/srv/irclogs.ubuntu.com/2009/03/29/#ubuntu-server.txt

Begsits odd, a while after i run iptables -I INPUT -s ! 192.168.0.0/255.255.255.0 -j REJECT i stop being able to access the server using cifs from my windows box, and as soon as i delete the rule it works again00:15
Begseverything else works though00:15
Deepsmay need to allow broadcast traffic too?00:19
Begshow do i do that, its just odd how it works fine for a while then stops?00:21
Deepsallow traffic to/from 255.255.255.255 as well?00:26
Begsso just run  iptables -I INPUT -s ! 192.168.0.0/255.255.255.255 -j REJECT instead of other command00:27
Deepsno, the second param is the netmask, assuming you want traffic from 192.168.0.* you need it as defined earlier00:29
Deepsthat said, broadcast traffic appears from the source anyway, so it's not that00:29
daddy242Does anybody know how to get rid of complaints like  Does anybody know how to get rid of apparmor complaints like requested_mask="::r" denied_mask="::r" name="/lib/tls/i686/cmov/libdl-2.7.so" pid=6792 profile="null-complain-profile" namespace="default" for a sshd profile for a sshd profile00:40
daddy242     /msg nickserv register m0v135 treymul@gmail.com00:49
ScottKdaddy242: I'd suggest a different password next time.00:50
Deepsand possibly a different irc client / terminal configuration00:50
giovaninot to mention more careful observation of 5 spaces00:51
daddy242good call00:51
CppIsWeirdis there any pfsense like package for ubuntu-server?00:52
* genii struggles with apcutils00:58
daddy242Does anybody know how to get rid of apparmor complaints like requested_mask="::r" denied_mask="::r" name="/lib/tls/i686/cmov/libdl-2.7.so" pid=6792 profile="null-complain-profile" namespace="default" for a sshd profile00:58
Sam-I-Amyou can edit the apparmor profiles02:01
Sam-I-Am /etc/apparmor.d or somesuch02:02
daddy242I have done a lot of editing, the files in question have already been given read rights to sshd, but i am getting these errors due to this other profile02:03
Sam-I-Amdid you edit the null-complain-profile ?02:04
daddy242no, I'm not sure what that is02:07
daddy242I don't even have anything like that under apparmor.d,, where would I find it02:08
Sam-I-Amsomething is telling it to gripe by default about stuff02:10
Sam-I-Amalternatively, just disable apparmor, its irritating and broken :P02:10
Sam-I-Amhave you googled for that error?02:10
daddy242yes and I haven't been able to find anything helpful02:12
Sam-I-Ammeh02:14
Sam-I-Ami guess you could make a profile to specificially consider that file in question02:17
Sam-I-Amquestion is... is apparmor breaking something or just griping?02:17
ScottKSam-I-Am: What's broken about our apparmor and have you filed bugs?02:19
Sam-I-Amits more like the default profiles for apps02:19
Sam-I-Ami spent almost a day trying to figure out some weirdness with slapd only to find out it was a misconfigured apparmor profile02:20
ScottKThere are certainly sometimes problems with them.02:20
Sam-I-Amturns out there was a bug filed for it already, but the subject for it was a bit misleading... nor did i realize it was apparmor at the time.02:20
CppIsWeirdis there any package that would setup a ubuntu-server to something similar to m0n0wall or pfsense?02:23
Sam-I-Amhmmm, i havent seen one02:24
giovaniCppIsWeird: nope, but firewalls in ubuntu are pretty simple: https://help.ubuntu.com/8.04/serverguide/C/firewall.html02:58
=== UdontKnow is now known as ObiWanQueNoob
geniiAny way to send a network alert when ups kicks in?04:06
genii(so all the other boxes can nicely shut down when there's like 2 minutes left of power for instance)04:07
goksu hello I need help on installing ubuntu on HP Prolient ml350 G504:13
twbgenii: I guess that would be up to nut.04:14
goksuthe installation goes just fine from ubuntu-server-64.iso. but I can not boot after install. ml350 hangs after reboot saying "attempting Boot from hard drive c:".04:14
twbgoksu: that sounds like the MBR wasn't installed, since it refers to "drive c:" which GNU/Linux never does.04:14
goksutwb: how do I fix it?04:22
twbBy installing the bootloader, I imagine04:22
goksuubuntu installs well from cd. all the way to remove installation cd prompt.04:23
