[00:46] kees: ping === nxvl_work is now known as nxvl [00:51] nxvl: hola! [00:57] With multipule users on 1 server, homes in /var/www/user, how do you get set the permssions correctly? for php to work everything has to be www-data:www-data [01:01] helfire: you can place the www-data user into the user's group, then allow read and execute rights to the appropriate directories [01:02] helfire: there's also posix acls, that can give you much more permissions flexibility [01:02] Or fastcgi etc. [01:03] sommer: if 2 users are part of the same group wont they be able to view the contents of /var/www/user1/* [01:04] yes [01:04] Although if they are all www-data then www-data has access to all of the contents anyway. [01:04] helfire: for your situation posix acls may work best... you can give just the www-data user the appropriate permissions [01:04] but for securty reasons i dont want 2 users to be able to view eachothers directories, but to serve the pages they both have to be part of *:www-data [01:09] are there any guides that step through setting up apache/etc with multiple users and acls? [01:10] helfire: acls are sperate from apache, apache will follow the filesystem permissions... here's a rather long aritcle: http://www.suse.de/~agruen/acl/linux-acls/online/ [01:11] helfire: basically install the acl package, then get some experience with getfacl and setfacl, once you're used to them it's not that bad [01:11] there's probably other more consice guides out there as well [01:13] Ya, lots of guilds show you how to setup ISPconfig/apache/etc but then when multiple users come in they dont say anything about it [01:14] Might as well ask while i'm here, Is ISPConfig the best option in managing multiple users websites? Long time ago i just wrote a perl script to do it all for me but that was years ago hehe [01:14] not sure what you're looking for, basically posix acls allow the same permissions as normal, but to multiple users and groups... if in some level of acl a user doens't have permission they get denied access [01:14] * sommer has never used ISPConfig [01:19] oh no i'm just saying for managing multiple users, setting up limits, doing all the manual work for ya [01:20] ah, I'd say try it out and if it's horrible you can always migrate to something else... or do things manually :-) [03:23] hey folks [03:23] I'm having a problem with setting up 8.04 server as an ldap client [03:23] I rebuilt my OpenDirectory server and all my other clients are working, but getent passwd does not show any OD users [03:23] I've tried dpgk-reconfigure and it does nothing [03:23] actually does nothing, just returns a bash prompt [03:31] SpaceBass: did you try sudo dpkg-reconfigure ldap-auth-config ? [03:32] yeah [03:32] sorry - always leave the sudo off when in IRC [03:32] how about sudo dpkg-reconfigure ldap-auth-client [03:32] i just removed/reinstalled ldap-auth-config and its ran the setup again ... but I still am not seeing network users with getent passwd [03:33] SpaceBass: try double checking the /etc/ldap.conf file [03:33] sommer, yeah, it looks fine [03:33] can you search with ldapsearch -x ? [03:33] oddly if I remove it and re-run dpgk-reconfigure it does not create a new one ... making me think maybe its not using that file [03:34] it does [03:34] hummm [03:34] not sure why it wouldn't get re-created then [03:35] and of couse sudo dpkg-reconfigure ldap-auth-config [03:35] it's probably only created during the package postinst, and dpkg-reconfiugre doesn't execute the exact same command... (that's a guess) [03:35] is failing again [03:36] ah [03:41] well, something's broken [03:42] the problem is that I need some kind of logs or verbose output [03:42] SpaceBass: stop slapd then start it in a console window with: sudo slapd -u openldap -g openldap -f /etc/ldap/slapd.conf -d -1 [03:43] then do a getent and look for errors in the output [03:43] slapd is the server, not the client rght? [03:43] correct [03:43] I'm not running slapd on this box === freaky[t] is now known as fReAkY[t] [03:44] are you sure your network connectivity is working then? [03:44] yeah [03:44] ssh is working, ping, all other clients, etc [03:45] may want to double check with a quick nmap scan... should see ldap in the list [03:45] other than that I'd try upping the logging on the server [03:45] checking [03:46] nmap shows that its open ... but getent passwd doesnt even cause a log entry n the server - like its not trying [03:47] if the slapd logging isn't at a higher level it may not register an event [03:48] leme check [03:55] Can I insert a stupid