/srv/irclogs.ubuntu.com/2008/07/08/#ubuntu-server.txt

nxvl_work	kees: ping	00:46
=== nxvl_work is now known as nxvl
kees	nxvl: hola!	00:51
helfire	With multipule users on 1 server, homes in /var/www/user, how do you get set the permssions correctly? for php to work everything has to be www-data:www-data	00:57
sommer	helfire: you can place the www-data user into the user's group, then allow read and execute rights to the appropriate directories	01:01
sommer	helfire: there's also posix acls, that can give you much more permissions flexibility	01:02
hads	Or fastcgi etc.	01:02
helfire	sommer: if 2 users are part of the same group wont they be able to view the contents of /var/www/user1/*	01:03
sommer	yes	01:04
hads	Although if they are all www-data then www-data has access to all of the contents anyway.	01:04
sommer	helfire: for your situation posix acls may work best... you can give just the www-data user the appropriate permissions	01:04
helfire	but for securty reasons i dont want 2 users to be able to view eachothers directories, but to serve the pages they both have to be part of *:www-data	01:04
helfire	are there any guides that step through setting up apache/etc with multiple users and acls?	01:09
sommer	helfire: acls are sperate from apache, apache will follow the filesystem permissions... here's a rather long aritcle: http://www.suse.de/~agruen/acl/linux-acls/online/	01:10
sommer	helfire: basically install the acl package, then get some experience with getfacl and setfacl, once you're used to them it's not that bad	01:11
sommer	there's probably other more consice guides out there as well	01:11
helfire	Ya, lots of guilds show you how to setup ISPconfig/apache/etc but then when multiple users come in they dont say anything about it	01:13
helfire	Might as well ask while i'm here, Is ISPConfig the best option in managing multiple users websites? Long time ago i just wrote a perl script to do it all for me but that was years ago hehe	01:14
sommer	not sure what you're looking for, basically posix acls allow the same permissions as normal, but to multiple users and groups... if in some level of acl a user doens't have permission they get denied access	01:14
* sommer has never used ISPConfig		01:14
helfire	oh no i'm just saying for managing multiple users, setting up limits, doing all the manual work for ya	01:19
sommer	ah, I'd say try it out and if it's horrible you can always migrate to something else... or do things manually :-)	01:20
SpaceBass	hey folks	03:23
SpaceBass	I'm having a problem with setting up 8.04 server as an ldap client	03:23
SpaceBass	I rebuilt my OpenDirectory server and all my other clients are working, but getent passwd does not show any OD users	03:23
SpaceBass	I've tried dpgk-reconfigure and it does nothing	03:23
SpaceBass	actually does nothing, just returns a bash prompt	03:23
sommer	SpaceBass: did you try sudo dpkg-reconfigure ldap-auth-config ?	03:31
SpaceBass	yeah	03:32
SpaceBass	sorry - always leave the sudo off when in IRC	03:32
sommer	how about sudo dpkg-reconfigure ldap-auth-client	03:32
SpaceBass	i just removed/reinstalled ldap-auth-config and its ran the setup again ... but I still am not seeing network users with getent passwd	03:32
sommer	SpaceBass: try double checking the /etc/ldap.conf file	03:33
SpaceBass	sommer, yeah, it looks fine	03:33
sommer	can you search with ldapsearch -x ?	03:33
SpaceBass	oddly if I remove it and re-run dpgk-reconfigure it does not create a new one ... making me think maybe its not using that file	03:33
sommer	it does	03:34
SpaceBass	hummm	03:34
SpaceBass	not sure why it wouldn't get re-created then	03:34
SpaceBass	and of couse sudo dpkg-reconfigure ldap-auth-config	03:35
sommer	it's probably only created during the package postinst, and dpkg-reconfiugre doesn't execute the exact same command... (that's a guess)	03:35
SpaceBass	is failing again	03:35
SpaceBass	ah	03:36
SpaceBass	well, something's broken	03:41
SpaceBass	the problem is that I need some kind of logs or verbose output	03:42
sommer	SpaceBass: stop slapd then start it in a console window with: sudo slapd -u openldap -g openldap -f /etc/ldap/slapd.conf -d -1	03:42
sommer	then do a getent and look for errors in the output	03:43
SpaceBass	slapd is the server, not the client rght?	03:43
sommer	correct	03:43
SpaceBass	I'm not running slapd on this box	03:43
=== freaky[t] is now known as fReAkY[t]
sommer	are you sure your network connectivity is working then?	03:44
SpaceBass	yeah	03:44
SpaceBass	ssh is working, ping, all other clients, etc	03:44
sommer	may want to double check with a quick nmap scan... should see ldap in the list	03:45
sommer	other than that I'd try upping the logging on the server	03:45
SpaceBass	checking	03:45
SpaceBass	nmap shows that its open ... but getent passwd doesnt even cause a log entry n the server - like its not trying	03:46
sommer	if the slapd logging isn't at a higher level it may not register an event	03:47
SpaceBass	leme check	03:48
