WheelsOnFirefor example, in redhat after installing 3dm2 you simply run, service 3dm2 restart00:00
WheelsOnFireor whatever00:00
WheelsOnFireand when you init 0 or 6, the service is stopped00:00
kirklandWheelsOnFire: is there a script named that in /etc/init.d/* ?00:01
kirklandWheelsOnFire: RH's "server" command simply prepends "/etc/init.d/" onto the service you specify (3dm2) and passes it the action you specify (restart)00:02
kirklandWheelsOnFire: not "server", but "service" command00:02
WheelsOnFireyeah I get you00:02
WheelsOnFireso in other words if they didn't give an init script I need to make one00:02
kirklandWheelsOnFire: what format is the package you installed?00:03
kirklandWheelsOnFire: a .deb ?  a .rpm ?  a tarball ?00:03
WheelsOnFireoriginally it's installed with a java installer. however the installer is closed source and bugged. to get it to install on ubuntu I have to install it elsewhere and then with a custom script which builds a tar from the files on that computer and installs them on the ubuntu machine.00:04
WheelsOnFirebut I'm pretty good with bash so I'll just script my way through it I guess00:05
WheelsOnFirealright thanks00:05
Silvanovhttp://www.ispconfig.org/ this looks similar to cpanel. not sure its a lamp config web gui like im looking for though.00:12
andguen1If anyone has a second, I would love comments on https://help.ubuntu.com/community/ShorewallBasics -- especially from people just starting into command line based firewalling, and especially experienced shorewall users as well, thanks00:18
Silvanovis there an ssh server installed with ubuntu server (lamp option) by default?00:20
andguen1sudo apt-get install openssh-server i believe00:21
Silvanovalright, thanks andguen1.00:21
kirklandSilvanov: when you choose the lamp option, ssh is in that list too, in the installer00:21
SilvanovI didnt see a way to select multiple options though, and I've already completed the installation, just get started learning commands and how to set it up00:22
andguen1Silvanov: sudo apt-cache search is a wonderful command to know -- try 'sudo apt-cache search php' or 'sudo apt-cache search openssh' -- any one of those entries there can be installed00:24
Silvanovnice. thank you very much. I also found aptitude which seems much more 'user friendly' repository/installer gui.00:26
andguen1Silvanov: There are always always always multiple ways to do it :) there wouldn't be thousands of Linux distros if we geeks didn't want some choice in the matter :)00:27
andguen1find a way that works and use it for a while, just be aware of what others use and check it out just in case00:27
andguen1I have to confess, I'm a bit of a hypocrite, or just lazy, some of my friends like zsh, I'm staying with bash shell for now :)00:28
Silvanovive tried suse and red hat before in the past, but this will be my first serious foray with linux, and i wanted to start with ubuntu, because ill be selling and supporting ubuntu machines and my new job :D00:30
Silvanovalright, much easier now. dont have to get up and change chairs, have ssh installed and logged in from my main computer :)00:34
andguen1agreed, definitely a key first step. -- I have worked with Redhat and SUSE as well, I've gotten spoiled with how easy it is to install packages in Debian/Ubuntu, not to mention the speed of new releases....00:39
Silvanovso far i liked the new kubuntu, everything seemed fairly simple to use, and install and configuration was by far much easier than windows 98-vista. For the first time ive tried linux, all the hardware just worked as well. Now ive reinstalled hardy 8.04 server on that machine, and just trying to learn as i go, with the motive of tranferring my blog, which i host on my main pc via wampserver to this box.00:44
andguen1it definitely takes a good project to keep you learning and diving further into it00:49
=== andguen1 is now known as andguent
Silvanovthe only commands I know thus far are sudo, apt-get, ls and ifconfig lol00:51
andguentlocate is a nice one to know, grep, xargs..... hmmmm what else :)00:52
Silvanovfiguring I'll learn a ton as i get different software installed and try to configure them.00:53
owhOf course there is the server guide :)00:53
Silvanovbot dead again?00:54
owhSo much for that.00:54
owhOne mo.00:54
owhThat won't answer all your questions, but it gets you started.00:55
andguentif one document answered all of my questions, I wouldn't read it :P00:55
andguenttakes all of the fun out of life00:55
Silvanovim actually reading through that atm, but is it accurate for the 8.04 release as well?00:55
* lamont isn't familiar with the 'ifconfig lol' command... :-)00:55
andguentalias ifconfiglol='echo Come again?'00:56
owhSilvanov: Some people would be insulted at that question, but yes, many hours were spent on making it so. Mind you, I'm not sure if that URL has the latest version of the docs, YMMV.00:56
* lamont uses 'ip' rather than 'ifconfig' anymore anyway00:56
andguentowh: insulted? mmmmkay, sounds like a reasonable question to me, shrug00:57
Silvanovowh: thanks, and sorry, didnt mean to insult or offend anyone.00:57
JanCdoc.ubuntu.com = "development" server of the docs team00:58
andguentI asked this about an hour ago, but If anyone has a second, I would love comments on https://help.ubuntu.com/community/ShorewallBasics -- especially from people just starting into command line based firewalling, and especially experienced shorewall users as well, thanks00:59
=== LjL-Temp is now known as LjL
JanCandguent: did you test that with the new shorewall ?01:00
owhandguent: Silvanov: Ah, sorry, that's my sense of humour acting up. The insulted comment was really supposed to be in quotes and I should have added >:-) to the end :)01:00
andguentJanC: how new? there is always something newer, i just accept that sometimes, it should be good with the latest shorewall from the gutsy repositories01:01
owhJanC: So, you're saying that its the latest version?01:01
* owh really, really wishes that the documentation team started including version strings on all the documents.01:01
andguentJanC: I assume you are referring to shorewall 4.0 & up? No, I'm testing it on 3.4.4 currently01:03
JanCandguent: according to http://packages.ubuntu.com/shorewall hardy has shorewall 4.x ?01:03
andguentstill gutsy on my home computers, definitely good to know, thanks for pointing it out01:04
JanCyou can try hardy in a VM  ツ01:04
andguentyup, when the time arrives, but definitely good to try01:06
Silvanovalright, ive got the lamp setup, phpmyadmin, ssh and ftp servers installed, but not configured yet.01:10
andguentSilvanov: sounds like an excellent start, which ftp server did you go with? most everything else there usually configures itself01:13
Silvanovvsftpd via http://doc.ubuntu.com/ubuntu/serverguide/C/ftp-server.html01:14
Silvanovwas able to turn it on, connect, see from my main pc, see there was no files and turn it off. Figure once I get lamp setup, and need to tranfer my wordpress blog over, ill figure that part out lol01:16
andguentyup, ftp can definitely do that for you, but one other piece of software to be aware of is scp/ssh, scp lets you copy files from one pc to another if ssh is running at the destination (and your username can get to the destination directory)01:17
Silvanovi'll check it out, but atm i don't know directory structures or default locations for anything on linux :S01:19
Silvanovim so acustomed to windows, im intrigued, but feel like a new born at the same time lol01:20
andguentif you know /home, /etc, and /var, the rest can be lower priority -- /home for your user's settings, /etc for global settings like server daemons, and /var is for files that change often like logs01:21
Silvanovso windows analogy wise, home is like my documents, etc is like my programs, and var is like temp?01:22
andguentmmm, /etc is probably closer to the registry then to program files01:22
andguentvar is used for things that are around for a while, but might just change a lot, there is a /tmp directory, that is VERY temporary, and gets cleaned out every reboot01:23
Silvanovvery good to know, and great explanations :D01:25
Silvanovhow about opening/reading/editing text or config files. is there a command for that?01:28
andguentnano is an easy one to learn, vi is complicated but powerful, some people really like emacs, but thats another story :)01:29
andguentif you ever see documentation or menu shortcuts that say ^X -- that usually means Control+X, if you jump into nano you will see what i mean01:29
Silvanovi actually just figured that out, and am playing with nano right now :D01:30
Silvanovim guessing ^r (read file) is like open file01:31
andguentif you are working with text files on the computer you are at, you can try gedit too -- similar to notepad01:31
andguentmost likely, I tortured myself and jumped right into vi/vim so i would have to learn a nano feature in order to explain it01:32
Silvanovthats cool, reading the ftp conf file now, looks like i can edit it through this as well.01:33
Silvanovbtw, thanks for all your friendly help thus far and in advance :D im sure everything im asking is extremely newbish, but i do appreciate your answers.01:34
andguenthere, quick tip for you then, I found it was 100 times easier to learn what files contained what settings once I learned how to search for text in files --- 'find /etc/|xargs grep eth0' -- searches the /etc directory for anything that contains 'eth0'01:36
andguentI used to work as an IT helpdesk manager, we had a heavy amount of Ubuntu/Debian boxes, and a good deal of our techs were Windows guys, I have practice explaining this stuff, but it helps if you know at least some good 'ole DOS01:38
andguentso, you're welcome :)01:38
Silvanov:D im pretty comfortable in dos, wrote some dos scripts before, so I think I'll learn easier than most, I just tend to overwhelm myself sometimes lol.01:39
Silvanovi remember theres a way to look up what commands do, and thier syntax, is it command /? or man or something?01:40
Silvanovnvm, figured it out :D01:41
Silvanovman then the command01:41
andguentone of the absolute greatest things of linux is.... once you get your vsftp server running, take the config file /etc/vsftpd.conf or /etc/vsftpd/vsftpd.conf or whatever, and back it up, that usually allows you to duplicate the exact same setup on another box, or break it and reset it later01:41
andguentcommand --help, command -h, man command -- all of those should work, but some programs are older then others01:42
pablodiashello folks.. well. I have a question about "fsck". Is it a server question or should I move to #ubuntu?01:43
andguentits fine here, just ask, we can see what we can do01:43
pablodiasthanks =p01:43
pablodiasafter a energy down, my filesystem got broken and then it said to run fsck manually01:44
pablodiasI'm running it a long time ago, with "-y"01:44
pablodiasIt's actually on the Unattached Inode 819000 (and counting)01:45
