[00:46] <nxvl_work> kees: ping
[00:51] <kees> nxvl: hola!
[00:57] <helfire> With multipule users on 1 server, homes in /var/www/user, how do you get set the permssions correctly? for php to work everything has to be www-data:www-data
[01:01] <sommer> helfire: you can place the www-data user into the user's group, then allow read and execute rights to the appropriate directories
[01:02] <sommer> helfire: there's also posix acls, that can give you much more permissions flexibility
[01:02] <hads> Or fastcgi etc.
[01:03] <helfire> sommer: if 2 users are part of the same group wont they be able to view the contents of /var/www/user1/*
[01:04] <sommer> yes
[01:04] <hads> Although if they are all www-data then www-data has access to all of the contents anyway.
[01:04] <sommer> helfire: for your situation posix acls may work best... you can give just the www-data user the appropriate permissions
[01:04] <helfire> but for securty reasons i dont want 2 users to be able to view eachothers directories, but to serve the pages they both have to be part of *:www-data
[01:09] <helfire> are there any guides that step through setting up apache/etc with multiple users and acls?
[01:10] <sommer> helfire: acls are sperate from apache, apache will follow the filesystem permissions... here's a rather long aritcle: http://www.suse.de/~agruen/acl/linux-acls/online/
[01:11] <sommer> helfire: basically install the acl package, then get some experience with getfacl and setfacl, once you're used to them it's not that bad
[01:11] <sommer> there's probably other more consice guides out there as well
[01:13] <helfire> Ya, lots of guilds show you how to setup ISPconfig/apache/etc but then when multiple users come in they dont say anything about it
[01:14] <helfire> Might as well ask while i'm here, Is ISPConfig the best option in managing multiple users websites? Long time ago i just wrote a perl script to do it all for me but that was years ago hehe
[01:14] <sommer> not sure what you're looking for, basically posix acls allow the same permissions as normal, but to multiple users and groups... if in some level of acl a user doens't have permission they get denied access
[01:14]  * sommer has never used ISPConfig
[01:19] <helfire> oh no i'm just saying for managing multiple users, setting up limits, doing all the manual work for ya
[01:20] <sommer> ah, I'd say try it out and if it's horrible you can always migrate to something else... or do things manually :-)
[03:23] <SpaceBass> hey folks
[03:23] <SpaceBass> I'm having a problem with setting up 8.04 server as an ldap client
[03:23] <SpaceBass> I rebuilt my OpenDirectory server and all my other clients are working, but getent passwd does not show any OD users
[03:23] <SpaceBass> I've tried dpgk-reconfigure and it does nothing
[03:23] <SpaceBass> actually does nothing, just returns a bash prompt
[03:31] <sommer> SpaceBass: did you try sudo dpkg-reconfigure ldap-auth-config ?
[03:32] <SpaceBass> yeah
[03:32] <SpaceBass> sorry - always leave the sudo off when in IRC
[03:32] <sommer> how about sudo dpkg-reconfigure ldap-auth-client
[03:32] <SpaceBass> i just removed/reinstalled ldap-auth-config and its ran the setup again ... but I still am not seeing network users with getent passwd
[03:33] <sommer> SpaceBass: try double checking the /etc/ldap.conf file
[03:33] <SpaceBass> sommer, yeah, it looks fine
[03:33] <sommer> can you search with ldapsearch -x ?
[03:33] <SpaceBass> oddly if I remove it and re-run dpgk-reconfigure it does not create a new one ... making me think maybe its not using that file
[03:34] <sommer> it does
[03:34] <SpaceBass> hummm
[03:34] <SpaceBass> not sure why it wouldn't get re-created then
[03:35] <SpaceBass> and of couse sudo dpkg-reconfigure ldap-auth-config
[03:35] <sommer> it's probably only created during the package postinst, and dpkg-reconfiugre doesn't execute the exact same command... (that's a guess)
[03:35] <SpaceBass> is failing again
[03:36] <SpaceBass> ah
[03:41] <SpaceBass> well, something's broken
[03:42] <SpaceBass> the problem is that I need some kind of logs or verbose output
[03:42] <sommer> SpaceBass: stop slapd then start it in a console window with: sudo slapd -u openldap -g openldap -f /etc/ldap/slapd.conf -d -1
[03:43] <sommer> then do a getent and look for errors in the output
[03:43] <SpaceBass> slapd is the server, not the client rght?
[03:43] <sommer> correct
[03:43] <SpaceBass> I'm not running slapd on this box
[03:44] <sommer> are you sure your network connectivity is working then?
[03:44] <SpaceBass> yeah
[03:44] <SpaceBass> ssh is working, ping, all other clients, etc
[03:45] <sommer> may want to double check with a quick nmap scan... should see ldap in the list
[03:45] <sommer> other than that I'd try upping the logging on the server
[03:45] <SpaceBass> checking
[03:46] <SpaceBass> nmap shows that its open ... but getent passwd doesnt even cause a log entry n the server - like its not trying
[03:47] <sommer> if the slapd logging isn't at a higher level it may not register an event
[03:48] <SpaceBass> leme check
[03:55] <owh> Can I insert a stupid question into this - not knowing anything about ldap? How have you told the client where the ldap server is?
[03:57] <owh> I mean if getent passwd doesn't create an event, what is it trying to talk to instead?
