[00:00] <WheelsOnFire> for example, in redhat after installing 3dm2 you simply run, service 3dm2 restart
[00:00] <WheelsOnFire> or whatever
[00:00] <WheelsOnFire> and when you init 0 or 6, the service is stopped
[00:01] <kirkland> WheelsOnFire: is there a script named that in /etc/init.d/* ?
[00:02] <kirkland> WheelsOnFire: RH's "server" command simply prepends "/etc/init.d/" onto the service you specify (3dm2) and passes it the action you specify (restart)
[00:02] <kirkland> WheelsOnFire: not "server", but "service" command
[00:02] <WheelsOnFire> yeah I get you
[00:02] <WheelsOnFire> so in other words if they didn't give an init script I need to make one
[00:03] <kirkland> WheelsOnFire: what format is the package you installed?
[00:03] <kirkland> WheelsOnFire: a .deb ?  a .rpm ?  a tarball ?
[00:03] <WheelsOnFire> =]
[00:04] <WheelsOnFire> originally it's installed with a java installer. however the installer is closed source and bugged. to get it to install on ubuntu I have to install it elsewhere and then with a custom script which builds a tar from the files on that computer and installs them on the ubuntu machine.
[00:05] <WheelsOnFire> but I'm pretty good with bash so I'll just script my way through it I guess
[00:05] <WheelsOnFire> alright thanks
[00:12] <Silvanov> http://www.ispconfig.org/ this looks similar to cpanel. not sure its a lamp config web gui like im looking for though.
[00:18] <andguen1> If anyone has a second, I would love comments on https://help.ubuntu.com/community/ShorewallBasics -- especially from people just starting into command line based firewalling, and especially experienced shorewall users as well, thanks
[00:20] <Silvanov> is there an ssh server installed with ubuntu server (lamp option) by default?
[00:20] <andguen1> nope
[00:21] <andguen1> sudo apt-get install openssh-server i believe
[00:21] <Silvanov> alright, thanks andguen1.
[00:21] <kirkland> Silvanov: when you choose the lamp option, ssh is in that list too, in the installer
[00:22] <Silvanov> I didnt see a way to select multiple options though, and I've already completed the installation, just get started learning commands and how to set it up
[00:24] <andguen1> Silvanov: sudo apt-cache search is a wonderful command to know -- try 'sudo apt-cache search php' or 'sudo apt-cache search openssh' -- any one of those entries there can be installed
[00:26] <Silvanov> nice. thank you very much. I also found aptitude which seems much more 'user friendly' repository/installer gui.
[00:27] <andguen1> Silvanov: There are always always always multiple ways to do it :) there wouldn't be thousands of Linux distros if we geeks didn't want some choice in the matter :)
[00:27] <Silvanov> hehe
[00:27] <andguen1> find a way that works and use it for a while, just be aware of what others use and check it out just in case
[00:28] <andguen1> I have to confess, I'm a bit of a hypocrite, or just lazy, some of my friends like zsh, I'm staying with bash shell for now :)
[00:30] <Silvanov> ive tried suse and red hat before in the past, but this will be my first serious foray with linux, and i wanted to start with ubuntu, because ill be selling and supporting ubuntu machines and my new job :D
[00:34] <Silvanov> alright, much easier now. dont have to get up and change chairs, have ssh installed and logged in from my main computer :)
[00:39] <andguen1> agreed, definitely a key first step. -- I have worked with Redhat and SUSE as well, I've gotten spoiled with how easy it is to install packages in Debian/Ubuntu, not to mention the speed of new releases....
[00:44] <Silvanov> so far i liked the new kubuntu, everything seemed fairly simple to use, and install and configuration was by far much easier than windows 98-vista. For the first time ive tried linux, all the hardware just worked as well. Now ive reinstalled hardy 8.04 server on that machine, and just trying to learn as i go, with the motive of tranferring my blog, which i host on my main pc via wampserver to this box.
[00:49] <andguen1> it definitely takes a good project to keep you learning and diving further into it
[00:51] <Silvanov> the only commands I know thus far are sudo, apt-get, ls and ifconfig lol
[00:52] <andguent> locate is a nice one to know, grep, xargs..... hmmmm what else :)
[00:53] <Silvanov> figuring I'll learn a ton as i get different software installed and try to configure them.
[00:53] <owh> Of course there is the server guide :)
[00:53] <owh> !guide
[00:53] <Silvanov> !guide
[00:53] <owh> !serverguide
[00:54] <owh> Hmm
[00:54] <Silvanov> bot dead again?
[00:54] <owh> So much for that.
[00:54] <owh> One mo.
[00:54] <owh> http://doc.ubuntu.com/ubuntu/serverguide/C/
[00:55] <owh> That won't answer all your questions, but it gets you started.
[00:55] <andguent> if one document answered all of my questions, I wouldn't read it :P
[00:55] <andguent> takes all of the fun out of life
[00:55] <Silvanov> im actually reading through that atm, but is it accurate for the 8.04 release as well?
[00:55]  * lamont isn't familiar with the 'ifconfig lol' command... :-)
[00:56] <andguent> alias ifconfiglol='echo Come again?'
[00:56] <owh> Silvanov: Some people would be insulted at that question, but yes, many hours were spent on making it so. Mind you, I'm not sure if that URL has the latest version of the docs, YMMV.
[00:56] <lamont> heh
[00:56]  * lamont uses 'ip' rather than 'ifconfig' anymore anyway
[00:57] <andguent> owh: insulted? mmmmkay, sounds like a reasonable question to me, shrug
[00:57] <Silvanov> owh: thanks, and sorry, didnt mean to insult or offend anyone.
[00:58] <JanC> doc.ubuntu.com = "development" server of the docs team
[00:59] <andguent> I asked this about an hour ago, but If anyone has a second, I would love comments on https://help.ubuntu.com/community/ShorewallBasics -- especially from people just starting into command line based firewalling, and especially experienced shorewall users as well, thanks
[01:00] <JanC> andguent: did you test that with the new shorewall ?
[01:00] <owh> andguent: Silvanov: Ah, sorry, that's my sense of humour acting up. The insulted comment was really supposed to be in quotes and I should have added >:-) to the end :)
[01:01] <andguent> JanC: how new? there is always something newer, i just accept that sometimes, it should be good with the latest shorewall from the gutsy repositories
[01:01] <owh> JanC: So, you're saying that its the latest version?
[01:01]  * owh really, really wishes that the documentation team started including version strings on all the documents.
[01:03] <andguent> JanC: I assume you are referring to shorewall 4.0 & up? No, I'm testing it on 3.4.4 currently
[01:03] <JanC> andguent: according to http://packages.ubuntu.com/shorewall hardy has shorewall 4.x ?
[01:04] <andguent> still gutsy on my home computers, definitely good to know, thanks for pointing it out
[01:04] <JanC> you can try hardy in a VM  ツ
[01:06] <andguent> yup, when the time arrives, but definitely good to try
[01:10] <Silvanov> alright, ive got the lamp setup, phpmyadmin, ssh and ftp servers installed, but not configured yet.
[01:13] <andguent> Silvanov: sounds like an excellent start, which ftp server did you go with? most everything else there usually configures itself
[01:14] <Silvanov> vsftpd via http://doc.ubuntu.com/ubuntu/serverguide/C/ftp-server.html
[01:16] <Silvanov> was able to turn it on, connect, see from my main pc, see there was no files and turn it off. Figure once I get lamp setup, and need to tranfer my wordpress blog over, ill figure that part out lol
[01:17] <andguent> yup, ftp can definitely do that for you, but one other piece of software to be aware of is scp/ssh, scp lets you copy files from one pc to another if ssh is running at the destination (and your username can get to the destination directory)
[01:19] <Silvanov> i'll check it out, but atm i don't know directory structures or default locations for anything on linux :S
[01:20] <Silvanov> im so acustomed to windows, im intrigued, but feel like a new born at the same time lol
[01:21] <andguent> if you know /home, /etc, and /var, the rest can be lower priority -- /home for your user's settings, /etc for global settings like server daemons, and /var is for files that change often like logs
[01:22] <Silvanov> so windows analogy wise, home is like my documents, etc is like my programs, and var is like temp?
[01:22] <andguent> mmm, /etc is probably closer to the registry then to program files
[01:23] <andguent> var is used for things that are around for a while, but might just change a lot, there is a /tmp directory, that is VERY temporary, and gets cleaned out every reboot
[01:25] <Silvanov> very good to know, and great explanations :D
[01:28] <Silvanov> how about opening/reading/editing text or config files. is there a command for that?
[01:28] <andguent> dozens
[01:29] <andguent> nano is an easy one to learn, vi is complicated but powerful, some people really like emacs, but thats another story :)
[01:29] <andguent> if you ever see documentation or menu shortcuts that say ^X -- that usually means Control+X, if you jump into nano you will see what i mean
[01:30] <Silvanov> i actually just figured that out, and am playing with nano right now :D
[01:31] <Silvanov> im guessing ^r (read file) is like open file
[01:31] <andguent> if you are working with text files on the computer you are at, you can try gedit too -- similar to notepad
[01:32] <andguent> most likely, I tortured myself and jumped right into vi/vim so i would have to learn a nano feature in order to explain it
[01:33] <Silvanov> thats cool, reading the ftp conf file now, looks like i can edit it through this as well.
[01:34] <Silvanov> btw, thanks for all your friendly help thus far and in advance :D im sure everything im asking is extremely newbish, but i do appreciate your answers.
[01:36] <andguent> here, quick tip for you then, I found it was 100 times easier to learn what files contained what settings once I learned how to search for text in files --- 'find /etc/|xargs grep eth0' -- searches the /etc directory for anything that contains 'eth0'
[01:38] <andguent> I used to work as an IT helpdesk manager, we had a heavy amount of Ubuntu/Debian boxes, and a good deal of our techs were Windows guys, I have practice explaining this stuff, but it helps if you know at least some good 'ole DOS
[01:38] <andguent> so, you're welcome :)
[01:39] <Silvanov> :D im pretty comfortable in dos, wrote some dos scripts before, so I think I'll learn easier than most, I just tend to overwhelm myself sometimes lol.
[01:40] <Silvanov> i remember theres a way to look up what commands do, and thier syntax, is it command /? or man or something?
[01:41] <Silvanov> nvm, figured it out :D
[01:41] <Silvanov> man then the command
[01:41] <andguent> one of the absolute greatest things of linux is.... once you get your vsftp server running, take the config file /etc/vsftpd.conf or /etc/vsftpd/vsftpd.conf or whatever, and back it up, that usually allows you to duplicate the exact same setup on another box, or break it and reset it later
[01:42] <andguent> command --help, command -h, man command -- all of those should work, but some programs are older then others
[01:43] <pablodias> hello folks.. well. I have a question about "fsck". Is it a server question or should I move to #ubuntu?
[01:43] <andguent> its fine here, just ask, we can see what we can do
[01:43] <pablodias> thanks =p
[01:44] <pablodias> after a energy down, my filesystem got broken and then it said to run fsck manually
[01:44] <pablodias> I'm running it a long time ago, with "-y"
[01:45] <pablodias> It's actually on the Unattached Inode 819000 (and counting)
[01:45] <pablodias> it never stops
[01:45] <pablodias> something I can do to fix it?
[01:45] <andguent> If possible, try to keep multiple comments to one line, just in case others are talking in the middle of your explanation
[01:46] <pablodias> ah, ok. i'm sorry
[01:46] <andguent> how long does it stay on that inode? any weird noises from the drive itself as it hangs on that spot?
[01:46] <pablodias> It started at 16pm and is still running. I dont know about some noises because I'm on a remote connection
[01:47] <pablodias> I read about "temporary files" on lost+found, is it right? If yes, is there a way to delete all those files?
[01:48] <andguent> how many hours ago was it started? I'm on EasternUS time, but I hate to assume you are in the same time zone. :) Is there anyone near the box itself that could possibly hold a phone to the case as its working?
[01:48] <andguent> ....or maybe just describe what noises they hear
[01:48] <pablodias> it's taking about 5 hours
[01:48] <pablodias> I think no at moment. maybe tomorrow
[01:49] <andguent> If fsck files parts of files and doesn't know how to repair the files, it often does drop them in lost+found, I'm not sure if that answers your lost+found question or not
[01:49] <pablodias> That number are counting quickly. Visually doesnt look like "finding errors" but it's just an impression
[01:50] <andguent> If the numbers are moving along, I would say let it do its work, it probably is aggressively checking for any errors it can find
[01:50] <owh> I'd check dmesg while this is going.