owh	Can I insert a stupid question into this - not knowing anything about ldap? How have you told the client where the ldap server is?	03:55
owh	I mean if getent passwd doesn't create an event, what is it trying to talk to instead?	03:57
sommer	owh: the dpkg-reconfigure ldap-auth-client configures /etc/ldap.conf which holds that information	03:57
SpaceBass	it reads /etc/ldap.conf	03:57
sommer	owh: /etc/passwd	03:57
sommer	SpaceBass: that is a good idea you might double check the connection setting in that file	03:57
owh	So, if ldap.conf holds that information, is it what you expect it to be?	03:57
SpaceBass	the ldap client libraries query the ldap server for the data	03:58
owh	Sure, but my question is more about telling the clients who to ask for the answer.	03:58
SpaceBass	thats from ldap.con	03:59
SpaceBass	there's a line that reads: host 10.1.1.15	03:59
SpaceBass	10.1.1.15 is the ldap server	03:59
owh	So, you can presumably ping the ldap serve?	04:00
owh	s/serve/server/	04:00
owh	(From the client)	04:00
SpaceBass	yeah	04:00
owh	How did the 10.1.1.15 end up in the ldap.conf file?	04:00
SpaceBass	when you install ldap-auth-client (or reconfigure it) it writes to that file	04:01
owh	With dpkg-reconfigure?	04:01
owh	Does it require a port number?	04:01
SpaceBass	not if you use the default - but I did try that to doble check	04:01
owh	As I said, I'm not familiar with ldap, just the principles of trouble shooting :)	04:01
sommer	SpaceBass: do you have ldapi:///hostname or ldap://hostname ?	04:02
owh	Can you improve the verbosity of the client?	04:02
SpaceBass	owh, wish I knew how	04:02
owh	Ah a URI, rather than a host.	04:02
SpaceBass	sommer, I've tried just the IP, ldap://host and ldapi://...	04:02
* owh has a gander through the RTFM.		04:03
sommer	SpaceBass: hmmm that should work, but you might also try Host ip_address instead of ldap://	04:03
owh	SpaceBass: You know about this: https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html	04:03
SpaceBass	yeah, thats for setting up a server	04:04
SpaceBass	this is a client	04:04
sommer	owh: doesn't cover client configuration... yet :)	04:04
owh	:(	04:04
owh	Crap	04:04
owh	Don't make me install it :)	04:04
owh	Ok, for a moment assume you did everything right - unlikely, but let's start somewhere.	04:05
owh	How is what you're expecting not working?	04:05
owh	Remember, once you get to the point of pulling out your hair, most likely the problem isn't what you think it is.	04:06
owh	So, I'm just testing your assumptions at the moment.	04:06
SpaceBass	I'm sure its one of those glaring things - like a typo	04:07
SpaceBass	so I'm gonna put it down for the night	04:07
SpaceBass	I appreciate the help - good troublshooting steps	04:07
owh	Right, so work with me for a mo, give me 10 minutes :)	04:07
owh	Then I'll let you slink off to bed :)	04:07
SpaceBass	k	04:07
owh	So, what are you doing that isn't working?	04:07
owh	What command is failing?	04:08
owh	Also, FYI, the man page for ldap.conf says that the URI is: URI <ldap[s]://[name[:port]] ...>	04:09
sommer	SpaceBass: you might also try: sudo auth-client-config -a -p lac_ldap	04:09
SpaceBass	well, its just not producing the expected output	04:09
sommer	SpaceBass: that will configure pam for ldap	04:10
owh	And the man page goes on to say: HOST <name[:port] ...>	04:10
owh	So, the IP address is with a HOST command, but a URI is with a URI command. What does your ldap.conf show?	04:10
SpaceBass	so it implies that the port is required	04:10
SpaceBass	leme look	04:10
owh	No, that's optional.	04:10
owh	SpaceBass: man ldap.conf should give you this: ldap.conf(5): ldap config file - Linux man page <http://linux.die.net/man/5/ldap.conf>	04:11
SpaceBass	sommer, not sure -a -p lac_ldap where the right switches - its reconfiguring every package on the system	04:12
sommer	SpaceBass: not sure what you mean by "every package on the system"... every time I've used it, it only configures the pam modules	04:15
SpaceBass	sommer, i mean cups, font server, keyboard layout...name it	04:15
sommer	ah see what you mean... ya anything that uses pam, isn't that what you wanted?	04:16
sommer	to reverse it use sudo -a -r -p lac_ldap	04:16
sommer	err sudo auth-client-config -a -r -p lac_ldap	04:17
SpaceBass	too late now :)	04:17
owh	SpaceBass: Have you pasted your ldap.conf anywhere?	04:17
SpaceBass	owh, not yet	04:17
SpaceBass	will once this finishes	04:17
sommer	not if you didn't want to do that... the auth-client-config is very safe and comments the original entries in the pam files	04:18
owh	SpaceBass: Open up a new terminal :)	04:18
* owh blames sommer for eating my 10 minutes :)		04:19
SpaceBass	lol	04:19
SpaceBass	blame my brain - its slowing down	04:19
* sommer they tasted good :-)		04:19
SpaceBass	I'm relatively old hat at this...been setting up boxes using ldap for years, but it usually "just works"	04:20
sommer	are you on hardy?	04:20
SpaceBass	8.04	04:20
SpaceBass	yeah	04:20
sommer	hmmm, it's always worked for me, not sure what you're missing	04:20