question into this - not knowing anything about ldap? How have you told the client where the ldap server is? [03:57] I mean if getent passwd doesn't create an event, what is it trying to talk to instead? [03:57] owh: the dpkg-reconfigure ldap-auth-client configures /etc/ldap.conf which holds that information [03:57] it reads /etc/ldap.conf [03:57] owh: /etc/passwd [03:57] SpaceBass: that is a good idea you might double check the connection setting in that file [03:57] So, if ldap.conf holds that information, is it what you expect it to be? [03:58] the ldap client libraries query the ldap server for the data [03:58] Sure, but my question is more about telling the clients who to ask for the answer. [03:59] thats from ldap.con [03:59] there's a line that reads: host 10.1.1.15 [03:59] 10.1.1.15 is the ldap server [04:00] So, you can presumably ping the ldap serve? [04:00] s/serve/server/ [04:00] (From the client) [04:00] yeah [04:00] How did the 10.1.1.15 end up in the ldap.conf file? [04:01] when you install ldap-auth-client (or reconfigure it) it writes to that file [04:01] With dpkg-reconfigure? [04:01] Does it require a port number? [04:01] not if you use the default - but I did try that to doble check [04:01] As I said, I'm not familiar with ldap, just the principles of trouble shooting :) [04:02] SpaceBass: do you have ldapi:///hostname or ldap://hostname ? [04:02] Can you improve the verbosity of the client? [04:02] owh, wish I knew how [04:02] Ah a URI, rather than a host. [04:02] sommer, I've tried just the IP, ldap://host and ldapi://... [04:03] * owh has a gander through the RTFM. [04:03] SpaceBass: hmmm that should work, but you might also try Host ip_address instead of ldap:// [04:03] SpaceBass: You know about this: https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html [04:04] yeah, thats for setting up a server [04:04] this is a client [04:04] owh: doesn't cover client configuration... yet :) [04:04] :( [04:04] Crap [04:04] Don't make me install it :) [04:05] Ok, for a moment assume you did everything right - unlikely, but let's start somewhere. [04:05] How is what you're expecting not working? [04:06] Remember, once you get to the point of pulling out your hair, most likely the problem isn't what you think it is. [04:06] So, I'm just testing your assumptions at the moment. [04:07] I'm sure its one of those glaring things - like a typo [04:07] so I'm gonna put it down for the night [04:07] I appreciate the help - good troublshooting steps [04:07] Right, so work with me for a mo, give me 10 minutes :) [04:07] Then I'll let you slink off to bed :) [04:07] k [04:07] So, what are you doing that isn't working? [04:08] What command is failing? [04:09] Also, FYI, the man page for ldap.conf says that the URI is: URI [04:09] SpaceBass: you might also try: sudo auth-client-config -a -p lac_ldap [04:09] well, its just not producing the expected output [04:10] SpaceBass: that will configure pam for ldap [04:10] And the man page goes on to say: HOST [04:10] So, the IP address is with a HOST command, but a URI is with a URI command. What does your ldap.conf show? [04:10] so it implies that the port is required [04:10] leme look [04:10] No, that's optional. [04:11] SpaceBass: man ldap.conf should give you this: ldap.conf(5): ldap config file - Linux man page [04:12] sommer, not sure -a -p lac_ldap where the right switches - its reconfiguring every package on the system [04:15] SpaceBass: not sure what you mean by "every package on the system"... every time I've used it, it only configures the pam modules [04:15] sommer, i mean cups, font server, keyboard layout...name it [04:16] ah see what you mean... ya anything that uses pam, isn't that what you wanted? [04:16] to reverse it use sudo -a -r -p lac_ldap [04:17] err sudo auth-client-config -a -r -p lac_ldap [04:17] too late now :) [04:17] SpaceBass: Have you pasted your ldap.conf anywhere? [04:17] owh, not yet [04:17] will once this finishes [04:18] not if you didn't want to do that... the auth-client-config is very safe and comments the original entries in the pam files [04:18] SpaceBass: Open up a new terminal :) [04:19] * owh blames sommer for eating my 10 minutes :) [04:19] lol [04:19] blame my brain - its slowing down [04:19] * sommer they tasted good :-) [04:20] I'm relatively old hat at this...been setting up boxes using ldap for years, but it usually "just works" [04:20] are you on hardy? [04:20] 8.04 [04:20] yeah [04:20] hmmm, it's always worked for me, not sure what you're missing [04:21] SpaceBass: That's why I've been attempting to test your