[01:51] <andguent> If the position on the drive has stopped, and stays at one area for a very long time, you may have a hardware problem, I would agree with owh, dmesg gives good info
[01:52] <andguent> Whatever happens, always always have good backups, if your hard drive survives this, your next priority should be testing all of your backup systems, assuming you have them :)
[01:52] <pablodias> I'm using a remote system I think cannot show me multiple terminals. I'll keep it running until tomorrow. Many thanks for your help, guys =)
[01:53] <pablodias> haha, ok. thank you again
[01:53] <andguent> if signing in via ssh, you can always start a second session, also keep in mind if you started the fsck from a remote shell, that connection needs to stay open for the command to continue
[01:53] <andguent> shutting down your workstation for the night may kill your disk scan
[01:54] <andguent> depending on how you started it
[01:54] <pablodias> It's not SSH because the system is not starting. It's stopping on dis check, no services was started. I'm using a KVM remote access. Looks like a VNC
[01:55] <andguent> ahh, very nice --- don't suppose you have options for Ctrl-Alt-F2?
[01:55] <pablodias> I tried on the shurtcuts menu option, but didn't find. let me see again
[01:56] <andguent> I know for a fact that some of those integrated remote access cards will not have the option, so don't kill yourself looking for it
[01:58] <pablodias> Yep. No way to change terminal. And i dont know if a system that isn't started can show more terminals than the first one
[01:59] <pablodias> It looks like that free space counting on Gmail =p
[01:59] <andguent> if it isn't stopped, cross your fingers and go to bed :)
[02:00] <pablodias> I started on manually accept this Unattached Inodes, but I stopped at the 600th pressed "Y"
[02:00] <andguent> oh dear, 600??
[02:00] <pablodias> manually. after that I started fsck with "-y" option
[02:01] <andguent> i hope you have good backups man, that just doesn't sound good
[02:03] <pablodias> many thanks andguent. if I remember how to get back here I tell you about the end of fsck tomorrow. thanks!
[02:03] <andguent> good luck
[03:25] <Silvanov> !webmin
[03:40] <JaxxMaxx> How about a good recommendation for SSH client, windows based?   Right now I use putty, but that seems to be limited to a single shell.   Wonder if there's like, a multi windowed one
[03:43] <rhineheart_m> hmmm.. have you tried winscp
[03:45] <Silvanov> you can run multiple instances of putty as well
[03:46] <Silvanov> when searching for ssh clients for windows, i found a tabbed client earlier today as well.
[03:46] <faulkes-> eh?
[03:47] <faulkes-> putty + screen
[03:48] <JaxxMaxx> I've used WinSCP before, on my Smoothwall router... didn't seem that special
[03:49] <JaxxMaxx> Windows doesn't have Screen.   I'm thinking of something like mIRC, with 4 tiled windows all to the same server
[03:49] <JaxxMaxx> got enough monitor resolution to handle it
[03:53] <rhineheart_m> JaxxMaxx, what would you like to accomplish?
[03:54] <JaxxMaxx> Seeing whatever the Debug Output is, while keeping my command window from scrolling back would be a good start.
[03:54] <JaxxMaxx> trying to troubleshoot why FreeRADIUS/dialupadmin and MySQL aren't happily married yet.
[03:55] <JaxxMaxx> maybe a packet monitor to discover what the Radius packet situation really is like
[03:55] <JaxxMaxx> I've got a test user that I provide the right credentials, but the result still comes back a failure, but with the success message
[03:57] <owh> I'm looking for some opinions. I've got a generic user.sh backup script. The way it is intended to be used is that you symlink to it from /etc/cron.daily. The symlink name will be used to determine which username to backup, using `basename $0` - pretty straight forward. So far so good.
[03:58] <owh> I've got the same for fstab mounted devices. Works in the same way, mounts stuff based on their name in fstab.
[03:58] <owh> Now for the challenge.
[03:58] <rhineheart_m> owh, good morning! :)
[03:59] <owh> If I want to write a generic script that needs other parameters, for example an rsync server and module, or a path to backup, or I need to order the things in /etc/cron.daily, I need to do some magic with the name if I use this idea.
[04:00] <owh> So, in the opinions stakes. Am I better off making a configuration file, finding a way to "split" the `basename $0` into parts, or do something else?
[04:00] <owh> The nice thing about doing it this way is that ls -l /etc/cron.daily shows exactly what is happening.
[04:01] <owh> And of course, the scripts are completely trivial, simple to maintain and common across all backup types.
[04:02] <owh> Hi rhineheart_m.
[04:02] <sommer> owh: seems to me that you have enough options to warrant a config file
[04:02] <Silvanov> got webmin set up finally :D
[04:02] <kgoetz> owh: make $1 hte user name, then in the script test for $2. if $2 is there require the extra params
[04:05] <owh> kgoetz: How would I do that if the way that the script is run is as a result of it being in the /etc/cron.daily/ directory.
[04:05] <kgoetz> owh: the only way it is run is via symlink? ah.
[04:05] <owh> sommer: A config file then requires parsing and other stuff. I'm not disagreeing, just trying to find the simplest solution.
[04:06] <owh> sommer: More accurately, the cleanest solution.
[04:06] <sommer> owh: ah, for me the cleanest would be to not use /etc/cron.daily, but an actual crontab file
[04:07] <sommer> then you could use a simpler script with more arguments
[04:07] <sommer> you can't ls the directory, but you can crontab -l the file :-)
[04:07] <owh> sommer: I understand what you're saying, but that then requires the administrator to understand the format of the crontab file. Something which you and I take for granted, others are flummoxed.
[04:08] <sommer> owh: heheheh, yep that changes things
[04:08] <owh> sommer: I like your argument of it allowing you to provide parameters though.
[04:08] <kgoetz> owh: replace teh symlink with a script?
[04:08] <owh> This discussion is precisely why I ventured here to ask for opinions :)
[04:08] <owh> kgoetz: What do you mean?
[04:09] <owh> Ah, create a script that calls the central code. That's possible, not as pretty, but possible.
[04:09] <sommer> owh: in that sort of situation maybe bacula would be a good fit, require's more back end configuration, but has gui client
[04:09] <kgoetz> owh: instead of /etc/cron.daily being a link farm put in a dumb script farm
[04:10] <owh> sommer: Ah, definitely no. Going down that path then introduces waaaay more complexity, other than an rsync with mount, etc.
[04:10] <sommer> heh, that's true
[04:11] <owh> kgoetz: You'll loose this though: /etc/cron.daily/user -> /opt/backups/user_backup.sh
[04:11] <owh> kgoetz: Which sort of tells you what is going on immediately.
[04:11] <kgoetz> owh: why will you?
[04:12] <owh> kgoetz: Then perhaps I do not understand what you are saying. I was showing you a line from ls -l /etc/cron.daily.
[04:12] <owh> Let me ask a different question as I've already come up against a limitation of my implementation.
[04:12] <kgoetz> owh: make the file /etc/cron.daily/user a shell script which calls /opt/backups/$0_backup.sh + your params
[04:13] <owh> kgoetz: No, because then there would be (n * 2) + 1 scripts, rather than one script and n symlinks.
[04:14] <kgoetz> (n * 2)?
[04:14] <Jester45> is there any package that i can use to monitor a remote server's resources like ram/swap cpu useage and bandwidth?
[04:14] <owh> My different question is. How do I order the scripts. Naming them 01-bob 00-judy is obvious, but how do I split off the numbering?
[04:15] <Jester45> i know i can just use cli tools via ssh but i would love to use a diffrent tool that i can add into conky
[04:15] <owh> kgoetz: You are suggesting a script in /etc/cron.daily/ for each user, one in /opt/backups/ for each user and the central backup script.
[04:15] <kgoetz> cut? sed? depends where they are being trimmed
[04:15] <Silvanov> jester45: webmin or ebox might be what your after
[04:16] <owh> kgoetz: Hmm, yes, I'm familiar with the concept, is there a cleaner way?
[04:16] <kgoetz> owh: perhaps i didnt understand yoru symlink then. i take it "/opt/backups/user_backup.sh" isnt your master backup script then?
[04:16] <kgoetz> Jester45: depends what you want. theres lots of options though
[04:16] <Jester45> ill look at ebox but i dont want webmin id rather keep it a bit more secure and use ssh+htop/iftop
[04:16] <owh> kgoetz: Let me show you a more accurate cron listing: /etc/cron.daily/kgoetz -> /opt/backups/user_backup.sh
[04:17] <Jester45> ebox looks like the same webui stuff
[04:17] <kgoetz> owh: cleaner way would depend on how broken my suggestion re sed/cut was ;)
[04:17] <rhineheart_m> Jester45, have you tried phpmyinfo?
[04:17] <rhineheart_m> Jester45, have you tried phpsysinfo rather?
[04:17] <kgoetz> owh: ah. and what happens in user_backup? it uses $0 to say 'backup kgoetz'?
[04:18] <owh> kgoetz: Well to be precise it uses USERNAME=`basename $0`, but yes.
[04:18] <Jester45> thats looks better
[04:18] <kgoetz> owh: and for some reason your going to need extra info per user?
[04:19] <Jester45> thanks rhineheart_m do you know any simpler ones? or maybe something like conky? cli only server
[04:19] <owh> kgoetz: Well, no, not for the user script, but for a path backup script, yes. That is, now I want to backup /home/fred/accounts/debtors, but I really don't care about fred's photos.
[04:19] <Silvanov> are you looking for webbased guis?
[04:20] <kgoetz> Jester45: a one off or lots of servers?
[04:20] <owh> kgoetz: And similarly, I want to backup to an rsync server with a named module.
[04:20] <Jester45> kgoetz, just one
[04:20] <rhineheart_m> Jester45, mmm Nagios
[04:20] <kgoetz> Jester45: for multiple i'd suggest nagios but not for one
[04:20] <kgoetz> owh: mmm. i see
[04:21] <owh> At that point it becomes more and more viable to use sommer's suggestion of config files. I could name them after $0 perhaps.
[04:22] <Jester45> Silvanov, if you where talking to me im not looking for webuis it jus that they seem to be the only good ones, i think all i really want is ram useage bandwidth and cpu useage in text, file based or via a sevice/pipe
[04:22] <kgoetz> a onfig file somwhere will be almost required
[04:22] <owh> Jester45: Then why not set up a password-less ssh and run some remote commands?
[04:23] <owh> kgoetz: Yuk. but yeah, it's beginning to look like that.
[04:23] <Jester45> owh, do they connect faster than passworded ssh? so i could enclude into conky?
[04:23] <kgoetz> owh: the reason i thought of using a script rather tehn a symlink is because you can drop extra info into them
[04:23] <owh> Jester45: Alternatively you could run MRTG.
[04:24] <owh> kgoetz: Yeah, but it leaves stuff all over the place, making it harder to maintain.
[04:24] <kgoetz> owh: yeah.
[04:25] <owh> kgoetz: It's not when you set it up the first time, it's when you set it up the next time. For example, if I wanted to add a new user to backup, I just create another symlink and off it goes. If I did it with an extra script, I'd need to copy it, then rename it, then edit it, check it for typos, etc.
[04:26] <kgoetz> owh: now think symlink+config file and its hardly any less complex
[04:26] <kgoetz> if you have a standard config that most clients use you wont have to edit teh script each time anyhow
[04:26] <owh> kgoetz: Ah, but I can make it fail if there is no config file and report back. That way I get told it's borked.
[04:27] <kgoetz> updating is harder then the symlink method though
[04:27] <kgoetz> thats a feature? ;)
[04:27] <owh> So, are there any dissenting/alternative opinions around?
[04:28] <kgoetz> make users do their own backups *mwhahahah*

[04:28] <owh> kgoetz: Yeah, no.
[04:28] <kgoetz> lol
[04:30] <owh> Would this be evil: ln -s /opt/backups/path.sh /etc/cron.daily/home--fred--accounts--debitors
[04:31] <owh> Similarly, ln -s /opt/backups/rsync.sh /etc/cron.daily/hostname--module
[04:32] <kgoetz> -- would be more trouble then its worth. i'd think that would be a fairly fragile way to do it in general though
[04:32]  * owh just did "locate '--'" with no hits.
[04:32] <kgoetz> think parsing it
[04:32] <owh> kgoetz: Yes, it's not pretty.
