't know how	05:10
JaxxMaxx	I used to	05:10
JaxxMaxx	way back	05:10
jetole	it is not a slow process when you know how to use it	05:10
JaxxMaxx	but work wasn't eating up the time back then.	05:10
jetole	I can configure it quicker with iptables then any gui	05:11
JaxxMaxx	Too many simple boxes you can drop in for firewall duty. You never truely know how they work exactly, but the bosses believe they do the job	05:11
jetole	and gui's lack features	05:11
jetole	well security is my job	05:11
JaxxMaxx	I'm not lucky to be so focused.	05:12
themime	i installed ubunutu-server on my laptop because it only has 128MB ram and i wasnted a very basic install. i installed fluxbox on top of it, and now i want to run a network manager that supposedly comes with ubuntu-desktop. i thought i might have already apt-get'd it, is there a command i can use to run it to see?	05:12
themime	s/wasnted/wanted	05:12
JaxxMaxx	current boogeyman is a Ubuntu LAMP server hosting FreeRADIUS/DialupAdmin for a Nomadix captive portal	05:12
jetole	I have un used ip on public addresses that are spaced between real ip, if any packet goes to that address then they are blacklisted, if someone port scans a system they are temp blocked, find me a gui that allows me to do that	05:12
jetole	themime: apt-get install ubuntu-desktop -y	05:13
jetole	sudo if need be	05:13
themime	whats -y?	05:13
jetole	yes	05:13
themime	i don't want ubuntu desktop though	05:13
jetole	then why did you just ask for it?	05:13
themime	sorry, i was referring to network manager	05:13
themime	can i run it command line?	05:14
jetole	apt-get install -y network-manager	05:14
jetole	apt-get install -y network-manager-gnome	05:14
JaxxMaxx	Is my mysqld supposed to be running all the time with --skip-external-locking ? I fear I changed a conf file trying to reset the 'sa' password	05:14
themime	jetole: im using fluxbox, will that require a bunch of gnome crap i don't need?	05:15
jetole	well, first off there is no 'sa' password	05:15
jetole	themime: probably but that is one of the network-manager guis	05:15
jetole	the other option is the kde gui	05:15
jetole	JaxxMaxx: there is no 'sa' password	05:15
JaxxMaxx	it doesn't ask for a baseline password when you install MySQL? probably my root sql login then	05:15
themime	is there a non gui version? my question of "how do i run it" was not the install, but to run network manager, cause i think i may have installed it	05:15
jetole	JaxxMaxx: no, and you do not need one when you install it but lemme look at my sql	05:16
jetole	yes it is supposed to have that option	05:16
jetole	I just checked on 3 systems	05:17
jetole	the option for password is something like --skip-grant-tables	05:17
* jetole looks for sure		05:17
jetole	yes, that was the exact option	05:17
JaxxMaxx	ah, right	05:18
jetole	but if you install mysqld from apt-get then there is no root password	05:18
JaxxMaxx	Where does the Debug Log end up? Supposedly there are messages in there useful for troubleshooting	05:18
jetole	if you install it from the server then it prompts you, I mean from the CD	05:18
jetole	during OS install	05:18
jetole	themime: ubuntu server also has a kernel you don't want, if I were you I would install ubuntu desktop and do an apt-get remove ubuntu-desktop -y	05:19
jetole	add --purge onto the end	05:19
jetole	the server system is configured to be a server	05:19
jetole	themime: apt-get install linux-image-generic -y && update-grub	05:20
jetole	themime: reboot and choose the new kernel	05:21
jetole	and then do a apt-get remove linux-image-server && update-grub	05:21
JaxxMaxx	Here's what may be a silly question: If something is told to authenticate to MySQL as a specific username, does that username have to exist in the Linux subsystem, or is it specific to the SQL server?	05:22
jetole	specific to sql	05:22
jetole	grant all privileges on table to 'user'@'host' identified by 'password';	05:23
jetole	I think that is the syntax	05:23
jetole	and host is optional	05:23
jetole	host is also the host of the sql server	05:23
JaxxMaxx	Hmm, maybe I'm not specifying the @host part in this conf file...	05:23
jetole	no	05:23
jetole	that applies to SQL only	05:23
jetole	if host is 'localhost' then they can only connect through localhost etc	05:24
JaxxMaxx	ah, no domain on SQL specific accounts...	05:24
jetole	it's possible, login to sql manually and run => select user, host from mysql.user;	05:25
jetole	it will tell you what users you have defined and what host is associated with them	05:25
jetole	if you want it to be assiciated with any host then change the host to %	05:25
jetole	update mysql.user set host = '%' where user = 'my_fscking_user';	05:26
JaxxMaxx	nah, only things on localhost shoudl talk to this MySQL server	05:26
JaxxMaxx	just hard to tell if it's actually succeeding. the web based admin keeps showing SQL DEBUG statements at the top of frames	05:26
jetole	JaxxMaxx: yes but localhost is a propername as well which represents 127.0.0.1 so if you tell your app to login to the ip that is not the localhost ip and localhost is defined as the login host then it will fail	05:27
jetole	JaxxMaxx: have you tried logging in locally with that user name and password to the ip that you are specifying	05:27
jetole	?	05:27
JaxxMaxx	like with SSH, or via mysql	05:27
jetole	mysql	05:27
jetole	mysql user names do not have ssh access, they are not system users	05:28
JaxxMaxx	I've got the prompt (never been able to fathom this properly)	05:28
jetole	mysql root user has not password by default but imagine if ubuntu shipped where anyone could login to ssh as root with no pass	05:28
jetole	from bash => mysql -u user -p database	05:29
JaxxMaxx	I've set a root pass in MySQL	05:29
jetole	that says launch mysql as user for database and prompt for password	05:29
jetole	if there is no password then leave -p off	05:29
JaxxMaxx	yeah, that works, and I can see the tables the scripts imported...	05:29
JaxxMaxx	now to make sure freeRadius uses that credentials	05:30
jetole	well that is freeradius specific but now you know mysql is setup properly	05:31
jetole	your using sql.conf in the /etc/freeradius directory?	05:33
JaxxMaxx	how about restarting one of the init.d scripts, without rebooting the whole server? I've just been doing shutdown -r and waiting	05:33
jetole	/etc/init.d/script restart	05:33
JaxxMaxx	I'm guessing so, that's where I've put the credentials	05:33
jetole	I have never used the software but I just installed it and am looking it over	05:33
JaxxMaxx	it's one of the most popular RADIUS servers available	05:34
jetole	actually fuck that, I am too tired to look it over	05:34
kgoetz	jetole: better watch the language - ubuntu channel	05:34
jetole	right	05:35
jetole	actually fsck that, I am too tired to look it over	05:35
jetole	better?	05:35
JaxxMaxx	Heh. Usage of Linux should allow for the occaisional invective.	05:35
jetole	JaxxMaxx: http://ubuntuforums.org/showthread.php?t=151781	05:35
JaxxMaxx	Yeah, I've been "looking it over" for around a week now, starting to get tired myself	05:36
jetole	http://ubuntuforums.org/showthread.php?t=151782	05:36
* kgoetz hates freeradius auth setups		05:37
jetole	nothing on linux is impossible, somethings just take a lot of determination but feel good when they are done and offer more options then commercial apps on graphical smiley operating systems	05:37
kgoetz	i doubt setting up radius is easy on any OS tbh	05:37
jetole	plus graphical smiley operating systems got there a$$es owned this year at CanSecWest / Pwn 2 Own	05:38
jetole	I have never done it	05:38
kgoetz	i have. its a pita :)	05:38
jetole	I honestly am not sure what radius offers, I know it is a central point of authentication, is that about it?	05:39