assumptions :) [04:21] sommer, me too ... [04:21] owh, :) [04:21] SpaceBass: Does it work anywhere else? [04:21] Can you diff the config file? [04:22] owh, all the other clients are OSX - and they do ldap a little differently [04:22] :) [04:22] I do have one other linux box that is working, but its 6.10lts [04:22] Well, check the .conf file first. [04:22] s/the/its/ [04:23] even tried copying that file over [04:25] Well, version differences aside, that might rule out that as a source of the issue. [04:26] What happens if the 6.10 machine connects to the server? Do you see anything in the logs? [04:27] yeah [04:28] Machines on the same network? [04:28] yeah [04:29] same subnet even [04:29] same switch [04:29] If you watch with wireshark, do you see anything? [04:29] thats a great idea - but one for tomorrow :D) [04:30] Sleep well :) [04:30] thanks guys - again, I really appericate the help [04:30] Anytime. [04:31] * owh just poked a stick at the problem :) [05:36] hi all [05:36] I'm in a bit of trouble [05:37] I am trying to upgrade my server from 7.10 to 7.04, and linux-image has broken [05:37] it shows that linux-image-2.6.22-15-server is installed, but its not installed in /boot. So when I try to remove it or purge it, it fails because there is no System.map or initrd in /boot [05:37] What do I do ? [05:41] well, 7.04 is earlier than 7.10 [05:41] sigh [08:03] moin [08:51] New bug: #232550 in gvfs (main) ""Connect to Server..." does not mount Windows Share (dup-of: 209520)" [Undecided,Invalid] https://launchpad.net/bugs/232550 === crummygummy_ is now known as CrummyGummy [10:09] ? === ewook_ is now known as ewook [10:35] New bug: #246322 in nis (main) "nis package must provide DHCP client scripts" [Wishlist,Confirmed] https://launchpad.net/bugs/246322 [13:21] New bug: #246558 in openssh (main) "ssh's init script should generate host keys if they're missing" [Undecided,New] https://launchpad.net/bugs/246558 === fReAkY[t] is now known as freaky[t] [13:35] good morning everyone! [13:36] hi nxvl [13:38] emgent: what's the difference between your branch and master's one on cve-tracker? [13:42] master is ubuntu-security official branch [13:59] emgent: well, that obvious, but i mean in content [14:32] New bug: #246578 in samba (main) "using "net ads join" with -S breaks if given the long domain name " [Undecided,New] https://launchpad.net/bugs/246578 [14:39] mathiaz: any thought of dovecot 1.1.1 for intrepid? [14:49] sommer: were there any plans to split out the server guide into its own bzr branch ? [14:50] zul: may be - I'd look at debian also [14:50] mathiaz: heh, I was just looking at the doc.u.c, and noticed that it hasn't been updated :) [14:50] mathiaz: I don't think there was anything concrete as far as a different branch [14:51] mathiaz: do you think it needs to be? [14:51] sommer: it needs to be split out in its own branch [14:52] sommer: one of my todo item is to add a paragraph to the Server Team KnowledgeBase about helping out with the server guide [14:52] mathiaz: I'm not opposed, but there'll need to be some strong arguments to overcome the arguments against [14:53] sommer: and if it starts with - bzr branch ubuntu-doc - wait for a 400 Meg download - we've lost most of the contributors... [14:53] mathiaz: it's actually miles better for intrepid... the history was dumped and the layout was rearanged [14:53] sommer: I'd have to go back and read the threads, but the main arguments IIRC were related to packaging stuff [14:53] mathiaz: it only takes about 5min [14:55] sommer: mhh... I'll have to look into that then - I was reading the documentation team page about using bzr [14:55] sommer: and it didn't look very promising [14:56] mathiaz: as in not enough info? I think it's enough to get people started, but I agree it could be better [14:56] sommer: well - it's much info IMO [14:56] sommer: I wrote a blog post last week about dkim testing and there was an item about updating the server guide [14:57] sommer: so I wanted to add some intructions on how to do it [14:57] sommer: I would have liked to write some like: bzr branch lp:~ubuntu-doc/ubuntu-server-guide; edit-the-mail-section; bzr push lp:~your-lp-id/ubuntu-server-guide; submit for review to the doc team [14:58] sommer: reading through the documentation page, it seemed more complex than that [14:58] mathiaz: ya, as of now it's bzr branch, edit, submit patch to the list [14:59] sommer: and this morning there was an email on ubuntu-doc about a technical review - it should have been a patch instead [14:59] sommer: right - unfortunately, reading the documentation