[04:33]  * kgoetz expects theres no --'s for a reason
[04:33] <owh> kgoetz: So, that's good then :)
[04:34] <kgoetz> if your after a uniq string it should be :)
[04:34]  * kgoetz tries to work out making directories in perl
[04:34] <owh> kgoetz: What, mkdir isn't good enough for you?
[04:35] <sommer> kgoetz: `mkdir dirname` :)
[04:35] <kgoetz> owh: i'm asuming its harder then that :p
[04:35]  * owh is with sommer :)
[04:36]  * owh doesn't speak perl :)
[04:36]  * kgoetz neither ... yet
[04:36] <sommer> kgoetz: http://perldoc.perl.org/functions/mkdir.html
[04:37] <sommer> needs a module though
[04:37] <kgoetz> yegad. its not that hard o_0
[04:38] <owh> Well, the POSIX.pm has a mkdir function :)
[04:40] <owh> kgoetz: And the manual refers to Perl's build in mkdir function as well :)
[04:40] <owh> s/build/built/
[04:40] <kgoetz> perldoc -q mkdir didnt find anything, so i assumed it was going to be veeery hard
[04:41]  * owh grepped :)
[04:41] <owh> kgoetz: Very evil: locate perl | while read n ; do grep mkdir $n ; done
[04:42]  * kgoetz wonders how many binaries owh just grepped
[04:42]  * owh didn't worry about it.
[04:42] <kgoetz> lackadasical fiend
[04:43] <owh> sommer: I'm going with your suggestion of the config files until I come across a better idea. Thanks.
[04:43] <owh> kgoetz: Nah, if a binary matched, it said so :)
[04:43] <owh> kgoetz: Sometimes close enough is good enough.
[04:44] <owh> kgoetz: Of course that will only be true if it actually works, but by then you'll have used google :)
[04:44] <sommer> owh: np
[04:44] <kgoetz> mkdir "wikimangle"; ftw!
[04:45] <kgoetz> sommer: cheers mate
[04:45] <owh> ROTFL
[04:45] <owh> sommer: Did you get a reply about the Guide?
[04:45] <owh> sommer: Or did they try hard not to laugh?
[04:46] <sommer> oh ya, I did, since it's so far after SF committing the changes will mess with the translators
[04:46] <sommer> but, we can commit just the spelling changes right before release
[04:46] <sommer> wich will be after the translators are done
[04:46] <sommer> just need to make sure the translation doesn't change :-)
[04:47] <owh> So, that means we'll have it translated *and* spell checked?
[04:47] <sommer> yeppers
[04:47] <owh> sommer: So, do you want me to give you one without example.com, but leave the rest in?
[04:47] <sommer> I think I created one, did I forget to attach it when I replied?
[04:48]  * owh still thinks there should be a standard for example urls.
[04:48]  * owh checks.
[04:48] <sommer> sure, you just created the standard heh
[04:49] <owh> sommer: I mean across all the documentation, not just our little guide :)
[04:49] <owh> Yes, there was a .diff attached. I'm checking it now.
[04:49] <sommer> you mean not just the server guide?
[04:49] <owh> Yes
[04:49] <sommer> um for the diff for the standard?
[04:50] <owh> Huh?
[04:51] <sommer> for the using example.com as a standard it would probably be a good idea to post to the doc ml, but probably after hardy is released
[04:51] <JaxxMaxx> isn't example.com  THE  example URL?
[04:51] <owh> Yes. I think that needs looking at in more detail. Hostnames, user names, example users, urls, etc.
[04:52] <owh> JaxxMaxx, Yes, in very small examples, but not across the board.
[04:52] <sommer> sure, I'm sure other members of the doc team would agree, plus there are many "student" documentors that could handle that
[04:52] <owh> For example, what do you name the localhost's FQDN? What about a generic mail server? What username do you give?
[04:52] <JaxxMaxx> I prefer Testy McTesterson myself
[04:53] <JaxxMaxx> localhost.example.local?
[04:53] <JaxxMaxx> Opinions on SecureCRT?
[04:54] <owh> sommer: Your diff seems to have lots removed. I've not got time right now to check, but I'll have a look-see.
[04:54] <JaxxMaxx> Hmmm, any way I can get Alt-Fn   to work in Putty/  =]
[04:54] <sommer> owh: sure, whenever you get a chance
[04:54] <owh> JaxxMaxx, that makes no sense. Alt-Fn, in the context of consoles is hardware specific. You're better off using screen.
[04:54] <sommer> well I'm off to sleepy time, have a good one all
[04:54] <owh> Later sommer
[04:55] <JaxxMaxx> ooh, I remember screen.   not how to use it, mind, but I recall the command from University Unix shell days...
[04:56] <owh> Ctrl-A Ctrl-D = detatch, Ctrl-A Ctrl-C = create, Ctrl-A Ctrl-N = next.
[04:56] <owh> Have fun.
[04:57] <JaxxMaxx> sounds like orphaned processes to me.... =]
[05:03] <jetole> does anyone know what the ubuntu developer channel is?
[05:04] <ScottK> lamont: Here's a reminder about Bug #207526.  I don't think we want to skip fixing this one before the release.
[05:04] <JaxxMaxx>  is it -devel   or -development ?
[05:05] <JaxxMaxx> what command do I use to display what a symlink points at?   trying to find where stuff in init.d  is pointing
[05:05] <jetole> devel
[05:05] <jetole> ls -l symlink
[05:06] <jetole> ls -l /dir will show long for all files including where symlinks point
[05:06] <JaxxMaxx> is green a symlink?
[05:07] <jetole> no
[05:07] <jetole> executable
[05:07] <jetole> sym links are light blue
[05:07] <jetole> if a file has x in it's permissions then it will be green
[05:07] <JaxxMaxx> Hmm.  Then Ubuntu packages put the executables into the init.d  dir?
[05:07] <jetole> they should be
[05:07] <JaxxMaxx> how do I tell what folder the conf files are in?
[05:08] <jetole> /etc
[05:08] <jetole> these are standard linux details
[05:08] <jetole> /etc/init.d is scripts that run when your computer starts
[05:08] <JaxxMaxx> Sorry for being such a fresh n00b .  =]
[05:08] <JaxxMaxx> most I've done with Linux before is a Smoothwall Express box
[05:08] <jetole> however they do not run if they are in that directory but /etc/rc2.d like folders will link to them
[05:09] <jetole> I have never used it
[05:09] <jetole> smoothwall
[05:09] <jetole> "You call that a firewall? This is a bloody firewall"
[05:09]  * jetole points to custom iptables from hell
[05:10] <JaxxMaxx> I don't have the time for custom iptables =]
[05:10] <jetole> yes you do, you just don't know how
[05:10] <JaxxMaxx> I used to
[05:10] <JaxxMaxx> way back
[05:10] <jetole> it is not a slow process when you know how to use it
[05:10] <JaxxMaxx> but work wasn't eating up the time back then.
[05:11] <jetole> I can configure it quicker with iptables then any gui
[05:11] <JaxxMaxx> Too many simple boxes you can drop in for firewall duty.  You never truely know how they work exactly, but the bosses believe they do the job
[05:11] <jetole> and gui's lack features
[05:11] <jetole> well security is my job
[05:12] <JaxxMaxx> I'm not lucky to be so focused.
[05:12] <themime> i installed ubunutu-server on my laptop because it only has 128MB ram and i wasnted a very basic install.  i installed fluxbox on top of it, and now i want to run a network manager that supposedly comes with ubuntu-desktop.  i thought i might have already apt-get'd it, is there a command i can use to run it to see?
[05:12] <themime> s/wasnted/wanted
[05:12] <JaxxMaxx> current boogeyman is a Ubuntu LAMP server hosting FreeRADIUS/DialupAdmin  for a Nomadix captive portal
[05:12] <jetole> I have un used ip on public addresses that are spaced between real ip, if any packet goes to that address then they are blacklisted, if someone port scans a system they are temp blocked, find me a gui that allows me to do that
[05:13] <jetole> themime: apt-get install ubuntu-desktop -y
[05:13] <jetole> sudo if need be
[05:13] <themime> whats -y?
[05:13] <jetole> yes
[05:13] <themime> i don't want ubuntu desktop though
[05:13] <jetole> then why did you just ask for it?
[05:13] <themime> sorry, i was referring to network manager
[05:14] <themime> can i run it command line?
[05:14] <jetole> apt-get install -y network-manager
[05:14] <jetole> apt-get install -y network-manager-gnome
[05:14] <JaxxMaxx> Is my  mysqld   supposed to be running all the time with --skip-external-locking ?   I fear I changed a conf file trying to reset the 'sa' password
[05:15] <themime> jetole: im using fluxbox, will that require a bunch of gnome crap i don't need?
[05:15] <jetole> well, first off there is no 'sa' password
[05:15] <jetole> themime: probably but that is one of the network-manager guis
[05:15] <jetole> the other option is the kde gui
[05:15] <jetole> JaxxMaxx: there is no 'sa' password
[05:15] <JaxxMaxx> it doesn't ask for a baseline password when you install MySQL?  probably my root sql login then
[05:15] <themime> is there a non gui version? my question of "how do i run it" was not the install, but to run network manager, cause i think i may have installed it
[05:16] <jetole> JaxxMaxx: no, and you do not need one when you install it but lemme look at my sql
[05:16] <jetole> yes it is supposed to have that option
[05:17] <jetole> I just checked on 3 systems
[05:17] <jetole> the option for password is something like --skip-grant-tables
[05:17]  * jetole looks for sure
[05:17] <jetole> yes, that was the exact option
[05:18] <JaxxMaxx> ah, right
[05:18] <jetole> but if you install mysqld from apt-get then there is no root password
[05:18] <JaxxMaxx> Where does the Debug Log  end up?  Supposedly there are messages in there useful for troubleshooting
[05:18] <jetole> if you install it from the server then it prompts you, I mean from the CD
[05:18] <jetole> during OS install
[05:19] <jetole> themime: ubuntu server also has a kernel you don't want, if I were you I would install ubuntu desktop and do an apt-get remove ubuntu-desktop -y
[05:19] <jetole> add --purge onto the end
[05:19] <jetole> the server system is configured to be a server
[05:20] <jetole> themime: apt-get install linux-image-generic -y && update-grub
[05:21] <jetole> themime: reboot and choose the new kernel
[05:21] <jetole> and then do a apt-get remove linux-image-server && update-grub
[05:22] <JaxxMaxx> Here's what may be a silly question:  If something is told to authenticate to MySQL as a specific username, does that username have to exist in the Linux subsystem, or is it specific to the SQL server?
[05:22] <jetole> specific to sql
[05:23] <jetole> grant all privileges on table to 'user'@'host' identified by 'password';
[05:23] <jetole> I think that is the syntax
[05:23] <jetole> and host is optional
[05:23] <jetole> host is also the host of the sql server
[05:23] <JaxxMaxx> Hmm, maybe I'm not specifying the @host part in this conf file...
[05:23] <jetole> no
[05:23] <jetole> that applies to SQL only
[05:24] <jetole> if host is 'localhost' then they can only connect through localhost etc
[05:24] <JaxxMaxx> ah, no domain on SQL specific accounts...
[05:25] <jetole> it's possible, login to sql manually and run => select user, host from mysql.user;
[05:25] <jetole> it will tell you what users you have defined and what host is associated with them
[05:25] <jetole> if you want it to be assiciated with any host then change the host to %
[05:26] <jetole> update mysql.user set host = '%' where user = 'my_fscking_user';
[05:26] <JaxxMaxx> nah, only things on localhost shoudl talk to this MySQL server
[05:26] <JaxxMaxx> just hard to tell if it's actually succeeding.   the web based admin keeps showing SQL DEBUG statements at the top of frames
[05:27] <jetole> JaxxMaxx: yes but localhost is a propername as well which represents 127.0.0.1 so if you tell your app to login to the ip that is not the localhost ip and localhost is defined as the login host then it will fail
[05:27] <jetole> JaxxMaxx: have you tried logging in locally with that user name and password to the ip that you are specifying
[05:27] <jetole> ?
[05:27] <JaxxMaxx> like with SSH, or via mysql
[05:27] <jetole> mysql
[05:28] <jetole> mysql user names do not have ssh access, they are not system users
[05:28] <JaxxMaxx> I've got the prompt  (never been able to fathom this properly)
[05:28] <jetole> mysql root user has not password by default but imagine if ubuntu shipped where anyone could login to ssh as root with no pass
[05:29] <jetole> from bash => mysql -u user -p database
[05:29] <JaxxMaxx> I've set a root pass in MySQL
[05:29] <jetole> that says launch mysql as user for database and prompt for password
[05:29] <jetole> if there is no password then leave -p off
[05:29] <JaxxMaxx> yeah, that works, and I can see the tables the scripts imported...