owh	SpaceBass: That's why I've been attempting to test your assumptions :)	04:21
SpaceBass	sommer, me too ...	04:21
SpaceBass	owh, :)	04:21
owh	SpaceBass: Does it work anywhere else?	04:21
owh	Can you diff the config file?	04:21
SpaceBass	owh, all the other clients are OSX - and they do ldap a little differently	04:22
owh	:)	04:22
SpaceBass	I do have one other linux box that is working, but its 6.10lts	04:22
owh	Well, check the .conf file first.	04:22
owh	s/the/its/	04:22
SpaceBass	even tried copying that file over	04:23
owh	Well, version differences aside, that might rule out that as a source of the issue.	04:25
owh	What happens if the 6.10 machine connects to the server? Do you see anything in the logs?	04:26
SpaceBass	yeah	04:27
owh	Machines on the same network?	04:28
SpaceBass	yeah	04:28
SpaceBass	same subnet even	04:29
SpaceBass	same switch	04:29
owh	If you watch with wireshark, do you see anything?	04:29
SpaceBass	thats a great idea - but one for tomorrow :D)	04:29
owh	Sleep well :)	04:30
SpaceBass	thanks guys - again, I really appericate the help	04:30
owh	Anytime.	04:30
* owh just poked a stick at the problem :)		04:31
bingoer	hi all	05:36
bingoer	I'm in a bit of trouble	05:36
bingoer	I am trying to upgrade my server from 7.10 to 7.04, and linux-image has broken	05:37
bingoer	it shows that linux-image-2.6.22-15-server is installed, but its not installed in /boot. So when I try to remove it or purge it, it fails because there is no System.map or initrd in /boot	05:37
bingoer	What do I do ?	05:37
nealmcb	well, 7.04 is earlier than 7.10	05:41
nealmcb	sigh	05:41
kraut	moin	08:03
uvirtbot	New bug: #232550 in gvfs (main) ""Connect to Server..." does not mount Windows Share (dup-of: 209520)" [Undecided,Invalid] https://launchpad.net/bugs/232550	08:51
=== crummygummy_ is now known as CrummyGummy
fly__	?	10:09
=== ewook_ is now known as ewook
uvirtbot	New bug: #246322 in nis (main) "nis package must provide DHCP client scripts" [Wishlist,Confirmed] https://launchpad.net/bugs/246322	10:35
uvirtbot	New bug: #246558 in openssh (main) "ssh's init script should generate host keys if they're missing" [Undecided,New] https://launchpad.net/bugs/246558	13:21
=== fReAkY[t] is now known as freaky[t]
nxvl	good morning everyone!	13:35
emgent	hi nxvl	13:36
nxvl	emgent: what's the difference between your branch and master's one on cve-tracker?	13:38
emgent	master is ubuntu-security official branch	13:42
nxvl	emgent: well, that obvious, but i mean in content	13:59
uvirtbot	New bug: #246578 in samba (main) "using "net ads join" with -S breaks if given the long domain name " [Undecided,New] https://launchpad.net/bugs/246578	14:32
zul	mathiaz: any thought of dovecot 1.1.1 for intrepid?	14:39
mathiaz	sommer: were there any plans to split out the server guide into its own bzr branch ?	14:49
mathiaz	zul: may be - I'd look at debian also	14:50
sommer	mathiaz: heh, I was just looking at the doc.u.c, and noticed that it hasn't been updated :)	14:50
sommer	mathiaz: I don't think there was anything concrete as far as a different branch	14:50
sommer	mathiaz: do you think it needs to be?	14:51
mathiaz	sommer: it needs to be split out in its own branch	14:51
mathiaz	sommer: one of my todo item is to add a paragraph to the Server Team KnowledgeBase about helping out with the server guide	14:52
sommer	mathiaz: I'm not opposed, but there'll need to be some strong arguments to overcome the arguments against	14:52
mathiaz	sommer: and if it starts with - bzr branch ubuntu-doc - wait for a 400 Meg download - we've lost most of the contributors...	14:53
sommer	mathiaz: it's actually miles better for intrepid... the history was dumped and the layout was rearanged	14:53
mathiaz	sommer: I'd have to go back and read the threads, but the main arguments IIRC were related to packaging stuff	14:53
sommer	mathiaz: it only takes about 5min	14:53
mathiaz	sommer: mhh... I'll have to look into that then - I was reading the documentation team page about using bzr	14:55
mathiaz	sommer: and it didn't look very promising	14:55
sommer	mathiaz: as in not enough info? I think it's enough to get people started, but I agree it could be better	14:56
mathiaz	sommer: well - it's much info IMO	14:56
mathiaz	sommer: I wrote a blog post last week about dkim testing and there was an item about updating the server guide	14:56
mathiaz	sommer: so I wanted to add some intructions on how to do it	14:57
mathiaz	sommer: I would have liked to write some like: bzr branch lp:~ubuntu-doc/ubuntu-server-guide; edit-the-mail-section; bzr push lp:~your-lp-id/ubuntu-server-guide; submit for review to the doc team	14:57
mathiaz	sommer: reading through the documentation page, it seemed more complex than that	14:58
sommer	mathiaz: ya, as of now it's bzr branch, edit, submit patch to the list	14:58
mathiaz	sommer: and this morning there was an email on ubuntu-doc about a technical review - it should have been a patch instead	14:59
mathiaz	sommer: right - unfortunately, reading the documentation page, it seemed more complicated than bzr branch, edit, submit a patch	14:59