pablodiasit never stops01:45
pablodiassomething I can do to fix it?01:45
andguentIf possible, try to keep multiple comments to one line, just in case others are talking in the middle of your explanation01:45
pablodiasah, ok. i'm sorry01:46
andguenthow long does it stay on that inode? any weird noises from the drive itself as it hangs on that spot?01:46
pablodiasIt started at 16pm and is still running. I dont know about some noises because I'm on a remote connection01:46
pablodiasI read about "temporary files" on lost+found, is it right? If yes, is there a way to delete all those files?01:47
andguenthow many hours ago was it started? I'm on EasternUS time, but I hate to assume you are in the same time zone. :) Is there anyone near the box itself that could possibly hold a phone to the case as its working?01:48
andguent....or maybe just describe what noises they hear01:48
pablodiasit's taking about 5 hours01:48
pablodiasI think no at moment. maybe tomorrow01:48
andguentIf fsck files parts of files and doesn't know how to repair the files, it often does drop them in lost+found, I'm not sure if that answers your lost+found question or not01:49
pablodiasThat number are counting quickly. Visually doesnt look like "finding errors" but it's just an impression01:49
andguentIf the numbers are moving along, I would say let it do its work, it probably is aggressively checking for any errors it can find01:50
owhI'd check dmesg while this is going.01:50
andguentIf the position on the drive has stopped, and stays at one area for a very long time, you may have a hardware problem, I would agree with owh, dmesg gives good info01:51
andguentWhatever happens, always always have good backups, if your hard drive survives this, your next priority should be testing all of your backup systems, assuming you have them :)01:52
pablodiasI'm using a remote system I think cannot show me multiple terminals. I'll keep it running until tomorrow. Many thanks for your help, guys =)01:52
pablodiashaha, ok. thank you again01:53
andguentif signing in via ssh, you can always start a second session, also keep in mind if you started the fsck from a remote shell, that connection needs to stay open for the command to continue01:53
andguentshutting down your workstation for the night may kill your disk scan01:53
andguentdepending on how you started it01:54
pablodiasIt's not SSH because the system is not starting. It's stopping on dis check, no services was started. I'm using a KVM remote access. Looks like a VNC01:54
andguentahh, very nice --- don't suppose you have options for Ctrl-Alt-F2?01:55
pablodiasI tried on the shurtcuts menu option, but didn't find. let me see again01:55
andguentI know for a fact that some of those integrated remote access cards will not have the option, so don't kill yourself looking for it01:56
pablodiasYep. No way to change terminal. And i dont know if a system that isn't started can show more terminals than the first one01:58
pablodiasIt looks like that free space counting on Gmail =p01:59
andguentif it isn't stopped, cross your fingers and go to bed :)01:59
pablodiasI started on manually accept this Unattached Inodes, but I stopped at the 600th pressed "Y"02:00
andguentoh dear, 600??02:00
pablodiasmanually. after that I started fsck with "-y" option02:00
andguenti hope you have good backups man, that just doesn't sound good02:01
pablodiasmany thanks andguent. if I remember how to get back here I tell you about the end of fsck tomorrow. thanks!02:03
andguentgood luck02:03
JaxxMaxxHow about a good recommendation for SSH client, windows based?   Right now I use putty, but that seems to be limited to a single shell.   Wonder if there's like, a multi windowed one03:40
rhineheart_mhmmm.. have you tried winscp03:43
Silvanovyou can run multiple instances of putty as well03:45
Silvanovwhen searching for ssh clients for windows, i found a tabbed client earlier today as well.03:46
faulkes-putty + screen03:47
JaxxMaxxI've used WinSCP before, on my Smoothwall router... didn't seem that special03:48
JaxxMaxxWindows doesn't have Screen.   I'm thinking of something like mIRC, with 4 tiled windows all to the same server03:49
JaxxMaxxgot enough monitor resolution to handle it03:49
rhineheart_mJaxxMaxx, what would you like to accomplish?03:53
JaxxMaxxSeeing whatever the Debug Output is, while keeping my command window from scrolling back would be a good start.03:54
JaxxMaxxtrying to troubleshoot why FreeRADIUS/dialupadmin and MySQL aren't happily married yet.03:54
JaxxMaxxmaybe a packet monitor to discover what the Radius packet situation really is like03:55
JaxxMaxxI've got a test user that I provide the right credentials, but the result still comes back a failure, but with the success message03:55
owhI'm looking for some opinions. I've got a generic user.sh backup script. The way it is intended to be used is that you symlink to it from /etc/cron.daily. The symlink name will be used to determine which username to backup, using `basename $0` - pretty straight forward. So far so good.03:57
owhI've got the same for fstab mounted devices. Works in the same way, mounts stuff based on their name in fstab.03:58
owhNow for the challenge.03:58
rhineheart_mowh, good morning! :)03:58
owhIf I want to write a generic script that needs other parameters, for example an rsync server and module, or a path to backup, or I need to order the things in /etc/cron.daily, I need to do some magic with the name if I use this idea.03:59
owhSo, in the opinions stakes. Am I better off making a configuration file, finding a way to "split" the `basename $0` into parts, or do something else?04:00
owhThe nice thing about doing it this way is that ls -l /etc/cron.daily shows exactly what is happening.04:00
owhAnd of course, the scripts are completely trivial, simple to maintain and common across all backup types.04:01
owhHi rhineheart_m.04:02
sommerowh: seems to me that you have enough options to warrant a config file04:02
Silvanovgot webmin set up finally :D04:02
kgoetzowh: make $1 hte user name, then in the script test for $2. if $2 is there require the extra params04:02
owhkgoetz: How would I do that if the way that the script is run is as a result of it being in the /etc/cron.daily/ directory.04:05
kgoetzowh: the only way it is run is via symlink? ah.04:05
owhsommer: A config file then requires parsing and other stuff. I'm not disagreeing, just trying to find the simplest solution.04:05
owhsommer: More accurately, the cleanest solution.04:06
sommerowh: ah, for me the cleanest would be to not use /etc/cron.daily, but an actual crontab file04:06
sommerthen you could use a simpler script with more arguments04:07
sommeryou can't ls the directory, but you can crontab -l the file :-)04:07
owhsommer: I understand what you're saying, but that then requires the administrator to understand the format of the crontab file. Something which you and I take for granted, others are flummoxed.04:07
sommerowh: heheheh, yep that changes things04:08
owhsommer: I like your argument of it allowing you to provide parameters though.04:08
kgoetzowh: replace teh symlink with a script?04:08
owhThis discussion is precisely why I ventured here to ask for opinions :)04:08
owhkgoetz: What do you mean?04:08
owhAh, create a script that calls the central code. That's possible, not as pretty, but possible.04:09
sommerowh: in that sort of situation maybe bacula would be a good fit, require's more back end configuration, but has gui client04:09
kgoetzowh: instead of /etc/cron.daily being a link farm put in a dumb script farm04:09
owhsommer: Ah, definitely no. Going down that path then introduces waaaay more complexity, other than an rsync with mount, etc.04:10
sommerheh, that's true04:10
owhkgoetz: You'll loose this though: /etc/cron.daily/user -> /opt/backups/user_backup.sh04:11
owhkgoetz: Which sort of tells you what is going on immediately.04:11
kgoetzowh: why will you?04:11
owhkgoetz: Then perhaps I do not understand what you are saying. I was showing you a line from ls -l /etc/cron.daily.04:12
owhLet me ask a different question as I've already come up against a limitation of my implementation.04:12
kgoetzowh: make the file /etc/cron.daily/user a shell script which calls /opt/backups/$0_backup.sh + your params04:12
owhkgoetz: No, because then there would be (n * 2) + 1 scripts, rather than one script and n symlinks.04:13
kgoetz(n * 2)?04:14
Jester45is there any package that i can use to monitor a remote server's resources like ram/swap cpu useage and bandwidth?04:14
owhMy different question is. How do I order the scripts. Naming them 01-bob 00-judy is obvious, but how do I split off the numbering?04:14
Jester45i know i can just use cli tools via ssh but i would love to use a diffrent tool that i can add into conky04:15
owhkgoetz: You are suggesting a script in /etc/cron.daily/ for each user, one in /opt/backups/ for each user and the central backup script.04:15
kgoetzcut? sed? depends where they are being trimmed04:15
Silvanovjester45: webmin or ebox might be what your after04:15
owhkgoetz: Hmm, yes, I'm familiar with the concept, is there a cleaner way?04:16
kgoetzowh: perhaps i didnt understand yoru symlink then. i take it "/opt/backups/user_backup.sh" isnt your master backup script then?04:16
kgoetzJester45: depends what you want. theres lots of options though04:16
Jester45ill look at ebox but i dont want webmin id rather keep it a bit more secure and use ssh+htop/iftop04:16
owhkgoetz: Let me show you a more accurate cron listing: /etc/cron.daily/kgoetz -> /opt/backups/user_backup.sh04:16
Jester45ebox looks like the same webui stuff04:17
kgoetzowh: cleaner way would depend on how broken my suggestion re sed/cut was ;)04:17
rhineheart_mJester45, have you tried phpmyinfo?04:17
rhineheart_mJester45, have you tried phpsysinfo rather?04:17
kgoetzowh: ah. and what happens in user_backup? it uses $0 to say 'backup kgoetz'?04:17
owhkgoetz: Well to be precise it uses USERNAME=`basename $0`, but yes.04:18
Jester45thats looks better04:18
kgoetzowh: and for some reason your going to need extra info per user?04:18
Jester45thanks rhineheart_m do you know any simpler ones? or maybe something like conky? cli only server04:19
owhkgoetz: Well, no, not for the user script, but for a path backup script, yes. That is, now I want to backup /home/fred/accounts/debtors, but I really don't care about fred's photos.04:19
Silvanovare you looking for webbased guis?04:19
kgoetzJester45: a one off or lots of servers?04:20
owhkgoetz: And similarly, I want to backup to an rsync server with a named module.04:20
Jester45kgoetz, just one04:20
rhineheart_mJester45, mmm Nagios04:20
kgoetzJester45: for multiple i'd suggest nagios but not for one04:20
kgoetzowh: mmm. i see04:20
owhAt that point it becomes more and more viable to use sommer's suggestion of config files. I could name them after $0 perhaps.04:21