[05:30] <JaxxMaxx> now to make sure freeRadius uses that credentials
[05:31] <jetole> well that is freeradius specific but now you know mysql is setup properly
[05:33] <jetole> your using sql.conf in the /etc/freeradius directory?
[05:33] <JaxxMaxx> how about restarting one of the init.d  scripts, without rebooting the whole server?  I've just been doing shutdown -r   and waiting
[05:33] <jetole> /etc/init.d/script restart
[05:33] <JaxxMaxx> I'm guessing so, that's where I've put the credentials
[05:33] <jetole> I have never used the software but I just installed it and am looking it over
[05:34] <JaxxMaxx> it's one of the most popular RADIUS servers available
[05:34] <jetole> actually fuck that, I am too tired to look it over
[05:34] <kgoetz> jetole: better watch the language - ubuntu channel
[05:35] <jetole> right
[05:35] <jetole> actually fsck that, I am too tired to look it over
[05:35] <jetole> better?
[05:35] <JaxxMaxx> Heh.  Usage of Linux should allow for the occaisional invective.
[05:35] <jetole> JaxxMaxx: http://ubuntuforums.org/showthread.php?t=151781
[05:36] <JaxxMaxx> Yeah, I've been "looking it over" for around a week now, starting to get tired myself
[05:36] <jetole> http://ubuntuforums.org/showthread.php?t=151782
[05:37]  * kgoetz hates freeradius auth setups
[05:37] <jetole> nothing on linux is impossible, somethings just take a lot of determination but feel good when they are done and offer more options then commercial apps on graphical smiley operating systems
[05:37] <kgoetz> i doubt setting up radius is easy on any OS tbh
[05:38] <jetole> plus graphical smiley operating systems got there a$$es owned this year at CanSecWest / Pwn 2 Own
[05:38] <jetole> I have never done it
[05:38] <kgoetz> i have. its a pita :)
[05:39] <jetole> I honestly am not sure what radius offers, I know it is a central point of authentication, is that about it?
[05:39] <JaxxMaxx> Huzzah for replacing servers other people configured!
[05:39] <jetole> JaxxMaxx: my life revolves around that to a degree
[05:39] <JaxxMaxx> virtually every appliance box  security thingy can base off RADIUS authentication
[05:39] <kgoetz> jetole: it provides basic acouting and authentication
[05:39] <JaxxMaxx> lots of ISPs use it for PPPoE accounts
[05:39] <JaxxMaxx> yeah, the accounting side is the big one
[05:39] <kgoetz> basic is a key word ;)
[05:39] <jetole> hmm
[05:40] <jetole> so what do you need it for JaxxMaxx
[05:40] <jetole> ?
[05:40] <JaxxMaxx> I need to make a user-friendly interface for adding usernames to a Captive Portal device (Nomadix)
[05:40] <JaxxMaxx> authenticates people on a Customer access WLAN
[05:40] <jetole> ah
[05:40] <jetole> like wifi for mcdonalds?
[05:40] <JaxxMaxx> currently there's an old linux install on a Dell box providing FreeRADIUS already
[05:41] <JaxxMaxx> larger scale, but yeah.
[05:41]  * jetole nods
[05:41] <JaxxMaxx> it's a Convention venue, wireless access for exhibitors and other customers
[05:41] <jetole> whats wrong with the dell box?
[05:41] <JaxxMaxx> it's getting old, fear of hardware failure
[05:41] <JaxxMaxx> it's an old Dimension desktop
[05:41] <jetole> oh
[05:41] <jetole> ouch
[05:41] <kgoetz> is it server or pc?
[05:41] <JaxxMaxx> now they have a "proper" pizza box server
[05:41] <kgoetz> oh, pc *heh*. ugly
[05:41] <JaxxMaxx> and I'm attempting to recreate
[05:42] <JaxxMaxx> with moresupport for accounting and tracking
[05:42] <jetole> I have a bunch of those in my office but they are used as desktops
[05:42] <JaxxMaxx> hence the MySQL integration
[05:42] <JaxxMaxx> yeah, the previous linux guy here was...   odd
[05:42] <jetole> we just installed 3 new dell poweredge 2950's in a data center
[05:42] <jetole> those are nice
[05:42] <jetole> with one huge fscking flaw
[05:42] <JaxxMaxx> "Let's throw an essential service on this POS dell desktop"
[05:42] <jetole> dell DRAC which is sold on them from the dell.com/linux site isn't linux compatible
[05:43] <kgoetz> heh
[05:43] <JaxxMaxx> Buy Dell servers WITHOUT OS PRELOADED.    Golden Lesson.
[05:43] <jetole> it's barely windows compatible to be honest and the DRAC is honestly a joke in both my opinion and generally in the public
[05:43] <kgoetz> *always* buy servers clean
[05:43] <jetole> JaxxMaxx: DRAC is a client access device
[05:43] <jetole> OS preload is irrelavent
[05:44] <JaxxMaxx> DRAC?  that some sort of remote admin card?
[05:44] <JaxxMaxx> hurrrrr
[05:44] <JaxxMaxx> Dell Remote Admin Card
[05:44] <JaxxMaxx> me so smarty
[05:45] <jetole> which reminds me, speaking of DRAC, anyone know of a device that I can install on the server that will give me IP KVM that allows me to access bios etc and gives me virtual media so that a CD in my drive at my office appears present in the server in the data center?
[05:45] <jetole> JaxxMaxx: no but it claims to be
[05:45] <jetole> it's an over priced managed PDU
[05:45] <JaxxMaxx> generally those have to be vendor specific, jetole
[05:45] <JaxxMaxx> I like the IBM and HP ones
[05:45] <jetole> JaxxMaxx: they shouldn
[05:45] <jetole> t be
[05:46] <JaxxMaxx> And in a perfect world they wouldn't.
[05:46] <kgoetz> open firmware + alom \o/
[05:46] <JaxxMaxx> but, they do have to interface with teh BIOS, so that is all super sekret tech
[05:47] <jetole> it is something that can be done generically in principal, I mean the bios over kvm can be done with a device that appears as a video card to the server, there are usb cdroms and pci drive adapters so if the card manages the over the internet part it is fine
[05:47] <jetole> the remote reboot capability can be done through a managed PDU
[05:47] <jetole> JaxxMaxx: no it isn't
[05:47] <jetole> can IP KVM cards not do that already?
[05:48] <jetole> I mean there is nothing secret about it
[05:48] <JaxxMaxx> There may be PCI based IP KVM cards, but I'm not familiar with generic ones...  only specific addons from the server vendor
[05:48] <jetole> you're emulating a screen, keyboard and mouse, bios doesn't have to know what it is connected to
[05:48] <jetole> JaxxMaxx: they are out there but I have never used one
[05:49] <jetole> it's the virtual media which I thought would be less likely
[05:49] <JaxxMaxx> the one I've used worked well for loading my FLASH drive remote to server, and let me watch screen across a reboot
[05:49] <jetole> JaxxMaxx: thats what DRAC claims
[05:49] <JaxxMaxx> silly RAID error refusing to pass a "push a key" prompt
[05:50] <JaxxMaxx> yet DRAC won't load the media into the Linux OS?
[05:50] <JaxxMaxx> doesn't play nice with umount or whatever
[05:50] <jetole> after hours of tech support and on site dell technicians who didn't get it we finally realized that with a highly tuned windows machine it works some times and techs argues with each other about if linux works
[05:50] <JaxxMaxx> Most of the ones I've come across emulate you plugging the device in via USB
[05:51] <jetole> this one is supposed to do that also
[05:51] <jetole> DRAC 5
[05:51] <jetole> worst case scenario, if the server fails then I am driving to downtown miami to fix it
[05:51] <JaxxMaxx> I don't do Dell that much, honestly.
[05:51] <jetole> my boss was adamant about dell
[05:51] <JaxxMaxx> Stupid boss.
[05:51] <jetole> my boss is a software guy though
[05:51] <JaxxMaxx> HP and IBM both will special bid Dell price on anything not bottom barrel
[05:52] <jetole> he was cautious about buying non dell computer monitors wondering if they would be compatable
[05:52] <JaxxMaxx> if you've got a good VAR
[05:52] <JaxxMaxx> Hmmm.  Sounds like your boss needs some reprogramming.  I'll fetch the BOFH cattle prod
[05:52] <jetole> yeah well, my boss is a good programmer but doesn't know shit about hardware
[05:53] <JaxxMaxx> Find out who in the area does the Onsite server hardware calls for IBM and/or HP.  they'll get you good pricing, they want to get in instead of Dell
[05:53] <jetole> JaxxMaxx: we already have the dell servers on site and live
[05:53] <JaxxMaxx> I'm lucky enough to work for the company that does it in my City.  =]
[05:53] <JaxxMaxx> yeah, I feel your pain.
[05:53] <kgoetz> sun > ibm > hp > * > dell
[05:54] <JaxxMaxx> Tell Dell to fix their crappy remote admin cards
[05:54] <jetole> honestly if I can find a good card I may be happy, the dell computers do kick but otherwise
[05:55] <JaxxMaxx> tbh, that would be interesting.  Addon PCIe card that replaces video controller with a passthru to IP KVM instead of video device...
[05:55] <jetole> http://www.avocent.com/What-is-KVM-over-IP.aspx
[05:55] <jetole> that looks decent except for windows
[05:56] <jetole> but they mention virtual media
[06:00] <jetole> JaxxMaxx: http://en.wikipedia.org/wiki/KVM_switch  <== browse down to the kvm over ip section
[06:01] <JaxxMaxx> They are very handy devices.
[06:02] <jetole> seems like if I can find a DRAC like one that works, likes linux and is hardware indifferent
[06:03] <jetole> lol @ http://okvm.sourceforge.net/links.html
[06:03] <jetole> see if you can spot iy
[06:03] <jetole> *it
[06:04] <JaxxMaxx> Heh.  realy Open Source, build your own PCI interface card
[06:04] <jetole> I was actually refering to rdesktop x2
[06:05] <JaxxMaxx> oh, heh.  hurray for volunteer proofed pages
[06:08] <JaxxMaxx> ugh, blargh,  why are DEBUG statements showing up in the PHP based pages for dialupadmin
[06:08] <jetole> probably because it is enabled somewhere
[06:10] <JaxxMaxx> would that be a SQL or apache thing?
[06:10] <JaxxMaxx> I can't find the debug statements anywhere else
[06:11] <jetole> http://www.avocent.com/DSR_Switches.aspx
[06:11] <jetole> it would be a dialupadmin thing
[06:11] <jetole> it would be in a configuration file somewhere that the dialupadmin php parses and when it sees display sql debug then display sql debug
[06:13] <JaxxMaxx> now to stop the debug statements...
[06:14] <JaxxMaxx> ewwww, it might be  because DialupAdmin was written with PHP4 in mind, and now everything is PHP5
[06:14] <jetole> nope
[06:15] <jetole> thats not a good feature but doesn't explain the debug statements, there is a config file somewhere that has them enabled
[06:15] <jetole> i am going to bed
[06:16] <JaxxMaxx> good night
[06:17] <JaxxMaxx> stupid other packages depending on php5, and php5 breaking when I install PHP4
[06:30] <rhineheart_m> hello.. is this article true? http://article.gmane.org/gmane.comp.version-control.git/78613
[07:55] <kraut> moin
[07:55] <foo> moin
[07:56] <spiekey> Morning!
[07:57] <spiekey> Can you bind netcat to multiple ports?
[08:07] <_ruben> spiekey: dont think so, but you could run netcat multiple times
[08:37] <spiekey> _ruben: hmm..okay ;)
[08:38] <spiekey> has someone an idea whats going on here? http://pastebin.ca/965845
[08:38] <spiekey> it doesnt make sense to me at all :-/
[08:51] <soren> spiekey: Hm... Looks like fun :)
[08:51] <soren> spiekey: Oh, I know.
[08:52] <soren> spiekey: It doesn't respond to ping, so nmap skips it.
[08:52] <soren> To change this behaviour pass -PN (used to be -P0 (and you put -PO, not -P0)).