sommer	ya, the doc team really doesn't use the full capabilities of bzr... especially the distrubted vcs	14:59
mathiaz	sommer: I would be fine with the process above	14:59
mathiaz	sommer: exactly - I'll add a paragraph on working on the server guide	15:01
sommer	mathiaz: I'm not opposed with the process either, additionally seperating the packaging would allow the serverteam control of SRUs	15:01
mathiaz	sommer: I'll do more experimentation on how it takes to branch the ubuntu-doc tree	15:01
mathiaz	sommer: right - IMO packaging bits should not be the reason for keeping all the docs in one branch	15:01
mathiaz	sommer: conceptually I don't see why someone working on the server guide would need a copy of the Ubuntu migrating from windows guide	15:02
sommer	mathiaz: an advantage of not branching is interaction with more than one team in the Ubuntu community... or at least letting the doc team have rights to the branch, I think would good	15:03
mathiaz	sommer: basically you'd need to separate the packaging bits and the documentation, ie go to the standard upstream/maintainer system	15:03
mathiaz	sommer: sure - I don't have a problem with that	15:03
mathiaz	sommer: but I really like to say to new contributors - wanna fix a typo in the server guide ? -> bzr branch lp:~ubuntu-doc/server-guide	15:04
mathiaz	sommer: the server-guide branch would still be part of the ubuntu-doc team	15:04
sommer	sure, and I really like the potential to do an SRU on the serverguide even if others consider it too much work :-)	15:05
sommer	mathiaz: I'll start playing around with the bzr branching too, then we can come up with a game plan	15:05
sommer	mathiaz: also on the agenda for intrepid is pdf version of the serverguide, which shouldn't be a big deal, but could be easier if there is another branch	15:06
mathiaz	sommer: that could be another option	15:07
bAndie9100	hi all	15:08
kraut	is it possible to see java-threads of a jvm with ps?	15:08
bAndie9100	i would make a special network, can u help me?	15:08
=== lukehasnoname is now known as zaapiel
=== zaapiel is now known as lukehasnoname
_ruben	installing jeos under hyper-v .. shiver	15:15
mathiaz	sommer: hm - it took 8 minutes to branch the intrepid doc repository	15:22
sommer	mathiaz: heh, still far better than the hardy docs	15:25
sommer	mathiaz: but that is pretty long if you're focussing on just the serverguide	15:25
mathiaz	sommer: glancing through the rules and control file, it seems that the serverguide has its own instructions	15:28
mathiaz	sommer: so it could really be split from other parts	15:29
sommer	mathiaz: cool, I'm all for it... I think the benefits outweigh any negatives	15:30
mathiaz	sommer: from a packaging POV it would mean creating a new source package for it	15:31
mathiaz	sommer: however we may need to keep track of the styles	15:31
_ruben	heh .. no network support for hyper-v during jeos install .. how surprising :p	15:36
zul	mathiaz: has that iproute SRU bug been uploaded yet?	15:52
mathiaz	zul: yes - It's in -proposed	15:53
mathiaz	zul: well - in the queue	15:53
zul	cool	15:53
mathiaz	zul: but not accepted AFAICT	15:53
zul	yeah there is a samba sru and nut sru that hasnt been accepted yet either	15:53
nealmcb	server team meeting in 4 minutes in #ubuntu-meeting	15:56
nealmcb	https://wiki.ubuntu.com/ServerTeam/Meeting	15:57
HellMind	guys, the install looks for fs-secondary-modules .ude , buts the file is .udeb	16:23
HellMind	why is that?	16:23
HellMind	8.04 amd64	16:28
HellMind	the amd64 iso is wrong, the long filenames in it are wrong	16:36
lukehasnoname	many server guys are in the meeting right now, they'll be back shortly after 11am EST	16:37
HellMind	how many hours ?	16:38
HellMind	7 hours :S	16:38
lukehasnoname	20-30 mins	16:38
HellMind	anyone is using ispconfig or vhcs or similar?	16:44
ivoks	i use ispconfig	16:54
ivoks	udebs are 'debs' for debian installer	16:54
=== Smaug is now known as Smaug\|away
HellMind	nice I will install ispconfig	16:56
HellMind	I'm saying that the iso amd64 is broken, the filenames are wrong	16:57
HellMind	the names are chunked	16:57
HellMind	fs-secondary* nic-restricted*	16:57
LaserJock	mathiaz: I need to head out in a bit, got a minute for the serverguide translation bit?	17:02
mathiaz	LaserJock: sure	17:02
mathiaz	LaserJock: I was wondering if we need to have the .po files in the bzr branch	17:02
LaserJock	no	17:02
LaserJock	you need a .pot	17:03
LaserJock	that'll then end up on Rosetta where it gets translated	17:03
LaserJock	then when you go to do a release you download the .po tarball from Rosetta	17:03
mathiaz	LaserJock: right - the .pot file is generated at some point when building the src pkg	17:03
LaserJock	mathiaz: actually, the .pot is kept in bzr	17:03
LaserJock	and is refreshed once in a while	17:04
mathiaz	LaserJock: right - and for the server guide, there is also the .po files	17:04
LaserJock	ok, so once you download the .po files	17:04