Jester45Silvanov, if you where talking to me im not looking for webuis it jus that they seem to be the only good ones, i think all i really want is ram useage bandwidth and cpu useage in text, file based or via a sevice/pipe04:22
kgoetza onfig file somwhere will be almost required04:22
owhJester45: Then why not set up a password-less ssh and run some remote commands?04:22
owhkgoetz: Yuk. but yeah, it's beginning to look like that.04:23
Jester45owh, do they connect faster than passworded ssh? so i could enclude into conky?04:23
kgoetzowh: the reason i thought of using a script rather tehn a symlink is because you can drop extra info into them04:23
owhJester45: Alternatively you could run MRTG.04:23
owhkgoetz: Yeah, but it leaves stuff all over the place, making it harder to maintain.04:24
kgoetzowh: yeah.04:24
owhkgoetz: It's not when you set it up the first time, it's when you set it up the next time. For example, if I wanted to add a new user to backup, I just create another symlink and off it goes. If I did it with an extra script, I'd need to copy it, then rename it, then edit it, check it for typos, etc.04:25
kgoetzowh: now think symlink+config file and its hardly any less complex04:26
kgoetzif you have a standard config that most clients use you wont have to edit teh script each time anyhow04:26
owhkgoetz: Ah, but I can make it fail if there is no config file and report back. That way I get told it's borked.04:26
kgoetzupdating is harder then the symlink method though04:27
kgoetzthats a feature? ;)04:27
owhSo, are there any dissenting/alternative opinions around?04:27
kgoetzmake users do their own backups *mwhahahah*04:28
owhkgoetz: Yeah, no.04:28
owhWould this be evil: ln -s /opt/backups/path.sh /etc/cron.daily/home--fred--accounts--debitors04:30
owhSimilarly, ln -s /opt/backups/rsync.sh /etc/cron.daily/hostname--module04:31
kgoetz-- would be more trouble then its worth. i'd think that would be a fairly fragile way to do it in general though04:32
* owh just did "locate '--'" with no hits.04:32
kgoetzthink parsing it04:32
owhkgoetz: Yes, it's not pretty.04:32
* kgoetz expects theres no --'s for a reason04:33
owhkgoetz: So, that's good then :)04:33
kgoetzif your after a uniq string it should be :)04:34
* kgoetz tries to work out making directories in perl04:34
owhkgoetz: What, mkdir isn't good enough for you?04:34
sommerkgoetz: `mkdir dirname` :)04:35
kgoetzowh: i'm asuming its harder then that :p04:35
* owh is with sommer :)04:35
* owh doesn't speak perl :)04:36
* kgoetz neither ... yet04:36
sommerkgoetz: http://perldoc.perl.org/functions/mkdir.html04:36
sommerneeds a module though04:37
kgoetzyegad. its not that hard o_004:37
owhWell, the POSIX.pm has a mkdir function :)04:38
owhkgoetz: And the manual refers to Perl's build in mkdir function as well :)04:40
kgoetzperldoc -q mkdir didnt find anything, so i assumed it was going to be veeery hard04:40
* owh grepped :)04:41
owhkgoetz: Very evil: locate perl | while read n ; do grep mkdir $n ; done04:41
* kgoetz wonders how many binaries owh just grepped04:42
* owh didn't worry about it.04:42
kgoetzlackadasical fiend04:42
owhsommer: I'm going with your suggestion of the config files until I come across a better idea. Thanks.04:43
owhkgoetz: Nah, if a binary matched, it said so :)04:43
owhkgoetz: Sometimes close enough is good enough.04:43
owhkgoetz: Of course that will only be true if it actually works, but by then you'll have used google :)04:44
sommerowh: np04:44
kgoetzmkdir "wikimangle"; ftw!04:44
kgoetzsommer: cheers mate04:45
owhsommer: Did you get a reply about the Guide?04:45
owhsommer: Or did they try hard not to laugh?04:45
sommeroh ya, I did, since it's so far after SF committing the changes will mess with the translators04:46
sommerbut, we can commit just the spelling changes right before release04:46
sommerwich will be after the translators are done04:46
sommerjust need to make sure the translation doesn't change :-)04:46
owhSo, that means we'll have it translated *and* spell checked?04:47
owhsommer: So, do you want me to give you one without example.com, but leave the rest in?04:47
sommerI think I created one, did I forget to attach it when I replied?04:47
* owh still thinks there should be a standard for example urls.04:48
* owh checks.04:48
sommersure, you just created the standard heh04:48
owhsommer: I mean across all the documentation, not just our little guide :)04:49
owhYes, there was a .diff attached. I'm checking it now.04:49
sommeryou mean not just the server guide?04:49
sommerum for the diff for the standard?04:49
sommerfor the using example.com as a standard it would probably be a good idea to post to the doc ml, but probably after hardy is released04:51
JaxxMaxxisn't example.com  THE  example URL?04:51
owhYes. I think that needs looking at in more detail. Hostnames, user names, example users, urls, etc.04:51
owhJaxxMaxx, Yes, in very small examples, but not across the board.04:52
sommersure, I'm sure other members of the doc team would agree, plus there are many "student" documentors that could handle that04:52
owhFor example, what do you name the localhost's FQDN? What about a generic mail server? What username do you give?04:52
JaxxMaxxI prefer Testy McTesterson myself04:52
JaxxMaxxOpinions on SecureCRT?04:53
owhsommer: Your diff seems to have lots removed. I've not got time right now to check, but I'll have a look-see.04:54
JaxxMaxxHmmm, any way I can get Alt-Fn   to work in Putty/  =]04:54
sommerowh: sure, whenever you get a chance04:54
owhJaxxMaxx, that makes no sense. Alt-Fn, in the context of consoles is hardware specific. You're better off using screen.04:54
sommerwell I'm off to sleepy time, have a good one all04:54
owhLater sommer04:54
JaxxMaxxooh, I remember screen.   not how to use it, mind, but I recall the command from University Unix shell days...04:55
owhCtrl-A Ctrl-D = detatch, Ctrl-A Ctrl-C = create, Ctrl-A Ctrl-N = next.04:56
owhHave fun.04:56
JaxxMaxxsounds like orphaned processes to me.... =]04:57
jetoledoes anyone know what the ubuntu developer channel is?05:03
ScottKlamont: Here's a reminder about Bug #207526.  I don't think we want to skip fixing this one before the release.05:04
JaxxMaxx is it -devel   or -development ?05:04
JaxxMaxxwhat command do I use to display what a symlink points at?   trying to find where stuff in init.d  is pointing05:05
jetolels -l symlink05:05
jetolels -l /dir will show long for all files including where symlinks point05:06
JaxxMaxxis green a symlink?05:06
jetolesym links are light blue05:07
jetoleif a file has x in it's permissions then it will be green05:07
JaxxMaxxHmm.  Then Ubuntu packages put the executables into the init.d  dir?05:07
jetolethey should be05:07
JaxxMaxxhow do I tell what folder the conf files are in?05:07
jetolethese are standard linux details05:08
jetole/etc/init.d is scripts that run when your computer starts05:08
JaxxMaxxSorry for being such a fresh n00b .  =]05:08
JaxxMaxxmost I've done with Linux before is a Smoothwall Express box05:08
jetolehowever they do not run if they are in that directory but /etc/rc2.d like folders will link to them05:08
jetoleI have never used it05:09
jetole"You call that a firewall? This is a bloody firewall"05:09
* jetole points to custom iptables from hell05:09
JaxxMaxxI don't have the time for custom iptables =]05:10
jetoleyes you do, you just don't know how05:10
JaxxMaxxI used to05:10
JaxxMaxxway back05:10
jetoleit is not a slow process when you know how to use it05:10
JaxxMaxxbut work wasn't eating up the time back then.05:10
jetoleI can configure it quicker with iptables then any gui05:11
JaxxMaxxToo many simple boxes you can drop in for firewall duty.  You never truely know how they work exactly, but the bosses believe they do the job05:11
jetoleand gui's lack features05:11
jetolewell security is my job05:11
JaxxMaxxI'm not lucky to be so focused.05:12
themimei installed ubunutu-server on my laptop because it only has 128MB ram and i wasnted a very basic install.  i installed fluxbox on top of it, and now i want to run a network manager that supposedly comes with ubuntu-desktop.  i thought i might have already apt-get'd it, is there a command i can use to run it to see?05:12
JaxxMaxxcurrent boogeyman is a Ubuntu LAMP server hosting FreeRADIUS/DialupAdmin  for a Nomadix captive portal05:12
jetoleI have un used ip on public addresses that are spaced between real ip, if any packet goes to that address then they are blacklisted, if someone port scans a system they are temp blocked, find me a gui that allows me to do that05:12
jetolethemime: apt-get install ubuntu-desktop -y05:13
jetolesudo if need be05:13
themimewhats -y?05:13
themimei don't want ubuntu desktop though05:13
jetolethen why did you just ask for it?05:13
themimesorry, i was referring to network manager05:13
themimecan i run it command line?05:14
jetoleapt-get install -y network-manager05:14
jetoleapt-get install -y network-manager-gnome05:14
JaxxMaxxIs my  mysqld   supposed to be running all the time with --skip-external-locking ?   I fear I changed a conf file trying to reset the 'sa' password05:14
themimejetole: im using fluxbox, will that require a bunch of gnome crap i don't need?05:15
jetolewell, first off there is no 'sa' password05:15
jetolethemime: probably but that is one of the network-manager guis05:15
jetolethe other option is the kde gui05:15
jetoleJaxxMaxx: there is no 'sa' password05:15
JaxxMaxxit doesn't ask for a baseline password when you install MySQL?  probably my root sql login then05:15
themimeis there a non gui version? my question of "how do i run it" was not the install, but to run network manager, cause i think i may have installed it05:15
jetoleJaxxMaxx: no, and you do not need one when you install it but lemme look at my sql05:16
jetoleyes it is supposed to have that option05:16
jetoleI just checked on 3 systems05:17
jetolethe option for password is something like --skip-grant-tables05:17
* jetole looks for sure05:17
jetoleyes, that was the exact option05:17
JaxxMaxxah, right05:18
jetolebut if you install mysqld from apt-get then there is no root password05:18
JaxxMaxxWhere does the Debug Log  end up?  Supposedly there are messages in there useful for troubleshooting05:18
jetoleif you install it from the server then it prompts you, I mean from the CD05:18
jetoleduring OS install05:18
jetolethemime: ubuntu server also has a kernel you don't want, if I were you I would install ubuntu desktop and do an apt-get remove ubuntu-desktop -y05:19
jetoleadd --purge onto the end05:19
jetolethe server system is configured to be a server05:19
jetolethemime: apt-get install linux-image-generic -y && update-grub05:20
jetolethemime: reboot and choose the new kernel05:21
jetoleand then do a apt-get remove linux-image-server && update-grub05:21
JaxxMaxxHere's what may be a silly question:  If something is told to authenticate to MySQL as a specific username, does that username have to exist in the Linux subsystem, or is it specific to the SQL server?05:22