JaxxMaxx	Huzzah for replacing servers other people configured!	05:39
jetole	JaxxMaxx: my life revolves around that to a degree	05:39
JaxxMaxx	virtually every appliance box security thingy can base off RADIUS authentication	05:39
kgoetz	jetole: it provides basic acouting and authentication	05:39
JaxxMaxx	lots of ISPs use it for PPPoE accounts	05:39
JaxxMaxx	yeah, the accounting side is the big one	05:39
kgoetz	basic is a key word ;)	05:39
jetole	hmm	05:39
jetole	so what do you need it for JaxxMaxx	05:40
jetole	?	05:40
JaxxMaxx	I need to make a user-friendly interface for adding usernames to a Captive Portal device (Nomadix)	05:40
JaxxMaxx	authenticates people on a Customer access WLAN	05:40
jetole	ah	05:40
jetole	like wifi for mcdonalds?	05:40
JaxxMaxx	currently there's an old linux install on a Dell box providing FreeRADIUS already	05:40
JaxxMaxx	larger scale, but yeah.	05:41
* jetole nods		05:41
JaxxMaxx	it's a Convention venue, wireless access for exhibitors and other customers	05:41
jetole	whats wrong with the dell box?	05:41
JaxxMaxx	it's getting old, fear of hardware failure	05:41
JaxxMaxx	it's an old Dimension desktop	05:41
jetole	oh	05:41
jetole	ouch	05:41
kgoetz	is it server or pc?	05:41
JaxxMaxx	now they have a "proper" pizza box server	05:41
kgoetz	oh, pc heh. ugly	05:41
JaxxMaxx	and I'm attempting to recreate	05:41
JaxxMaxx	with moresupport for accounting and tracking	05:42
jetole	I have a bunch of those in my office but they are used as desktops	05:42
JaxxMaxx	hence the MySQL integration	05:42
JaxxMaxx	yeah, the previous linux guy here was... odd	05:42
jetole	we just installed 3 new dell poweredge 2950's in a data center	05:42
jetole	those are nice	05:42
jetole	with one huge fscking flaw	05:42
JaxxMaxx	"Let's throw an essential service on this POS dell desktop"	05:42
jetole	dell DRAC which is sold on them from the dell.com/linux site isn't linux compatible	05:42
kgoetz	heh	05:43
JaxxMaxx	Buy Dell servers WITHOUT OS PRELOADED. Golden Lesson.	05:43
jetole	it's barely windows compatible to be honest and the DRAC is honestly a joke in both my opinion and generally in the public	05:43
kgoetz	always buy servers clean	05:43
jetole	JaxxMaxx: DRAC is a client access device	05:43
jetole	OS preload is irrelavent	05:43
JaxxMaxx	DRAC? that some sort of remote admin card?	05:44
JaxxMaxx	hurrrrr	05:44
JaxxMaxx	Dell Remote Admin Card	05:44
JaxxMaxx	me so smarty	05:44
jetole	which reminds me, speaking of DRAC, anyone know of a device that I can install on the server that will give me IP KVM that allows me to access bios etc and gives me virtual media so that a CD in my drive at my office appears present in the server in the data center?	05:45
jetole	JaxxMaxx: no but it claims to be	05:45
jetole	it's an over priced managed PDU	05:45
JaxxMaxx	generally those have to be vendor specific, jetole	05:45
JaxxMaxx	I like the IBM and HP ones	05:45
jetole	JaxxMaxx: they shouldn	05:45
jetole	t be	05:45
JaxxMaxx	And in a perfect world they wouldn't.	05:46
kgoetz	open firmware + alom \o/	05:46
JaxxMaxx	but, they do have to interface with teh BIOS, so that is all super sekret tech	05:46
jetole	it is something that can be done generically in principal, I mean the bios over kvm can be done with a device that appears as a video card to the server, there are usb cdroms and pci drive adapters so if the card manages the over the internet part it is fine	05:47
jetole	the remote reboot capability can be done through a managed PDU	05:47
jetole	JaxxMaxx: no it isn't	05:47
jetole	can IP KVM cards not do that already?	05:47
jetole	I mean there is nothing secret about it	05:48
JaxxMaxx	There may be PCI based IP KVM cards, but I'm not familiar with generic ones... only specific addons from the server vendor	05:48
jetole	you're emulating a screen, keyboard and mouse, bios doesn't have to know what it is connected to	05:48
jetole	JaxxMaxx: they are out there but I have never used one	05:48
jetole	it's the virtual media which I thought would be less likely	05:49
JaxxMaxx	the one I've used worked well for loading my FLASH drive remote to server, and let me watch screen across a reboot	05:49
jetole	JaxxMaxx: thats what DRAC claims	05:49
JaxxMaxx	silly RAID error refusing to pass a "push a key" prompt	05:49
JaxxMaxx	yet DRAC won't load the media into the Linux OS?	05:50
JaxxMaxx	doesn't play nice with umount or whatever	05:50
jetole	after hours of tech support and on site dell technicians who didn't get it we finally realized that with a highly tuned windows machine it works some times and techs argues with each other about if linux works	05:50
JaxxMaxx	Most of the ones I've come across emulate you plugging the device in via USB	05:50
jetole	this one is supposed to do that also	05:51
jetole	DRAC 5	05:51
jetole	worst case scenario, if the server fails then I am driving to downtown miami to fix it	05:51
JaxxMaxx	I don't do Dell that much, honestly.	05:51
jetole	my boss was adamant about dell	05:51
JaxxMaxx	Stupid boss.	05:51
jetole	my boss is a software guy though	05:51
JaxxMaxx	HP and IBM both will special bid Dell price on anything not bottom barrel	05:51
jetole	he was cautious about buying non dell computer monitors wondering if they would be compatable	05:52
JaxxMaxx	if you've got a good VAR	05:52
JaxxMaxx	Hmmm. Sounds like your boss needs some reprogramming. I'll fetch the BOFH cattle prod	05:52
jetole	yeah well, my boss is a good programmer but doesn't know shit about hardware	05:52
JaxxMaxx	Find out who in the area does the Onsite server hardware calls for IBM and/or HP. they'll get you good pricing, they want to get in instead of Dell	05:53
jetole	JaxxMaxx: we already have the dell servers on site and live	05:53
JaxxMaxx	I'm lucky enough to work for the company that does it in my City. =]	05:53
JaxxMaxx	yeah, I feel your pain.	05:53
kgoetz	sun > ibm > hp > * > dell	05:53
JaxxMaxx	Tell Dell to fix their crappy remote admin cards	05:54
jetole	honestly if I can find a good card I may be happy, the dell computers do kick but otherwise	05:54
JaxxMaxx	tbh, that would be interesting. Addon PCIe card that replaces video controller with a passthru to IP KVM instead of video device...	05:55
jetole	http://www.avocent.com/What-is-KVM-over-IP.aspx	05:55
jetole	that looks decent except for windows	05:55
jetole	but they mention virtual media	05:56
jetole	JaxxMaxx: http://en.wikipedia.org/wiki/KVM_switch <== browse down to the kvm over ip section	06:00
JaxxMaxx	They are very handy devices.	06:01
jetole	seems like if I can find a DRAC like one that works, likes linux and is hardware indifferent	06:02
jetole	lol @ http://okvm.sourceforge.net/links.html	06:03
jetole	see if you can spot iy	06:03
jetole	*it	06:03
JaxxMaxx	Heh. realy Open Source, build your own PCI interface card	06:04
jetole	I was actually refering to rdesktop x2	06:04
JaxxMaxx	oh, heh. hurray for volunteer proofed pages	06:05
JaxxMaxx	ugh, blargh, why are DEBUG statements showing up in the PHP based pages for dialupadmin	06:08
jetole	probably because it is enabled somewhere	06:08
JaxxMaxx	would that be a SQL or apache thing?	06:10
JaxxMaxx	I can't find the debug statements anywhere else	06:10
jetole	http://www.avocent.com/DSR_Switches.aspx	06:11
jetole	it would be a dialupadmin thing	06:11
jetole	it would be in a configuration file somewhere that the dialupadmin php parses and when it sees display sql debug then display sql debug	06:11
JaxxMaxx	now to stop the debug statements...	06:13
JaxxMaxx	ewwww, it might be because DialupAdmin was written with PHP4 in mind, and now everything is PHP5	06:14
jetole	nope	06:14
jetole	thats not a good feature but doesn't explain the debug statements, there is a config file somewhere that has them enabled	06:15
jetole	i am going to bed	06:15