LaserJock	you convert them back into docbook XML	17:04
LaserJock	so you don't need the .po files in bzr	17:05
LaserJock	just the .pot and the translated docbook	17:05
mathiaz	LaserJock: so now I'm stuck on convert back to docbook	17:05
mathiaz	LaserJock: this is where the fr/, de/, etc... directory are created ?	17:06
LaserJock	yep	17:06
LaserJock	so before translation you should have just a C/ directory	17:06
mathiaz	LaserJock: are these on the website ?	17:06
LaserJock	website?	17:06
mathiaz	LaserJock: https://help.ubuntu.com/8.04/add-applications/ only show c/	17:06
LaserJock	oh right yeah	17:06
LaserJock	we don't put translations on help.ubuntu.com	17:06
LaserJock	we recommend that translations be put on LoCo websites	17:07
mathiaz	LaserJock: ok - only in the binary debs	17:07
LaserJock	yep	17:07
mathiaz	LaserJock: and once you have the docbook xml for translated packages, you have to rebuild the html files ?	17:07
mathiaz	LaserJock: or you just ship the docbook xml ?	17:08
LaserJock	ah, that depends	17:08
=== Nafallo_ is now known as Nafallo
LaserJock	for Ubuntu/Edubuntu at least we just ship xml	17:08
LaserJock	I imagine you guys will want html at least	17:08
mathiaz	LaserJock: that's because yelp is able to read docbook	17:09
LaserJock	or maybe info	17:09
LaserJock	mathiaz: yes, exactly	17:09
LaserJock	I'm not sure what KDE does these days, it used to do just HTML I think	17:09
mathiaz	LaserJock: ok - to go back on the .pot file process, you need to upload it manually ?	17:09
mathiaz	LaserJock: or LP figures out automatically when there is a .pot file in the src deb ?	17:10
LaserJock	yeah	17:10
LaserJock	there might be some work with the Rosetta admins	17:10
mathiaz	LaserJock: yeah - to which question ?	17:10
LaserJock	since it's not a normal package	17:10
LaserJock	sorry ;-)	17:11
LaserJock	it extracts them from source packages	17:11
LaserJock	so you generate the .pot and put that in your source package	17:11
mathiaz	LaserJock: ok - thanks for the input - I think I better understand the whole workflow now.	17:11
mathiaz	LaserJock: then you upload the src pck to LP and it will show up in rosetta automatically	17:12
LaserJock	pretty much	17:12
LaserJock	the first time it might take some pushing :-)	17:12
LaserJock	but once the LP admins approve the .pot the first time it's automatic	17:12
mathiaz	LaserJock: ok - gotcha - thanks !	17:13
LaserJock	but actually right now it's already in Rosetta	17:14
nxvl	btw i forgot to mention on the meeting	17:14
LaserJock	mathiaz: https://translations.edge.launchpad.net/ubuntu/hardy/+source/ubuntu-docs/+pots/serverguide	17:15
nxvl	ScottK (or persia) suggested me to backport augeas to hardy for testing and playing	17:15
nxvl	did you think is a good idea?	17:15
LaserJock	mathiaz: I gotta run now, but if sommer needs help with scripts, etc. for translations have him email me	17:16
LaserJock	mathiaz: I had to figure all this stuff out for edubuntu-docs and have scripts for generating .pots and coverting .po to docbook	17:17
mathiaz	nxvl: that may be helpful in the begining of the release cycle	17:21
mathiaz	nxvl: to get people started in the next few weeks	17:21
mathiaz	nxvl: but after feature freeze, we definetly want to focus on intrepid	17:21
nxvl	mathiaz: so, you suggest to try to backport it inmediately after it reachs the archive?	17:23
mathiaz	nxvl: yes - I'd put it in a ppa	17:23
nxvl	heh	17:24
mathiaz	nxvl: and point people to the ppa	17:24
nxvl	i forgot about ppas	17:24
nxvl	i will upload it tonight	17:24
nxvl	now need to work	17:25
nxvl	read you later!	17:25
uvirtbot	New bug: #246664 in samba (main) "during winbind upgrade running desktop is harmed" [Undecided,New] https://launchpad.net/bugs/246664	18:11
tolun	Hi everyone...	18:24
tolun	my email server cannot generate pgp...	18:25
tolun	I am using ubuntu 8.04.1 server x64 + atmail	18:26
tolun	5.4	18:26
=== Smaug\|away is now known as Smaug
tolun	How can I check that pgp is installed correctly and works fine?	18:35
HellMind	I'm trying to install the amd64 ubuntu server 8.04 from an usb pendrive to a raid 1 lvm partitioned disk with a mobo g33 intel. I got multiple problems :(	18:36
HellMind	I finished the installation but it doesnt show me the login screen	18:37
ikonia	tolun: your trying to get your mail server to pgp sign mails ?	18:37
ikonia	HellMind: what does it show you	18:38
tolun	ikonia, yes...	18:38
ikonia	tolun: your client pgp signs mail, not the server normally	18:38
HellMind	the last thing it does is loop, module loaded	18:38
ikonia	tolun: your mail server just delivers what your client injects into it	18:38
ikonia	HellMind: you've installed, and then rebooted ?	18:39
HellMind	ofcourse	18:39
ikonia	HellMind: I'm just checking	18:39
ikonia	HellMind: you get grub and it walks through the start up sequence ?	18:39
HellMind	if i press ctrl alt del the login screen apears, but everything is incomplete and with errors	18:39
HellMind	yes grubs its ok	18:40
ikonia	HellMind: when you say login screen, do you mean the gdm desktop, or just a shell login ?	18:40