[08:58] <twb> Hi.  I just tried to set up user quotas on a test machine (on the / filesystem, because I forgot to create a separate /home), and the quota command is listing values that are clearly wrong.  / is mounted -o usrquota according to /proc/mounts and /aquota.user exists, but "quota al" claims I have only twelve thousand (12340) blocks used when du -sch /home/al clearly reports 700MB of usage, all owned by al.
[08:59] <twb> So, the quota file was generated correctly by checkquota (as part of /etc/init.d/quota), but it hasn't being correctly updated -- which is why quotas aren't enforced.  What can I do to isolate the fault?
[09:02] <twb> Probably unimportant details: the server is running hardy, and the users in question exist in LDAP (getent passwd, i.e. nss, can see them) and Kerberos (they can log in, i.e. pam_krb5 can see them).  /home is exported by NFS 3 and /export and /export/home are exported by NFSv4.  /home is -o bind mounted to /export/home.
[09:06] <spiekey> soren: i used 0 as in zero.
[09:07] <spiekey> soren: -sT seems to solve it.
[09:15] <soren> spiekey: Oh, so you did. The font on pastebin misled me.
[09:16] <twb> It mysteriously started working.
[09:27] <spiekey> soren: when i open the port 1234 with netcat: nc -l -p 1234 -u -k   and i scan this port with nmap my netcat dies.
[09:28] <spiekey> http://www.networksecurityarchive.org/html/Security-Basics/2008-02/msg00354.html --> they confirm my option flags
[09:28] <spiekey> any idea why netcat dies?
[09:30] <spiekey> this is on gutsy
[09:32] <twb> spiekey: dumb question: is it because nmap opens the connection, then hangs up?
[09:32] <twb> netcat will exit when the other end hangs up.
[09:33] <spiekey>  but i want nc to stay alive :)
[09:35] <soren> spiekey: netcat only handles one connection.
[09:35] <soren> spiekey: And then dies.
[09:35] <spiekey> this sucks :D
[09:36] <spiekey> how would i then e able to test a udp connection with nmap and netcat?
[09:37] <soren> while true; do netcat ; done
[09:38] <spiekey> ah! :)
[09:39] <spiekey> okay, lets assumei want to open up 20 udp ports with nectat...all with 200 while loops...how will i be able to kill them all afterwards?
[09:43] <fromport> killall nc
[09:45] <spiekey> fromport: nc is running in a loop
[09:45] <spiekey> while true;do nc...;done
[09:46] <soren> Kill the shell that's running the loop.
[09:48] <_ruben> spiekey: why not use smth like xinetd to do the listening?
[12:45]  * faulkes- makes a mental note to have the ubuntu forum team killed
[12:46]  * kgoetz wonders what faulkes- is plotting
[12:46] <faulkes-> I appreciate that it's april fools but what they've done deserves nothing less than death
[12:46] <kgoetz> ah... i wont look
[12:46] <faulkes-> best not
[12:54] <soren> Oh, dear.
[13:12] <faulkes-> soren: git my scattergun, I'ma goin huntin forumpossums
[13:15] <zul> hmm...I seem to have a deer in the backyard of my house how odd
[13:15] <soren> Er... what?
[13:19] <zul> a deer like bambi
[13:22] <faulkes-> zul: used to see that all the time when I lived in boulder, co
[13:22] <zul> faulkes-: yeah but this in the middle of the city, kind of
[13:22] <faulkes-> very odd the first time you see it if you're used to living in the city
[13:23] <faulkes-> zul: well, no choice, get out the steak knives, start preparing lunch
[13:26] <zul> ick
[13:35] <JaxxMaxx> can't believe anything you hear on 4/1
[14:03] <troofy> if i dont have dns control, hurdles will i face in my .com?
[14:09] <soren> what?
[14:09] <troofy> i wana have a .com
[14:10] <troofy> some dont give full dns control. right?
[14:10] <soren> That doesn't mean anything.
[14:10] <soren> WEll, that's not entirely true. It's wildly ambiguous, though.
[14:10] <soren> You want to buy a .com domain? Is that it?
[14:11] <troofy> ya
[14:11] <JaxxMaxx> All the good domain hosts will let you have control over the full DNS zone
[14:11] <troofy> soren someone said go for provider that gives good dns control
[14:12]  * soren is curious what this has to do with Ubuntu
[14:12] <soren> troofy: WEll, yeah, some sort of dns control would be useful :)
[14:12] <troofy> ubuntu server can be used to have websites hosted with apache
[14:12] <soren> troofy: I all depends on what you're going to use the domain for.
[14:12] <troofy> soren what is this 'some sort' ?
[14:13] <soren> troofy: It all depends on what you're going to use the domain for.
[14:13] <Deeps> godaddy.com, coupon code OYH3, $6.95 .com domain
[14:13] <troofy> soren domain will be used as email server, web server, ircd server.
[14:13] <Deeps> afaik thats the cheapest you can get
[14:13] <Deeps> (as an individual)
[14:13] <troofy> k
[14:14] <troofy> Deeps goddady can close my websites? for spamming?
[14:14] <soren> Owning a domain is useless if you have no control over it, and what you want to do is almost the simplest thing in the world (from dns management perspective).
[14:14] <Deeps> if you're planning on spamming, you're better off going elsewhere
[14:14] <Deeps> ie, ask irc.spam.net in #spam
[14:14] <soren> I'd be surprised if someone offers a dns service that so amputated that you can't even set up a web and mail server.
[14:14] <Deeps> and not in here
[14:15] <troofy> how are domains shutdown. for what reasons?
[14:15] <soren> If they suck too much.
[14:15] <sommer> lol
[14:15] <troofy> like?
[14:15] <Deeps> troofy: ask the registrar
[14:15] <Deeps> troofy: nothing to do with ubuntu
[14:15] <soren> troofy: Dude.. This channel is about Ubuntu server.
[14:15] <troofy> .coms have high link with servers. and i like ubuntu:)
[14:16] <soren> I like liquorice. That doesn't make Ubuntu server on-topic in #liquorice, either.
[14:16] <troofy> can any one tell me off the record?
[14:16] <Deeps> ask the registrars, nothing to do with us
[14:17] <troofy> godday say it can shutdown for no reason atall
[14:17] <soren> troofy: Dude. Go somewhere else.
[14:18] <Deeps> troofy: http://www.icann.org/registrars/accredited-list.html go through that list
[14:18] <Deeps> those are allk the people that'll sell you domains
[14:18] <Deeps> have a nice day now :)
[14:18] <troofy> i wil :)
[14:18] <Deeps> good bye! :)
[14:19] <troofy> bye..
[14:19] <troofy> Deeps arent you out yet?
[15:21] <_ruben> sweet .. will be getting a test san tomorow or the day after .. an equalogic one .. they're giving a seminar nearby and will be dropping one off here so we can play with it for a while
[15:22] <henkjan> "Hardy will be delayed by 3 months"
[15:22] <henkjan> from #ubuntu+1
[15:23] <_ruben> so it'll be 8.07 then i guess?
[16:34] <travisb> I set log_errors = On and error_log =/filename in php5 and it's not logging anything to that file.
[16:35] <ivoks> restart apache
[16:35] <travisb> I did
[16:35] <travisb> still nothing
[16:36] <travisb> apache logs correctly
[16:36] <soren> travisb: I suspect /filename is not the real path?
[16:37] <ivoks> travisb: try with /tmp/somefile
[16:37] <jetole> holy hell
[16:37] <ivoks> www-data can't write into /
[16:37] <soren> jetole: ?
[16:37] <jetole> userfriendly.org is down, damn april fools joke I hope
[16:38] <travisb> corect it's file /var/log/php.log and www-data owns it
[16:38] <ivoks> jetole: we had this as index page on ubuntu-hr.org: http://ubuntu-hr.org/jebemti.html
[16:38] <ivoks> jetole: total panic :D
[16:38] <bdmurray> soren: somebody mentioned bug 207526 to me
[16:38] <ubotu> Launchpad bug 207526 in postfix "default main.cf.tls causes syslog warnings" [Medium,Confirmed] https://launchpad.net/bugs/207526
[16:39] <jetole> huh, well since I have never been to the site before I would not be too worried, but uf.org?
[16:39] <lamont> bdmurray: meh
[16:40] <jetole> fsck me! I can't go to work without reading a little sys admin comics and so far I have only seen dilbert, thats like a half dose dude
[16:40] <lamont> bdmurray: I'll figure out something with it today (and no, changing /var/spool/postfix into a postfix-owned dir is probably not the right answer...
[16:40] <bdmurray> lamont: okay, thanks!
[16:40] <jetole> uf.org is more like 3/4 of what a sysadmin needs daily and now it's gone?
[17:09] <nxvl> how is that i get a security update uploaded into the stable releases
[17:09] <nxvl> using the SRU procesure?
[17:29] <mathiaz> nxvl: if it's a security update, you shouldn't follow the SRU process
[17:30] <mathiaz> nxvl: IIRC keescook or jdstrand will sponsor your debdiff
[17:30] <jdstrand> nxvl: hi.  what is the bug number?
[17:58] <nxvl> jdstrand: Bug #210175
[17:58] <ubotu> Launchpad bug 210175 in openssh "[openssh] [CVE-2008-1483] allows local users to hijack forwarded X connections" [Undecided,Confirmed] https://launchpad.net/bugs/210175
[17:59] <jdstrand> nxvl: thanks
[18:29] <nxvl> does anyone know something about this -> http://blog.drinsama.de/erich/en/linux/debian/2008040101-renaming-directories
[18:35] <mindframe-> nxvl, oh jeez
[18:35] <mindframe-> i can't say i'm a fan of that change
[18:35] <mindframe-> probably better for usability purposes though
[18:37] <nxvl> well, for the users it will be better, but for sysadmins it will be hell
[18:37] <mindframe-> agreed
[18:38] <mindframe-> why not just do symlinks
[18:43] <nxvl> well. it will be easier for sysadmins to do some symlinks than for users
[18:43] <nxvl> so they don't have this directories they don't know what they are
[19:51] <henkjan> w00t
[19:51] <henkjan> installing hardy in kvm
[20:24] <akincer> I've been bashing my head against a wall with bind9 for about an hour and I'm pretty sure apparmor is my problem. Can anybody here give some quick pointers on how to address an issue with apparmor?
[20:27] <akincer> Ok, so how do I configure apparmor to let named access zone files in /etc/bind/zones?
[20:28] <akincer> I could lament how dumb THAT is, but I'll refrain since I hope there is an easy fix
[20:41] <mindframe-> akincer, maradns to the rescue
[20:41] <akincer> ?
[20:41] <mindframe-> just spamming my preference of dns server, sorry
[20:41] <akincer> more like /etc/init.d/apparmor stop to the rescue
[20:41] <mindframe-> hah
[20:42] <mindframe-> maybe set it to 'learning' mode for a bit
[20:42] <akincer> I'm sure it's great, but not letting bind read zone files treads on absurdity
[20:44] <akincer> As soon as someone explains that one to me and how to fix it, I'll think more highly of it. Until then, I consider it a nuisance to be turned off
[20:44] <akincer> or point me to some documentation
[20:46] <akincer> Googling apparmor ubuntu bind9 doesn't bring up anything promising
[20:49] <akincer> Ahh, how cute. Found this in /etc/apparmor.d/usr.sbin.named: # Dynamic updates needs zone and journal files rw. We just allow rw for all in /etc/bind, and let DAC handle the rest
[20:50] <akincer> Sorry, this gets a big FAIL
[20:50] <akincer> I'll fix it since DAC seems to be failing all on its own
[20:51] <jdstrand> akincer: where are you storing your zone files?
[20:51] <jdstrand> /etc/bind?
[20:52] <akincer> in /etc/bind/zones but not to worry. Adding /etc/bind/zones/* rw, in the usr.sbin.named fixed it
[20:52]  * jdstrand nods
[20:52] <akincer> I shouldn't HAVE to do that
[20:52] <Deeps> i suspect apparmor might have expected your zone files to be in /var/cache/bind/
[20:53] <jdstrand> apparmor is configured for /etc/bind and /var/lib/bind
[20:53] <Deeps> (which is the default behaviour on ubuntu systems)
[20:53] <akincer> None of the how-tos out there use that convention
[20:53] <jdstrand> Deeps: it's /var/lib/bind
[20:54] <Deeps> jdstrand: my ubuntu 7.10 box says differently
[20:54] <slangasek> there's no /var/cache/bind used for slave zones?