jetolespecific to sql05:22
jetolegrant all privileges on table to 'user'@'host' identified by 'password';05:23
jetoleI think that is the syntax05:23
jetoleand host is optional05:23
jetolehost is also the host of the sql server05:23
JaxxMaxxHmm, maybe I'm not specifying the @host part in this conf file...05:23
jetolethat applies to SQL only05:23
jetoleif host is 'localhost' then they can only connect through localhost etc05:24
JaxxMaxxah, no domain on SQL specific accounts...05:24
jetoleit's possible, login to sql manually and run => select user, host from mysql.user;05:25
jetoleit will tell you what users you have defined and what host is associated with them05:25
jetoleif you want it to be assiciated with any host then change the host to %05:25
jetoleupdate mysql.user set host = '%' where user = 'my_fscking_user';05:26
JaxxMaxxnah, only things on localhost shoudl talk to this MySQL server05:26
JaxxMaxxjust hard to tell if it's actually succeeding.   the web based admin keeps showing SQL DEBUG statements at the top of frames05:26
jetoleJaxxMaxx: yes but localhost is a propername as well which represents so if you tell your app to login to the ip that is not the localhost ip and localhost is defined as the login host then it will fail05:27
jetoleJaxxMaxx: have you tried logging in locally with that user name and password to the ip that you are specifying05:27
JaxxMaxxlike with SSH, or via mysql05:27
jetolemysql user names do not have ssh access, they are not system users05:28
JaxxMaxxI've got the prompt  (never been able to fathom this properly)05:28
jetolemysql root user has not password by default but imagine if ubuntu shipped where anyone could login to ssh as root with no pass05:28
jetolefrom bash => mysql -u user -p database05:29
JaxxMaxxI've set a root pass in MySQL05:29
jetolethat says launch mysql as user for database and prompt for password05:29
jetoleif there is no password then leave -p off05:29
JaxxMaxxyeah, that works, and I can see the tables the scripts imported...05:29
JaxxMaxxnow to make sure freeRadius uses that credentials05:30
jetolewell that is freeradius specific but now you know mysql is setup properly05:31
jetoleyour using sql.conf in the /etc/freeradius directory?05:33
JaxxMaxxhow about restarting one of the init.d  scripts, without rebooting the whole server?  I've just been doing shutdown -r   and waiting05:33
jetole/etc/init.d/script restart05:33
JaxxMaxxI'm guessing so, that's where I've put the credentials05:33
jetoleI have never used the software but I just installed it and am looking it over05:33
JaxxMaxxit's one of the most popular RADIUS servers available05:34
jetoleactually fuck that, I am too tired to look it over05:34
kgoetzjetole: better watch the language - ubuntu channel05:34
jetoleactually fsck that, I am too tired to look it over05:35
JaxxMaxxHeh.  Usage of Linux should allow for the occaisional invective.05:35
jetoleJaxxMaxx: http://ubuntuforums.org/showthread.php?t=15178105:35
JaxxMaxxYeah, I've been "looking it over" for around a week now, starting to get tired myself05:36
* kgoetz hates freeradius auth setups05:37
jetolenothing on linux is impossible, somethings just take a lot of determination but feel good when they are done and offer more options then commercial apps on graphical smiley operating systems05:37
kgoetzi doubt setting up radius is easy on any OS tbh05:37
jetoleplus graphical smiley operating systems got there a$$es owned this year at CanSecWest / Pwn 2 Own05:38
jetoleI have never done it05:38
kgoetzi have. its a pita :)05:38
jetoleI honestly am not sure what radius offers, I know it is a central point of authentication, is that about it?05:39
JaxxMaxxHuzzah for replacing servers other people configured!05:39
jetoleJaxxMaxx: my life revolves around that to a degree05:39
JaxxMaxxvirtually every appliance box  security thingy can base off RADIUS authentication05:39
kgoetzjetole: it provides basic acouting and authentication05:39
JaxxMaxxlots of ISPs use it for PPPoE accounts05:39
JaxxMaxxyeah, the accounting side is the big one05:39
kgoetzbasic is a key word ;)05:39
jetoleso what do you need it for JaxxMaxx05:40
JaxxMaxxI need to make a user-friendly interface for adding usernames to a Captive Portal device (Nomadix)05:40
JaxxMaxxauthenticates people on a Customer access WLAN05:40
jetolelike wifi for mcdonalds?05:40
JaxxMaxxcurrently there's an old linux install on a Dell box providing FreeRADIUS already05:40
JaxxMaxxlarger scale, but yeah.05:41
* jetole nods05:41
JaxxMaxxit's a Convention venue, wireless access for exhibitors and other customers05:41
jetolewhats wrong with the dell box?05:41
JaxxMaxxit's getting old, fear of hardware failure05:41
JaxxMaxxit's an old Dimension desktop05:41
kgoetzis it server or pc?05:41
JaxxMaxxnow they have a "proper" pizza box server05:41
kgoetzoh, pc *heh*. ugly05:41
JaxxMaxxand I'm attempting to recreate05:41
JaxxMaxxwith moresupport for accounting and tracking05:42
jetoleI have a bunch of those in my office but they are used as desktops05:42
JaxxMaxxhence the MySQL integration05:42
JaxxMaxxyeah, the previous linux guy here was...   odd05:42
jetolewe just installed 3 new dell poweredge 2950's in a data center05:42
jetolethose are nice05:42
jetolewith one huge fscking flaw05:42
JaxxMaxx"Let's throw an essential service on this POS dell desktop"05:42
jetoledell DRAC which is sold on them from the dell.com/linux site isn't linux compatible05:42
JaxxMaxxBuy Dell servers WITHOUT OS PRELOADED.    Golden Lesson.05:43
jetoleit's barely windows compatible to be honest and the DRAC is honestly a joke in both my opinion and generally in the public05:43
kgoetz*always* buy servers clean05:43
jetoleJaxxMaxx: DRAC is a client access device05:43
jetoleOS preload is irrelavent05:43
JaxxMaxxDRAC?  that some sort of remote admin card?05:44
JaxxMaxxDell Remote Admin Card05:44
JaxxMaxxme so smarty05:44
jetolewhich reminds me, speaking of DRAC, anyone know of a device that I can install on the server that will give me IP KVM that allows me to access bios etc and gives me virtual media so that a CD in my drive at my office appears present in the server in the data center?05:45
jetoleJaxxMaxx: no but it claims to be05:45
jetoleit's an over priced managed PDU05:45
JaxxMaxxgenerally those have to be vendor specific, jetole05:45
JaxxMaxxI like the IBM and HP ones05:45
jetoleJaxxMaxx: they shouldn05:45
jetolet be05:45
JaxxMaxxAnd in a perfect world they wouldn't.05:46
kgoetzopen firmware + alom \o/05:46
JaxxMaxxbut, they do have to interface with teh BIOS, so that is all super sekret tech05:46
jetoleit is something that can be done generically in principal, I mean the bios over kvm can be done with a device that appears as a video card to the server, there are usb cdroms and pci drive adapters so if the card manages the over the internet part it is fine05:47
jetolethe remote reboot capability can be done through a managed PDU05:47
jetoleJaxxMaxx: no it isn't05:47
jetolecan IP KVM cards not do that already?05:47
jetoleI mean there is nothing secret about it05:48
JaxxMaxxThere may be PCI based IP KVM cards, but I'm not familiar with generic ones...  only specific addons from the server vendor05:48
jetoleyou're emulating a screen, keyboard and mouse, bios doesn't have to know what it is connected to05:48
jetoleJaxxMaxx: they are out there but I have never used one05:48
jetoleit's the virtual media which I thought would be less likely05:49
JaxxMaxxthe one I've used worked well for loading my FLASH drive remote to server, and let me watch screen across a reboot05:49
jetoleJaxxMaxx: thats what DRAC claims05:49
JaxxMaxxsilly RAID error refusing to pass a "push a key" prompt05:49
JaxxMaxxyet DRAC won't load the media into the Linux OS?05:50
JaxxMaxxdoesn't play nice with umount or whatever05:50
jetoleafter hours of tech support and on site dell technicians who didn't get it we finally realized that with a highly tuned windows machine it works some times and techs argues with each other about if linux works05:50
JaxxMaxxMost of the ones I've come across emulate you plugging the device in via USB05:50
jetolethis one is supposed to do that also05:51
jetoleDRAC 505:51
jetoleworst case scenario, if the server fails then I am driving to downtown miami to fix it05:51
JaxxMaxxI don't do Dell that much, honestly.05:51
jetolemy boss was adamant about dell05:51
JaxxMaxxStupid boss.05:51
jetolemy boss is a software guy though05:51
JaxxMaxxHP and IBM both will special bid Dell price on anything not bottom barrel05:51
jetolehe was cautious about buying non dell computer monitors wondering if they would be compatable05:52
JaxxMaxxif you've got a good VAR05:52
JaxxMaxxHmmm.  Sounds like your boss needs some reprogramming.  I'll fetch the BOFH cattle prod05:52
jetoleyeah well, my boss is a good programmer but doesn't know shit about hardware05:52
JaxxMaxxFind out who in the area does the Onsite server hardware calls for IBM and/or HP.  they'll get you good pricing, they want to get in instead of Dell05:53
jetoleJaxxMaxx: we already have the dell servers on site and live05:53
JaxxMaxxI'm lucky enough to work for the company that does it in my City.  =]05:53
JaxxMaxxyeah, I feel your pain.05:53
kgoetzsun > ibm > hp > * > dell05:53
JaxxMaxxTell Dell to fix their crappy remote admin cards05:54
jetolehonestly if I can find a good card I may be happy, the dell computers do kick but otherwise05:54
JaxxMaxxtbh, that would be interesting.  Addon PCIe card that replaces video controller with a passthru to IP KVM instead of video device...05:55
jetolethat looks decent except for windows05:55
jetolebut they mention virtual media05:56
jetoleJaxxMaxx: http://en.wikipedia.org/wiki/KVM_switch  <== browse down to the kvm over ip section06:00
JaxxMaxxThey are very handy devices.06:01
jetoleseems like if I can find a DRAC like one that works, likes linux and is hardware indifferent06:02
jetolelol @ http://okvm.sourceforge.net/links.html06:03
jetolesee if you can spot iy06:03
JaxxMaxxHeh.  realy Open Source, build your own PCI interface card06:04
jetoleI was actually refering to rdesktop x206:04
JaxxMaxxoh, heh.  hurray for volunteer proofed pages06:05
JaxxMaxxugh, blargh,  why are DEBUG statements showing up in the PHP based pages for dialupadmin06:08
jetoleprobably because it is enabled somewhere06:08
JaxxMaxxwould that be a SQL or apache thing?06:10
JaxxMaxxI can't find the debug statements anywhere else06:10
jetoleit would be a dialupadmin thing06:11
jetoleit would be in a configuration file somewhere that the dialupadmin php parses and when it sees display sql debug then display sql debug06:11
JaxxMaxxnow to stop the debug statements...06:13
JaxxMaxxewwww, it might be  because DialupAdmin was written with PHP4 in mind, and now everything is PHP506:14
jetolethats not a good feature but doesn't explain the debug statements, there is a config file somewhere that has them enabled06:15
jetolei am going to bed06:15