[03:57] <sommer> owh: the dpkg-reconfigure ldap-auth-client configures /etc/ldap.conf which holds that information
[03:57] <SpaceBass> it reads /etc/ldap.conf
[03:57] <sommer> owh: /etc/passwd
[03:57] <sommer> SpaceBass: that is a good idea you might double check the connection setting in that file
[03:57] <owh> So, if ldap.conf holds that information, is it what you expect it to be?
[03:58] <SpaceBass> the ldap client libraries query the ldap server for the data
[03:58] <owh> Sure, but my question is more about telling the clients who to ask for the answer.
[03:59] <SpaceBass> thats from ldap.con
[03:59] <SpaceBass> there's a line that reads: host 10.1.1.15
[03:59] <SpaceBass> 10.1.1.15 is the ldap server
[04:00] <owh> So, you can presumably ping the ldap serve?
[04:00] <owh> s/serve/server/
[04:00] <owh> (From the client)
[04:00] <SpaceBass> yeah
[04:00] <owh> How did the 10.1.1.15 end up in the ldap.conf file?
[04:01] <SpaceBass> when you install ldap-auth-client (or reconfigure it) it writes to that file
[04:01] <owh> With dpkg-reconfigure?
[04:01] <owh> Does it require a port number?
[04:01] <SpaceBass> not if you use the default - but I did try that to doble check
[04:01] <owh> As I said, I'm not familiar with ldap, just the principles of trouble shooting :)
[04:02] <sommer> SpaceBass: do you have ldapi:///hostname or ldap://hostname ?
[04:02] <owh> Can you improve the verbosity of the client?
[04:02] <SpaceBass> owh, wish I knew how
[04:02] <owh> Ah a URI, rather than a host.
[04:02] <SpaceBass> sommer, I've tried just the IP, ldap://host and ldapi://...
[04:03]  * owh has a gander through the RTFM.
[04:03] <sommer> SpaceBass: hmmm that should work, but you might also try Host ip_address instead of ldap://
[04:03] <owh> SpaceBass: You know about this: https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html
[04:04] <SpaceBass> yeah, thats for setting up a server
[04:04] <SpaceBass> this is a client
[04:04] <sommer> owh: doesn't cover client configuration... yet :)
[04:04] <owh> :(
[04:04] <owh> Crap
[04:04] <owh> Don't make me install it :)
[04:05] <owh> Ok, for a moment assume you did everything right - unlikely, but let's start somewhere.
[04:05] <owh> How is what you're expecting not working?
[04:06] <owh> Remember, once you get to the point of pulling out your hair, most likely the problem isn't what you think it is.
[04:06] <owh> So, I'm just testing your assumptions at the moment.
[04:07] <SpaceBass> I'm sure its one of those glaring things - like a typo
[04:07] <SpaceBass> so I'm gonna put it down for the night
[04:07] <SpaceBass> I appreciate the help - good troublshooting steps
[04:07] <owh> Right, so work with me for a mo, give me 10 minutes :)
[04:07] <owh> Then I'll let you slink off to bed :)
[04:07] <SpaceBass> k
[04:07] <owh> So, what are you doing that isn't working?
[04:08] <owh> What command is failing?
[04:09] <owh> Also, FYI, the man page for ldap.conf says that the URI is: URI <ldap[s]://[name[:port]] ...>
[04:09] <sommer> SpaceBass: you might also try: sudo auth-client-config -a -p lac_ldap
[04:09] <SpaceBass> well, its just not producing the expected output
[04:10] <sommer> SpaceBass: that will configure pam for ldap
[04:10] <owh> And the man page goes on to say: HOST <name[:port] ...>
[04:10] <owh> So, the IP address is with a HOST command, but a URI is with a URI command. What does your ldap.conf show?
[04:10] <SpaceBass> so it implies that the port is required
[04:10] <SpaceBass> leme look
[04:10] <owh> No, that's optional.
[04:11] <owh> SpaceBass: man ldap.conf should give you this: ldap.conf(5): ldap config file - Linux man page <http://linux.die.net/man/5/ldap.conf>
[04:12] <SpaceBass> sommer, not sure -a -p lac_ldap where the right switches - its reconfiguring every package on the system
[04:15] <sommer> SpaceBass: not sure what you mean by "every package on the system"... every time I've used it, it only configures the pam modules
[04:15] <SpaceBass> sommer, i mean cups, font server, keyboard layout...name it
[04:16] <sommer> ah see what you mean... ya anything that uses pam, isn't that what you wanted?
[04:16] <sommer> to reverse it use sudo -a -r -p lac_ldap
[04:17] <sommer> err sudo auth-client-config -a -r -p lac_ldap
[04:17] <SpaceBass> too late now :)
[04:17] <owh> SpaceBass: Have you pasted your ldap.conf anywhere?
[04:17] <SpaceBass> owh, not yet
[04:17] <SpaceBass> will once this finishes
[04:18] <sommer> not if you didn't want to do that... the auth-client-config is very safe and comments the original entries in the pam files
[04:18] <owh> SpaceBass: Open up a new terminal :)
[04:19]  * owh blames sommer for eating my 10 minutes :)
[04:19] <SpaceBass> lol
[04:19] <SpaceBass> blame my brain - its slowing down
[04:19]  * sommer they tasted good :-)
[04:20] <SpaceBass> I'm relatively old hat at this...been setting up boxes using ldap for years, but it usually "just works"
[04:20] <sommer> are you on hardy?