page, it seemed more complicated than bzr branch, edit, submit a patch [14:59] ya, the doc team really doesn't use the full capabilities of bzr... especially the distrubted vcs [14:59] sommer: I would be fine with the process above [15:01] sommer: exactly - I'll add a paragraph on working on the server guide [15:01] mathiaz: I'm not opposed with the process either, additionally seperating the packaging would allow the serverteam control of SRUs [15:01] sommer: I'll do more experimentation on how it takes to branch the ubuntu-doc tree [15:01] sommer: right - IMO packaging bits should not be the reason for keeping all the docs in one branch [15:02] sommer: conceptually I don't see why someone working on the server guide would need a copy of the Ubuntu migrating from windows guide [15:03] mathiaz: an advantage of not branching is interaction with more than one team in the Ubuntu community... or at least letting the doc team have rights to the branch, I think would good [15:03] sommer: basically you'd need to separate the packaging bits and the documentation, ie go to the standard upstream/maintainer system [15:03] sommer: sure - I don't have a problem with that [15:04] sommer: but I really like to say to new contributors - wanna fix a typo in the server guide ? -> bzr branch lp:~ubuntu-doc/server-guide [15:04] sommer: the server-guide branch would still be part of the ubuntu-doc team [15:05] sure, and I really like the potential to do an SRU on the serverguide even if others consider it too much work :-) [15:05] mathiaz: I'll start playing around with the bzr branching too, then we can come up with a game plan [15:06] mathiaz: also on the agenda for intrepid is pdf version of the serverguide, which shouldn't be a big deal, but could be easier if there is another branch [15:07] sommer: that could be another option [15:08] hi all [15:08] is it possible to see java-threads of a jvm with ps? [15:08] i would make a special network, can u help me? === lukehasnoname is now known as zaapiel === zaapiel is now known as lukehasnoname [15:15] <_ruben> installing jeos under hyper-v .. *shiver* [15:22] sommer: hm - it took 8 minutes to branch the intrepid doc repository [15:25] mathiaz: heh, still far better than the hardy docs [15:25] mathiaz: but that is pretty long if you're focussing on just the serverguide [15:28] sommer: glancing through the rules and control file, it seems that the serverguide has its own instructions [15:29] sommer: so it could really be split from other parts [15:30] mathiaz: cool, I'm all for it... I think the benefits outweigh any negatives [15:31] sommer: from a packaging POV it would mean creating a new source package for it [15:31] sommer: however we may need to keep track of the styles [15:36] <_ruben> heh .. no network support for hyper-v during jeos install .. how surprising :p [15:52] mathiaz: has that iproute SRU bug been uploaded yet? [15:53] zul: yes - It's in -proposed [15:53] zul: well - in the queue [15:53] cool [15:53] zul: but not accepted AFAICT [15:53] yeah there is a samba sru and nut sru that hasnt been accepted yet either [15:56] server team meeting in 4 minutes in #ubuntu-meeting [15:57] https://wiki.ubuntu.com/ServerTeam/Meeting [16:23] guys, the install looks for fs-secondary-modules .ude , buts the file is .udeb [16:23] why is that? [16:28] 8.04 amd64 [16:36] the amd64 iso is wrong, the long filenames in it are wrong [16:37] many server guys are in the meeting right now, they'll be back shortly after 11am EST [16:38] how many hours ? [16:38] 7 hours :S [16:38] 20-30 mins [16:44] anyone is using ispconfig or vhcs or similar? [16:54] i use ispconfig [16:54] udebs are 'debs' for debian installer === Smaug is now known as Smaug|away [16:56] nice I will install ispconfig [16:57] I'm saying that the iso amd64 is broken, the filenames are wrong [16:57] the names are chunked [16:57] fs-secondary* nic-restricted* [17:02] mathiaz: I need to head out in a bit, got a minute for the serverguide translation bit? [17:02] LaserJock: sure [17:02] LaserJock: I was wondering if we need to have the .po files in the bzr branch [17:02] no [17:03] you need a .pot [17:03] that'll then end up on Rosetta where it gets translated [17:03] then when you go to do a release you download the .po tarball from Rosetta [17:03] LaserJock: right - the .pot file is generated at some point when building the src pkg [17:03] mathiaz: actually, the .pot is kept in bzr [17:04] and is refreshed once in a while [17:04] LaserJock: right - and for the server guide, there is also the .po files [17:04] ok, so once