JaxxMaxx	good night	06:16
JaxxMaxx	stupid other packages depending on php5, and php5 breaking when I install PHP4	06:17
rhineheart_m	hello.. is this article true? http://article.gmane.org/gmane.comp.version-control.git/78613	06:30
=== \sh_away is now known as \sh
kraut	moin	07:55
foo	moin	07:55
spiekey	Morning!	07:56
spiekey	Can you bind netcat to multiple ports?	07:57
_ruben	spiekey: dont think so, but you could run netcat multiple times	08:07
spiekey	_ruben: hmm..okay ;)	08:37
spiekey	has someone an idea whats going on here? http://pastebin.ca/965845	08:38
spiekey	it doesnt make sense to me at all :-/	08:38
soren	spiekey: Hm... Looks like fun :)	08:51
soren	spiekey: Oh, I know.	08:51
soren	spiekey: It doesn't respond to ping, so nmap skips it.	08:52
soren	To change this behaviour pass -PN (used to be -P0 (and you put -PO, not -P0)).	08:52
twb	Hi. I just tried to set up user quotas on a test machine (on the / filesystem, because I forgot to create a separate /home), and the quota command is listing values that are clearly wrong. / is mounted -o usrquota according to /proc/mounts and /aquota.user exists, but "quota al" claims I have only twelve thousand (12340) blocks used when du -sch /home/al clearly reports 700MB of usage, all owned by al.	08:58
twb	So, the quota file was generated correctly by checkquota (as part of /etc/init.d/quota), but it hasn't being correctly updated -- which is why quotas aren't enforced. What can I do to isolate the fault?	08:59
twb	Probably unimportant details: the server is running hardy, and the users in question exist in LDAP (getent passwd, i.e. nss, can see them) and Kerberos (they can log in, i.e. pam_krb5 can see them). /home is exported by NFS 3 and /export and /export/home are exported by NFSv4. /home is -o bind mounted to /export/home.	09:02
spiekey	soren: i used 0 as in zero.	09:06
spiekey	soren: -sT seems to solve it.	09:07
soren	spiekey: Oh, so you did. The font on pastebin misled me.	09:15
twb	It mysteriously started working.	09:16
spiekey	soren: when i open the port 1234 with netcat: nc -l -p 1234 -u -k and i scan this port with nmap my netcat dies.	09:27
spiekey	http://www.networksecurityarchive.org/html/Security-Basics/2008-02/msg00354.html --> they confirm my option flags	09:28
spiekey	any idea why netcat dies?	09:28
spiekey	this is on gutsy	09:30
twb	spiekey: dumb question: is it because nmap opens the connection, then hangs up?	09:32
twb	netcat will exit when the other end hangs up.	09:32
spiekey	but i want nc to stay alive :)	09:33
soren	spiekey: netcat only handles one connection.	09:35
soren	spiekey: And then dies.	09:35
spiekey	this sucks :D	09:35
spiekey	how would i then e able to test a udp connection with nmap and netcat?	09:36
soren	while true; do netcat ; done	09:37
spiekey	ah! :)	09:38
spiekey	okay, lets assumei want to open up 20 udp ports with nectat...all with 200 while loops...how will i be able to kill them all afterwards?	09:39
fromport	killall nc	09:43
spiekey	fromport: nc is running in a loop	09:45
spiekey	while true;do nc...;done	09:45
soren	Kill the shell that's running the loop.	09:46
_ruben	spiekey: why not use smth like xinetd to do the listening?	09:48
* faulkes- makes a mental note to have the ubuntu forum team killed		12:45
* kgoetz wonders what faulkes- is plotting		12:46
faulkes-	I appreciate that it's april fools but what they've done deserves nothing less than death	12:46
kgoetz	ah... i wont look	12:46
faulkes-	best not	12:46
soren	Oh, dear.	12:54
faulkes-	soren: git my scattergun, I'ma goin huntin forumpossums	13:12
zul	hmm...I seem to have a deer in the backyard of my house how odd	13:15
soren	Er... what?	13:15
zul	a deer like bambi	13:19
faulkes-	zul: used to see that all the time when I lived in boulder, co	13:22
zul	faulkes-: yeah but this in the middle of the city, kind of	13:22
faulkes-	very odd the first time you see it if you're used to living in the city	13:22
faulkes-	zul: well, no choice, get out the steak knives, start preparing lunch	13:23
zul	ick	13:26
JaxxMaxx	can't believe anything you hear on 4/1	13:35
troofy	if i dont have dns control, hurdles will i face in my .com?	14:03
=== TeTeT_ is now known as TeTeT
soren	what?	14:09
troofy	i wana have a .com	14:09
troofy	some dont give full dns control. right?	14:10
soren	That doesn't mean anything.	14:10
soren	WEll, that's not entirely true. It's wildly ambiguous, though.	14:10
soren	You want to buy a .com domain? Is that it?	14:10
troofy	ya	14:11
JaxxMaxx	All the good domain hosts will let you have control over the full DNS zone	14:11
troofy	soren someone said go for provider that gives good dns control	14:11
* soren is curious what this has to do with Ubuntu		14:12
soren	troofy: WEll, yeah, some sort of dns control would be useful :)	14:12
troofy	ubuntu server can be used to have websites hosted with apache	14:12
soren	troofy: I all depends on what you're going to use the domain for.	14:12
troofy	soren what is this 'some sort' ?	14:12
soren	troofy: It all depends on what you're going to use the domain for.	14:13
Deeps	godaddy.com, coupon code OYH3, $6.95 .com domain	14:13
troofy	soren domain will be used as email server, web server, ircd server.	14:13
Deeps	afaik thats the cheapest you can get	14:13
Deeps	(as an individual)	14:13
troofy	k	14:13
troofy	Deeps goddady can close my websites? for spamming?	14:14
soren	Owning a domain is useless if you have no control over it, and what you want to do is almost the simplest thing in the world (from dns management perspective).	14:14
Deeps	if you're planning on spamming, you're better off going elsewhere	14:14
Deeps	ie, ask irc.spam.net in #spam	14:14
soren	I'd be surprised if someone offers a dns service that so amputated that you can't even set up a web and mail server.	14:14
Deeps	and not in here	14:14
troofy	how are domains shutdown. for what reasons?	14:15
soren	If they suck too much.	14:15
sommer	lol	14:15
troofy	like?	14:15
Deeps	troofy: ask the registrar	14:15
Deeps	troofy: nothing to do with ubuntu	14:15
soren	troofy: Dude.. This channel is about Ubuntu server.	14:15
troofy	.coms have high link with servers. and i like ubuntu:)	14:15
soren	I like liquorice. That doesn't make Ubuntu server on-topic in #liquorice, either.	14:16
troofy	can any one tell me off the record?	14:16
Deeps	ask the registrars, nothing to do with us	14:16
troofy	godday say it can shutdown for no reason atall	14:17
soren	troofy: Dude. Go somewhere else.	14:17
Deeps	troofy: http://www.icann.org/registrars/accredited-list.html go through that list	14:18
Deeps	those are allk the people that'll sell you domains	14:18
Deeps	have a nice day now :)	14:18
troofy	i wil :)	14:18
Deeps	good bye! :)	14:18
troofy	bye..	14:19
troofy	Deeps arent you out yet?	14:19
=== jp_ is now known as josephpiche
_ruben	sweet .. will be getting a test san tomorow or the day after .. an equalogic one .. they're giving a seminar nearby and will be dropping one off here so we can play with it for a while	15:21
henkjan	"Hardy will be delayed by 3 months"	15:22
henkjan	from #ubuntu+1	15:22
_ruben	so it'll be 8.07 then i guess?	15:23
=== \sh is now known as \sh_away
travisb	I set log_errors = On and error_log =/filename in php5 and it's not logging anything to that file.	16:34
ivoks	restart apache	16:35
travisb	I did	16:35
travisb	still nothing	16:35
travisb	apache logs correctly	16:36
soren	travisb: I suspect /filename is not the real path?	16:36
ivoks	travisb: try with /tmp/somefile	16:37
jetole	holy hell	16:37
ivoks	www-data can't write into /	16:37
soren	jetole: ?	16:37
jetole	userfriendly.org is down, damn april fools joke I hope	16:37
travisb	corect it's file /var/log/php.log and www-data owns it	16:38