[04:20] <SpaceBass> 8.04
[04:20] <SpaceBass> yeah
[04:20] <sommer> hmmm, it's always worked for me, not sure what you're missing
[04:21] <owh> SpaceBass: That's why I've been attempting to test your assumptions :)
[04:21] <SpaceBass> sommer, me too ...
[04:21] <SpaceBass> owh, :)
[04:21] <owh> SpaceBass: Does it work anywhere else?
[04:21] <owh> Can you diff the config file?
[04:22] <SpaceBass> owh, all the other clients are OSX - and they do ldap a little differently
[04:22] <owh> :)
[04:22] <SpaceBass> I do have one other linux box that is working, but its 6.10lts
[04:22] <owh> Well, check the .conf file first.
[04:22] <owh> s/the/its/
[04:23] <SpaceBass> even tried copying that file over
[04:25] <owh> Well, version differences aside, that might rule out that as a source of the issue.
[04:26] <owh> What happens if the 6.10 machine connects to the server? Do you see anything in the logs?
[04:27] <SpaceBass> yeah
[04:28] <owh> Machines on the same network?
[04:28] <SpaceBass> yeah
[04:29] <SpaceBass> same subnet even
[04:29] <SpaceBass> same switch
[04:29] <owh> If you watch with wireshark, do you see anything?
[04:29] <SpaceBass> thats a great idea - but one for tomorrow :D)
[04:30] <owh> Sleep well :)
[04:30] <SpaceBass> thanks guys - again, I really appericate the help
[04:30] <owh> Anytime.
[04:31]  * owh just poked a stick at the problem :)
[05:36] <bingoer> hi all
[05:36] <bingoer> I'm in a bit of trouble
[05:37] <bingoer> I am trying to upgrade my server from 7.10 to 7.04, and linux-image has broken
[05:37] <bingoer> it shows that linux-image-2.6.22-15-server is installed, but its not installed in /boot. So when I try to remove it or purge it, it fails because there is no System.map or initrd in /boot
[05:37] <bingoer> What do I do ?
[05:41] <nealmcb> well, 7.04 is earlier than 7.10
[05:41] <nealmcb> sigh
[08:03] <kraut> moin
[10:09] <fly__> ?
[13:35] <nxvl> good morning everyone!
[13:36] <emgent> hi nxvl
[13:38] <nxvl> emgent: what's the difference between your branch and master's one on cve-tracker?
[13:42] <emgent> master is ubuntu-security official branch
[13:59] <nxvl> emgent: well, that obvious, but i mean in content
[14:39] <zul> mathiaz: any thought of dovecot 1.1.1 for intrepid?
[14:49] <mathiaz> sommer: were there any plans to split out the server guide into its own bzr branch ?
[14:50] <mathiaz> zul: may be - I'd look at debian also
[14:50] <sommer> mathiaz: heh, I was just looking at the doc.u.c, and noticed that it hasn't been updated :)
[14:50] <sommer> mathiaz: I don't think there was anything concrete as far as a different branch
[14:51] <sommer> mathiaz: do you think it needs to be?
[14:51] <mathiaz> sommer: it needs to be split out in its own branch
[14:52] <mathiaz> sommer: one of my todo item is to add a paragraph to the Server Team KnowledgeBase about helping out with the server guide
[14:52] <sommer> mathiaz: I'm not opposed, but there'll need to be some strong arguments to overcome the arguments against
[14:53] <mathiaz> sommer: and if it starts with - bzr branch ubuntu-doc - wait for a 400 Meg download - we've lost most of the contributors...
[14:53] <sommer> mathiaz: it's actually miles better for intrepid... the history was dumped and the layout was rearanged
[14:53] <mathiaz> sommer: I'd have to go back and read the threads, but the main arguments IIRC were related to packaging stuff
[14:53] <sommer> mathiaz: it only takes about 5min
[14:55] <mathiaz> sommer: mhh... I'll have to look into that then - I was reading the documentation team page about using bzr
[14:55] <mathiaz> sommer: and it didn't look very promising
[14:56] <sommer> mathiaz: as in not enough info?  I think it's enough to get people started, but I agree it could be better
[14:56] <mathiaz> sommer: well - it's much info IMO
[14:56] <mathiaz> sommer: I wrote a blog post last week about dkim testing and there was an item about updating the server guide
[14:57] <mathiaz> sommer: so I wanted to add some intructions on how to do it
[14:57] <mathiaz> sommer: I would have liked to write some like: bzr branch lp:~ubuntu-doc/ubuntu-server-guide; edit-the-mail-section; bzr push lp:~your-lp-id/ubuntu-server-guide; submit for review to the doc team
[14:58] <mathiaz> sommer: reading through the documentation page, it seemed more complex than that
[14:58] <sommer> mathiaz: ya, as of now it's bzr branch, edit, submit patch to the list
[14:59] <mathiaz> sommer: and this morning there was an email on ubuntu-doc about a technical review - it should have been a patch instead
[14:59] <mathiaz> sommer: right - unfortunately, reading the documentation page, it seemed more complicated than bzr branch, edit, submit a patch
[14:59] <sommer> ya, the doc team really doesn't use the full capabilities of bzr... especially the distrubted vcs
[14:59] <mathiaz> sommer: I would be fine with the process above
[15:01] <mathiaz> sommer: exactly - I'll add a paragraph on working on the server guide
[15:01] <sommer> mathiaz: I'm not opposed with the process either, additionally seperating the packaging would allow the serverteam control of SRUs