JaxxMaxxgood night06:16
JaxxMaxxstupid other packages depending on php5, and php5 breaking when I install PHP406:17
rhineheart_mhello.. is this article true? http://article.gmane.org/gmane.comp.version-control.git/7861306:30
=== \sh_away is now known as \sh
spiekeyCan you bind netcat to multiple ports?07:57
_rubenspiekey: dont think so, but you could run netcat multiple times08:07
spiekey_ruben: hmm..okay ;)08:37
spiekeyhas someone an idea whats going on here? http://pastebin.ca/96584508:38
spiekeyit doesnt make sense to me at all :-/08:38
sorenspiekey: Hm... Looks like fun :)08:51
sorenspiekey: Oh, I know.08:51
sorenspiekey: It doesn't respond to ping, so nmap skips it.08:52
sorenTo change this behaviour pass -PN (used to be -P0 (and you put -PO, not -P0)).08:52
twbHi.  I just tried to set up user quotas on a test machine (on the / filesystem, because I forgot to create a separate /home), and the quota command is listing values that are clearly wrong.  / is mounted -o usrquota according to /proc/mounts and /aquota.user exists, but "quota al" claims I have only twelve thousand (12340) blocks used when du -sch /home/al clearly reports 700MB of usage, all owned by al.08:58
twbSo, the quota file was generated correctly by checkquota (as part of /etc/init.d/quota), but it hasn't being correctly updated -- which is why quotas aren't enforced.  What can I do to isolate the fault?08:59
twbProbably unimportant details: the server is running hardy, and the users in question exist in LDAP (getent passwd, i.e. nss, can see them) and Kerberos (they can log in, i.e. pam_krb5 can see them).  /home is exported by NFS 3 and /export and /export/home are exported by NFSv4.  /home is -o bind mounted to /export/home.09:02
spiekeysoren: i used 0 as in zero.09:06
spiekeysoren: -sT seems to solve it.09:07
sorenspiekey: Oh, so you did. The font on pastebin misled me.09:15
twbIt mysteriously started working.09:16
spiekeysoren: when i open the port 1234 with netcat: nc -l -p 1234 -u -k   and i scan this port with nmap my netcat dies.09:27
spiekeyhttp://www.networksecurityarchive.org/html/Security-Basics/2008-02/msg00354.html --> they confirm my option flags09:28
spiekeyany idea why netcat dies?09:28
spiekeythis is on gutsy09:30
twbspiekey: dumb question: is it because nmap opens the connection, then hangs up?09:32
twbnetcat will exit when the other end hangs up.09:32
spiekey but i want nc to stay alive :)09:33
sorenspiekey: netcat only handles one connection.09:35
sorenspiekey: And then dies.09:35
spiekeythis sucks :D09:35
spiekeyhow would i then e able to test a udp connection with nmap and netcat?09:36
sorenwhile true; do netcat ; done09:37
spiekeyah! :)09:38
spiekeyokay, lets assumei want to open up 20 udp ports with nectat...all with 200 while loops...how will i be able to kill them all afterwards?09:39
fromportkillall nc09:43
spiekeyfromport: nc is running in a loop09:45
spiekeywhile true;do nc...;done09:45
sorenKill the shell that's running the loop.09:46
_rubenspiekey: why not use smth like xinetd to do the listening?09:48
* faulkes- makes a mental note to have the ubuntu forum team killed12:45
* kgoetz wonders what faulkes- is plotting12:46
faulkes-I appreciate that it's april fools but what they've done deserves nothing less than death12:46
kgoetzah... i wont look12:46
faulkes-best not12:46
sorenOh, dear.12:54
faulkes-soren: git my scattergun, I'ma goin huntin forumpossums13:12
zulhmm...I seem to have a deer in the backyard of my house how odd13:15
sorenEr... what?13:15
zula deer like bambi13:19
faulkes-zul: used to see that all the time when I lived in boulder, co13:22
zulfaulkes-: yeah but this in the middle of the city, kind of13:22
faulkes-very odd the first time you see it if you're used to living in the city13:22
faulkes-zul: well, no choice, get out the steak knives, start preparing lunch13:23
JaxxMaxxcan't believe anything you hear on 4/113:35
troofyif i dont have dns control, hurdles will i face in my .com?14:03
=== TeTeT_ is now known as TeTeT
troofyi wana have a .com14:09
troofysome dont give full dns control. right?14:10
sorenThat doesn't mean anything.14:10
sorenWEll, that's not entirely true. It's wildly ambiguous, though.14:10
sorenYou want to buy a .com domain? Is that it?14:10
JaxxMaxxAll the good domain hosts will let you have control over the full DNS zone14:11
troofysoren someone said go for provider that gives good dns control14:11
* soren is curious what this has to do with Ubuntu14:12
sorentroofy: WEll, yeah, some sort of dns control would be useful :)14:12
troofyubuntu server can be used to have websites hosted with apache14:12
sorentroofy: I all depends on what you're going to use the domain for.14:12
troofysoren what is this 'some sort' ?14:12
sorentroofy: It all depends on what you're going to use the domain for.14:13
Deepsgodaddy.com, coupon code OYH3, $6.95 .com domain14:13
troofysoren domain will be used as email server, web server, ircd server.14:13
Deepsafaik thats the cheapest you can get14:13
Deeps(as an individual)14:13
troofyDeeps goddady can close my websites? for spamming?14:14
sorenOwning a domain is useless if you have no control over it, and what you want to do is almost the simplest thing in the world (from dns management perspective).14:14
Deepsif you're planning on spamming, you're better off going elsewhere14:14
Deepsie, ask irc.spam.net in #spam14:14
sorenI'd be surprised if someone offers a dns service that so amputated that you can't even set up a web and mail server.14:14
Deepsand not in here14:14
troofyhow are domains shutdown. for what reasons?14:15
sorenIf they suck too much.14:15
Deepstroofy: ask the registrar14:15
Deepstroofy: nothing to do with ubuntu14:15
sorentroofy: Dude.. This channel is about Ubuntu server.14:15
troofy.coms have high link with servers. and i like ubuntu:)14:15
sorenI like liquorice. That doesn't make Ubuntu server on-topic in #liquorice, either.14:16
troofycan any one tell me off the record?14:16
Deepsask the registrars, nothing to do with us14:16
troofygodday say it can shutdown for no reason atall14:17
sorentroofy: Dude. Go somewhere else.14:17
Deepstroofy: http://www.icann.org/registrars/accredited-list.html go through that list14:18
Deepsthose are allk the people that'll sell you domains14:18
Deepshave a nice day now :)14:18
troofyi wil :)14:18
Deepsgood bye! :)14:18
troofyDeeps arent you out yet?14:19
=== jp_ is now known as josephpiche
_rubensweet .. will be getting a test san tomorow or the day after .. an equalogic one .. they're giving a seminar nearby and will be dropping one off here so we can play with it for a while15:21
henkjan"Hardy will be delayed by 3 months"15:22
henkjanfrom #ubuntu+115:22
_rubenso it'll be 8.07 then i guess?15:23
=== \sh is now known as \sh_away
travisbI set log_errors = On and error_log =/filename in php5 and it's not logging anything to that file.16:34
ivoksrestart apache16:35
travisbI did16:35
travisbstill nothing16:35
travisbapache logs correctly16:36
sorentravisb: I suspect /filename is not the real path?16:36
ivokstravisb: try with /tmp/somefile16:37
jetoleholy hell16:37
ivokswww-data can't write into /16:37
sorenjetole: ?16:37
jetoleuserfriendly.org is down, damn april fools joke I hope16:37
travisbcorect it's file /var/log/php.log and www-data owns it16:38
ivoksjetole: we had this as index page on ubuntu-hr.org: http://ubuntu-hr.org/jebemti.html16:38
ivoksjetole: total panic :D16:38
bdmurraysoren: somebody mentioned bug 207526 to me16:38
ubotuLaunchpad bug 207526 in postfix "default main.cf.tls causes syslog warnings" [Medium,Confirmed] https://launchpad.net/bugs/20752616:38
jetolehuh, well since I have never been to the site before I would not be too worried, but uf.org?16:39
lamontbdmurray: meh16:39
=== \sh_away is now known as \sh
jetolefsck me! I can't go to work without reading a little sys admin comics and so far I have only seen dilbert, thats like a half dose dude16:40
lamontbdmurray: I'll figure out something with it today (and no, changing /var/spool/postfix into a postfix-owned dir is probably not the right answer...16:40
bdmurraylamont: okay, thanks!16:40
=== ivoks_ is now known as ivoks
jetoleuf.org is more like 3/4 of what a sysadmin needs daily and now it's gone?16:40
=== \sh is now known as \sh_away
nxvlhow is that i get a security update uploaded into the stable releases17:09
nxvlusing the SRU procesure?17:09
mathiaznxvl: if it's a security update, you shouldn't follow the SRU process17:29
mathiaznxvl: IIRC keescook or jdstrand will sponsor your debdiff17:30
jdstrandnxvl: hi.  what is the bug number?17:30
nxvljdstrand: Bug #21017517:58
ubotuLaunchpad bug 210175 in openssh "[openssh] [CVE-2008-1483] allows local users to hijack forwarded X connections" [Undecided,Confirmed] https://launchpad.net/bugs/21017517:58
jdstrandnxvl: thanks17:59
nxvldoes anyone know something about this -> http://blog.drinsama.de/erich/en/linux/debian/2008040101-renaming-directories18:29
mindframe-nxvl, oh jeez18:35
mindframe-i can't say i'm a fan of that change18:35
mindframe-probably better for usability purposes though18:35
nxvlwell, for the users it will be better, but for sysadmins it will be hell18:37
mindframe-why not just do symlinks18:38
nxvlwell. it will be easier for sysadmins to do some symlinks than for users18:43
nxvlso they don't have this directories they don't know what they are18:43
=== joerlend_ is now known as XiXaQ
henkjaninstalling hardy in kvm19:51
akincerI've been bashing my head against a wall with bind9 for about an hour and I'm pretty sure apparmor is my problem. Can anybody here give some quick pointers on how to address an issue with apparmor?20:24
akincerOk, so how do I configure apparmor to let named access zone files in /etc/bind/zones?20:27
akincerI could lament how dumb THAT is, but I'll refrain since I hope there is an easy fix20:28
mindframe-akincer, maradns to the rescue20:41
mindframe-just spamming my preference of dns server, sorry20:41
akincermore like /etc/init.d/apparmor stop to the rescue20:41
mindframe-maybe set it to 'learning' mode for a bit20:42
akincerI'm sure it's great, but not letting bind read zone files treads on absurdity20:42
akincerAs soon as someone explains that one to me and how to fix it, I'll think more highly of it. Until then, I consider it a nuisance to be turned off20:44
akinceror point me to some documentation20:44
akincerGoogling apparmor ubuntu bind9 doesn't bring up anything promising20:46
akincerAhh, how cute. Found this in /etc/apparmor.d/usr.sbin.named: # Dynamic updates needs zone and journal files rw. We just allow rw for all in /etc/bind, and let DAC handle the rest20:49
akincerSorry, this gets a big FAIL20:50
akincerI'll fix it since DAC seems to be failing all on its own20:50
jdstrandakincer: where are you storing your zone files?20:51
akincerin /etc/bind/zones but not to worry. Adding /etc/bind/zones/* rw, in the usr.sbin.named fixed it20:52
* jdstrand nods20:52