ivoks	jetole: we had this as index page on ubuntu-hr.org: http://ubuntu-hr.org/jebemti.html	16:38
ivoks	jetole: total panic :D	16:38
bdmurray	soren: somebody mentioned bug 207526 to me	16:38
ubotu	Launchpad bug 207526 in postfix "default main.cf.tls causes syslog warnings" [Medium,Confirmed] https://launchpad.net/bugs/207526	16:38
jetole	huh, well since I have never been to the site before I would not be too worried, but uf.org?	16:39
lamont	bdmurray: meh	16:39
=== \sh_away is now known as \sh
jetole	fsck me! I can't go to work without reading a little sys admin comics and so far I have only seen dilbert, thats like a half dose dude	16:40
lamont	bdmurray: I'll figure out something with it today (and no, changing /var/spool/postfix into a postfix-owned dir is probably not the right answer...	16:40
bdmurray	lamont: okay, thanks!	16:40
=== ivoks_ is now known as ivoks
jetole	uf.org is more like 3/4 of what a sysadmin needs daily and now it's gone?	16:40
=== \sh is now known as \sh_away
nxvl	how is that i get a security update uploaded into the stable releases	17:09
nxvl	using the SRU procesure?	17:09
mathiaz	nxvl: if it's a security update, you shouldn't follow the SRU process	17:29
mathiaz	nxvl: IIRC keescook or jdstrand will sponsor your debdiff	17:30
jdstrand	nxvl: hi. what is the bug number?	17:30
nxvl	jdstrand: Bug #210175	17:58
ubotu	Launchpad bug 210175 in openssh "[openssh] [CVE-2008-1483] allows local users to hijack forwarded X connections" [Undecided,Confirmed] https://launchpad.net/bugs/210175	17:58
jdstrand	nxvl: thanks	17:59
nxvl	does anyone know something about this -> http://blog.drinsama.de/erich/en/linux/debian/2008040101-renaming-directories	18:29
mindframe-	nxvl, oh jeez	18:35
mindframe-	i can't say i'm a fan of that change	18:35
mindframe-	probably better for usability purposes though	18:35
nxvl	well, for the users it will be better, but for sysadmins it will be hell	18:37
mindframe-	agreed	18:37
mindframe-	why not just do symlinks	18:38
nxvl	well. it will be easier for sysadmins to do some symlinks than for users	18:43
nxvl	so they don't have this directories they don't know what they are	18:43
=== joerlend_ is now known as XiXaQ
henkjan	w00t	19:51
henkjan	installing hardy in kvm	19:51
akincer	I've been bashing my head against a wall with bind9 for about an hour and I'm pretty sure apparmor is my problem. Can anybody here give some quick pointers on how to address an issue with apparmor?	20:24
akincer	Ok, so how do I configure apparmor to let named access zone files in /etc/bind/zones?	20:27
akincer	I could lament how dumb THAT is, but I'll refrain since I hope there is an easy fix	20:28
mindframe-	akincer, maradns to the rescue	20:41
akincer	?	20:41
mindframe-	just spamming my preference of dns server, sorry	20:41
akincer	more like /etc/init.d/apparmor stop to the rescue	20:41
mindframe-	hah	20:41
mindframe-	maybe set it to 'learning' mode for a bit	20:42
akincer	I'm sure it's great, but not letting bind read zone files treads on absurdity	20:42
akincer	As soon as someone explains that one to me and how to fix it, I'll think more highly of it. Until then, I consider it a nuisance to be turned off	20:44
akincer	or point me to some documentation	20:44
akincer	Googling apparmor ubuntu bind9 doesn't bring up anything promising	20:46
akincer	Ahh, how cute. Found this in /etc/apparmor.d/usr.sbin.named: # Dynamic updates needs zone and journal files rw. We just allow rw for all in /etc/bind, and let DAC handle the rest	20:49
akincer	Sorry, this gets a big FAIL	20:50
akincer	I'll fix it since DAC seems to be failing all on its own	20:50
jdstrand	akincer: where are you storing your zone files?	20:51
jdstrand	/etc/bind?	20:51
akincer	in /etc/bind/zones but not to worry. Adding /etc/bind/zones/* rw, in the usr.sbin.named fixed it	20:52
* jdstrand nods		20:52
akincer	I shouldn't HAVE to do that	20:52
Deeps	i suspect apparmor might have expected your zone files to be in /var/cache/bind/	20:52
jdstrand	apparmor is configured for /etc/bind and /var/lib/bind	20:53
Deeps	(which is the default behaviour on ubuntu systems)	20:53
akincer	None of the how-tos out there use that convention	20:53
jdstrand	Deeps: it's /var/lib/bind	20:53
Deeps	jdstrand: my ubuntu 7.10 box says differently	20:54
slangasek	there's no /var/cache/bind used for slave zones?	20:54
jdstrand	it's /var/lib/bind on hardy for sure	20:54
Deeps	/etc/bind/named.conf.options:	20:54
Deeps	directory "/var/cache/bind";	20:54
Deeps	by default	20:54
Deeps	on gutsy	20:54
jdstrand	which is what I assumed we were talking about, since hardy is the first release with an enforcing profile	20:55
Deeps	and on debian etch	20:55
slangasek	jdstrand: that's, mmm, wrong then :) slave zones are cache data, and should be stored in a separate dir	20:55
jdstrand	slangasek: talk to lamont-- I didn't do it ;)	20:55
jdstrand	let me check /etc/bind/named.conf.options...	20:55
lamont	/var/cache/bind is for slave zones	20:56
slangasek	right	20:56
lamont	/var/lib/bind is for zones that you have nsupdate hitting	20:56
lamont	/etc/bind/ is for zones that you master	20:56
slangasek	so the proper apparmor policy is to allow both	20:56
jdstrand	slangasek: and it does	20:56
Deeps	i guess all my zone are in the wrong place then, as all i do for my zones is file "zone", no extra pathing	20:56
lamont	realistically, named should not need write access to /etc/bind	20:56
Deeps	(which dumps them all in /var/cache/bind)	20:57
Deeps	(whoops? heh)	20:58
* jdstrand nods, but acquiesed in the knowledge that some people configure it that way		20:58
* lamont points at "Configuration Schema" in /usr/share/doc/bind9/README.Debian.gz		20:58
lamont	there are also people who put everything in /var/lib/bind, and I mean everything	20:58
akincer	there doesn't seem to be any good docs on wiki.ubuntu.com for this	20:59
Deeps	ah	20:59
* Deeps learns more		20:59
akincer	http://ubuntuforums.org/showthread.php?t=236093	20:59
akincer	That's what I followed	20:59
akincer	It seems to me extremely unwise to put an enforcement mechanism on the server edition without some documentation on what basic assumptions it makes.	21:00
akincer	And I think that is being generous when I say that	21:01
lamont	akincer: I wasn't consulted before they uploaded the apparmor crack	21:01
lamont	er, stuff	21:01
sergevn	is there an opensource alternative for DirectAdmin?	21:02
akincer	I gotcha. Somewhere someone made some assumptions and those assumptions haven't, so far as I can tell, been documented. I had to look in a config file to find out? VERY bad form	21:02
lamont	akincer: actually, they follow the documentation in README.Debian.gz	21:03
jdstrand	akincer: it is documented that apparmor is in enforcing mode in README.Debian	21:03
Deeps	is there a way to read the README.Debian without having to gunzip it first?	21:04
slangasek	zless	21:04
Deeps	(as typically it comes .gz)	21:04
jdstrand	akincer: I am not 100%, but I believe it's in the server guide too	21:04
Deeps	ah	21:04
Deeps	nice	21:04
* lamont uses "vi" (== vim)		21:04
Deeps	vi can gunzip on the fly?	21:04
Deeps	well, vim	21:04
jdstrand	akincer: and we have https://wiki.ubuntu.com/DebuggingApparmor for debugging profile bugs	21:05
jdstrand	akincer: which you hit-- that lin in usr.sbin.named should be /etc/bind/** rw,	21:05
akincer	http://doc.ubuntu.com/ubuntu/serverguide/C/dns-configuration.html	21:06
akincer	Now use an existing zone file as a template to create the /etc/bind/db.example.com file:	21:06
akincer	sudo cp /etc/bind/db.local /etc/bind/db.example.com	21:06
akincer	but the read/write isn't recursive? Does that REALLY make sense?	21:07
jdstrand	lamont: can you change the apparmor profile to have '/etc/bind/** rw,' instead of '/etc/bind/* rw,' when you upload -9	21:07