[20:54] <jdstrand> it's /var/lib/bind on hardy for sure
[20:54] <Deeps> /etc/bind/named.conf.options:
[20:54] <Deeps> directory "/var/cache/bind";
[20:54] <Deeps> by default
[20:54] <Deeps> on gutsy
[20:55] <jdstrand> which is what I assumed we were talking about, since hardy is the first release with an enforcing profile
[20:55] <Deeps> and on debian etch
[20:55] <slangasek> jdstrand: that's, mmm, wrong then :)  slave zones are cache data, and should be stored in a separate dir
[20:55] <jdstrand> slangasek: talk to lamont-- I didn't do it ;)
[20:55] <jdstrand> let me check /etc/bind/named.conf.options...
[20:56] <lamont>  /var/cache/bind is for slave zones
[20:56] <slangasek> right
[20:56] <lamont>  /var/lib/bind is for zones that you have nsupdate hitting
[20:56] <lamont>  /etc/bind/ is for zones that you master
[20:56] <slangasek> so the proper apparmor policy is to allow both
[20:56] <jdstrand> slangasek: and it does
[20:56] <Deeps> i guess all my zone are in the wrong place then, as all i do for my zones is file "zone", no extra pathing
[20:56] <lamont> realistically, named should not need write access to /etc/bind
[20:57] <Deeps> (which dumps them all in /var/cache/bind)
[20:58] <Deeps> (whoops? heh)
[20:58]  * jdstrand nods, but acquiesed in the knowledge that some people configure it that way
[20:58]  * lamont points at "Configuration Schema" in /usr/share/doc/bind9/README.Debian.gz
[20:58] <lamont> there  are also people who put everything in /var/lib/bind, and I mean everything
[20:59] <akincer> there doesn't seem to be any good docs on wiki.ubuntu.com for this
[20:59] <Deeps> ah
[20:59]  * Deeps learns more
[20:59] <akincer> http://ubuntuforums.org/showthread.php?t=236093
[20:59] <akincer> That's what I followed
[21:00] <akincer> It seems to me extremely unwise to put an enforcement mechanism on the server edition without some documentation on what basic assumptions it makes.
[21:01] <akincer> And I think that is being generous when I say that
[21:01] <lamont> akincer: I wasn't consulted before they uploaded the apparmor crack
[21:01] <lamont> er, stuff
[21:02] <sergevn> is there an opensource alternative for DirectAdmin?
[21:02] <akincer> I gotcha. Somewhere someone made some assumptions and those assumptions haven't, so far as I can tell, been documented. I had to look in a config file to find out? VERY bad form
[21:03] <lamont> akincer: actually, they follow the documentation in README.Debian.gz
[21:03] <jdstrand> akincer: it is documented that apparmor is in enforcing mode in README.Debian
[21:04] <Deeps> is there a way to read the README.Debian without having to gunzip it first?
[21:04] <slangasek> zless
[21:04] <Deeps> (as typically it comes .gz)
[21:04] <jdstrand> akincer: I am not 100%, but I believe it's in the server guide too
[21:04] <Deeps> ah
[21:04] <Deeps> nice
[21:04]  * lamont uses "vi" (== vim) 
[21:04] <Deeps> vi can gunzip on the fly?
[21:04] <Deeps> well, vim
[21:05] <jdstrand> akincer: and we have https://wiki.ubuntu.com/DebuggingApparmor for debugging profile bugs
[21:05] <jdstrand> akincer: which you hit-- that lin in usr.sbin.named should be /etc/bind/** rw,
[21:06] <akincer> http://doc.ubuntu.com/ubuntu/serverguide/C/dns-configuration.html
[21:06] <akincer>  	      Now use an existing zone file as a template to create the /etc/bind/db.example.com file:
[21:06] <akincer> sudo cp /etc/bind/db.local /etc/bind/db.example.com
[21:07] <akincer> but the read/write isn't recursive? Does that REALLY make sense?
[21:07] <jdstrand> lamont: can you change the apparmor profile to have '/etc/bind/** rw,' instead of '/etc/bind/* rw,' when you upload -9
[21:07] <incorrect> hello, sorry to go on about this again, but does anyone know of any comparisons between running 32bit apps on 64bit platform vs running them on a native 32bit
[21:07] <jdstrand> akincer: it doesn't make sense.  it's a bug
[21:08] <lamont> -  /etc/bind/* rw,
[21:08] <lamont> +  /etc/bind/** rw,
[21:08] <lamont> like so?
[21:08] <jdstrand> yep
[21:08] <incorrect> i am pretty convinced that running 32bit apps on 64bit platforms is a waste of time
[21:08] <jdstrand> lamont: that'll fix akincer's issue
[21:08] <lamont> incorrect: it depends on the app, I rather expect
[21:09] <jdstrand> lamont: do you think it would be worthwhile to do the same for /var/cache/bind and /var/lib/bind?
[21:09] <jdstrand> lamont: in thinking about it, I do
[21:09] <lamont> yeah, it does
[21:09] <jdstrand> lamont: can you do that as well?
[21:09] <lamont> sed -i 's/\*/**/' :-)
[21:09] <lamont> done
[21:09] <jdstrand> lamont: thanks!
[21:10] <incorrect> i expect taking the 32bit emulation down to the silicone should be a lot faster than using lib32
[21:10] <slangasek> really would be better if it could be /etc/bind/** r, /var/lib/bind/** rw...
[21:11] <akincer> Are there plans to write up a tutorial on apparmor if one doesn't already exist?
[21:11] <slangasek> a bit less protection if your daemon is allowed to overwrite its own config files, which is what /etc/bind is supposed to be
[21:11] <jdstrand> slangasek: I agree, but to not break people's configurations who are doing the wrong thing there, we did 'rw'.
[21:11] <lamont> slangasek: I could make it read only for /etc/bind... it'd break more than one common-but-well, wrong installation class though
[21:11] <jdstrand> slangasek: remember that apparmor respects unix perms, so the default install is still ok
[21:11] <lamont> these are the same people who scream every upgrade because postinst makes  /etc/bind 644 root:bind :-)
[21:12] <akincer> I'd be happy to stop doing the wrong things there. But I think this should be documented unambiguously. So far, I'm unconvinced that it is.
[21:12] <slangasek> heh :)
[21:12] <slangasek> akincer: in a sense, this is documented in the FHS; but I agree that this could be made a bit more explicit
[21:12] <lamont> jdstrand: likewise, I'm not terribly averse to putting a comment above the '/etc/bind/** r' entry that points to README.Debian.gz :-)
[21:13] <Deeps> if /etc/bind is supposed to be read only by named, and also where you're supposed to keep your master zone files, where do you keep your dynamic zone files? /var/lib/bind?
[21:13] <jdstrand> lamont: that would be most welcome
[21:13] <slangasek> Deeps: yes
[21:13] <Deeps> dynamic zones that you're master for*
[21:13] <akincer> slangasek: I'm a documentation nazi. To me, it's binary. Either something is documented unambiguously or it isn't.
[21:13] <lamont> slangasek: yeah - the series of bugs that eventually led to /etc, /var/cache, and then /var/lib are siting FHS
[21:13] <jdstrand> slangasek: if the release manager says go for 'r' on /etc/bind, I'm cool with it-- but there will be bugs on it
[21:13] <lamont> jdstrand: was that a +1 for making /etc/bind "r"??
[21:13] <lamont> or just the comment?
[21:14] <jdstrand> lamont: I always wanted it to be 'r', but was trying not to break that common misconfiguration
[21:14] <jdstrand> lamont: it a 'correct' vs 'pragmatic' kinda thing
[21:14] <jdstrand> it's
[21:15] <slangasek> jdstrand: hey now, I'm not speaking as release manager when I say that. :)
[21:15]  * lamont looks at one bind9 instance he cares about, and finds: include "/var/lib/........conf";
[21:15] <lamont> so that one breaks in any case./
[21:15] <jdstrand> lamont: the '**' wouldn't fix it? It's not in /var/lib/bind/...
[21:16] <lamont> Deeps: dynamic master zones ==> /var/lib/bind
[21:16] <lamont> it's /var/lib/$somewhereelse
[21:17] <jdstrand> lamont: ah-- well yes. we have also talked about have a comment in the config files about non-default locations
[21:17] <lamont> my stuff uses /etc/bind/pri for primary zones
[21:17] <slangasek> akincer: the FHS unambiguously documents what the heirarchy is supposed to be for files, and Debian policy references the FHS, and Ubuntu references Debian policy... so it's not ambiguous, it's just not self-evident :-)
[21:17] <akincer> How about sticking a README in /etc/bind with some clarity so hopefully someone like me would read it
[21:17] <jdstrand> eg, my.cnf now has a warning in it about needing to change usr.sbin.mysqld if the default patchs are changed
[21:18] <jdstrand> akincer: docs are https://help.ubuntu.com/community/AppArmor
[21:18] <akincer> LOL, perhaps unambiguous isn't the word I'm looking for . . .
[21:18] <jdstrand> akincer: https://wiki.ubuntu.com/DebuggingApparmor
[21:18] <lamont>   # Dynamic updates needs zone and journal files rw, use /var/lib/bind
[21:18] <lamont>   # /etc/bind should be read-only for bind
[21:18] <lamont>   # See /usr/share/doc/bind9/README.Debian.gz
[21:18] <lamont>   /etc/bind/** r,
[21:18] <lamont>   /var/lib/bind/** rw,
[21:18] <lamont> jdstrand: how's that look?
[21:18] <jdstrand> akincer: that is not inreference to your README suggestion
[21:18] <jdstrand> lamont: what about /var/lib/cache?
[21:18] <lamont> akincer: I'm pretty sure that READMEs don't go in /etc
[21:18] <jdstrand> /var/cache/bind
[21:19] <lamont>   /var/cache/bind/** rw,
[21:19] <lamont> ah, yeah.  in the comment
[21:19] <lamont>   # /var/cache/bind is for slave/stub data, since we're not the origin of it.
[21:20] <lamont>   # /etc/bind should be read-only for bind
[21:20] <lamont>   # /var/lib/bind is for dynamically updated zone (and journal) files.
[21:20] <lamont>   # /var/cache/bind is for slave/stub data, since we're not the origin of it.
[21:20] <lamont>   # See /usr/share/doc/bind9/README.Debian.gz
[21:20] <lamont> there
[21:20] <lamont> and moved /var/cache/bind up as well
[21:20] <lamont> akincer: and I really don't want to modify named.conf* unless I have to, since they're almost always modified by the admin, and it's sad to make the upgrade prompt them for the diff
[21:20] <jdstrand> lamont: those comments are in the apparmor profile?
[21:20] <lamont> yes
[21:21] <lamont> http://people.ubuntu.com/~lamont/bind9.apparmor
[21:21] <akincer> Hey, it was me that used a howto on ubuntuforums
[21:21] <lamont> is the (uncommitted) file
[21:21] <jdstrand> I like them and your changes to the profile (though I still think 'r' might get us in trouble-- but upgrades are covered properly in postinst, so probably not too bad)
[21:22] <lamont> jdstrand: if I upload today, we should hear about it this week, yes? :-D
[21:22] <jdstrand> lamont: looks great
[21:22] <akincer> Interestingly, had the rw been recursive, I wouldn't have had the problem to begin with naughtiness of me putting zones in /etc/bind/zones aside
[21:22]  * lamont has had mixed results with ubuntuforums howtos....
[21:23] <jdstrand> lamont: do you have an opinion on putting a comment in the non-apparmor config files?
[21:23] <akincer> That's the first time I've had a failure. But to be fair, it would have worked had apparmor not gotten in the way
[21:23] <lamont> jdstrand: <lamont> akincer: and I really don't want to modify named.conf* unless I have to, since they're almost always modified by the admin, and it's sad to make the upgrade prompt them for the diff
[21:24] <lamont> OTOH, dapper smacked them around in an upgrade, iirc
[21:24] <akincer> I am not suggesting you do so
[21:24] <lamont> -security upgarde
[21:24] <lamont> so y'all already made it painful for some upgrades... thanks. :-P
[21:24] <akincer> hehe
[21:24]  * jdstrand doesn't recall that
[21:24] <slangasek> akincer: "would have worked", but it was still recommending usage that was contrary to the FHS :/
[21:25] <akincer> There are times (like today) that your first concern is to get it working. Then you go back and nice it up
[21:25] <slangasek> so it was only a matter of time before the advice in that howto was brought up short by reality
[21:25] <jdstrand> lamont: I haven't looked at it's conffile/config file handling-- I was mostly concerned about a new install there
[21:25] <lamont> jdstrand: IIRC, query-cache crappage that I was ignoring since the defualt changed in-source in 9.4
[21:25] <jdstrand> lamont: if that's too hard, no problem
[21:26] <slangasek> (e.g., storing nsupdate zones in /etc/bind will also fail for users who have read-only root filesystems)
[21:26] <akincer> And yes, I could have used 7.10 server, but I would have to upgrade soon anyway
[21:26] <akincer> figured I'd save some time
[21:26] <lamont> slangasek: that howto doesn't actually do anything wrong that I saw... other than totally not mentioning dynamic updates and what to do with the zone file
[21:26] <slangasek> lamont: ah, fair enough
[21:27] <lamont> and if a package delivers a README.Debian file, it's _always_ a good idea to read that file...