akincerI shouldn't HAVE to do that20:52
Deepsi suspect apparmor might have expected your zone files to be in /var/cache/bind/20:52
jdstrandapparmor is configured for /etc/bind and /var/lib/bind20:53
Deeps(which is the default behaviour on ubuntu systems)20:53
akincerNone of the how-tos out there use that convention20:53
jdstrandDeeps: it's /var/lib/bind20:53
Deepsjdstrand: my ubuntu 7.10 box says differently20:54
slangasekthere's no /var/cache/bind used for slave zones?20:54
jdstrandit's /var/lib/bind on hardy for sure20:54
Deepsdirectory "/var/cache/bind";20:54
Deepsby default20:54
Deepson gutsy20:54
jdstrandwhich is what I assumed we were talking about, since hardy is the first release with an enforcing profile20:55
Deepsand on debian etch20:55
slangasekjdstrand: that's, mmm, wrong then :)  slave zones are cache data, and should be stored in a separate dir20:55
jdstrandslangasek: talk to lamont-- I didn't do it ;)20:55
jdstrandlet me check /etc/bind/named.conf.options...20:55
lamont /var/cache/bind is for slave zones20:56
lamont /var/lib/bind is for zones that you have nsupdate hitting20:56
lamont /etc/bind/ is for zones that you master20:56
slangasekso the proper apparmor policy is to allow both20:56
jdstrandslangasek: and it does20:56
Deepsi guess all my zone are in the wrong place then, as all i do for my zones is file "zone", no extra pathing20:56
lamontrealistically, named should not need write access to /etc/bind20:56
Deeps(which dumps them all in /var/cache/bind)20:57
Deeps(whoops? heh)20:58
* jdstrand nods, but acquiesed in the knowledge that some people configure it that way20:58
* lamont points at "Configuration Schema" in /usr/share/doc/bind9/README.Debian.gz20:58
lamontthere  are also people who put everything in /var/lib/bind, and I mean everything20:58
akincerthere doesn't seem to be any good docs on wiki.ubuntu.com for this20:59
* Deeps learns more20:59
akincerThat's what I followed20:59
akincerIt seems to me extremely unwise to put an enforcement mechanism on the server edition without some documentation on what basic assumptions it makes.21:00
akincerAnd I think that is being generous when I say that21:01
lamontakincer: I wasn't consulted before they uploaded the apparmor crack21:01
lamonter, stuff21:01
sergevnis there an opensource alternative for DirectAdmin?21:02
akincerI gotcha. Somewhere someone made some assumptions and those assumptions haven't, so far as I can tell, been documented. I had to look in a config file to find out? VERY bad form21:02
lamontakincer: actually, they follow the documentation in README.Debian.gz21:03
jdstrandakincer: it is documented that apparmor is in enforcing mode in README.Debian21:03
Deepsis there a way to read the README.Debian without having to gunzip it first?21:04
Deeps(as typically it comes .gz)21:04
jdstrandakincer: I am not 100%, but I believe it's in the server guide too21:04
* lamont uses "vi" (== vim) 21:04
Deepsvi can gunzip on the fly?21:04
Deepswell, vim21:04
jdstrandakincer: and we have https://wiki.ubuntu.com/DebuggingApparmor for debugging profile bugs21:05
jdstrandakincer: which you hit-- that lin in usr.sbin.named should be /etc/bind/** rw,21:05
akincer       Now use an existing zone file as a template to create the /etc/bind/db.example.com file:21:06
akincersudo cp /etc/bind/db.local /etc/bind/db.example.com21:06
akincerbut the read/write isn't recursive? Does that REALLY make sense?21:07
jdstrandlamont: can you change the apparmor profile to have '/etc/bind/** rw,' instead of '/etc/bind/* rw,' when you upload -921:07
incorrecthello, sorry to go on about this again, but does anyone know of any comparisons between running 32bit apps on 64bit platform vs running them on a native 32bit21:07
jdstrandakincer: it doesn't make sense.  it's a bug21:07
lamont-  /etc/bind/* rw,21:08
lamont+  /etc/bind/** rw,21:08
lamontlike so?21:08
incorrecti am pretty convinced that running 32bit apps on 64bit platforms is a waste of time21:08
jdstrandlamont: that'll fix akincer's issue21:08
lamontincorrect: it depends on the app, I rather expect21:08
jdstrandlamont: do you think it would be worthwhile to do the same for /var/cache/bind and /var/lib/bind?21:09
jdstrandlamont: in thinking about it, I do21:09
lamontyeah, it does21:09
jdstrandlamont: can you do that as well?21:09
lamontsed -i 's/\*/**/' :-)21:09
jdstrandlamont: thanks!21:09
incorrecti expect taking the 32bit emulation down to the silicone should be a lot faster than using lib3221:10
slangasekreally would be better if it could be /etc/bind/** r, /var/lib/bind/** rw...21:10
akincerAre there plans to write up a tutorial on apparmor if one doesn't already exist?21:11
slangaseka bit less protection if your daemon is allowed to overwrite its own config files, which is what /etc/bind is supposed to be21:11
jdstrandslangasek: I agree, but to not break people's configurations who are doing the wrong thing there, we did 'rw'.21:11
lamontslangasek: I could make it read only for /etc/bind... it'd break more than one common-but-well, wrong installation class though21:11
jdstrandslangasek: remember that apparmor respects unix perms, so the default install is still ok21:11
lamontthese are the same people who scream every upgrade because postinst makes  /etc/bind 644 root:bind :-)21:11
akincerI'd be happy to stop doing the wrong things there. But I think this should be documented unambiguously. So far, I'm unconvinced that it is.21:12
slangasekheh :)21:12
slangasekakincer: in a sense, this is documented in the FHS; but I agree that this could be made a bit more explicit21:12
lamontjdstrand: likewise, I'm not terribly averse to putting a comment above the '/etc/bind/** r' entry that points to README.Debian.gz :-)21:12
Deepsif /etc/bind is supposed to be read only by named, and also where you're supposed to keep your master zone files, where do you keep your dynamic zone files? /var/lib/bind?21:13
jdstrandlamont: that would be most welcome21:13
slangasekDeeps: yes21:13
Deepsdynamic zones that you're master for*21:13
akincerslangasek: I'm a documentation nazi. To me, it's binary. Either something is documented unambiguously or it isn't.21:13
lamontslangasek: yeah - the series of bugs that eventually led to /etc, /var/cache, and then /var/lib are siting FHS21:13
jdstrandslangasek: if the release manager says go for 'r' on /etc/bind, I'm cool with it-- but there will be bugs on it21:13
lamontjdstrand: was that a +1 for making /etc/bind "r"??21:13
lamontor just the comment?21:13
jdstrandlamont: I always wanted it to be 'r', but was trying not to break that common misconfiguration21:14
jdstrandlamont: it a 'correct' vs 'pragmatic' kinda thing21:14
slangasekjdstrand: hey now, I'm not speaking as release manager when I say that. :)21:15
* lamont looks at one bind9 instance he cares about, and finds: include "/var/lib/........conf";21:15
lamontso that one breaks in any case./21:15
jdstrandlamont: the '**' wouldn't fix it? It's not in /var/lib/bind/...21:15
lamontDeeps: dynamic master zones ==> /var/lib/bind21:16
lamontit's /var/lib/$somewhereelse21:16
jdstrandlamont: ah-- well yes. we have also talked about have a comment in the config files about non-default locations21:17
lamontmy stuff uses /etc/bind/pri for primary zones21:17
slangasekakincer: the FHS unambiguously documents what the heirarchy is supposed to be for files, and Debian policy references the FHS, and Ubuntu references Debian policy... so it's not ambiguous, it's just not self-evident :-)21:17
akincerHow about sticking a README in /etc/bind with some clarity so hopefully someone like me would read it21:17
jdstrandeg, my.cnf now has a warning in it about needing to change usr.sbin.mysqld if the default patchs are changed21:17
jdstrandakincer: docs are https://help.ubuntu.com/community/AppArmor21:18
akincerLOL, perhaps unambiguous isn't the word I'm looking for . . .21:18
jdstrandakincer: https://wiki.ubuntu.com/DebuggingApparmor21:18
lamont  # Dynamic updates needs zone and journal files rw, use /var/lib/bind21:18
lamont  # /etc/bind should be read-only for bind21:18
lamont  # See /usr/share/doc/bind9/README.Debian.gz21:18
lamont  /etc/bind/** r,21:18
lamont  /var/lib/bind/** rw,21:18
lamontjdstrand: how's that look?21:18
jdstrandakincer: that is not inreference to your README suggestion21:18
jdstrandlamont: what about /var/lib/cache?21:18
lamontakincer: I'm pretty sure that READMEs don't go in /etc21:18
lamont  /var/cache/bind/** rw,21:19
lamontah, yeah.  in the comment21:19
lamont  # /var/cache/bind is for slave/stub data, since we're not the origin of it.21:19
lamont  # /etc/bind should be read-only for bind21:20
lamont  # /var/lib/bind is for dynamically updated zone (and journal) files.21:20
lamont  # /var/cache/bind is for slave/stub data, since we're not the origin of it.21:20
lamont  # See /usr/share/doc/bind9/README.Debian.gz21:20
lamontand moved /var/cache/bind up as well21:20
lamontakincer: and I really don't want to modify named.conf* unless I have to, since they're almost always modified by the admin, and it's sad to make the upgrade prompt them for the diff21:20
jdstrandlamont: those comments are in the apparmor profile?21:20
akincerHey, it was me that used a howto on ubuntuforums21:21
lamontis the (uncommitted) file21:21
jdstrandI like them and your changes to the profile (though I still think 'r' might get us in trouble-- but upgrades are covered properly in postinst, so probably not too bad)21:21
lamontjdstrand: if I upload today, we should hear about it this week, yes? :-D21:22
jdstrandlamont: looks great21:22
akincerInterestingly, had the rw been recursive, I wouldn't have had the problem to begin with naughtiness of me putting zones in /etc/bind/zones aside21:22
* lamont has had mixed results with ubuntuforums howtos....21:22
jdstrandlamont: do you have an opinion on putting a comment in the non-apparmor config files?21:23
akincerThat's the first time I've had a failure. But to be fair, it would have worked had apparmor not gotten in the way21:23
lamontjdstrand: <lamont> akincer: and I really don't want to modify named.conf* unless I have to, since they're almost always modified by the admin, and it's sad to make the upgrade prompt them for the diff21:23
lamontOTOH, dapper smacked them around in an upgrade, iirc21:24
akincerI am not suggesting you do so21:24
lamont-security upgarde21:24
lamontso y'all already made it painful for some upgrades... thanks. :-P21:24
* jdstrand doesn't recall that21:24
slangasekakincer: "would have worked", but it was still recommending usage that was contrary to the FHS :/21:24
akincerThere are times (like today) that your first concern is to get it working. Then you go back and nice it up21:25
slangasekso it was only a matter of time before the advice in that howto was brought up short by reality21:25
jdstrandlamont: I haven't looked at it's conffile/config file handling-- I was mostly concerned about a new install there21:25