HellMind	the only error i can se is, abnormal exit of modprobe	18:40
HellMind	no shell	18:40
HellMind	i mean, shell , no gdm	18:40
ikonia	HellMind: can you boot into single user mode (add single on the end of your kernel boot options)	18:40
tolun	ikonia, yes you have right... and I know that... Webmail part try to create a pgp key for a one account but server does not response back...	18:40
ikonia	tolun: the mail server does nothing for pgp	18:41
ikonia	tolun: what are you expecting the server to do ?	18:41
tolun	I understand from atmail product that it takes pgp requests and it creates on server's pgp application and it returns back this key to user via webmail	18:43
HellMind	it does the same, I think the install weren succesfully	18:44
HellMind	i cant se the /var/log dir	18:44
HellMind	it is recommended having multiple lvm partitions?	18:44
ikonia	HellMind: the layout doesn't matter as long as it has / and swap	18:44
tolun	ikonia, I understand from atmail product that it takes pgp requests and it creates on server's pgp application and it returns back this key to user via webmail	18:44
ikonia	tolun: I have no idea how that would work,	18:45
tolun	ikonia, it is really interresting... How can I check that server's pgp is working?	18:46
ikonia	tolun: I've not idea, I can't see a way to allow a mail to manage pgp	18:47
tolun	ikonia, ok not problem... do you know that how can I check only the pgp application?	18:48
ikonia	tolun: test it on the command line	18:48
ikonia	just make a pgp key	18:48
ikonia	make a file then try to sign it	18:48
tolun	ikonia, how...:'(	18:49
ikonia	tolun: man pgp it's 3 steps, 1 create key 2. create object 3. sign object with key	18:49
tolun	ikonia, here is the result for your advertisement.... man pgp No manual entry for pgp	18:51
tolun	See 'man 7 undocumented' for help when manual pages are not available.	18:51
blue-frog_	gpg	18:52
ikonia	blue-frog_: thank you !	18:52
tolun	blue-frog, thanks...	18:52
HellMind	I think my problem is because I configured the raid 1 using debian, the raid ar /dev/mdx, ubuntu is trying to use it, or remove it here /dev/md/x	18:54
ikonia	HellMind: shouldn't matter	18:56
ikonia	HellMind: the path is /dev/md$x, not /dev/md/$x	18:56
HellMind	how can I unisnstall the raid to start again	18:58
HellMind	from 0	18:58
HellMind	because the installer inst work	18:58
ikonia	HellMind: remove the partition	18:58
HellMind	how :S	18:59
HellMind	the /dev/md0 is there	18:59
ikonia	HellMind: ok, thats a good thing	18:59
ikonia	HellMind: use the installer to format it	18:59
ikonia	HellMind: your good to go	18:59
HellMind	my hds hav no partition :(	19:00
ikonia	HellMind: they shouldn't have if you've put them in a raid config	19:00
ikonia	HellMind: you may want to mirror on a partition level, or slice up /dev/md0	19:00
HellMind	I want to delete the previous /dev/md0 1 2 raid	19:07
HellMind	the installer is wrong again	19:07
HellMind	dunno what it executes but it fails, it says the partition is in use and the syslog says /dev/md/0 isnt exits, which is true, the raid is/dev/md0	19:08
HellMind	is there a way to restart the installer without booting again?	19:14
tolun	hi again guys....	19:20
tolun	I have problem with creating a pgp key... it says that it needs more 300bytes for generating the key... How?	19:21
tolun	the original message is: "Not enough random bytes available. Please do some other work to give	19:22
tolun	the OS a chance to collect more entropy! (Need 300 more bytes)"	19:22
tolun	How can I generate random bytes for it?	19:23
tolun	?	19:29
tolun	:)	19:29
uvirtbot	New bug: #246702 in glibc (main) "[CVE-2008-1447] Randomize DNS query source ports to prevent cache poisoning" [Undecided,New] https://launchpad.net/bugs/246702	19:42
HellMind	I MADE IT	20:22
HellMind	the error was in the bios :S, with 1m on the vga it hangs, with 8 no	20:23
telexicon_	I'm trying to install ubuntu server 8.04 on a poweredge 2450 but its throwing up a bunch of errors when trying to read packages from the cd during install: Exception Emask 0x0 Sact 0x0 Sett 0x0 action 0x2 frozen -> soft resetting link, eventually it fails with an I/O error	20:23
ScottK	mathiaz: My regrets on missing the meeting today. I had a family emergency to deal with. How did the meeting go?	20:23
mathiaz	ScottK: hope all is well on your side - it was busy busy	20:26
ScottK	It's all done. We had to put one of our dogs down last night and one kid was at camp 2 1/2 hours drive away. So I went and got her last night and then took her back this morning. Then I crashed.	20:29
kirkland	mathiaz: hey....	20:36
kirkland	mathiaz: I just ran into a nasty little situation with the lsb status_of_proc() that causes it not to operate properly, if run by a non-root user	20:37
kees	kirkland: shellfoo?	20:38
kirkland	kees: well, only slight....	20:38
kirkland	kees: so in /lib/lsb/init-functions, you'll see a pidofproc() function	20:38
kirkland	kees: which is used by my status_of_proc() function	20:38