incorrect	hello, sorry to go on about this again, but does anyone know of any comparisons between running 32bit apps on 64bit platform vs running them on a native 32bit	21:07
jdstrand	akincer: it doesn't make sense. it's a bug	21:07
lamont	- /etc/bind/* rw,	21:08
lamont	+ /etc/bind/** rw,	21:08
lamont	like so?	21:08
jdstrand	yep	21:08
incorrect	i am pretty convinced that running 32bit apps on 64bit platforms is a waste of time	21:08
jdstrand	lamont: that'll fix akincer's issue	21:08
lamont	incorrect: it depends on the app, I rather expect	21:08
jdstrand	lamont: do you think it would be worthwhile to do the same for /var/cache/bind and /var/lib/bind?	21:09
jdstrand	lamont: in thinking about it, I do	21:09
lamont	yeah, it does	21:09
jdstrand	lamont: can you do that as well?	21:09
lamont	sed -i 's/\/*/' :-)	21:09
lamont	done	21:09
jdstrand	lamont: thanks!	21:09
incorrect	i expect taking the 32bit emulation down to the silicone should be a lot faster than using lib32	21:10
slangasek	really would be better if it could be /etc/bind/ r, /var/lib/bind/ rw...	21:10
akincer	Are there plans to write up a tutorial on apparmor if one doesn't already exist?	21:11
slangasek	a bit less protection if your daemon is allowed to overwrite its own config files, which is what /etc/bind is supposed to be	21:11
jdstrand	slangasek: I agree, but to not break people's configurations who are doing the wrong thing there, we did 'rw'.	21:11
lamont	slangasek: I could make it read only for /etc/bind... it'd break more than one common-but-well, wrong installation class though	21:11
jdstrand	slangasek: remember that apparmor respects unix perms, so the default install is still ok	21:11
lamont	these are the same people who scream every upgrade because postinst makes /etc/bind 644 root:bind :-)	21:11
akincer	I'd be happy to stop doing the wrong things there. But I think this should be documented unambiguously. So far, I'm unconvinced that it is.	21:12
slangasek	heh :)	21:12
slangasek	akincer: in a sense, this is documented in the FHS; but I agree that this could be made a bit more explicit	21:12
lamont	jdstrand: likewise, I'm not terribly averse to putting a comment above the '/etc/bind/** r' entry that points to README.Debian.gz :-)	21:12
Deeps	if /etc/bind is supposed to be read only by named, and also where you're supposed to keep your master zone files, where do you keep your dynamic zone files? /var/lib/bind?	21:13
jdstrand	lamont: that would be most welcome	21:13
slangasek	Deeps: yes	21:13
Deeps	dynamic zones that you're master for*	21:13
akincer	slangasek: I'm a documentation nazi. To me, it's binary. Either something is documented unambiguously or it isn't.	21:13
lamont	slangasek: yeah - the series of bugs that eventually led to /etc, /var/cache, and then /var/lib are siting FHS	21:13
jdstrand	slangasek: if the release manager says go for 'r' on /etc/bind, I'm cool with it-- but there will be bugs on it	21:13
lamont	jdstrand: was that a +1 for making /etc/bind "r"??	21:13
lamont	or just the comment?	21:13
jdstrand	lamont: I always wanted it to be 'r', but was trying not to break that common misconfiguration	21:14
jdstrand	lamont: it a 'correct' vs 'pragmatic' kinda thing	21:14
jdstrand	it's	21:14
slangasek	jdstrand: hey now, I'm not speaking as release manager when I say that. :)	21:15
* lamont looks at one bind9 instance he cares about, and finds: include "/var/lib/........conf";		21:15
lamont	so that one breaks in any case./	21:15
jdstrand	lamont: the '**' wouldn't fix it? It's not in /var/lib/bind/...	21:15
lamont	Deeps: dynamic master zones ==> /var/lib/bind	21:16
lamont	it's /var/lib/$somewhereelse	21:16
jdstrand	lamont: ah-- well yes. we have also talked about have a comment in the config files about non-default locations	21:17
lamont	my stuff uses /etc/bind/pri for primary zones	21:17
slangasek	akincer: the FHS unambiguously documents what the heirarchy is supposed to be for files, and Debian policy references the FHS, and Ubuntu references Debian policy... so it's not ambiguous, it's just not self-evident :-)	21:17
akincer	How about sticking a README in /etc/bind with some clarity so hopefully someone like me would read it	21:17
jdstrand	eg, my.cnf now has a warning in it about needing to change usr.sbin.mysqld if the default patchs are changed	21:17
jdstrand	akincer: docs are https://help.ubuntu.com/community/AppArmor	21:18
akincer	LOL, perhaps unambiguous isn't the word I'm looking for . . .	21:18
jdstrand	akincer: https://wiki.ubuntu.com/DebuggingApparmor	21:18
lamont	# Dynamic updates needs zone and journal files rw, use /var/lib/bind	21:18
lamont	# /etc/bind should be read-only for bind	21:18
lamont	# See /usr/share/doc/bind9/README.Debian.gz	21:18
lamont	/etc/bind/** r,	21:18
lamont	/var/lib/bind/** rw,	21:18
lamont	jdstrand: how's that look?	21:18
jdstrand	akincer: that is not inreference to your README suggestion	21:18
jdstrand	lamont: what about /var/lib/cache?	21:18
lamont	akincer: I'm pretty sure that READMEs don't go in /etc	21:18
jdstrand	/var/cache/bind	21:18
lamont	/var/cache/bind/** rw,	21:19
lamont	ah, yeah. in the comment	21:19
lamont	# /var/cache/bind is for slave/stub data, since we're not the origin of it.	21:19
lamont	# /etc/bind should be read-only for bind	21:20
lamont	# /var/lib/bind is for dynamically updated zone (and journal) files.	21:20
lamont	# /var/cache/bind is for slave/stub data, since we're not the origin of it.	21:20
lamont	# See /usr/share/doc/bind9/README.Debian.gz	21:20
lamont	there	21:20
lamont	and moved /var/cache/bind up as well	21:20
lamont	akincer: and I really don't want to modify named.conf* unless I have to, since they're almost always modified by the admin, and it's sad to make the upgrade prompt them for the diff	21:20
jdstrand	lamont: those comments are in the apparmor profile?	21:20
lamont	yes	21:20
lamont	http://people.ubuntu.com/~lamont/bind9.apparmor	21:21
akincer	Hey, it was me that used a howto on ubuntuforums	21:21
lamont	is the (uncommitted) file	21:21
jdstrand	I like them and your changes to the profile (though I still think 'r' might get us in trouble-- but upgrades are covered properly in postinst, so probably not too bad)	21:21
lamont	jdstrand: if I upload today, we should hear about it this week, yes? :-D	21:22
jdstrand	lamont: looks great	21:22
akincer	Interestingly, had the rw been recursive, I wouldn't have had the problem to begin with naughtiness of me putting zones in /etc/bind/zones aside	21:22
* lamont has had mixed results with ubuntuforums howtos....		21:22
jdstrand	lamont: do you have an opinion on putting a comment in the non-apparmor config files?	21:23
akincer	That's the first time I've had a failure. But to be fair, it would have worked had apparmor not gotten in the way	21:23
lamont	jdstrand: <lamont> akincer: and I really don't want to modify named.conf* unless I have to, since they're almost always modified by the admin, and it's sad to make the upgrade prompt them for the diff	21:23
lamont	OTOH, dapper smacked them around in an upgrade, iirc	21:24
akincer	I am not suggesting you do so	21:24
lamont	-security upgarde	21:24
lamont	so y'all already made it painful for some upgrades... thanks. :-P	21:24
akincer	hehe	21:24
* jdstrand doesn't recall that		21:24
slangasek	akincer: "would have worked", but it was still recommending usage that was contrary to the FHS :/	21:24
akincer	There are times (like today) that your first concern is to get it working. Then you go back and nice it up	21:25
slangasek	so it was only a matter of time before the advice in that howto was brought up short by reality	21:25
jdstrand	lamont: I haven't looked at it's conffile/config file handling-- I was mostly concerned about a new install there	21:25