lamontjdstrand: IIRC, query-cache crappage that I was ignoring since the defualt changed in-source in 9.421:25
jdstrandlamont: if that's too hard, no problem21:25
slangasek(e.g., storing nsupdate zones in /etc/bind will also fail for users who have read-only root filesystems)21:26
akincerAnd yes, I could have used 7.10 server, but I would have to upgrade soon anyway21:26
akincerfigured I'd save some time21:26
lamontslangasek: that howto doesn't actually do anything wrong that I saw... other than totally not mentioning dynamic updates and what to do with the zone file21:26
slangaseklamont: ah, fair enough21:26
lamontand if a package delivers a README.Debian file, it's _always_ a good idea to read that file...21:27
lamontif for no other reason than to find out what crack the maintainer is on21:27
lamontwhich reminds me... did we ever decide if it was just dund or all 3 that I'm adding back into bluez-utils?21:28
slangasekI think just dund :)21:29
lamontstevenK disclaimed knowledge on the subject21:29
slangasekwould be nice to get Marcel's input21:29
lamontslangasek: sounds good to me21:29
lamontMarcel == debian maint?21:29
slangasekMarcel == upstream21:29
slangasekdebian maint just introduces gratuitous deltas to the Ubuntu packaging, I don't think he'll have any relevant input ;)21:30
lamontok.  I'll turn on dund and fire email at upstream then. :-)21:30
slangasek(Marcel was at UDS Boston; dunno if he's coming again to Prague)21:30
lamontslangasek: I'm gonna not be in Prague either21:44
slangaseklamont: aww21:48
MountainX I need to know what will happen when I change a Group's ID. I want to change my admin GID from 114 to 113. There is another group with ID 113 at the moment. So, how do I proceed? (This is part of setting up an NFS server...)21:55
mok0MountainX: you need to move the other users to a different group first22:03
MountainXthere are no users in GID 113 (name=adm). So if I change admin group to GID 113, then can I change adm group to GID 114 in a second step?22:05
MountainXis there a howto for manually syncing passwd and group files?22:05
MountainXon #ubuntu they recommended I just try it and see what happens. I would rather read up on the details first however ;)22:06
mok0MountainX: then it doesn't matter, go ahead and change it. No howto afaik22:06
MountainXmok0 - thx22:06
kirklandMountainX: are you going to use groupmod to do it?22:06
mok0MountainX: It's really no big deal... only edit the /etc/passwd file22:07
kirklandMountainX: or were you planning on editing /etc/* ?22:07
kirklandMountainX: man groupmod22:08
MountainXI have no idea how to do this. My goal is to have all GIDs and UIDs sync'd up on my half dozen computers. (I'm setting up NFS.) I will do the best way that is recommended. I had planned on editing /etc/*22:08
mok0MountainX: that's fine22:08
kirklandMountainX: I'd probalby use NIS22:08
MountainXIf I edit passwd and make a version that I like (say with admin GID = 113) can I just copy that to all the other computers without wreaking havok?22:09
kirklandMountainX: are all of the machines going to have identical groups?22:09
mok0kirkland: if you use nis, you have to be aware that it doesn't serve uids < 1000 afair22:09
MountainXOnce I do this step, I think I'll tackle OpenLDAP next. But I want to sync everything up first so all users have same UID on all machines. And I want the same for groups. SO yes, I will set up the same groups on each machine I think.22:10
kirklandMountainX: if you have different distributions (fedora, ubuntu, etc), or even different versions of the same distribution (edge, hardy), or even different packages installed on different machines with the same distribution, you might have issues22:10
mok0MountainX: how many users?22:10
MountainXI have some Gutsy and some Hardy atm. And I'm looking for a simple solution to get NFS working. I have about half a dozen users and about the same number of computers. It is a home office. (We have more computers than cars ;)22:11
mathiazMountainX: I'd suggest to use ldap to centrally manage your uid and gid22:12
mok0MountainX: just create a passwd and a group file and copy them to all of the workstations22:12
mathiazMountainX: mok0 suggestion ^^ is also worth a try if you want something working now22:13
MountainXOK. I will do both :)22:13
MountainXI will organize my users first and copy a consistent passwd file to all computers. Then I will try LDAP next.22:13
mok0MountainX: get it to work first, then worry about ldap later22:13
mathiazMountainX: once you have ldap running you won't need the passwd and group file synchronization22:13
kirklandMountainX: do you care about system users, or only real human users?22:14
mok0right, at that point you need to remove the changes to /etc/passwd and /etc/group22:14
MountainXI want my admin account to have the same GID on all machines and I want my real human users to each have the same UID on each machine for starters.22:14
kirklandMountainX: I've done something similar in the past, syncing only users >= 100022:14
mok0In Ubuntu the paradigm is that the first user belongs to the admin group, and can do sudo (sudo -i)22:14
mok0kirkland: yes UID >= 1000 must be adhered to, otherwise a lot of stuff doesn't work for users22:15
mok0for example users don't have access to certain devices22:16
kirklandMountainX: that helps if you a situation, such as one workstation running, say MythTV, but that user/group doesn't exist on your main server you're syncing from22:16
kirklandMountainX: you'd erase the mythtv user/group on the clients that have them22:16
kirklandMountainX: use your imagination, replacing mythtv with mysql, postgres, something-more-near-and-dear-to-your-heart22:17
MountainXSo I understand that I can pick one passwd file that I like and edit it a bit (only being concerned about UID >=1000) and then copy it to all clients. I am concerned then about the resulting changes. Will users be able to log in after I copy the new passwd file to the machine?22:18
mok0MountainX: sure.22:18
mok0MountainX: I suggest you make a passwd file just containing the 6 users and append it to each passwd file22:19
mathiazMountainX: hum... Not sure it's a good idea to copy a complete password file around22:19
mathiazMountainX: you may have specific system account created on some computers so that services can run correctly22:19
mathiazMountainX: if you copy the complete password file around you may end up in situation where services are not running anymore22:20
mok0so it's better just to append the "users" part of the passwd file22:20
MountainXok. I will just change the 6 human users (all with UID>=1000). Then I will append to existing passwd on each machine. (And I assume I will delete the pre-existing lines in each passwd file for those 6 users before saving.)22:20
kirklandMountainX: don't overwrite, append22:20
kirklandMountainX: yup, i suggest using grep22:20
mok0MountainX: yes, exactly22:20
MountainXthank you everyone22:21
mok0Good luck MountainX22:21
MountainXand for making the admin group have the same UID on all machines, are there any gotchas?22:21
mok0sounds like fun22:21
mok0MountainX: say you have UID 1000. Then make sure that you belong to group "admin", and put that in /etc/suderes22:22
mok0 /etc/sudoers22:22
mok0It is probably there by default, if it's an Ubuntu system you have22:22
MountainXmy problem is that admin group has GID 110, 113, 114 etc on different machines. I want to make admin GID the same on all machines.22:22
MountainXthe reason I want admin GID to be the same is because of the PITA Windows Service for Unix running on my file server.22:23
mok0admin has 110 on my machines, it appears22:24
MountainXI checked all mind and they range from 110 to 114. I need them to be the same. But I am concerned about gotchas when I change them.22:24
mok0MountainX: it doesn't really matter, as long as user "MountainX" belongs to the appropriate admin group on each machine22:25
MountainXI am finding that it matters for Services for Unix. At the moment I have SFU all set up but I am stumped by permission denied errors so I'm working through that. This effort to make all admin GIDs the same is part of my effort to fix it.22:26
mok0THen I suggest you make gid = 110 on all machines22:27
mok0for group admin22:27
MountainX(My next step would be to remove Windows and install Ubuntu on the file server, but that is about a 1 week job at least. I have a great backup solution running on the Windows box and I don't know enough yet to get the same running under Linux... but thats off topic.)22:28
kirklandrsync ;-)22:28
MountainXI know about rsync, but I have to give myself more than a week to learn it well enough to rely on it.22:29
mok0rsnapshot -- based on rsync but with a layer on top to keep daily snapshots22:29
MountainXso that's why I'm sticking wth the PITA services for unix (I hate it)22:29
mok0MountainX: where does that come from? Never heard of it22:29
MountainXhere's my thread on the difficulties getting the NFS server part working. I still don't have it solved... http://www.interopsystems.com/community/tm.aspx?m=1437922:31
MountainXeeek is right :)22:31
mok0But you have an Ubuntu system?22:31
MountainXall computers except file server run ubuntu (hardy or gutsy)22:32
MountainXfile server will run ubuntu as soon as I learn more22:32
mok0MountainX: normally, you have to export the file systems you want to serve in the file /etc/exports22:33
mok0Perhaps you need something similar on SFU22:33
MountainXso what happens to permissions if I go to a ubuntu computer and change admin GID from 113 to 110? Can I really just make that change without breaking anything? (That is, assuming GID 110 has no users assigned at the time of the change).22:33
rglis there a work arround for running hardy beta inside virtualbox?22:34
mok0MountainX: the only thing that happens has to do with permissions to read/write to directories22:35
mok0so you need to make sure that all files that "belong" to the old gid get owned by the new one22:36
MountainXsay a user has write permissions because they belong to admin group (when GID = 114). Then I change admin group GID to 110. Does that user lose write permissions?22:36
mok0MountainX: yes, but you can change the gid of the file/directory22:36
MountainXmok0 - OK, thanks.22:37
mok0MountainX: I can now see that the admin group has different gid's on my machines, and it doesn't matter22:37
MountainXmok0 - it only matters because my file server is running Windows Services for Unix.22:38
mok0hm, ok.22:38
mok0I guess you can't trust Microsoft to implement anything correctly22:39
MountainXyes, I'm getting that MS software off the file server as soon as I can. But there is a lot to learn in the transition.22:39
Deepswhy not just use samba in the mean time?22:40
MountainXI can't use smbfs or cifs because of the gedit/cifs bug22:41
nxvlMountainX: you don't need tu use smbfs, you can use samba22:42
MountainXwhen I set up fstab, I thought I had to specify either smbfs, cifs, or nfs (I'm not considering sshfs).22:43