[21:27] <lamont> if for no other reason than to find out what crack the maintainer is on
[21:28] <lamont> which reminds me... did we ever decide if it was just dund or all 3 that I'm adding back into bluez-utils?
[21:29] <slangasek> I think just dund :)
[21:29] <lamont> stevenK disclaimed knowledge on the subject
[21:29] <slangasek> would be nice to get Marcel's input
[21:29] <lamont> slangasek: sounds good to me
[21:29] <lamont> Marcel == debian maint?
[21:29] <slangasek> Marcel == upstream
[21:30] <slangasek> debian maint just introduces gratuitous deltas to the Ubuntu packaging, I don't think he'll have any relevant input ;)
[21:30] <lamont> heh
[21:30] <lamont> ok.  I'll turn on dund and fire email at upstream then. :-)
[21:30] <slangasek> (Marcel was at UDS Boston; dunno if he's coming again to Prague)
[21:44] <lamont> slangasek: I'm gonna not be in Prague either
[21:48] <slangasek> lamont: aww
[21:55] <MountainX>  I need to know what will happen when I change a Group's ID. I want to change my admin GID from 114 to 113. There is another group with ID 113 at the moment. So, how do I proceed? (This is part of setting up an NFS server...)
[22:03] <mok0> MountainX: you need to move the other users to a different group first
[22:05] <MountainX> there are no users in GID 113 (name=adm). So if I change admin group to GID 113, then can I change adm group to GID 114 in a second step?
[22:05] <MountainX> is there a howto for manually syncing passwd and group files?
[22:06] <MountainX> on #ubuntu they recommended I just try it and see what happens. I would rather read up on the details first however ;)
[22:06] <mok0> MountainX: then it doesn't matter, go ahead and change it. No howto afaik
[22:06] <MountainX> mok0 - thx
[22:06] <kirkland> MountainX: are you going to use groupmod to do it?
[22:07] <mok0> MountainX: It's really no big deal... only edit the /etc/passwd file
[22:07] <kirkland> MountainX: or were you planning on editing /etc/* ?
[22:08] <kirkland> MountainX: man groupmod
[22:08] <MountainX> I have no idea how to do this. My goal is to have all GIDs and UIDs sync'd up on my half dozen computers. (I'm setting up NFS.) I will do the best way that is recommended. I had planned on editing /etc/*
[22:08] <mok0> MountainX: that's fine
[22:08] <kirkland> MountainX: I'd probalby use NIS
[22:09] <MountainX> If I edit passwd and make a version that I like (say with admin GID = 113) can I just copy that to all the other computers without wreaking havok?
[22:09] <kirkland> MountainX: are all of the machines going to have identical groups?
[22:09] <mok0> kirkland: if you use nis, you have to be aware that it doesn't serve uids < 1000 afair
[22:10] <MountainX> Once I do this step, I think I'll tackle OpenLDAP next. But I want to sync everything up first so all users have same UID on all machines. And I want the same for groups. SO yes, I will set up the same groups on each machine I think.
[22:10] <kirkland> MountainX: if you have different distributions (fedora, ubuntu, etc), or even different versions of the same distribution (edge, hardy), or even different packages installed on different machines with the same distribution, you might have issues
[22:10] <mok0> MountainX: how many users?
[22:11] <MountainX> I have some Gutsy and some Hardy atm. And I'm looking for a simple solution to get NFS working. I have about half a dozen users and about the same number of computers. It is a home office. (We have more computers than cars ;)
[22:12] <mathiaz> MountainX: I'd suggest to use ldap to centrally manage your uid and gid
[22:12] <mok0> MountainX: just create a passwd and a group file and copy them to all of the workstations
[22:13] <mathiaz> MountainX: mok0 suggestion ^^ is also worth a try if you want something working now
[22:13] <MountainX> OK. I will do both :)
[22:13] <MountainX> I will organize my users first and copy a consistent passwd file to all computers. Then I will try LDAP next.
[22:13] <mok0> MountainX: get it to work first, then worry about ldap later
[22:13] <mathiaz> MountainX: once you have ldap running you won't need the passwd and group file synchronization
[22:14] <kirkland> MountainX: do you care about system users, or only real human users?
[22:14] <mok0> right, at that point you need to remove the changes to /etc/passwd and /etc/group
[22:14] <MountainX> I want my admin account to have the same GID on all machines and I want my real human users to each have the same UID on each machine for starters.
[22:14] <kirkland> MountainX: I've done something similar in the past, syncing only users >= 1000
[22:14] <mok0> In Ubuntu the paradigm is that the first user belongs to the admin group, and can do sudo (sudo -i)
[22:15] <mok0> kirkland: yes UID >= 1000 must be adhered to, otherwise a lot of stuff doesn't work for users
[22:16] <mok0> for example users don't have access to certain devices
[22:16] <kirkland> MountainX: that helps if you a situation, such as one workstation running, say MythTV, but that user/group doesn't exist on your main server you're syncing from
[22:16] <kirkland> MountainX: you'd erase the mythtv user/group on the clients that have them
[22:17] <kirkland> MountainX: use your imagination, replacing mythtv with mysql, postgres, something-more-near-and-dear-to-your-heart
[22:18] <MountainX> So I understand that I can pick one passwd file that I like and edit it a bit (only being concerned about UID >=1000) and then copy it to all clients. I am concerned then about the resulting changes. Will users be able to log in after I copy the new passwd file to the machine?
[22:18] <mok0> MountainX: sure.
[22:19] <mok0> MountainX: I suggest you make a passwd file just containing the 6 users and append it to each passwd file
[22:19] <mathiaz> MountainX: hum... Not sure it's a good idea to copy a complete password file around
[22:19] <mathiaz> MountainX: you may have specific system account created on some computers so that services can run correctly
[22:20] <mok0> right
[22:20] <mathiaz> MountainX: if you copy the complete password file around you may end up in situation where services are not running anymore
[22:20] <mok0> so it's better just to append the "users" part of the passwd file
[22:20] <MountainX> ok. I will just change the 6 human users (all with UID>=1000). Then I will append to existing passwd on each machine. (And I assume I will delete the pre-existing lines in each passwd file for those 6 users before saving.)
[22:20] <kirkland> MountainX: don't overwrite, append
[22:20] <kirkland> MountainX: yup, i suggest using grep
[22:20] <mok0> MountainX: yes, exactly
[22:21] <MountainX> thank you everyone
[22:21] <mok0> Good luck MountainX
[22:21] <MountainX> and for making the admin group have the same UID on all machines, are there any gotchas?
[22:21] <mok0> sounds like fun
[22:22] <mok0> MountainX: say you have UID 1000. Then make sure that you belong to group "admin", and put that in /etc/suderes
[22:22] <mok0>  /etc/sudoers
[22:22] <mok0> It is probably there by default, if it's an Ubuntu system you have
[22:22] <MountainX> my problem is that admin group has GID 110, 113, 114 etc on different machines. I want to make admin GID the same on all machines.
[22:23] <MountainX> the reason I want admin GID to be the same is because of the PITA Windows Service for Unix running on my file server.
[22:24] <mok0> admin has 110 on my machines, it appears
[22:24] <MountainX> I checked all mind and they range from 110 to 114. I need them to be the same. But I am concerned about gotchas when I change them.
[22:25] <mok0> MountainX: it doesn't really matter, as long as user "MountainX" belongs to the appropriate admin group on each machine
[22:26] <MountainX> I am finding that it matters for Services for Unix. At the moment I have SFU all set up but I am stumped by permission denied errors so I'm working through that. This effort to make all admin GIDs the same is part of my effort to fix it.
[22:27] <mok0> THen I suggest you make gid = 110 on all machines
[22:27] <mok0> for group admin
[22:28] <MountainX> (My next step would be to remove Windows and install Ubuntu on the file server, but that is about a 1 week job at least. I have a great backup solution running on the Windows box and I don't know enough yet to get the same running under Linux... but thats off topic.)
[22:28] <kirkland> rsync ;-)
[22:29] <MountainX> I know about rsync, but I have to give myself more than a week to learn it well enough to rely on it.
[22:29] <mok0> rsnapshot -- based on rsync but with a layer on top to keep daily snapshots
[22:29] <MountainX> so that's why I'm sticking wth the PITA services for unix (I hate it)
[22:29] <mok0> MountainX: where does that come from? Never heard of it
[22:30] <MountainX> http://en.wikipedia.org/wiki/Microsoft_Windows_Services_for_UNIX
[22:30] <mok0> eeek
[22:31] <MountainX> here's my thread on the difficulties getting the NFS server part working. I still don't have it solved... http://www.interopsystems.com/community/tm.aspx?m=14379
[22:31] <MountainX> eeek is right :)
[22:31] <mok0> But you have an Ubuntu system?
[22:32] <MountainX> all computers except file server run ubuntu (hardy or gutsy)
[22:32] <MountainX> file server will run ubuntu as soon as I learn more
[22:33] <mok0> MountainX: normally, you have to export the file systems you want to serve in the file /etc/exports
[22:33] <mok0> Perhaps you need something similar on SFU
[22:33] <rgl> hi.
[22:33] <MountainX> so what happens to permissions if I go to a ubuntu computer and change admin GID from 113 to 110? Can I really just make that change without breaking anything? (That is, assuming GID 110 has no users assigned at the time of the change).
[22:34] <rgl> is there a work arround for running hardy beta inside virtualbox?
[22:35] <mok0> MountainX: the only thing that happens has to do with permissions to read/write to directories
[22:36] <mok0> so you need to make sure that all files that "belong" to the old gid get owned by the new one
[22:36] <MountainX> say a user has write permissions because they belong to admin group (when GID = 114). Then I change admin group GID to 110. Does that user lose write permissions?
[22:36] <mok0> MountainX: yes, but you can change the gid of the file/directory
[22:37] <MountainX> mok0 - OK, thanks.
[22:37] <mok0> MountainX: I can now see that the admin group has different gid's on my machines, and it doesn't matter
[22:38] <MountainX> mok0 - it only matters because my file server is running Windows Services for Unix.
[22:38] <mok0> hm, ok.
[22:39] <mok0> I guess you can't trust Microsoft to implement anything correctly
[22:39] <MountainX> yes, I'm getting that MS software off the file server as soon as I can. But there is a lot to learn in the transition.
[22:40] <Deeps> why not just use samba in the mean time?
[22:41] <MountainX> I can't use smbfs or cifs because of the gedit/cifs bug
[22:42] <nxvl> MountainX: you don't need tu use smbfs, you can use samba
[22:43] <MountainX> when I set up fstab, I thought I had to specify either smbfs, cifs, or nfs (I'm not considering sshfs).
[22:43] <nxvl> you can use smbclient on your init
[22:43] <nxvl> instead of smbfs+fstab
[22:44] <mok0> That's easy to test
[22:44] <MountainX> if smbfs and cifs both have the bug with gedit and similar apps, wouldn't samba have the same problem?
[22:44] <nxvl> MountainX: it sound logical, but you never know
[22:44] <nxvl> MountainX: samba is an app, smbfs a kernel module
[22:44] <MountainX> I'm more than a week into getting NFS to work. I think I'll stick with NFS until I either get it to work or I hit a deadend.
[22:45] <MountainX> I suspect smbfs and samba use the same (or very similar) protocol
[22:45] <nxvl> yep, but one uses the kernel, the other don't
[22:45] <MountainX> and I suspect it will cause the same bug that made me switch to nfs
[22:46] <nxvl> i can be a bug involving not only smbfs, but the kernel also
[22:46] <nxvl> s/i/it
[22:46] <MountainX> nxvl - thx. Good to know the difference, but I still think either one will have the same gedit problem. The problem is that samba/smbfs when connected to shares on a Windows server don't allow an open file to be moved/renamed.