lamont	jdstrand: IIRC, query-cache crappage that I was ignoring since the defualt changed in-source in 9.4	21:25
jdstrand	lamont: if that's too hard, no problem	21:25
slangasek	(e.g., storing nsupdate zones in /etc/bind will also fail for users who have read-only root filesystems)	21:26
akincer	And yes, I could have used 7.10 server, but I would have to upgrade soon anyway	21:26
akincer	figured I'd save some time	21:26
lamont	slangasek: that howto doesn't actually do anything wrong that I saw... other than totally not mentioning dynamic updates and what to do with the zone file	21:26
slangasek	lamont: ah, fair enough	21:26
lamont	and if a package delivers a README.Debian file, it's _always_ a good idea to read that file...	21:27
lamont	if for no other reason than to find out what crack the maintainer is on	21:27
lamont	which reminds me... did we ever decide if it was just dund or all 3 that I'm adding back into bluez-utils?	21:28
slangasek	I think just dund :)	21:29
lamont	stevenK disclaimed knowledge on the subject	21:29
slangasek	would be nice to get Marcel's input	21:29
lamont	slangasek: sounds good to me	21:29
lamont	Marcel == debian maint?	21:29
slangasek	Marcel == upstream	21:29
slangasek	debian maint just introduces gratuitous deltas to the Ubuntu packaging, I don't think he'll have any relevant input ;)	21:30
lamont	heh	21:30
lamont	ok. I'll turn on dund and fire email at upstream then. :-)	21:30
slangasek	(Marcel was at UDS Boston; dunno if he's coming again to Prague)	21:30
lamont	slangasek: I'm gonna not be in Prague either	21:44
slangasek	lamont: aww	21:48
MountainX	I need to know what will happen when I change a Group's ID. I want to change my admin GID from 114 to 113. There is another group with ID 113 at the moment. So, how do I proceed? (This is part of setting up an NFS server...)	21:55
mok0	MountainX: you need to move the other users to a different group first	22:03
MountainX	there are no users in GID 113 (name=adm). So if I change admin group to GID 113, then can I change adm group to GID 114 in a second step?	22:05
MountainX	is there a howto for manually syncing passwd and group files?	22:05
MountainX	on #ubuntu they recommended I just try it and see what happens. I would rather read up on the details first however ;)	22:06
mok0	MountainX: then it doesn't matter, go ahead and change it. No howto afaik	22:06
MountainX	mok0 - thx	22:06
kirkland	MountainX: are you going to use groupmod to do it?	22:06
mok0	MountainX: It's really no big deal... only edit the /etc/passwd file	22:07
kirkland	MountainX: or were you planning on editing /etc/* ?	22:07
kirkland	MountainX: man groupmod	22:08
MountainX	I have no idea how to do this. My goal is to have all GIDs and UIDs sync'd up on my half dozen computers. (I'm setting up NFS.) I will do the best way that is recommended. I had planned on editing /etc/*	22:08
mok0	MountainX: that's fine	22:08
kirkland	MountainX: I'd probalby use NIS	22:08
MountainX	If I edit passwd and make a version that I like (say with admin GID = 113) can I just copy that to all the other computers without wreaking havok?	22:09
kirkland	MountainX: are all of the machines going to have identical groups?	22:09
mok0	kirkland: if you use nis, you have to be aware that it doesn't serve uids < 1000 afair	22:09
MountainX	Once I do this step, I think I'll tackle OpenLDAP next. But I want to sync everything up first so all users have same UID on all machines. And I want the same for groups. SO yes, I will set up the same groups on each machine I think.	22:10
kirkland	MountainX: if you have different distributions (fedora, ubuntu, etc), or even different versions of the same distribution (edge, hardy), or even different packages installed on different machines with the same distribution, you might have issues	22:10
mok0	MountainX: how many users?	22:10
MountainX	I have some Gutsy and some Hardy atm. And I'm looking for a simple solution to get NFS working. I have about half a dozen users and about the same number of computers. It is a home office. (We have more computers than cars ;)	22:11
mathiaz	MountainX: I'd suggest to use ldap to centrally manage your uid and gid	22:12
mok0	MountainX: just create a passwd and a group file and copy them to all of the workstations	22:12
mathiaz	MountainX: mok0 suggestion ^^ is also worth a try if you want something working now	22:13
MountainX	OK. I will do both :)	22:13
MountainX	I will organize my users first and copy a consistent passwd file to all computers. Then I will try LDAP next.	22:13
mok0	MountainX: get it to work first, then worry about ldap later	22:13
mathiaz	MountainX: once you have ldap running you won't need the passwd and group file synchronization	22:13
kirkland	MountainX: do you care about system users, or only real human users?	22:14
mok0	right, at that point you need to remove the changes to /etc/passwd and /etc/group	22:14
MountainX	I want my admin account to have the same GID on all machines and I want my real human users to each have the same UID on each machine for starters.	22:14
kirkland	MountainX: I've done something similar in the past, syncing only users >= 1000	22:14
mok0	In Ubuntu the paradigm is that the first user belongs to the admin group, and can do sudo (sudo -i)	22:14
mok0	kirkland: yes UID >= 1000 must be adhered to, otherwise a lot of stuff doesn't work for users	22:15
mok0	for example users don't have access to certain devices	22:16
kirkland	MountainX: that helps if you a situation, such as one workstation running, say MythTV, but that user/group doesn't exist on your main server you're syncing from	22:16
kirkland	MountainX: you'd erase the mythtv user/group on the clients that have them	22:16
kirkland	MountainX: use your imagination, replacing mythtv with mysql, postgres, something-more-near-and-dear-to-your-heart	22:17
MountainX	So I understand that I can pick one passwd file that I like and edit it a bit (only being concerned about UID >=1000) and then copy it to all clients. I am concerned then about the resulting changes. Will users be able to log in after I copy the new passwd file to the machine?	22:18
mok0	MountainX: sure.	22:18
mok0	MountainX: I suggest you make a passwd file just containing the 6 users and append it to each passwd file	22:19
mathiaz	MountainX: hum... Not sure it's a good idea to copy a complete password file around	22:19
mathiaz	MountainX: you may have specific system account created on some computers so that services can run correctly	22:19
mok0	right	22:20
mathiaz	MountainX: if you copy the complete password file around you may end up in situation where services are not running anymore	22:20
mok0	so it's better just to append the "users" part of the passwd file	22:20
MountainX	ok. I will just change the 6 human users (all with UID>=1000). Then I will append to existing passwd on each machine. (And I assume I will delete the pre-existing lines in each passwd file for those 6 users before saving.)	22:20
kirkland	MountainX: don't overwrite, append	22:20
kirkland	MountainX: yup, i suggest using grep	22:20
mok0	MountainX: yes, exactly	22:20
MountainX	thank you everyone	22:21
mok0	Good luck MountainX	22:21
MountainX	and for making the admin group have the same UID on all machines, are there any gotchas?	22:21
mok0	sounds like fun	22:21
mok0	MountainX: say you have UID 1000. Then make sure that you belong to group "admin", and put that in /etc/suderes	22:22
mok0	/etc/sudoers	22:22
mok0	It is probably there by default, if it's an Ubuntu system you have	22:22
MountainX	my problem is that admin group has GID 110, 113, 114 etc on different machines. I want to make admin GID the same on all machines.	22:22