twbThat's assuming I've diagnosed the error correctly, of course.04:23
goksushouldnt the install cd load that too?04:23
goksuI am thinking along the same lines.04:23
twbgoksu: it should04:23
friartuckgoksu did you do custom partitioning?04:23
goksuI have 4 hdds. I made raid5.04:23
twbgoksu: hardware or md raid5?04:24
friartuckgoksu lvm raid5?04:24
goksuno I did not. guided with lvm.04:24
PhotoJimI missed the problem.  what is it?04:24
twbPhotoJim: 14:17 <goksu> the installation goes just fine from ubuntu-server-64.iso. but I can not boot after install. ml350 hangs after reboot saying "attempting Boot from hard drive c:".04:24
PhotoJimtwb:  Thanks.04:24
goksu:)04:25
PhotoJimI had a problem with RAID1 (software) not enabling quickly enough for a successful boot.  adding a rootdelay solved it.  but your problem is not what mine was, alas.04:25
goksuso after pluging the 4 hdds. I did a raid5 from the boot F8 or F120 I guess.04:25
goksuno. I have not installed a software raid. because I dont know how to do that. and the raid5 install I did I did before the ubuntu cd got inside the machine.04:26
twbgoksu: ok, so you are using hardware raid?04:27
goksuyes hardware raid. raid5.04:27
friartuckgoksu did ubuntu install see 4 drives or 1?04:28
goksuI have 4x 146GB drives. the total now with raid5 is about 410GB. so yes I t did.04:28
friartuckgoksu see 1 drive @410GB?04:29
goksuyes.04:29
goksushould I have done a raid5 on 3 drives and set the fourth as a hot spare?04:30
friartuckno.04:31
goksuok. so Ubuntu installs from cd ok. but I can not boot after the cd is removed when asked.04:32
karl86i used the ubuntu server guide to set up postfix with tls, but mail clients are complaining that the certificate is out of date. Can anyone point me in the direction in which I am going wrong?04:32
friartuckgoksu setting up hardware raid varies from card to card. it's fairly easy to screw up. I would check the raid card manual.04:32
twbI hate hardware raid04:33
twbEspecially fakeraid04:33
friartuckgoksu sounds like problem with raid card and not ubuntu. guessing.04:33
goksufriartuck: I'll go through the manual again. but shouldnt ubuntu have said so when I last installed? It even asked to removed the old swap partition and all from the previous install attempt.04:34
geniiboot from raid5 is often problemmatic04:34
goksugeni: hmmm. that means not possible for ubuntu or needs workaround?04:35
friartuckgoksu well, when hardware raid is done right...the OS thinks there is only one drive.04:35
goksufriartuck: yes that what I know.04:35
goksutill what time can I count on you guys being around?04:36
twbgoksu: it doesn't work that way.04:37
twbgoksu: people here are from all over the world, and they come and go individually.  There's no roster.04:37
friartuckgoksu this guy did it with guided partitioning and no lvm: http://www.cylindric.net/blog/2007/09/11/ubuntu-on-a-compaq-ml350-server  maybe reinstall and try no lvm...04:38
goksutwb: cause yesterday I couldnt find anyone. being the weekend and all.04:39
twbShrug04:39
goksuits good to know. :)04:39
twbIf you need support bad enough there are people you can pay04:40
twbOtherwise you take what you get04:40
friartuckkick it04:40
goksutwb: what I try to do here is to get a linux server into the company. they insist on getting everything with windows. and they cant do it properly even then.04:40
PhotoJimgoksu: commercial Linux support is available from quite a few places.  there are tons of advantages to running a server on Linux versus Windows, but whether it makes sense at a given company depends on a lot of things.04:41
goksuok some background. I am a civil engineer, lead planning engineer here in qatar (thats gmt+3 so 06:30 now). I have been trying to get most of my work onto the linux side.04:42
goksuI have already moved my two laptops to ubuntu. and what I have been trying with windows it is easier with linux. the learning curve is higher but I like to read  manuals anyway. :)04:43
geniigoksu: I did not see your Q immediately, it did not flag to me due to mis-spelling of ny nick. A usual workaround is to have a small un-raided /boot which then goes to the main system in a raid5 layout04:43