[15:01] <mathiaz> sommer: I'll do more experimentation on how it takes to branch the ubuntu-doc tree
[15:01] <mathiaz> sommer: right - IMO packaging bits should not be the reason for keeping all the docs in one branch
[15:02] <mathiaz> sommer: conceptually I don't see why someone working on the server guide would need a copy of the Ubuntu migrating from windows guide
[15:03] <sommer> mathiaz: an advantage of not branching is interaction with more than one team in the Ubuntu community... or at least letting the doc team have rights to the branch, I think would good
[15:03] <mathiaz> sommer: basically you'd need to separate the packaging bits and the documentation, ie go to the standard upstream/maintainer system
[15:03] <mathiaz> sommer: sure - I don't have a problem with that
[15:04] <mathiaz> sommer: but I really like to say to new contributors - wanna fix a typo in the server guide ? -> bzr branch lp:~ubuntu-doc/server-guide
[15:04] <mathiaz> sommer: the server-guide branch would still be part of the ubuntu-doc team
[15:05] <sommer> sure, and I really like the potential to do an SRU on the serverguide even if others consider it too much work :-)
[15:05] <sommer> mathiaz: I'll start playing around with the bzr branching too, then we can come up with a game plan
[15:06] <sommer> mathiaz: also on the agenda for intrepid is pdf version of the serverguide, which shouldn't be a big deal, but could be easier if there is another branch
[15:07] <mathiaz> sommer: that could be another option
[15:08] <bAndie9100> hi all
[15:08] <kraut> is it possible to see java-threads of a jvm with ps?
[15:08] <bAndie9100> i would make a special network, can u help me?
[15:15] <_ruben> installing jeos under hyper-v .. *shiver*
[15:22] <mathiaz> sommer: hm - it took 8 minutes to branch the intrepid doc repository
[15:25] <sommer> mathiaz: heh, still far better than the hardy docs
[15:25] <sommer> mathiaz: but that is pretty long if you're focussing on just the serverguide
[15:28] <mathiaz> sommer: glancing through the rules and control file, it seems that the serverguide has its own instructions
[15:29] <mathiaz> sommer: so it could really be split from other parts
[15:30] <sommer> mathiaz: cool, I'm all for it... I think the benefits outweigh any negatives
[15:31] <mathiaz> sommer: from a packaging POV it would mean creating a new source package for it
[15:31] <mathiaz> sommer: however we may need to keep track of the styles
[15:36] <_ruben> heh .. no network support for hyper-v during jeos install .. how surprising :p
[15:52] <zul> mathiaz: has that iproute SRU bug been uploaded yet?
[15:53] <mathiaz> zul: yes - It's in -proposed
[15:53] <mathiaz> zul: well - in the queue
[15:53] <zul> cool
[15:53] <mathiaz> zul: but not accepted AFAICT
[15:53] <zul> yeah there is a samba sru and nut sru that hasnt been accepted yet either
[15:56] <nealmcb> server team meeting in 4 minutes in #ubuntu-meeting
[15:57] <nealmcb> https://wiki.ubuntu.com/ServerTeam/Meeting
[16:23] <HellMind> guys, the install looks for fs-secondary-modules .ude , buts the file is .udeb
[16:23] <HellMind> why is that?
[16:28] <HellMind> 8.04 amd64
[16:36] <HellMind> the amd64 iso is wrong, the long filenames in it are wrong
[16:37] <lukehasnoname> many server guys are in the meeting right now, they'll be back shortly after 11am EST
[16:38] <HellMind> how many hours ?
[16:38] <HellMind> 7 hours :S
[16:38] <lukehasnoname> 20-30 mins
[16:44] <HellMind> anyone is using ispconfig or vhcs or similar?
[16:54] <ivoks> i use ispconfig
[16:54] <ivoks> udebs are 'debs' for debian installer
[16:56] <HellMind> nice I will install ispconfig
[16:57] <HellMind> I'm saying that the iso amd64 is broken, the filenames are wrong
[16:57] <HellMind> the names are chunked
[16:57] <HellMind> fs-secondary*  nic-restricted*
[17:02] <LaserJock> mathiaz: I need to head out in a bit, got a minute for the serverguide translation bit?
[17:02] <mathiaz> LaserJock: sure
[17:02] <mathiaz> LaserJock: I was wondering if we need to have the .po files in the bzr branch
[17:02] <LaserJock> no
[17:03] <LaserJock> you need a .pot
[17:03] <LaserJock> that'll then end up on Rosetta where it gets translated
[17:03] <LaserJock> then when you go to do a release you download the .po tarball from Rosetta
[17:03] <mathiaz> LaserJock: right - the .pot file is generated at some point when building the src pkg
[17:03] <LaserJock> mathiaz: actually, the .pot is kept in bzr
[17:04] <LaserJock> and is refreshed once in a while
[17:04] <mathiaz> LaserJock: right - and for the server guide, there is also the .po files
[17:04] <LaserJock> ok, so once you download the .po files
[17:04] <LaserJock> you convert them back into docbook XML
[17:05] <LaserJock> so you don't need the .po files in bzr
[17:05] <LaserJock> just the .pot and the translated docbook
[17:05] <mathiaz> LaserJock: so now I'm stuck on convert back to docbook
[17:06] <mathiaz> LaserJock: this is where the fr/, de/, etc... directory are created ?