MountainX	the reason I want admin GID to be the same is because of the PITA Windows Service for Unix running on my file server.	22:23
mok0	admin has 110 on my machines, it appears	22:24
MountainX	I checked all mind and they range from 110 to 114. I need them to be the same. But I am concerned about gotchas when I change them.	22:24
mok0	MountainX: it doesn't really matter, as long as user "MountainX" belongs to the appropriate admin group on each machine	22:25
MountainX	I am finding that it matters for Services for Unix. At the moment I have SFU all set up but I am stumped by permission denied errors so I'm working through that. This effort to make all admin GIDs the same is part of my effort to fix it.	22:26
mok0	THen I suggest you make gid = 110 on all machines	22:27
mok0	for group admin	22:27
MountainX	(My next step would be to remove Windows and install Ubuntu on the file server, but that is about a 1 week job at least. I have a great backup solution running on the Windows box and I don't know enough yet to get the same running under Linux... but thats off topic.)	22:28
kirkland	rsync ;-)	22:28
MountainX	I know about rsync, but I have to give myself more than a week to learn it well enough to rely on it.	22:29
mok0	rsnapshot -- based on rsync but with a layer on top to keep daily snapshots	22:29
MountainX	so that's why I'm sticking wth the PITA services for unix (I hate it)	22:29
mok0	MountainX: where does that come from? Never heard of it	22:29
MountainX	http://en.wikipedia.org/wiki/Microsoft_Windows_Services_for_UNIX	22:30
mok0	eeek	22:30
MountainX	here's my thread on the difficulties getting the NFS server part working. I still don't have it solved... http://www.interopsystems.com/community/tm.aspx?m=14379	22:31
MountainX	eeek is right :)	22:31
mok0	But you have an Ubuntu system?	22:31
MountainX	all computers except file server run ubuntu (hardy or gutsy)	22:32
MountainX	file server will run ubuntu as soon as I learn more	22:32
mok0	MountainX: normally, you have to export the file systems you want to serve in the file /etc/exports	22:33
mok0	Perhaps you need something similar on SFU	22:33
rgl	hi.	22:33
MountainX	so what happens to permissions if I go to a ubuntu computer and change admin GID from 113 to 110? Can I really just make that change without breaking anything? (That is, assuming GID 110 has no users assigned at the time of the change).	22:33
rgl	is there a work arround for running hardy beta inside virtualbox?	22:34
mok0	MountainX: the only thing that happens has to do with permissions to read/write to directories	22:35
mok0	so you need to make sure that all files that "belong" to the old gid get owned by the new one	22:36
MountainX	say a user has write permissions because they belong to admin group (when GID = 114). Then I change admin group GID to 110. Does that user lose write permissions?	22:36
mok0	MountainX: yes, but you can change the gid of the file/directory	22:36
MountainX	mok0 - OK, thanks.	22:37
mok0	MountainX: I can now see that the admin group has different gid's on my machines, and it doesn't matter	22:37
MountainX	mok0 - it only matters because my file server is running Windows Services for Unix.	22:38
mok0	hm, ok.	22:38
mok0	I guess you can't trust Microsoft to implement anything correctly	22:39
MountainX	yes, I'm getting that MS software off the file server as soon as I can. But there is a lot to learn in the transition.	22:39
Deeps	why not just use samba in the mean time?	22:40
MountainX	I can't use smbfs or cifs because of the gedit/cifs bug	22:41
nxvl	MountainX: you don't need tu use smbfs, you can use samba	22:42
MountainX	when I set up fstab, I thought I had to specify either smbfs, cifs, or nfs (I'm not considering sshfs).	22:43
nxvl	you can use smbclient on your init	22:43
nxvl	instead of smbfs+fstab	22:43
mok0	That's easy to test	22:44
MountainX	if smbfs and cifs both have the bug with gedit and similar apps, wouldn't samba have the same problem?	22:44
nxvl	MountainX: it sound logical, but you never know	22:44
nxvl	MountainX: samba is an app, smbfs a kernel module	22:44
MountainX	I'm more than a week into getting NFS to work. I think I'll stick with NFS until I either get it to work or I hit a deadend.	22:44
MountainX	I suspect smbfs and samba use the same (or very similar) protocol	22:45
nxvl	yep, but one uses the kernel, the other don't	22:45
MountainX	and I suspect it will cause the same bug that made me switch to nfs	22:45
nxvl	i can be a bug involving not only smbfs, but the kernel also	22:46
nxvl	s/i/it	22:46
MountainX	nxvl - thx. Good to know the difference, but I still think either one will have the same gedit problem. The problem is that samba/smbfs when connected to shares on a Windows server don't allow an open file to be moved/renamed.	22:46
MountainX	therefore, gedit doesn't work.	22:47
nxvl	MountainX: well, that can be a gedit bug also, i don't say there isn't that bug with that configurations, just that you don't know :D	22:47
MountainX	the gedit/cifs bug has been discussed for two years. I decided to just resolve the problem by moving to nfs.	22:48
nxvl	i will think that the bug in this case	22:48
nxvl	is windows	22:48
nxvl	:D	22:48
nxvl	if a microsoft product is involved it is always it's fault	22:48
nxvl	:P	22:48
mok0	bug #1	22:48
MountainX	haha	22:48
ubotu	Launchpad bug 1 in ubuntu "Microsoft has a majority market share" [Critical,Confirmed] https://launchpad.net/bugs/1	22:48
nxvl	anyway i don't use gedit	22:48
MountainX	yeah, I'm doing my part to solve bug #1	22:48
nxvl	i'm a shell man	22:49
MountainX	is there an easy way to replace GID on all files (regardless of location) on the local disks on my server -- for only those files that have MountainX:admin as the owner?	22:49
nxvl	shell scripting!	22:50
mok0	find . -uid 113 -print	22:50
mok0	sudo find / -uid 113 -print	22:51
mok0	or gid	22:51
nxvl	ls -l \| grep MointainX \| cut -$(i don't remember :P)	22:51
MountainX	nxvl - as a newbie I'm in that situation where everything I need to do has a step that leads to something else I don't know how to do ;)	22:51
mok0	MountainX: then come back here and ask again :-)	22:51
nxvl	MountainX: it is the best situation	22:51
* nxvl loves not to know		22:52
mok0	hopefully your IRC client still works ;.)	22:52
nxvl	that makes you learn new things	22:52
* nxvl loves to learn		22:52
mok0	MountainX: but look at "find" it is a great tool	22:52
MountainX	yeah, I am having a good time learning Linux. I am never going back to Windows. Although when I get really frustrated, I think about it for a few minutes before I come to my senses	22:52
nxvl	MountainX: man is your friend	22:52
nxvl	what i'm more grateful about linux is how it has make me an investigation person	22:53
nxvl	and also learn things i have never imagine before	22:53
mok0	yeah that's true	22:54
MountainX	what I am most grateful for is the sense of freedom of choice and ability to get to the bottom of anything.	22:54
nxvl	MountainX: if you are going to do sysadmining work, you MUST learn some scripting language, i recomend bash, because is what yu will use more	22:54
nxvl	MountainX: so, find some bash books and start reading	22:54
nxvl	walk before run	22:54
MountainX	nxvl - OK. I will	22:54
nxvl	MountainX: getting to the bottom of anything makes you learn and see things you have never imagine there where there	22:55
nxvl	also	22:56
nxvl	can't you use sshfs?	22:56
nxvl	if all of your clients are linux, and server is linux	22:56
mok0	hey, sshfs, what's that?	22:56
MountainX	sshfs I am told is not good for large files. I copy videos, virtual machine images, etc.	22:56
nxvl	sshfs is easier and safter to use	22:56
nxvl	MountainX: mounting remote folders via ssh :D it rocks!	22:57