[22:47] <MountainX> therefore, gedit doesn't work.
[22:47] <nxvl> MountainX: well, that can be a gedit bug also, i don't say there isn't that bug with that configurations, just that you don't know :D
[22:48] <MountainX> the gedit/cifs bug has been discussed for two years. I decided to just resolve the problem by moving to nfs.
[22:48] <nxvl> i will think that the bug in this case
[22:48] <nxvl> is windows
[22:48] <nxvl> :D
[22:48] <nxvl> if a microsoft product is involved it is always it's fault
[22:48] <nxvl> :P
[22:48] <mok0> bug #1
[22:48] <MountainX> haha
[22:48] <ubotu> Launchpad bug 1 in ubuntu "Microsoft has a majority market share" [Critical,Confirmed] https://launchpad.net/bugs/1
[22:48] <nxvl> anyway i don't use gedit
[22:48] <MountainX> yeah, I'm doing my part to solve bug #1
[22:49] <nxvl> i'm a shell man
[22:49] <MountainX> is there an easy way to replace GID on all files (regardless of location) on the local disks on my server -- for only those files that have MountainX:admin as the owner?
[22:50] <nxvl> shell scripting!
[22:50] <mok0> find . -uid 113 -print
[22:51] <mok0> sudo find / -uid 113 -print
[22:51] <mok0> or gid
[22:51] <nxvl> ls -l | grep MointainX | cut -$(i don't remember :P)
[22:51] <MountainX> nxvl - as a newbie I'm in that situation where everything I need to do has a step that leads to something else I don't know how to do ;)
[22:51] <mok0> MountainX: then come back here and ask again :-)
[22:51] <nxvl> MountainX: it is the best situation
[22:52]  * nxvl loves not to know
[22:52] <mok0> hopefully your IRC client still works ;.)
[22:52] <nxvl> that makes you learn new things
[22:52]  * nxvl loves to learn
[22:52] <mok0> MountainX: but look at "find" it is a great tool
[22:52] <MountainX> yeah, I am having a good time learning Linux. I am never going back to Windows. Although when I get really frustrated, I think about it for a few minutes before I come to my senses
[22:52] <nxvl> MountainX: man is your friend
[22:53] <nxvl> what i'm more grateful about linux is how it has make me an investigation person
[22:53] <nxvl> and also learn things i have never imagine before
[22:54] <mok0> yeah that's true
[22:54] <MountainX> what I am most grateful for is the sense of freedom of choice and ability to get to the bottom of anything.
[22:54] <nxvl> MountainX: if you are going to do sysadmining work, you MUST learn some scripting language, i recomend bash, because is what yu will use more
[22:54] <nxvl> MountainX: so, find some bash books and start reading
[22:54] <nxvl> walk before run
[22:54] <MountainX> nxvl - OK. I will
[22:55] <nxvl> MountainX: getting to the bottom of anything makes you learn and see things you have never imagine there where there
[22:56] <nxvl> also
[22:56] <nxvl> can't you use sshfs?
[22:56] <nxvl> if all of your clients are linux, and server is linux
[22:56] <mok0> hey, sshfs, what's that?
[22:56] <MountainX> sshfs I am told is not good for large files. I copy videos, virtual machine images, etc.
[22:56] <nxvl> sshfs is easier and safter to use
[22:57] <nxvl> MountainX: mounting remote folders via ssh :D it rocks!
[22:57] <nxvl> MountainX: well, i haven't try it with large files IIRC, so i can't tell
[22:57] <mok0> cool
[22:57] <MountainX> nxvl: do you recommend it for files as large as 2 GB? I heard it was slow and prone to errors on large files.
[22:58] <nxvl> MountainX: but for quick things it rocks
[22:58] <MountainX> ok
[22:58] <nxvl> mok0: is like scp, but as a fs or something like that
[22:58] <mok0> cool
[22:59] <kirkland> sshfs has high cpu overhead on both client and server, due to encryption of *everything*
[22:59] <nxvl> MountainX: also, why is that you need gedit that hard?
[22:59] <mok0> kirkland: well that's ssh
[22:59] <nxvl> kirkland: encryptation of everything rocks!
[23:00] <nxvl> kirkland: you are talking to a man that tunnels everything via ssh, so i don't really matter :P
[23:00] <kirkland> nxvl: :-)
[23:00] <MountainX> this wasn't supposed to be hard when I started... I just installed Hardy on a computer and set it up the way I set up Gutsy before. But then gedit and other apps would not edit any files. (All files are on the Windows file server.)
[23:00] <kirkland> nxvl: me too, except when I'm backing up 1TB of data from one machine, to another sitting right next to it
[23:00] <nxvl> i will eat all my CPU one or other way ecrypting anything
[23:00] <mok0> It's not really encrypted... only during network transfer
[23:00] <MountainX> I thought switching from cifs to nfs would be easy ;)
[23:01] <kirkland> nxvl: in which case, I've seen a 40% improvement using NFS rather than rsync+ssh
[23:01] <nxvl> kirkland: i only copy txt files
[23:01] <mok0> I will be looking at openafs shortly
[23:01] <nxvl> kirkland: the large files i copy are logs, and i rotate them always
[23:02] <kirkland> nxvl: i have some very large qemu vm images that don't compress well
[23:02] <nxvl> MountainX: hardy is still beta, report it to launchpad and ping here for a solution
[23:02] <nxvl> kirkland: vmware server, it is free :D
[23:02] <mok0> kirkland: what format are the images?
[23:02] <kirkland> nxvl: free as in beer
[23:03] <nxvl> kirkland: yep
[23:03] <nxvl> i like beer
[23:03] <nxvl> :D
[23:03] <kirkland> nxvl: kvm/qemu free as in freedom (and beer)
[23:03] <nxvl> ssh -X virtualbox :P
[23:04] <MountainX> nvxl - the gedit/cifs bug has been around for more than 2 years. gedit devs won't fix it because they say it is a file system problem. The cifs/samba people won't fix it because they say that a file system shouldn't allow an open file to be renamed.
[23:04] <nxvl> MountainX: an open file shouldn't be renamed, and that is that it work
[23:05] <nxvl> and that is using samba or a localfs
[23:05] <nxvl> i'm not a samba expert
[23:05] <MountainX> nxvl - tell that to the gedit devs ;)
[23:05] <mok0> MountainX: can't you use another editor?
[23:05] <nxvl> as you maybe have notice i'm a crypt/security man
[23:05] <nxvl> :D
[23:05]  * nxvl loves vim
[23:06] <MountainX> yes, but the problem happens with other apps too. I thought it would be easiest to get rid of cifs/samba.
[23:06]  * mok0 loves emacs
[23:06] <nxvl> since i don't have X server running on servers
[23:06] <MountainX> this problem is on the clients
[23:06] <nxvl> mok0: emacs is nice for long editions, but for quick edits, it sucks
[23:06] <mok0> nxvl: yeah, I use vim for those as well
[23:07] <nxvl> ok, going out for a wile
[23:07] <nxvl> while*
[23:07] <mok0> hehehe
[23:07] <nxvl> or however it should be written :S
[23:07] <nxvl> bbl
[23:07] <mok0> going out for a wife
[23:07] <MountainX> ^ that's how I read it  lol
[23:07] <mok0> I read
[23:07] <nxvl> mok0: not even joke about it!
[23:08] <nxvl> im still to yung
[23:08] <mok0> nxvl: there's still time :-)
[23:14] <mok0> MountainX: usually root is not allowed to access NFS mounted shares
[23:14] <MountainX> yes, that's how I have it set up
[23:15] <mok0> MountainX: that might explain why you could not cd to /mnt
[23:15] <mok0> (c.f. your posting on that SUA board)
[23:15] <MountainX> mok0 - let me show you something....
[23:17] <MountainX> it may take a few minutes...
[23:17] <mok0> sure
[23:19] <MountainX> mok0 - here is my current problem:
[23:19] <MountainX> sudo cp /tmp/Basket/ /home/user/Documents/Baskets/
[23:19] <MountainX> cp: accessing `/home/user/Documents/Baskets/': Permission denied
[23:19] <MountainX> ... /home/user/Documents/ is an NFS mount
[23:20] <mok0> MountainX: ls -ld /home/user/
[23:20] <MountainX> drwxrwx---  2 user admin           64 2008-04-01 02:14 Documents
[23:21] <mok0> hm
[23:21] <mok0> MountainX: ls -ld /home
[23:21] <MountainX> mok0 - that was ls -la
[23:21] <MountainX> should I repeat with ls -ld?
[23:21] <mok0> ok
[23:21] <mok0> -d just means not to enter the directory
[23:21] <MountainX> ok
[23:22] <MountainX> here is ls -ld /home == drwx------ 48 user user  4096 2008-04-01 15:56 user
[23:23] <mok0> ... and you are currently logged on as "user"?
[23:23] <MountainX> yes
[23:24] <mok0> I think /home should be owned by root
[23:24] <mok0> and have mode 755
[23:24] <MountainX> I changed all that based on several Ubuntu security guides.
[23:24] <mok0> then directory /home/user should be owned by user:user
[23:25] <MountainX> OK, so maybe I changed it one level too high...
[23:25] <mok0> and have mode 751
[23:25] <mok0> here's my home:
[23:25] <mok0> drwxr-x--x 245 mok mok 36864 2008-04-01 23:00 /u/mok
[23:26] <mok0> and:
[23:26] <mok0> drwxr-xr-x 3 root root 0 2008-04-01 14:05 /u
[23:26] <MountainX> maybe I pasted the wrong thing earlier. My /home is the same as yours:
[23:26] <MountainX> ls -ld /home/
[23:26] <MountainX> drwxr-xr-x 5 root root 4096 2008-04-01 11:55 /home/
[23:26] <mok0> looks ok
[23:27] <MountainX> and here is /home/user again (for user "user")
[23:27] <MountainX>  ls -ld /home/user/
[23:27] <MountainX> drwx------ 48 user user 4096 2008-04-01 15:56 /home/user/
[23:28] <mok0> I'd make that mode 751
[23:29] <MountainX> OK. I can try that change. But I'm not sure how the chmod command will work given that /home/user/Documents is an NFS mount using Windows SFU.
[23:30] <mok0> no
[23:30] <mok0> but worth a try
[23:30] <MountainX> ok
[23:30] <mok0> you may have to to it under SFU
[23:31] <MountainX> can I change just  /home/computeruser/Documents/Baskets/ to test? Will access be granted if the parent has more restrictive permissions? I guess not.
[23:31] <mok0> right
[23:32] <mok0> If you are not permitted to traverse a directory, for instance (the x bit)
[23:32] <MountainX> ok
[23:32] <mok0> you need to check all directories in the path
[23:32] <MountainX> ok
[23:36] <mok0> from your posting, you have some very strange uid/gid's: 4294967294 ??
[23:38] <MountainX> I figured out those strange gid's
[23:38] <mok0> ok, good
[23:40] <MountainX> They are when SFU has no GID assigned. It is tough to get rid of them because all new files/folder automatically get created with the Administrators group as owner. But that doesn't translate to SFU. So it everything ends up with no valid GID until you do chown on it. But when I do chown, then the NTFS permissions seem to disappear...
[23:40] <mok0> hmm
[23:45] <MountainX> what causes "omitting directory" when trying this cp command? ~$ cp /tmp/Basket/ /media/Shared/Basket/
[23:45] <MountainX> cp: omitting directory `/tmp/Basket/'
[23:45] <mok0> eerh. You can't copy a directory with cp, you  need cp -r
[23:46] <MountainX> ok. finally I asked a question with an easy answer ;)
[23:46] <MountainX> thx
[23:46] <mok0> heh I feel good now
[23:51] <MountainX> when I mount NFS shares under /media/ for user myuser, are the following permissions OK: drwxr-xr-x 12 root root 4096 2008-04-01 00:17 /media/
[23:52] <mok0> great
[23:53] <MountainX> mok0-thx
[23:53] <mok0> so SUA and Linux agree on the uid's
[23:54] <MountainX> mok0  - I have been working to make that the case. Services for Unix has a user and group mapping tool I've been using. I'm mapping my Ubuntu group admin to the Windows group Administrators. That's why I need Linux group admin to have the same GID on all my computers.
[23:55] <mok0> OK, I understand
[23:55] <MountainX> and the Linux group root will not be mapped at all.
[23:55] <mok0> That might be uid 0, though
[23:55] <mok0> ah