[17:06] <LaserJock> yep
[17:06] <LaserJock> so before translation you should have just a C/ directory
[17:06] <mathiaz> LaserJock: are these on the website ?
[17:06] <LaserJock> website?
[17:06] <mathiaz> LaserJock: https://help.ubuntu.com/8.04/add-applications/ only show c/
[17:06] <LaserJock> oh right yeah
[17:06] <LaserJock> we don't put translations on help.ubuntu.com
[17:07] <LaserJock> we recommend that translations be put on LoCo websites
[17:07] <mathiaz> LaserJock: ok - only in the binary debs
[17:07] <LaserJock> yep
[17:07] <mathiaz> LaserJock: and once you have the docbook xml for translated packages, you have to rebuild the html files ?
[17:08] <mathiaz> LaserJock: or you just ship the docbook xml ?
[17:08] <LaserJock> ah, that depends
[17:08] <LaserJock> for Ubuntu/Edubuntu at least we just ship xml
[17:08] <LaserJock> I imagine you guys will want html at least
[17:09] <mathiaz> LaserJock: that's because yelp is able to read docbook
[17:09] <LaserJock> or maybe info
[17:09] <LaserJock> mathiaz: yes, exactly
[17:09] <LaserJock> I'm not sure what KDE does these days, it used to do just HTML I think
[17:09] <mathiaz> LaserJock: ok - to go back on the .pot file process, you need to upload it manually ?
[17:10] <mathiaz> LaserJock: or LP figures out automatically when there is a .pot file in the src deb ?
[17:10] <LaserJock> yeah
[17:10] <LaserJock> there might be some work with the Rosetta admins
[17:10] <mathiaz> LaserJock: yeah - to which question ?
[17:10] <LaserJock> since it's not a normal package
[17:11] <LaserJock> sorry ;-)
[17:11] <LaserJock> it extracts them from source packages
[17:11] <LaserJock> so you generate the .pot and put that in your source package
[17:11] <mathiaz> LaserJock: ok - thanks for the input - I think I better understand the whole workflow now.
[17:12] <mathiaz> LaserJock: then you upload the src pck to LP and it will show up in rosetta automatically
[17:12] <LaserJock> pretty much
[17:12] <LaserJock> the first time it might take some pushing :-)
[17:12] <LaserJock> but once the LP admins approve the .pot the first time it's automatic
[17:13] <mathiaz> LaserJock: ok - gotcha - thanks !
[17:14] <LaserJock> but actually right now it's already in Rosetta
[17:14] <nxvl> btw i forgot to mention on the meeting
[17:15] <LaserJock> mathiaz: https://translations.edge.launchpad.net/ubuntu/hardy/+source/ubuntu-docs/+pots/serverguide
[17:15] <nxvl> ScottK (or persia) suggested me to backport augeas to hardy for testing and playing
[17:15] <nxvl> did you think is a good idea?
[17:16] <LaserJock> mathiaz: I gotta run now, but if sommer needs help with scripts, etc. for translations have him email me
[17:17] <LaserJock> mathiaz: I had to figure all this stuff out for edubuntu-docs and have scripts for generating .pots and coverting .po to docbook
[17:21] <mathiaz> nxvl: that may be helpful in the begining of the release cycle
[17:21] <mathiaz> nxvl: to get people started in the next few weeks
[17:21] <mathiaz> nxvl: but after feature freeze, we definetly want to focus on intrepid
[17:23] <nxvl> mathiaz: so, you suggest to try to backport it inmediately after it reachs the archive?
[17:23] <mathiaz> nxvl: yes - I'd put it in a ppa
[17:24] <nxvl> heh
[17:24] <mathiaz> nxvl: and point people to the ppa
[17:24] <nxvl> i forgot about ppas
[17:24] <nxvl> i will upload it tonight
[17:25] <nxvl> now need to work
[17:25] <nxvl> read you later!
[18:24] <tolun> Hi everyone...
[18:25] <tolun> my email server cannot generate pgp...
[18:26] <tolun> I am using ubuntu 8.04.1 server x64 + atmail
[18:26] <tolun> 5.4
[18:35] <tolun> How can I check that pgp is installed correctly and works fine?
[18:36] <HellMind> I'm trying to install the amd64 ubuntu server 8.04 from an usb pendrive to a raid 1 lvm partitioned disk with a mobo g33 intel. I got multiple problems :(
[18:37] <HellMind> I finished the installation but it doesnt show me the login screen
[18:37] <ikonia> tolun: your trying to get your mail server to pgp sign mails ?
[18:38] <ikonia> HellMind: what does it show you
[18:38] <tolun> ikonia, yes...
[18:38] <ikonia> tolun: your client pgp signs mail, not the server normally
[18:38] <HellMind> the last thing it does is  loop, module loaded
[18:38] <ikonia> tolun: your mail server just delivers what your client injects into it
[18:39] <ikonia> HellMind: you've installed, and then rebooted ?
[18:39] <HellMind> ofcourse
[18:39] <ikonia> HellMind: I'm just checking
[18:39] <ikonia> HellMind: you get grub and it walks through the start up sequence ?
[18:39] <HellMind> if i press ctrl alt del the login screen apears, but everything is incomplete and with errors
[18:40] <HellMind> yes grubs its ok
[18:40] <ikonia> HellMind: when you say login screen, do you mean the gdm desktop, or just a shell login ?