kirkland	kees: it tries to intelligently determine a proc's pid	20:38
kirkland	kees: it seems, however, there's a strange dependency on being root	20:39
kees	ya	20:39
kirkland	kees: if $pidfile exists, it tries to run "kill -0"	20:39
kirkland	kees: to determine if the process can be sent signals	20:39
kirkland	kees: well, not root necessarily, but the owner of the process	20:39
kees	well, it expects you to be able to kill the process you're querying	20:40
kees	right	20:40
kirkland	kees: ideally, querying status should be a non-priv operation, IMHO... your thoughts?	20:40
kees	you mean for the "status" init command?	20:40
kirkland	kees: yup	20:41
kees	I'd say it'd be nice, but not really a requirement	20:41
kirkland	kees: further down in that pidofproc() function it uses /bin/pidof	20:41
kirkland	kees: that works fine as not-the-owner-of-the-process	20:41
kees	some processes need extra perms to know for sure if they're operating correctly	20:41
kirkland	hmm	20:42
kees	I'm assuming the kill-test is to make sure the process isn't zombie.	20:43
kees	that's the only thing I can think of	20:43
kirkland	kees: right...	20:43
kirkland	kees: hmm, i'll have to think on this a little more	20:44
kees	another option seems to be to make the pid file not world-readable	20:44
kees	then it won't try the kill test	20:44
kirkland	kees: that seems a little heavyweight	20:44
kees	maybe do a uid check?	20:45
kirkland	kees: i think i could more centrally test access on that file in addition to doing the file check	20:45
ivoks	are we aware of http://www.isc.org/index.pl?/sw/bind/index.php	20:47
ivoks	?	20:47
kirkland	ivoks: i saw jdstrand comment on it earlier on #ubuntu-devel	20:47
ivoks	this means all DNS software	20:47
kees	ivoks: yeah, it should be in the archive in about 40 minutes	20:48
ivoks	very nice	20:48
ScottK	kees: Do we have a fix for the libc stub resolver too? Debian says they don't.	20:49
kees	ScottK: we don't, and I've been attempting to more information about that.	20:49
ScottK	Work around is install BIND I guess.	20:50
kees	yeah, or trust your upstream DNS resolver and network	20:50
kirkland	kees: what if I changed it to: if [ -f "$pidfile" && -r "$pidfile"] ?	20:50
kirkland	kees: check if it's readable....	20:51
kees	the -f is redundant	20:51
kees	but that's already handled	20:51
kirkland	kees: what about the "and is a regular file" part of -f?	20:51
kees	your problem is when it's readable, but not your process	20:51
kees	it's no greater race than the -f/read case.	20:52
kirkland	k	20:52
kirkland	kees: my bad... I need -O, True if file exists and its owner matches the effective user id of this process.	20:57
kees	owner of the file may not be the uid of the process, though.	20:58
ph8	hey all, i'm trying to convert an ubuntu desktop install to ubuntu-server with apt - can anyone tell me if the server repositories are different? or do i just need to install some kind of 'server' package?	21:06
infinity	ph8: It's the same repositories, there's nothing to "convert", except to install a different kernel flavour, and to remove a lot of packages (ubuntu-server is pretty bare-bones)	21:07
infinity	ph8: If you don't care about removing all the packages (and, really, if you did, you might just want to reinstall), then you're just left with the kernel... apt-get install linux-server	21:08
ph8	i would reinstall but i've just setup my raid and i think it might be quicker for me to wildcard off a load of packages	21:09
ph8	thanks i've just installed linux-image-server	21:09
ivoks	and people say that linux servers are hard to install	21:13
ivoks	:)	21:13
HellMind	are imposible to install	21:14
HellMind	isnt easy having the appliance already done in a vm :S	21:14
kirkland	kees: okay, i'm going to have to take a different approach	21:23
kirkland	kees: namely, status_of_proc() will not use the pidofproc() function. rather, it'll use /bin/pidof	21:23
kees	kirkland: well, but that may ignore the pid files. that's the expected behavior	21:39
kirkland	kees: yes, it will ignore pidfiles	21:39
kirkland	kees: do you see a problem with that? it'll look for a daemon of a given name, specified in the init script	21:39
kees	kirkland: I'm confused, are you adding a new function or rewiring an old one?	21:40
kirkland	kees: i wrote status_of_proc() from scratch... was recently applied to Ubuntu's lsb package	21:41
kirkland	kees: there are no users of that function yet	21:41
kirkland	kees: i'm working on a stack of patches to use it	21:41
kirkland	kees: that's when i came across this process ownership bug	21:41
kees	aaaah, okay. then I'm cool with the change you suggested. :)	21:41
kees	note though, that some things may misbehave -- e.g. sendmail has multiple PIDs, but only the master pid in the pid file.	21:42
kirkland	kees: right, apache too, huh?	21:43
kirkland	kees: see: https://bugs.edge.launchpad.net/ubuntu/+source/lsb/+bug/246735	21:46
uvirtbot	Launchpad bug 246735 in lsb "status_of_proc() calls pidofproc() which calls kill, requiring ownership privileges on the process" [Undecided,New]	21:46