you download the .po files [17:04] you convert them back into docbook XML [17:05] so you don't need the .po files in bzr [17:05] just the .pot and the translated docbook [17:05] LaserJock: so now I'm stuck on convert back to docbook [17:06] LaserJock: this is where the fr/, de/, etc... directory are created ? [17:06] yep [17:06] so before translation you should have just a C/ directory [17:06] LaserJock: are these on the website ? [17:06] website? [17:06] LaserJock: https://help.ubuntu.com/8.04/add-applications/ only show c/ [17:06] oh right yeah [17:06] we don't put translations on help.ubuntu.com [17:07] we recommend that translations be put on LoCo websites [17:07] LaserJock: ok - only in the binary debs [17:07] yep [17:07] LaserJock: and once you have the docbook xml for translated packages, you have to rebuild the html files ? [17:08] LaserJock: or you just ship the docbook xml ? [17:08] ah, that depends === Nafallo_ is now known as Nafallo [17:08] for Ubuntu/Edubuntu at least we just ship xml [17:08] I imagine you guys will want html at least [17:09] LaserJock: that's because yelp is able to read docbook [17:09] or maybe info [17:09] mathiaz: yes, exactly [17:09] I'm not sure what KDE does these days, it used to do just HTML I think [17:09] LaserJock: ok - to go back on the .pot file process, you need to upload it manually ? [17:10] LaserJock: or LP figures out automatically when there is a .pot file in the src deb ? [17:10] yeah [17:10] there might be some work with the Rosetta admins [17:10] LaserJock: yeah - to which question ? [17:10] since it's not a normal package [17:11] sorry ;-) [17:11] it extracts them from source packages [17:11] so you generate the .pot and put that in your source package [17:11] LaserJock: ok - thanks for the input - I think I better understand the whole workflow now. [17:12] LaserJock: then you upload the src pck to LP and it will show up in rosetta automatically [17:12] pretty much [17:12] the first time it might take some pushing :-) [17:12] but once the LP admins approve the .pot the first time it's automatic [17:13] LaserJock: ok - gotcha - thanks ! [17:14] but actually right now it's already in Rosetta [17:14] btw i forgot to mention on the meeting [17:15] mathiaz: https://translations.edge.launchpad.net/ubuntu/hardy/+source/ubuntu-docs/+pots/serverguide [17:15] ScottK (or persia) suggested me to backport augeas to hardy for testing and playing [17:15] did you think is a good idea? [17:16] mathiaz: I gotta run now, but if sommer needs help with scripts, etc. for translations have him email me [17:17] mathiaz: I had to figure all this stuff out for edubuntu-docs and have scripts for generating .pots and coverting .po to docbook [17:21] nxvl: that may be helpful in the begining of the release cycle [17:21] nxvl: to get people started in the next few weeks [17:21] nxvl: but after feature freeze, we definetly want to focus on intrepid [17:23] mathiaz: so, you suggest to try to backport it inmediately after it reachs the archive? [17:23] nxvl: yes - I'd put it in a ppa [17:24] heh [17:24] nxvl: and point people to the ppa [17:24] i forgot about ppas [17:24] i will upload it tonight [17:25] now need to work [17:25] read you later! [18:11] New bug: #246664 in samba (main) "during winbind upgrade running desktop is harmed" [Undecided,New] https://launchpad.net/bugs/246664 [18:24] Hi everyone... [18:25] my email server cannot generate pgp... [18:26] I am using ubuntu 8.04.1 server x64 + atmail [18:26] 5.4 === Smaug|away is now known as Smaug [18:35] How can I check that pgp is installed correctly and works fine? [18:36] I'm trying to install the amd64 ubuntu server 8.04 from an usb pendrive to a raid 1 lvm partitioned disk with a mobo g33 intel. I got multiple problems :( [18:37] I finished the installation but it doesnt show me the login screen [18:37] tolun: your trying to get your mail server to pgp sign mails ? [18:38] HellMind: what does it show you [18:38] ikonia, yes... [18:38] tolun: your client pgp signs mail, not the server normally [18:38] the last thing it does is loop, module loaded [18:38] tolun: your mail server just delivers what your client injects into it [18:39] HellMind: you've installed, and then rebooted ? [18:39] ofcourse [18:39] HellMind: I'm just checking [18:39] HellMind: you get grub and it walks through the start up sequence ? [18:39] if i press ctrl alt del the login screen apears, but everything is incomplete and with errors [18:40] yes grubs its ok [18:40] HellMind: when you say login screen, do you mean the gdm desktop, or just a shell login ? [18:40] the only error i can se is, abnormal exit of modprobe [18:40] no shell [18:40] i mean, shell , no gdm [18:40] HellMind: can you boot into single user mode (add single on the end of your kernel boot options) [18:40] ikonia, yes you have right... and I know that... Webmail part try to create a pgp key for a one account but server does not response back... [18:41] tolun: the mail server does nothing for pgp [18:41] tolun: what are you expecting the server to do ? [18:43] I understand from atmail product that it takes pgp requests and it creates on server's pgp application and it returns back this key to user via webmail [18:44] it does the same, I think the install weren succesfully [18:44] i cant se the /var/log dir [18:44] it is recommended having multiple lvm partitions? [18:44] HellMind: the layout doesn't matter as long as it has / and swap [18:44] ikonia, I understand from atmail product that it takes pgp requests and it creates on server's pgp application and it returns back this key to user via webmail [18:45] tolun: I have no idea how that would work, [18:46] ikonia, it is really interresting... How can I check that server's pgp is working? [18:47] tolun: I've not idea, I can't see a way to allow a mail to manage pgp [18:48] ikonia, ok not problem... do you know that how can I check only the pgp application? [18:48] tolun: test it on the command line [18:48] just make a pgp key [18:48] make a file then try to sign it [18:49] ikonia, how...:'( [18:49] tolun: man pgp it's 3 steps, 1 create key 2. create object 3. sign object with key [18:51] ikonia, here is the result for your advertisement.... man pgp No manual entry for pgp [18:51] See 'man 7 undocumented' for help when manual pages are not available. [18:52] gpg [18:52] blue-frog_: thank you ! [18:52] blue-frog, thanks... [18:54] I think my problem is because I configured the raid 1 using debian, the raid ar /dev/mdx, ubuntu is trying to use it, or remove it here /dev/md/x [18:56] HellMind: shouldn't matter [18:56] HellMind: the path is /dev/md$x, not /dev/md/$x [18:58] how can I unisnstall the raid to start again [18:58] from 0 [18:58] because the installer inst work [18:58] HellMind: remove the partition [18:59] how :S [18:59] the /dev/md0 is there [18:59] HellMind: ok, thats a good thing [18:59] HellMind: use the installer to format it [18:59] HellMind: your good to go [19:00] my hds hav no partition :( [19:00] HellMind: they shouldn't have if you've put them in a raid config [19:00] HellMind: you may want to mirror on a partition level, or slice up /dev/md0 [19:07] I want to delete the previous /dev/md0 1 2 raid [19:07] the installer is wrong again [19:08] dunno what it executes but it fails, it says the partition is in use and the syslog says /dev/md/0 isnt exits, which is true, the raid is/dev/md0 [19:14] is there a way to restart the installer without booting again? [19:20] hi again guys.... [19:21] I have problem with creating a pgp key... it says that it needs more 300bytes for generating the key... How? [19:22] the original message is: "Not enough random bytes available. Please do some other work to give [19:22] the OS a chance to collect more entropy! (Need 300 more bytes)" [19:23] How can I generate random bytes for it? [19:29] ? [19:29] :) [19:42] New bug: #246702 in glibc (main) "[CVE-2008-1447] Randomize DNS query source ports to prevent cache poisoning" [Undecided,New] https://launchpad.net/bugs/246702 [20:22] I MADE IT [20:23] the error was in the bios :S, with 1m on the vga it hangs, with 8 no [20:23] I'm trying to install ubuntu server 8.04 on a poweredge 2450 but its throwing up a bunch of errors when trying to read packages from the cd during install: Exception Emask 0x0 Sact 0x0 Sett 0x0 action 0x2 frozen -> soft resetting link, eventually it fails with an I/O error [20:23] mathiaz: My regrets on missing the meeting today. I had a family emergency to deal with. How did the meeting go? [20:26] ScottK: hope all is well on your side - it was busy busy [20:29] It's all done. We had to put one of our dogs down last night and one kid was at camp 2 1/2 hours drive away. So I went and got her last night and then took her back this morning. Then I crashed. [20:36] mathiaz: hey.... [20:37] mathiaz: I just ran into a nasty little situation with the lsb status_of_proc() that causes it not to operate properly, if run by a non-root user [20:38] kirkland: shellfoo? [20:38] kees: well, only slight.... [20:38] kees: so in /lib/lsb/init-functions, you'll see a pidofproc() function [20:38] kees: which is used by my status_of_proc() function [20:38] kees: it tries to intelligently determine a proc's pid [20:39] kees: it seems, however, there's a strange dependency on being root [20:39] ya [20:39] kees: if $pidfile exists, it tries to run "kill -0" [20:39] kees: to determine if the process can be sent signals [20:39] kees: well, not root necessarily, but the owner of the process [20:40] well, it expects you to be able to kill the process you're querying [20:40] right [20:40] kees: ideally, querying status should be a non-priv operation, IMHO... your thoughts? [20:40] you mean for the "status" init command? [20:41] kees: yup [20:41] I'd say it'd be nice, but not really a requirement [20:41] kees: further down in that pidofproc() function it uses /bin/pidof [20:41] kees: that works fine as not-the-owner-of-the-process [20:41] some processes need extra perms to know for sure if they're operating correctly [20:42] hmm [20:43] I'm assuming the kill-test is to make sure the process isn't zombie. [20:43] that's the only thing I can think of [20:43] kees: right... [20:44] kees: hmm, i'll have to think on this a little more [20:44] another option seems to be to make the pid file not world-readable [20:44] then it won't try the kill test [20:44] kees: that seems a little heavyweight [20:45] maybe do a uid check? [20:45] kees: i think i could more centrally test access on that file in addition to doing the file check [20:47] are we aware of http://www.isc.org/index.pl?/sw/bind/index.php [20:47] ? [20:47] ivoks: i saw jdstrand comment on it earlier on #ubuntu-devel [20:47] this means all DNS software [20:48] ivoks: yeah, it should be in the archive in about 40 minutes [20:48] very nice [20:49] kees: Do we have a fix for the libc stub resolver too? Debian says they don't. [20:49] ScottK: we don't, and I've been attempting to more information about that. [20:50] Work around is install BIND I guess. [20:50] yeah, or trust your upstream DNS resolver and network [20:50] kees: what if I changed it to: if [ -f "$pidfile" && -r "$pidfile"] ? [20:51] kees: check if it's readable.... [20:51] the -f is redundant [20:51] but that's already handled [20:51] kees: what about the "and is a regular file" part of -f? [20:51] your problem is when it's readable, but not your process [20:52] it's no greater race than the -f/read case. [20:52] k [20:57] kees: my bad... I need -O, True if file exists and its owner matches the effective user id of this process. [20:58] owner of the file may not be the uid of the process, though. [21:06] hey all, i'm trying to convert an ubuntu desktop install to ubuntu-server with apt - can anyone tell me if the server repositories are different? or do i just need to install some kind of 'server' package? [21:07] ph8: It's the same repositories, there's nothing to "convert", except to install a different kernel flavour, and to remove a lot of packages (ubuntu-server is pretty bare-bones) [21:08] ph8: If you don't care about removing all the packages (and, really, if you did, you might just want to reinstall), then you're just left with the kernel... apt-get install linux-server [21:09] i would reinstall but i've just setup my raid and i think it might be quicker for me to wildcard off a load of packages [21:09] thanks i've just installed linux-image-server [21:13] and people say that linux servers are hard to install [21:13] :) [21:14] are imposible to install [21:14] isnt easy having the appliance already done in a vm :S [21:23] kees: okay, i'm going to have to take a different approach [21:23] kees: namely, status_of_proc() will not use the pidofproc() function. rather, it'll use /bin/pidof [21:39] kirkland: well, but that may ignore the pid files. that's the expected behavior [21:39] kees: yes, it will ignore pidfiles [21:39] kees: do you see a problem with that? it'll look for a daemon of a given name, specified in the init script [21:40] kirkland: I'm confused, are you adding a new function or rewiring an old one? [21:41] kees: i wrote status_of_proc() from scratch... was recently applied to Ubuntu's lsb package [21:41] kees: there are no users of that function yet [21:41] kees: i'm working on a stack of patches to use it [21:41] kees: that's when i came across this process ownership bug [21:41] aaaah, okay. then I'm cool with the change you suggested. :) [21:42] note though, that some things may misbehave -- e.g. sendmail has multiple PIDs, but only the master pid in the pid file. [21:43] kees: right, apache too, huh? [21:46] kees: see: https://bugs.edge.launchpad.net/ubuntu/+source/lsb/+bug/246735 [21:46] Launchpad bug 246735 in lsb "status_of_proc() calls pidofproc() which calls kill, requiring ownership privileges on the process" [Undecided,New] [21:46] kees: patch at the bottom [21:46] kees: doko sponsored my last upload, i guess i can talk to him about this fix [21:47] woo! [21:49] kirkland: okay, cool [21:53] what software examines/blocks sshd access to a computer? It updates the hosts.deny file. [21:54] I think it allows 5 attempts or something and then adds that ip address to the hosts.deny file. [21:55] I think it allows 5 attempts or something and then adds that ip address to the hosts.deny file. [21:56] denyhosts [21:57] kees: doko doesn't appear active. any chance you can review and apply the lsb fix? All of the rest of my patches depend on it, as I'll need lsb-base (>= 3.2-12ubuntu2) in each package's debian/control file [21:57] zul also offered some review/sponsoring/uploading too.......... pretty please? [22:00] kirkland: well, the archive is currently in soft freeze... [22:00] kees: oh... hmm, what does that mean? is that to spin cd's or something? [22:01] ivoks, thank you.... [22:03] kirkland: yeah, alpha 2 is being spun thursday. we're in freeze until after alpha 2: https://lists.ubuntu.com/archives/ubuntu-devel-announce/2008-July/000446.html [22:04] kees: hmm, well, this change is not disruptive, perhaps unnecessary [22:05] kees: i'll ping slangasek about it [22:05] kirkland: okay [22:05] kees: thanks! [22:05] kirkland: np. :) [22:10] kees: see slangasek's comment in #ubuntu-devel.... [22:11] kees: are you willing/able to sponsor, or should I knock on someone else's door? [22:13] kirkland: I can do it, what's the bug #? [22:14] kees: https://bugs.edge.launchpad.net/ubuntu/+source/lsb/+bug/246735 [22:14] Launchpad bug 246735 in lsb "status_of_proc() calls pidofproc() which calls kill, requiring ownership privileges on the process" [Medium,In progress] [22:14] kirkland: we are having the lsb patch included today? [22:14] kirkland: or just in ubuntu [22:15] nxvl: it was included in ubuntu a month ago or so [22:15] nxvl: Debian agreed to it in principle, want to wait until they open up their archive [22:15] :P [22:15] :D [22:15] * nxvl is not following it [22:15] nxvl: i found an issue with the way pidofproc() is implemented, requiring root privileges [22:16] nxvl: i reworked status_of_proc() to use /bin/pidof rather than pidofproc() to get around that [22:16] kirkland: your patch would case pidof output to appears on stdout [22:16] kees: okay, i need a >/dev/null [22:16] augeas has took my life for the past month [22:16] kirkland: ah, yeah, that's in the prior version, cool. [22:17] kees: one sec [22:17] kees: okay, fixed [22:17] kees: anything else before I update the debdiff? [22:17] kees: I also switched status=1 to status="1" [22:18] kirkland: cool, I think that's fine [22:19] kees: updated patch posted [22:31] heh [22:31] augeas hasn't reach the archive and i have already received 3 new lenses [22:31] :D [22:32] * nxvl loves FOSS Community work [22:35] I am having troubles loading DBDriver mysql. I've put an explanation of my problem at: http://pastebin.com/mb23133 Anyone got a moment to help me? [22:41] * delcoyote hi [22:57] can anyone help with virtual hosts files in Apache using hostname? [23:50] kirkland: Nice catch on the status_of_proc() [23:50] owh: thx. [23:51] You seem to have been a busy boy :) [23:51] owh: i've just finished a batch of patches for at, bind9, cron, openssh, samba, sysklogd [23:51] I saw those come past, haven't looked yet. Are they different from the ones we made before? [23:52] hello [23:52] owh: yeah, slightly [23:52] * owh has a gander. [23:52] emgent: Salutations. [23:54] kirkland: Just the depends? [23:54] owh: yup [23:54] Cool, I didn't know how to do that and didn't get around to ask anyone. [23:54] * owh hasn't stood still for some time :( [23:55] owh: no problem... [23:55] Excellent, onto the next problem :) [23:55] How did the meeting go today, that time is really, really bad for me :( [23:56] kirkland: Hmm, did you see this comment: (permalink) [23:56] Launchpad bug 203169 in sysklogd ""status" function for init scripts" [Wishlist,In progress] [23:57] kirkland: Especially the "exit $?" a completely redundant no-op... [23:57] owh: right, i fixed the versioned dependency thing [23:57] kirkland: Yeah, I'm talking about the second point. [23:58] owh: right, so my response is (a) exit $? doesn't hurt [23:58] owh: (b) "most" != "all" [23:59] * owh is waiting for the punchline :) [23:59] owh: (c) in the case that $?=0, we're explicitly exiting with the status, not executing anything else beyond