[18:40] <HellMind> the only error i can se is, abnormal exit of modprobe
[18:40] <HellMind> no shell
[18:40] <HellMind> i mean, shell , no gdm
[18:40] <ikonia> HellMind: can you boot into single user mode (add single on the end of your kernel boot options)
[18:40] <tolun> ikonia, yes you have right... and I know that... Webmail part try to create a pgp key for a one account but server does not response back...
[18:41] <ikonia> tolun: the mail server does nothing for pgp
[18:41] <ikonia> tolun: what are you expecting the server to do ?
[18:43] <tolun> I understand from atmail product that it takes pgp requests and it creates on server's pgp application and it returns back this key to user via webmail
[18:44] <HellMind> it does the same, I think the install weren succesfully
[18:44] <HellMind> i cant se the /var/log dir
[18:44] <HellMind> it is recommended having multiple lvm partitions?
[18:44] <ikonia> HellMind: the layout doesn't matter as long as it has / and swap
[18:44] <tolun> ikonia, I understand from atmail product that it takes pgp requests and it creates on server's pgp application and it returns back this key to user via webmail
[18:45] <ikonia> tolun: I have no idea how that would work,
[18:46] <tolun> ikonia, it is really interresting... How can I check that server's pgp is working?
[18:47] <ikonia> tolun: I've not idea, I can't see a way to allow a mail to manage pgp
[18:48] <tolun> ikonia, ok not problem... do you know that how can I check only the pgp application?
[18:48] <ikonia> tolun: test it on the command line
[18:48] <ikonia> just make a pgp key
[18:48] <ikonia> make a file then try to sign it
[18:49] <tolun> ikonia, how...:'(
[18:49] <ikonia> tolun: man pgp it's 3 steps, 1  create key 2. create object 3. sign object with key
[18:51] <tolun> ikonia, here is the result for your advertisement.... man pgp No manual entry for pgp
[18:51] <tolun> See 'man 7 undocumented' for help when manual pages are not available.
[18:52] <blue-frog_> gpg
[18:52] <ikonia> blue-frog_: thank you !
[18:52] <tolun> blue-frog, thanks...
[18:54] <HellMind> I think my problem is because I configured the raid 1 using debian, the raid ar /dev/mdx, ubuntu is trying to use it, or remove it here /dev/md/x
[18:56] <ikonia> HellMind: shouldn't matter
[18:56] <ikonia> HellMind: the path is /dev/md$x, not /dev/md/$x
[18:58] <HellMind> how can I unisnstall the raid to start again
[18:58] <HellMind> from 0
[18:58] <HellMind> because the installer inst work
[18:58] <ikonia> HellMind: remove the partition
[18:59] <HellMind> how :S
[18:59] <HellMind> the /dev/md0 is there
[18:59] <ikonia> HellMind: ok, thats a good thing
[18:59] <ikonia> HellMind: use the installer to format it
[18:59] <ikonia> HellMind: your good to go
[19:00] <HellMind> my hds hav no partition :(
[19:00] <ikonia> HellMind: they shouldn't have if you've put them in a raid config
[19:00] <ikonia> HellMind: you may want to mirror on a partition level, or slice up /dev/md0
[19:07] <HellMind> I want to delete the previous /dev/md0 1 2 raid
[19:07] <HellMind> the installer is wrong again
[19:08] <HellMind> dunno what it executes but it fails, it says the partition is in use and the syslog says /dev/md/0 isnt exits, which is true, the raid is/dev/md0
[19:14] <HellMind> is there a way to restart the installer without booting again?
[19:20] <tolun> hi again guys....
[19:21] <tolun> I have problem with creating a pgp key... it says that it needs more 300bytes for generating the key... How?
[19:22] <tolun> the original message is: "Not enough random bytes available.  Please do some other work to give
[19:22] <tolun> the OS a chance to collect more entropy! (Need 300 more bytes)"
[19:23] <tolun> How can I generate random bytes for it?
[19:29] <tolun> ?
[19:29] <tolun> :)
[20:22] <HellMind> I MADE IT
[20:23] <HellMind> the error was in the bios :S, with 1m on the vga it hangs, with 8 no
[20:23] <telexicon_> I'm trying to install ubuntu server 8.04 on a poweredge 2450 but its throwing up a bunch of errors when trying to read packages from the cd during install: Exception Emask 0x0 Sact 0x0 Sett 0x0 action 0x2 frozen -> soft resetting link, eventually it fails with an I/O error
[20:23] <ScottK> mathiaz: My regrets on missing the meeting today.  I had a family emergency to deal with.  How did the meeting go?
[20:26] <mathiaz> ScottK: hope all is well on your side - it was busy busy
[20:29] <ScottK> It's all done.  We had to put one of our dogs down last night and one kid was at camp 2 1/2 hours drive away.  So I went and got her last night and then took her back this morning.  Then I crashed.
[20:36] <kirkland> mathiaz: hey....
[20:37] <kirkland> mathiaz: I just ran into a nasty little situation with the lsb status_of_proc() that causes it not to operate properly, if run by a non-root user
[20:38] <kees> kirkland: shellfoo?
[20:38] <kirkland> kees: well, only slight....