kirkland	kees: patch at the bottom	21:46
kirkland	kees: doko sponsored my last upload, i guess i can talk to him about this fix	21:46
AtomicSpark	woo!	21:47
kees	kirkland: okay, cool	21:49
gregbrady	what software examines/blocks sshd access to a computer? It updates the hosts.deny file.	21:53
gregbrady	I think it allows 5 attempts or something and then adds that ip address to the hosts.deny file.	21:54
gregbrady	I think it allows 5 attempts or something and then adds that ip address to the hosts.deny file.	21:55
ivoks	denyhosts	21:56
kirkland	kees: doko doesn't appear active. any chance you can review and apply the lsb fix? All of the rest of my patches depend on it, as I'll need lsb-base (>= 3.2-12ubuntu2) in each package's debian/control file	21:57
kirkland	zul also offered some review/sponsoring/uploading too.......... pretty please?	21:57
kees	kirkland: well, the archive is currently in soft freeze...	22:00
kirkland	kees: oh... hmm, what does that mean? is that to spin cd's or something?	22:00
gregbrady	ivoks, thank you....	22:01
kees	kirkland: yeah, alpha 2 is being spun thursday. we're in freeze until after alpha 2: https://lists.ubuntu.com/archives/ubuntu-devel-announce/2008-July/000446.html	22:03
kirkland	kees: hmm, well, this change is not disruptive, perhaps unnecessary	22:04
kirkland	kees: i'll ping slangasek about it	22:05
kees	kirkland: okay	22:05
kirkland	kees: thanks!	22:05
kees	kirkland: np. :)	22:05
kirkland	kees: see slangasek's comment in #ubuntu-devel....	22:10
kirkland	kees: are you willing/able to sponsor, or should I knock on someone else's door?	22:11
kees	kirkland: I can do it, what's the bug #?	22:13
kirkland	kees: https://bugs.edge.launchpad.net/ubuntu/+source/lsb/+bug/246735	22:14
uvirtbot	Launchpad bug 246735 in lsb "status_of_proc() calls pidofproc() which calls kill, requiring ownership privileges on the process" [Medium,In progress]	22:14
nxvl	kirkland: we are having the lsb patch included today?	22:14
nxvl	kirkland: or just in ubuntu	22:14
kirkland	nxvl: it was included in ubuntu a month ago or so	22:15
kirkland	nxvl: Debian agreed to it in principle, want to wait until they open up their archive	22:15
nxvl	:P	22:15
nxvl	:D	22:15
* nxvl is not following it		22:15
kirkland	nxvl: i found an issue with the way pidofproc() is implemented, requiring root privileges	22:15
kirkland	nxvl: i reworked status_of_proc() to use /bin/pidof rather than pidofproc() to get around that	22:16
kees	kirkland: your patch would case pidof output to appears on stdout	22:16
kirkland	kees: okay, i need a >/dev/null	22:16
nxvl	augeas has took my life for the past month	22:16
kees	kirkland: ah, yeah, that's in the prior version, cool.	22:16
kirkland	kees: one sec	22:17
kirkland	kees: okay, fixed	22:17
kirkland	kees: anything else before I update the debdiff?	22:17
kirkland	kees: I also switched status=1 to status="1"	22:17
kees	kirkland: cool, I think that's fine	22:18
kirkland	kees: updated patch posted	22:19
nxvl	heh	22:31
nxvl	augeas hasn't reach the archive and i have already received 3 new lenses	22:31
nxvl	:D	22:31
* nxvl loves FOSS Community work		22:32
tester_	I am having troubles loading DBDriver mysql. I've put an explanation of my problem at: http://pastebin.com/mb23133 Anyone got a moment to help me?	22:35
* delcoyote hi		22:41
runes	can anyone help with virtual hosts files in Apache using hostname?	22:57
owh	kirkland: Nice catch on the status_of_proc()	23:50
kirkland	owh: thx.	23:50
owh	You seem to have been a busy boy :)	23:51
kirkland	owh: i've just finished a batch of patches for at, bind9, cron, openssh, samba, sysklogd	23:51
owh	I saw those come past, haven't looked yet. Are they different from the ones we made before?	23:51
emgent	hello	23:52
kirkland	owh: yeah, slightly	23:52
* owh has a gander.		23:52
owh	emgent: Salutations.	23:52
owh	kirkland: Just the depends?	23:54
kirkland	owh: yup	23:54
owh	Cool, I didn't know how to do that and didn't get around to ask anyone.	23:54
* owh hasn't stood still for some time :(		23:54
kirkland	owh: no problem...	23:55
owh	Excellent, onto the next problem :)	23:55
owh	How did the meeting go today, that time is really, really bad for me :(	23:55
owh	kirkland: Hmm, did you see this comment: (permalink) <https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/203169/comments/12>	23:56
uvirtbot	Launchpad bug 203169 in sysklogd ""status" function for init scripts" [Wishlist,In progress]	23:56
owh	kirkland: Especially the "exit $?" a completely redundant no-op...	23:57
kirkland	owh: right, i fixed the versioned dependency thing	23:57
owh	kirkland: Yeah, I'm talking about the second point.	23:57
kirkland	owh: right, so my response is (a) exit $? doesn't hurt	23:58
kirkland	owh: (b) "most" != "all"	23:58
* owh is waiting for the punchline :)		23:59
kirkland	owh: (c) in the case that $?=0, we're explicitly exiting with the status, not executing anything else beyond	23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!