geniiA hardware raid1 is also OK, depending.04:44
friartuckgoksu try the install without lvm. just use regular guided. leave the raid5.04:44
twbgenii: he's using hardware raid5, so a separate /boot shouldn't be necessary.04:45
goksufriartuck: I will try without lvm now.04:45
geniitwb: Even hardware raid 5 controllers often do not allow for boot. The adaptec series has a few like this for instance04:45
twbgenii: that's retarded04:46
geniiI think it's an MBR issue when the data is being striped04:46
twbeverything I hear about hardware raid makes me sad04:46
friartucktwb that's a shame, it makes for very fast disk access and reliability. raid is good.04:47
twbWe bought a fancy IBM rackmount box with hotswap drives for a customer, and only later found out that you had to ask specially if you wanted the hardware raid firmware to support RAID504:47
twbfriartuck: I have no problem with md RAID, I use it a lot.04:48
geniitwb: That totally sucks04:48
genii(the firmware issue)04:48
twbfriartuck: but hardware RAID is like SCSI, you have to have the right kind of jewelled knife and it has to be a full moon and shit04:48
twbgenii: I think that was also one of the stupid raids where you need a tainted driver to make it appear to the kernel as a single drive04:49
geniiAh, not true hardware raid then04:49
twbThe other reason I like md raid is that I don't need to buy spare copies of the raid controller, because md raid is md raid, and any linux can read it with any kind of controller04:49
twbgenii: bloody wacky hardware raid, at least04:50
twbgenii: stupid IBM...04:50
* genii throws a rock at Big Blue for twb04:50
goksuok I got this from the boot setup menu F10: boot disk status: passed-disk present, boot disk ready: pass -disk ready, verify boot sector: pass-valid os boot sector present.04:50
geniiHm, perhaps it supports MBR04:50
goksuso I a am now starting the without lvm regular guided install from scratch.04:50
twbBut sata is always hot pluggable, right, so it's TOOOOTALLY safe to just open a cheap-ass whitebox tower and add/remove drives while it's running04:50
twb>duck<04:51
geniitwb: I'm moving to combination SAS/SATA so I can eventually move it all to SAS04:51
twbSCSI's just too expensive to justify for me.04:52
friartucksata 3Gb/s are nice these days.04:52
geniitwb: I definitely agree on the price issue04:54
Alex_21Yeah, the price of what?04:54
matthew-21Hi, could someone please tell me how to configure what port apache listens on? My isp blocks port 80.04:54
geniiAlex_21: SCSI drives04:54
geniimatthew-21: /etc/apache2/ports.conf04:55
matthew-21Thank you.04:55
geniinp04:56
Alex_21Oh, Matt, use "Sudo vi /etc/apache2/ports.conf"04:56
goksumeanwhil I have another question.04:56
goksuI am running ubuntu desktop edition on my laptops.04:56
Alex_21Got to Ubuntu for Laptops and Desktops04:57
Alex_21Lol, we don't mind here, but you'll get better support over there04:57
goksuI have tried to install the server edition onto them from scratch because all I needed was the server apps. installation went ok but at first reboot I got kernel error.04:57
friartuckgoksu strange, I'm running server 8.10 on a dell 810 np.04:58
goksumy question is: does that happen often? the server edition is geared for servers I understand but still it sould boot from a centrino 1.6 and a amd 1.604:59
PhotoJimserver 8.10 on a dell poweredge 2450 here at home.  other than that RAID1 boot issue, which was pretty easily fixed, no problems at all.04:59
friartuckgoksu I've installed server 7x and 8x on all kinds of old desktops with no issues.04:59
goksufriarduck: I have an hp compaq nx7010 centrino 1.6 and an MSI m673 amd 1.6 running on 1.5 ram.05:00
goksuboth installe dok but no reboot. anyway. I'll ask again when I do a server install on them. :)05:01
friartuckgoksu did you use 32-bit on those?05:01
goksufriartuck: I used 32 bit for the centrino. and 64 bit for the amd turion 64 1.6.05:03
friartuckgoksu and neither booted?05:03
friartuckgoksu here's recent post on same hardware, install worked: http://ubuntuforums.org/archive/index.php/t-1047447.html05:04
goksufriarduck: neither booted. I was a little surprised as one is an old but good laptop, the other one is new but not very high end.05:04