[20:38] <kirkland> kees: so in /lib/lsb/init-functions, you'll see a pidofproc() function
[20:38] <kirkland> kees: which is used by my status_of_proc() function
[20:38] <kirkland> kees: it tries to intelligently determine a proc's pid
[20:39] <kirkland> kees: it seems, however, there's a strange dependency on being root
[20:39] <kees> ya
[20:39] <kirkland> kees: if $pidfile exists, it tries to run "kill -0"
[20:39] <kirkland> kees: to determine if the process can be sent signals
[20:39] <kirkland> kees: well, not root necessarily, but the owner of the process
[20:40] <kees> well, it expects you to be able to kill the process you're querying
[20:40] <kees> right
[20:40] <kirkland> kees: ideally, querying status should be a non-priv operation, IMHO...  your thoughts?
[20:40] <kees> you mean for the "status" init command?
[20:41] <kirkland> kees: yup
[20:41] <kees> I'd say it'd be nice, but not really a requirement
[20:41] <kirkland> kees: further down in that pidofproc() function it uses /bin/pidof
[20:41] <kirkland> kees: that works fine as not-the-owner-of-the-process
[20:41] <kees> some processes need extra perms to know for sure if they're operating correctly
[20:42] <kirkland> hmm
[20:43] <kees> I'm assuming the kill-test is to make sure the process isn't zombie.
[20:43] <kees> that's the only thing I can think of
[20:43] <kirkland> kees: right...
[20:44] <kirkland> kees: hmm, i'll have to think on this a little more
[20:44] <kees> another option seems to be to make the pid file not world-readable
[20:44] <kees> then it won't try the kill test
[20:44] <kirkland> kees: that seems a little heavyweight
[20:45] <kees> maybe do a uid check?
[20:45] <kirkland> kees: i think i could more centrally test access on that file in addition to doing the file check
[20:47] <ivoks> are we aware of http://www.isc.org/index.pl?/sw/bind/index.php
[20:47] <ivoks> ?
[20:47] <kirkland> ivoks: i saw jdstrand comment on it earlier on #ubuntu-devel
[20:47] <ivoks> this means all DNS software
[20:48] <kees> ivoks: yeah, it should be in the archive in about 40 minutes
[20:48] <ivoks> very nice
[20:49] <ScottK> kees: Do we have a fix for the libc stub resolver too?  Debian says they don't.
[20:49] <kees> ScottK: we don't, and I've been attempting to more information about that.
[20:50] <ScottK> Work around is install BIND I guess.
[20:50] <kees> yeah, or trust your upstream DNS resolver and network
[20:50] <kirkland> kees: what if I changed it to: if [ -f "$pidfile" && -r "$pidfile"] ?
[20:51] <kirkland> kees: check if it's readable....
[20:51] <kees> the -f is redundant
[20:51] <kees> but that's already handled
[20:51] <kirkland> kees: what about the "and is a regular file" part of -f?
[20:51] <kees> your problem is when it's readable, but not your process
[20:52] <kees> it's no greater race than the -f/read case.
[20:52] <kirkland> k
[20:57] <kirkland> kees: my bad... I need -O, True if file exists and its owner matches the effective user id of this process.
[20:58] <kees> owner of the file may not be the uid of the process, though.
[21:06] <ph8> hey all, i'm trying to convert an ubuntu desktop install to ubuntu-server with apt - can anyone tell me if the server repositories are different? or do i just need to install some kind of 'server' package?
[21:07] <infinity> ph8: It's the same repositories, there's nothing to "convert", except to install a different kernel flavour, and to remove a lot of packages (ubuntu-server is pretty bare-bones)
[21:08] <infinity> ph8: If you don't care about removing all the packages (and, really, if you did, you might just want to reinstall), then you're just left with the kernel... apt-get install linux-server
[21:09] <ph8> i would reinstall but i've just setup my raid and i think it might be quicker for me to wildcard off a load of packages
[21:09] <ph8> thanks i've just installed linux-image-server
[21:13] <ivoks> and people say that linux servers are hard to install
[21:13] <ivoks> :)
[21:14] <HellMind> are imposible to install
[21:14] <HellMind> isnt easy having the appliance already done in a vm :S
[21:23] <kirkland> kees: okay, i'm going to have to take a different approach
[21:23] <kirkland> kees: namely, status_of_proc() will not use the pidofproc() function.  rather, it'll use /bin/pidof
[21:39] <kees> kirkland: well, but that may ignore the pid files.  that's the expected behavior
[21:39] <kirkland> kees: yes, it will ignore pidfiles
[21:39] <kirkland> kees: do you see a problem with that?  it'll look for a daemon of a given name, specified in the init script
[21:40] <kees> kirkland: I'm confused, are you adding a new function or rewiring an old one?
[21:41] <kirkland> kees: i wrote status_of_proc() from scratch...  was recently applied to Ubuntu's lsb package
[21:41] <kirkland> kees: there are no users of that function yet
[21:41] <kirkland> kees: i'm working on a stack of patches to use it
[21:41] <kirkland> kees: that's when i came across this process ownership bug
[21:41] <kees> aaaah, okay.  then I'm cool with the change you suggested.  :)
[21:42] <kees> note though, that some things may misbehave -- e.g. sendmail has multiple PIDs, but only the master pid in the pid file.
[21:43] <kirkland> kees: right, apache too, huh?
[21:46] <kirkland> kees: see: https://bugs.edge.launchpad.net/ubuntu/+source/lsb/+bug/246735
[21:46] <kirkland> kees: patch at the bottom
[21:46] <kirkland> kees: doko sponsored my last upload, i guess i can talk to him about this fix
[21:47] <AtomicSpark> woo!