nxvl	MountainX: well, i haven't try it with large files IIRC, so i can't tell	22:57
mok0	cool	22:57
MountainX	nxvl: do you recommend it for files as large as 2 GB? I heard it was slow and prone to errors on large files.	22:57
nxvl	MountainX: but for quick things it rocks	22:58
MountainX	ok	22:58
nxvl	mok0: is like scp, but as a fs or something like that	22:58
mok0	cool	22:58
kirkland	sshfs has high cpu overhead on both client and server, due to encryption of everything	22:59
nxvl	MountainX: also, why is that you need gedit that hard?	22:59
mok0	kirkland: well that's ssh	22:59
nxvl	kirkland: encryptation of everything rocks!	22:59
nxvl	kirkland: you are talking to a man that tunnels everything via ssh, so i don't really matter :P	23:00
kirkland	nxvl: :-)	23:00
MountainX	this wasn't supposed to be hard when I started... I just installed Hardy on a computer and set it up the way I set up Gutsy before. But then gedit and other apps would not edit any files. (All files are on the Windows file server.)	23:00
kirkland	nxvl: me too, except when I'm backing up 1TB of data from one machine, to another sitting right next to it	23:00
nxvl	i will eat all my CPU one or other way ecrypting anything	23:00
mok0	It's not really encrypted... only during network transfer	23:00
MountainX	I thought switching from cifs to nfs would be easy ;)	23:00
kirkland	nxvl: in which case, I've seen a 40% improvement using NFS rather than rsync+ssh	23:01
nxvl	kirkland: i only copy txt files	23:01
mok0	I will be looking at openafs shortly	23:01
nxvl	kirkland: the large files i copy are logs, and i rotate them always	23:01
kirkland	nxvl: i have some very large qemu vm images that don't compress well	23:02
nxvl	MountainX: hardy is still beta, report it to launchpad and ping here for a solution	23:02
nxvl	kirkland: vmware server, it is free :D	23:02
mok0	kirkland: what format are the images?	23:02
kirkland	nxvl: free as in beer	23:02
nxvl	kirkland: yep	23:03
nxvl	i like beer	23:03
nxvl	:D	23:03
kirkland	nxvl: kvm/qemu free as in freedom (and beer)	23:03
nxvl	ssh -X virtualbox :P	23:03
MountainX	nvxl - the gedit/cifs bug has been around for more than 2 years. gedit devs won't fix it because they say it is a file system problem. The cifs/samba people won't fix it because they say that a file system shouldn't allow an open file to be renamed.	23:04
nxvl	MountainX: an open file shouldn't be renamed, and that is that it work	23:04
nxvl	and that is using samba or a localfs	23:05
nxvl	i'm not a samba expert	23:05
MountainX	nxvl - tell that to the gedit devs ;)	23:05
mok0	MountainX: can't you use another editor?	23:05
nxvl	as you maybe have notice i'm a crypt/security man	23:05
nxvl	:D	23:05
* nxvl loves vim		23:05
MountainX	yes, but the problem happens with other apps too. I thought it would be easiest to get rid of cifs/samba.	23:06
* mok0 loves emacs		23:06
nxvl	since i don't have X server running on servers	23:06
MountainX	this problem is on the clients	23:06
nxvl	mok0: emacs is nice for long editions, but for quick edits, it sucks	23:06
mok0	nxvl: yeah, I use vim for those as well	23:06
nxvl	ok, going out for a wile	23:07
nxvl	while*	23:07
mok0	hehehe	23:07
nxvl	or however it should be written :S	23:07
nxvl	bbl	23:07
mok0	going out for a wife	23:07
MountainX	^ that's how I read it lol	23:07
mok0	I read	23:07
nxvl	mok0: not even joke about it!	23:07
nxvl	im still to yung	23:08
mok0	nxvl: there's still time :-)	23:08
mok0	MountainX: usually root is not allowed to access NFS mounted shares	23:14
MountainX	yes, that's how I have it set up	23:14
mok0	MountainX: that might explain why you could not cd to /mnt	23:15
mok0	(c.f. your posting on that SUA board)	23:15
MountainX	mok0 - let me show you something....	23:15
MountainX	it may take a few minutes...	23:17
mok0	sure	23:17
MountainX	mok0 - here is my current problem:	23:19
MountainX	sudo cp /tmp/Basket/ /home/user/Documents/Baskets/	23:19
MountainX	cp: accessing `/home/user/Documents/Baskets/': Permission denied	23:19
=== slide23 is now known as slide
MountainX	... /home/user/Documents/ is an NFS mount	23:19
mok0	MountainX: ls -ld /home/user/	23:20
MountainX	drwxrwx--- 2 user admin 64 2008-04-01 02:14 Documents	23:20
mok0	hm	23:21
mok0	MountainX: ls -ld /home	23:21
MountainX	mok0 - that was ls -la	23:21
MountainX	should I repeat with ls -ld?	23:21
mok0	ok	23:21
mok0	-d just means not to enter the directory	23:21
MountainX	ok	23:21
MountainX	here is ls -ld /home == drwx------ 48 user user 4096 2008-04-01 15:56 user	23:22
mok0	... and you are currently logged on as "user"?	23:23
MountainX	yes	23:23
mok0	I think /home should be owned by root	23:24
mok0	and have mode 755	23:24
MountainX	I changed all that based on several Ubuntu security guides.	23:24
mok0	then directory /home/user should be owned by user:user	23:24
MountainX	OK, so maybe I changed it one level too high...	23:25
mok0	and have mode 751	23:25
mok0	here's my home:	23:25
mok0	drwxr-x--x 245 mok mok 36864 2008-04-01 23:00 /u/mok	23:25
mok0	and:	23:26
mok0	drwxr-xr-x 3 root root 0 2008-04-01 14:05 /u	23:26
MountainX	maybe I pasted the wrong thing earlier. My /home is the same as yours:	23:26
MountainX	ls -ld /home/	23:26
MountainX	drwxr-xr-x 5 root root 4096 2008-04-01 11:55 /home/	23:26
mok0	looks ok	23:26
MountainX	and here is /home/user again (for user "user")	23:27
MountainX	ls -ld /home/user/	23:27
MountainX	drwx------ 48 user user 4096 2008-04-01 15:56 /home/user/	23:27
mok0	I'd make that mode 751	23:28
MountainX	OK. I can try that change. But I'm not sure how the chmod command will work given that /home/user/Documents is an NFS mount using Windows SFU.	23:29
mok0	no	23:30
mok0	but worth a try	23:30
MountainX	ok	23:30
mok0	you may have to to it under SFU	23:30
MountainX	can I change just /home/computeruser/Documents/Baskets/ to test? Will access be granted if the parent has more restrictive permissions? I guess not.	23:31
mok0	right	23:31
mok0	If you are not permitted to traverse a directory, for instance (the x bit)	23:32
MountainX	ok	23:32
mok0	you need to check all directories in the path	23:32
MountainX	ok	23:32
mok0	from your posting, you have some very strange uid/gid's: 4294967294 ??	23:36
MountainX	I figured out those strange gid's	23:38
mok0	ok, good	23:38
MountainX	They are when SFU has no GID assigned. It is tough to get rid of them because all new files/folder automatically get created with the Administrators group as owner. But that doesn't translate to SFU. So it everything ends up with no valid GID until you do chown on it. But when I do chown, then the NTFS permissions seem to disappear...	23:40
mok0	hmm	23:40
MountainX	what causes "omitting directory" when trying this cp command? ~$ cp /tmp/Basket/ /media/Shared/Basket/	23:45
MountainX	cp: omitting directory `/tmp/Basket/'	23:45
mok0	eerh. You can't copy a directory with cp, you need cp -r	23:45
MountainX	ok. finally I asked a question with an easy answer ;)	23:46
MountainX	thx	23:46
mok0	heh I feel good now	23:46
MountainX	when I mount NFS shares under /media/ for user myuser, are the following permissions OK: drwxr-xr-x 12 root root 4096 2008-04-01 00:17 /media/	23:51
mok0	great	23:52
MountainX	mok0-thx	23:53
mok0	so SUA and Linux agree on the uid's	23:53
MountainX	mok0 - I have been working to make that the case. Services for Unix has a user and group mapping tool I've been using. I'm mapping my Ubuntu group admin to the Windows group Administrators. That's why I need Linux group admin to have the same GID on all my computers.	23:54
mok0	OK, I understand	23:55
MountainX	and the Linux group root will not be mapped at all.	23:55
mok0	That might be uid 0, though	23:55
mok0	ah	23:55

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!