geniiPhotoJim: I have a couple of those 2450, nice boxes05:06
goksufriarduck: on the web page you sent. it does not say server. I couldnt boot server editions. but the desktop editions booted without any problems.05:06
PhotoJimgenii: I have two, but one isn't running (has CPUs but no drives or RAM).  got them cheap, $50 for the pair.  Very pleased so far.05:07
goksuI dont suspend or hibernate. they are left open 24/7.05:07
goksuone is anyway.05:07
matthew-21Is there a way to share things on an external harddrive using apacheÉ05:07
PhotoJimmatthew-21: apache is a web server, it's not meant to be a file server.  but you can do anything on an external drive that you can do on an internal one, using Linux.05:08
friartuckgoksu that's strange. server edition should work on anything that desktop works on. I think Murphy's Law having fun with you.05:08
PhotoJimgoksu: you could always try using the desktop alternate install CD.  but in theory it shouldn't matter.05:10
matthew-21Yes, but my linux server really only has enough room for the os and a few packages and I am not sure how to share web files that are on my external harddrive.05:10
PhotoJimmatthew-21: you can mount filesystems anywhere you like.  apache's web content is stored at /var/www.  so if you mount an external hard disk partition at /var/www, your web server is using your external drive.05:11
friartuckmatthew-21 make a soft link (ln -s) in /var/www?05:12
PhotoJimThat's option 2.05:12
PhotoJimand option 3 is to get a decent-sized hard disk.  terabyte drives are $100-ish US.  much smaller drives that are still really quite large are much less.05:12
friartuck1TB drives are freakin cheap now.05:13
goksuPhotoJim: I did a desktop install then added the lamp packages. I really like linux flexibility.05:13
Alex_21Alex_21: He only has a 10 GB Disk because that is all his web host provides05:13
PhotoJimgoksu:  Linux is really awesome.  the learning curve is sometimes steep, but I admire it more and more all the time.05:13
goksufriartuck: I have an acer easystorage 1TB. upgraded to 4TB.05:13
PhotoJimfriartuck: they're cheap enough that I have a pair of them on RAID1 for a home server, when I don't need a quarter of that much space.  but it makes no sense to not have the space these days.  I can grow into it.05:14
Alex_21Alex_21: That was about Matthew-2105:14
friartuckgoksu nice.05:15
matthew-21énick matthew21105:15
Alex_21Ok, Matthew-21: where is his external drive mounted05:15
matthew-21woops05:15
friartuckPhotoJim I'm sure you will fill that volume :).05:16
Alex_21I'll be right back05:16
PhotoJimfriartuck: I have a feeling you're right. :)05:16
Alex_21Where is a Hard Drive mounted by default05:18
Alex_21? Please05:18
geniiIf it's not a system drive usually somewhere under /media05:19
friartuckAlex_21 look in /media05:19
PhotoJimAlex_21: but you can arrange to have it mounted wherever you like.05:20
friartuckAlex_21 you type "mount" with no arguments to see what's mounted.05:21
Alex_21Ok05:21
Alex_21Thanks05:21
island_swimmerIs there someone named Matthew-21 or something here?05:23
island_swimmerSomeone who was looking for help with sharing files05:23
goksuPhotoJim: believe me you grow into it.05:23
island_swimmerI am doing the same thing05:23
island_swimmerI was hoping to help. Maybe PM if that was ok05:24
friartuckgoksu you in Qatar?05:25
goksufriarduck: yes I am.05:26
friartuckgoksu IT jobs there?05:26
goksuubuntu install is asking Activate serial ATA Raid devices yes/no. I say yes.05:26
goksufriarduck: yes plenty. even the government is looking for IT guys. its growing fast here. not enough qualified ppl.,05:27
goksufriarduck: but funny they have only one IP. the whole country goes out on one IP.05:28
goksuok ubuntu instal says Select disk to partition.05:29
friartuckgoksu strange. I was working for financial services co. when market tanked. maybe I'll head that way :). Qata nice place?05:29
friartuckgoksu how many disks does it present?05:29
goksuSCSI.CCISS (-,0,0) (cciss/c0d0) - 440.3GB Compaq smart array.05:30
friartuckgoksu I'd say your good to go.05:30
goksufriarduck: It is a very safe place. you leave your back on the car in a garage and come back 2 hours later and it still is there.05:30