[21:49] <kees> kirkland: okay, cool
[21:53] <gregbrady> what software examines/blocks sshd access to a computer?  It updates the hosts.deny file.
[21:54] <gregbrady> I think it allows 5 attempts or something and then adds that ip address to the hosts.deny file.
[21:55] <gregbrady> I think it allows 5 attempts or something and then adds that ip address to the hosts.deny file.
[21:56] <ivoks> denyhosts
[21:57] <kirkland> kees: doko doesn't appear active.  any chance you can review and apply the lsb fix?  All of the rest of my patches depend on it, as I'll need lsb-base (>= 3.2-12ubuntu2) in each package's debian/control file
[21:57] <kirkland> zul also offered some review/sponsoring/uploading too..........  pretty please?
[22:00] <kees> kirkland: well, the archive is currently in soft freeze...
[22:00] <kirkland> kees: oh...  hmm, what does that mean?  is that to spin cd's or something?
[22:01] <gregbrady> ivoks, thank you....
[22:03] <kees> kirkland: yeah, alpha 2 is being spun thursday.  we're in freeze until after alpha 2: https://lists.ubuntu.com/archives/ubuntu-devel-announce/2008-July/000446.html
[22:04] <kirkland> kees: hmm, well, this change is not disruptive, perhaps unnecessary
[22:05] <kirkland> kees: i'll ping slangasek about it
[22:05] <kees> kirkland: okay
[22:05] <kirkland> kees: thanks!
[22:05] <kees> kirkland: np.  :)
[22:10] <kirkland> kees: see slangasek's comment in #ubuntu-devel....
[22:11] <kirkland> kees: are you willing/able to sponsor, or should I knock on someone else's door?
[22:13] <kees> kirkland: I can do it, what's the bug #?
[22:14] <kirkland> kees: https://bugs.edge.launchpad.net/ubuntu/+source/lsb/+bug/246735
[22:14] <nxvl> kirkland: we are having the lsb patch included today?
[22:14] <nxvl> kirkland: or just in ubuntu
[22:15] <kirkland> nxvl: it was included in ubuntu a month ago or so
[22:15] <kirkland> nxvl: Debian agreed to it in principle, want to wait until they open up their archive
[22:15] <nxvl> :P
[22:15] <nxvl> :D
[22:15]  * nxvl is not following it
[22:15] <kirkland> nxvl: i found an issue with the way pidofproc() is implemented, requiring root privileges
[22:16] <kirkland> nxvl: i reworked status_of_proc() to use /bin/pidof rather than pidofproc() to get around that
[22:16] <kees> kirkland: your patch would case pidof output to appears on stdout
[22:16] <kirkland> kees: okay, i need a >/dev/null
[22:16] <nxvl> augeas has took my life for the past month
[22:16] <kees> kirkland: ah, yeah, that's in the prior version, cool.
[22:17] <kirkland> kees: one sec
[22:17] <kirkland> kees: okay, fixed
[22:17] <kirkland> kees: anything else before I update the debdiff?
[22:17] <kirkland> kees: I also switched status=1  to status="1"
[22:18] <kees> kirkland: cool, I think that's fine
[22:19] <kirkland> kees: updated patch posted
[22:31] <nxvl> heh
[22:31] <nxvl> augeas hasn't reach the archive and i have already received 3 new lenses
[22:31] <nxvl> :D
[22:32]  * nxvl loves FOSS Community work
[22:35] <tester_> I am having troubles loading DBDriver mysql.  I've put an explanation of my problem at: http://pastebin.com/mb23133  Anyone got a moment to help me?
[22:41]  * delcoyote hi
[22:57] <runes> can anyone help with virtual hosts files in Apache using hostname?
[23:50] <owh> kirkland: Nice catch on the status_of_proc()
[23:50] <kirkland> owh: thx.
[23:51] <owh> You seem to have been a busy boy :)
[23:51] <kirkland> owh: i've just finished a batch of patches for at, bind9, cron, openssh, samba, sysklogd
[23:51] <owh> I saw those come past, haven't looked yet. Are they different from the ones we made before?
[23:52] <emgent> hello
[23:52] <kirkland> owh: yeah, slightly
[23:52]  * owh has a gander.
[23:52] <owh> emgent: Salutations.
[23:54] <owh> kirkland: Just the depends?
[23:54] <kirkland> owh: yup
[23:54] <owh> Cool, I didn't know how to do that and didn't get around to ask anyone.
[23:54]  * owh hasn't stood still for some time :(
[23:55] <kirkland> owh: no problem...
[23:55] <owh> Excellent, onto the next problem :)
[23:55] <owh> How did the meeting go today, that time is really, really bad for me :(
[23:56] <owh> kirkland: Hmm, did you see this comment: (permalink)  <https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/203169/comments/12>
[23:57] <owh> kirkland: Especially the "exit $?" a completely redundant no-op...
[23:57] <kirkland> owh: right, i fixed the versioned dependency thing
[23:57] <owh> kirkland: Yeah, I'm talking about the second point.
[23:58] <kirkland> owh: right, so my response is (a) exit $? doesn't hurt
[23:58] <kirkland> owh: (b) "most" != "all"
[23:59]  * owh is waiting for the punchline :)
[23:59] <kirkland> owh: (c) in the case that $?=0, we're explicitly exiting with the status, not executing anything else beyond