nxvlyou can use smbclient on your init22:43
nxvlinstead of smbfs+fstab22:43
mok0That's easy to test22:44
MountainXif smbfs and cifs both have the bug with gedit and similar apps, wouldn't samba have the same problem?22:44
nxvlMountainX: it sound logical, but you never know22:44
nxvlMountainX: samba is an app, smbfs a kernel module22:44
MountainXI'm more than a week into getting NFS to work. I think I'll stick with NFS until I either get it to work or I hit a deadend.22:44
MountainXI suspect smbfs and samba use the same (or very similar) protocol22:45
nxvlyep, but one uses the kernel, the other don't22:45
MountainXand I suspect it will cause the same bug that made me switch to nfs22:45
nxvli can be a bug involving not only smbfs, but the kernel also22:46
MountainXnxvl - thx. Good to know the difference, but I still think either one will have the same gedit problem. The problem is that samba/smbfs when connected to shares on a Windows server don't allow an open file to be moved/renamed.22:46
MountainXtherefore, gedit doesn't work.22:47
nxvlMountainX: well, that can be a gedit bug also, i don't say there isn't that bug with that configurations, just that you don't know :D22:47
MountainXthe gedit/cifs bug has been discussed for two years. I decided to just resolve the problem by moving to nfs.22:48
nxvli will think that the bug in this case22:48
nxvlis windows22:48
nxvlif a microsoft product is involved it is always it's fault22:48
mok0bug #122:48
ubotuLaunchpad bug 1 in ubuntu "Microsoft has a majority market share" [Critical,Confirmed] https://launchpad.net/bugs/122:48
nxvlanyway i don't use gedit22:48
MountainXyeah, I'm doing my part to solve bug #122:48
nxvli'm a shell man22:49
MountainXis there an easy way to replace GID on all files (regardless of location) on the local disks on my server -- for only those files that have MountainX:admin as the owner?22:49
nxvlshell scripting!22:50
mok0find . -uid 113 -print22:50
mok0sudo find / -uid 113 -print22:51
mok0or gid22:51
nxvlls -l | grep MointainX | cut -$(i don't remember :P)22:51
MountainXnxvl - as a newbie I'm in that situation where everything I need to do has a step that leads to something else I don't know how to do ;)22:51
mok0MountainX: then come back here and ask again :-)22:51
nxvlMountainX: it is the best situation22:51
* nxvl loves not to know22:52
mok0hopefully your IRC client still works ;.)22:52
nxvlthat makes you learn new things22:52
* nxvl loves to learn22:52
mok0MountainX: but look at "find" it is a great tool22:52
MountainXyeah, I am having a good time learning Linux. I am never going back to Windows. Although when I get really frustrated, I think about it for a few minutes before I come to my senses22:52
nxvlMountainX: man is your friend22:52
nxvlwhat i'm more grateful about linux is how it has make me an investigation person22:53
nxvland also learn things i have never imagine before22:53
mok0yeah that's true22:54
MountainXwhat I am most grateful for is the sense of freedom of choice and ability to get to the bottom of anything.22:54
nxvlMountainX: if you are going to do sysadmining work, you MUST learn some scripting language, i recomend bash, because is what yu will use more22:54
nxvlMountainX: so, find some bash books and start reading22:54
nxvlwalk before run22:54
MountainXnxvl - OK. I will22:54
nxvlMountainX: getting to the bottom of anything makes you learn and see things you have never imagine there where there22:55
nxvlcan't you use sshfs?22:56
nxvlif all of your clients are linux, and server is linux22:56
mok0hey, sshfs, what's that?22:56
MountainXsshfs I am told is not good for large files. I copy videos, virtual machine images, etc.22:56
nxvlsshfs is easier and safter to use22:56
nxvlMountainX: mounting remote folders via ssh :D it rocks!22:57
nxvlMountainX: well, i haven't try it with large files IIRC, so i can't tell22:57
MountainXnxvl: do you recommend it for files as large as 2 GB? I heard it was slow and prone to errors on large files.22:57
nxvlMountainX: but for quick things it rocks22:58
nxvlmok0: is like scp, but as a fs or something like that22:58
kirklandsshfs has high cpu overhead on both client and server, due to encryption of *everything*22:59
nxvlMountainX: also, why is that you need gedit that hard?22:59
mok0kirkland: well that's ssh22:59
nxvlkirkland: encryptation of everything rocks!22:59
nxvlkirkland: you are talking to a man that tunnels everything via ssh, so i don't really matter :P23:00
kirklandnxvl: :-)23:00
MountainXthis wasn't supposed to be hard when I started... I just installed Hardy on a computer and set it up the way I set up Gutsy before. But then gedit and other apps would not edit any files. (All files are on the Windows file server.)23:00
kirklandnxvl: me too, except when I'm backing up 1TB of data from one machine, to another sitting right next to it23:00
nxvli will eat all my CPU one or other way ecrypting anything23:00
mok0It's not really encrypted... only during network transfer23:00
MountainXI thought switching from cifs to nfs would be easy ;)23:00
kirklandnxvl: in which case, I've seen a 40% improvement using NFS rather than rsync+ssh23:01
nxvlkirkland: i only copy txt files23:01
mok0I will be looking at openafs shortly23:01
nxvlkirkland: the large files i copy are logs, and i rotate them always23:01
kirklandnxvl: i have some very large qemu vm images that don't compress well23:02
nxvlMountainX: hardy is still beta, report it to launchpad and ping here for a solution23:02
nxvlkirkland: vmware server, it is free :D23:02
mok0kirkland: what format are the images?23:02
kirklandnxvl: free as in beer23:02
nxvlkirkland: yep23:03
nxvli like beer23:03
kirklandnxvl: kvm/qemu free as in freedom (and beer)23:03
nxvlssh -X virtualbox :P23:03
MountainXnvxl - the gedit/cifs bug has been around for more than 2 years. gedit devs won't fix it because they say it is a file system problem. The cifs/samba people won't fix it because they say that a file system shouldn't allow an open file to be renamed.23:04
nxvlMountainX: an open file shouldn't be renamed, and that is that it work23:04
nxvland that is using samba or a localfs23:05
nxvli'm not a samba expert23:05
MountainXnxvl - tell that to the gedit devs ;)23:05
mok0MountainX: can't you use another editor?23:05
nxvlas you maybe have notice i'm a crypt/security man23:05
* nxvl loves vim23:05
MountainXyes, but the problem happens with other apps too. I thought it would be easiest to get rid of cifs/samba.23:06
* mok0 loves emacs23:06
nxvlsince i don't have X server running on servers23:06
MountainXthis problem is on the clients23:06
nxvlmok0: emacs is nice for long editions, but for quick edits, it sucks23:06
mok0nxvl: yeah, I use vim for those as well23:06
nxvlok, going out for a wile23:07
nxvlor however it should be written :S23:07
mok0going out for a wife23:07
MountainX^ that's how I read it  lol23:07
mok0I read23:07
nxvlmok0: not even joke about it!23:07
nxvlim still to yung23:08
mok0nxvl: there's still time :-)23:08
mok0MountainX: usually root is not allowed to access NFS mounted shares23:14
MountainXyes, that's how I have it set up23:14
mok0MountainX: that might explain why you could not cd to /mnt23:15
mok0(c.f. your posting on that SUA board)23:15
MountainXmok0 - let me show you something....23:15
MountainXit may take a few minutes...23:17
MountainXmok0 - here is my current problem:23:19
MountainXsudo cp /tmp/Basket/ /home/user/Documents/Baskets/23:19
MountainXcp: accessing `/home/user/Documents/Baskets/': Permission denied23:19
=== slide23 is now known as slide
MountainX... /home/user/Documents/ is an NFS mount23:19
mok0MountainX: ls -ld /home/user/23:20
MountainXdrwxrwx---  2 user admin           64 2008-04-01 02:14 Documents23:20
mok0MountainX: ls -ld /home23:21
MountainXmok0 - that was ls -la23:21
MountainXshould I repeat with ls -ld?23:21
mok0-d just means not to enter the directory23:21
MountainXhere is ls -ld /home == drwx------ 48 user user  4096 2008-04-01 15:56 user23:22
mok0... and you are currently logged on as "user"?23:23
mok0I think /home should be owned by root23:24
mok0and have mode 75523:24
MountainXI changed all that based on several Ubuntu security guides.23:24
mok0then directory /home/user should be owned by user:user23:24
MountainXOK, so maybe I changed it one level too high...23:25
mok0and have mode 75123:25
mok0here's my home:23:25
mok0drwxr-x--x 245 mok mok 36864 2008-04-01 23:00 /u/mok23:25
mok0drwxr-xr-x 3 root root 0 2008-04-01 14:05 /u23:26
MountainXmaybe I pasted the wrong thing earlier. My /home is the same as yours:23:26
MountainXls -ld /home/23:26
MountainXdrwxr-xr-x 5 root root 4096 2008-04-01 11:55 /home/23:26
mok0looks ok23:26
MountainXand here is /home/user again (for user "user")23:27
MountainX ls -ld /home/user/23:27
MountainXdrwx------ 48 user user 4096 2008-04-01 15:56 /home/user/23:27
mok0I'd make that mode 75123:28
MountainXOK. I can try that change. But I'm not sure how the chmod command will work given that /home/user/Documents is an NFS mount using Windows SFU.23:29
mok0but worth a try23:30
mok0you may have to to it under SFU23:30
MountainXcan I change just  /home/computeruser/Documents/Baskets/ to test? Will access be granted if the parent has more restrictive permissions? I guess not.23:31
mok0If you are not permitted to traverse a directory, for instance (the x bit)23:32
mok0you need to check all directories in the path23:32
mok0from your posting, you have some very strange uid/gid's: 4294967294 ??23:36
MountainXI figured out those strange gid's23:38
mok0ok, good23:38
MountainXThey are when SFU has no GID assigned. It is tough to get rid of them because all new files/folder automatically get created with the Administrators group as owner. But that doesn't translate to SFU. So it everything ends up with no valid GID until you do chown on it. But when I do chown, then the NTFS permissions seem to disappear...23:40
MountainXwhat causes "omitting directory" when trying this cp command? ~$ cp /tmp/Basket/ /media/Shared/Basket/23:45
MountainXcp: omitting directory `/tmp/Basket/'23:45
mok0eerh. You can't copy a directory with cp, you  need cp -r23:45
MountainXok. finally I asked a question with an easy answer ;)23:46
mok0heh I feel good now23:46
MountainXwhen I mount NFS shares under /media/ for user myuser, are the following permissions OK: drwxr-xr-x 12 root root 4096 2008-04-01 00:17 /media/23:51
mok0so SUA and Linux agree on the uid's23:53
MountainXmok0  - I have been working to make that the case. Services for Unix has a user and group mapping tool I've been using. I'm mapping my Ubuntu group admin to the Windows group Administrators. That's why I need Linux group admin to have the same GID on all my computers.23:54
mok0OK, I understand23:55
MountainXand the Linux group root will not be mapped at all.23:55
mok0That might be uid 0, though23:55

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!