friartuckgoksu ha ha. nice.05:31
goksuok it removes logical volumes root, swap_1 and volume group etc..05:31
geniiHm. Compaq05:32
goksuyou can find anything you look for. but everything takes time.05:32
friartuckgoksu I look for job...that's taking long time. =-O05:32
goksupartitions formating....05:33
goksuso the hdds work ok.05:33
island_swimmerHow do I find drie that are plugged in but not mounted?05:34
island_swimmerPlease05:34
goksufriarduck: you are welcome here.05:34
goksuTHE FORMAT ÝS STUCK ON 33%  sorry caps..05:34
island_swimmerNo, that is fine. It'll pass it eventually05:35
goksuthere are a lot of ppl who work here and come and go as needed.05:35
island_swimmerHow do you find out what drives that are external can be mounted if they aren't05:35
island_swimmer? Please05:35
island_swimmerLol05:35
goksuisland_swimmer: I dont know. I plug, and it shows. try lusb05:36
goksuif it does not I unplug and replug. but thats obvious.05:37
friartuckgoksu you may need to run a consistency check on the logical volume in the raid setup. it may need to be initialized or something.05:37
friartuckisland_swimmer type "mount" to see what's mounted. look in /media for external usb drives.05:37
goksufriartuck: it is "installing the base system" now. so ok I guess.05:37
island_swimmerThis is a CLI Command-Line install of Ubuntu with no other packages05:38
island_swimmerExcept some ssh and gui tools05:39
island_swimmerAnd no it isn't moiunted at all05:40
island_swimmerMounted, ... Sorry, nor is it in "/media"05:41
island_swimmerWhat can I do05:44
island_swimmerLol, ... Please05:44
friartuckisland_swimmer do "lsusb" and "mount" and post in pastebin.com05:45
geniiisland_swimmer: sudo fdisk -l      should show all the partitions. Likely an external will be sdb1 sdb2   sdc1 sdc2   or so on. Also when: mount        is issued it will not be shown as boing mounted anywhere. You could try after finding what partition is something like:  sudo mkdir /media/sdc2 && mount /dev/sdc2 /media/sdc2                            as an example05:45
geniiIf it completes successfully (in this example for second partition of sdc)  then:  ls /media/sdc2             would show the disk contents05:46
geniiisland_swimmer: Also if the filesystem on it is not native linux you will need to have filesystem driver for whatever it contains and also specify that in mount command like:   mount -t ntfs-3g /dev/sdc2 /media/sdc2              or similar05:49
island_swimmerHow do you get a wd's file type?05:54
island_swimmerIt is a WD HD05:54
island_swimmerWestern Digital05:54
island_swimmerMybook05:54
geniiisland_swimmer: The: sudo fdisk -l      command should have shown you that05:57
geniiisland_swimmer: eg in my case: dev/sda1   *           1       19210   154304293+  83  Linux                             shows the drive is Linux (ext3)05:58
goksuok Ubuntu server Install onto prolient ml350 G5 raid5 does not work. I can not reboot after installation. I still get attempting boot from hard drive (c:)05:59
goksuit was an install attempt with no lvm. just regular guided.06:00
island_swimmerIt looks like SDA1 is part of the OS on the Internal Hard Disk. Is that right?06:00
geniigoksu: As a fast guess I'd say they have some custom MBR which still says something like C:    instead of the MBR being based on GRUB06:00
geniiisland_swimmer: Correct06:00
goksugenii: so what do I do now?06:01
geniigoksu: Did you install grub to the mbr of the first hd ?06:01
goksugenii: all I did was install the cd. nothing else. so if the cd did not install then grub did not install.06:02
island_swimmerWell, I tried the command and it only shows my internal HD06:02
goksugenii: I did not specifically install grub.06:02
island_swimmerIs ther a package that has all the drivers for every file type on it?06:02
geniiisland_swimmer: Then it doesnt see the drive. Does it connect by ethernet wire or by usb, or firewire, or what?06:03
island_swimmerUSB 1.106:03
geniiisland_swimmer: There isn't a single metapackage I know of that is some "all in one" for filesystems supprt, sorry06:03
friartuckgoksu that's strange, I think it's something with the raid/bios setup and probably not to do with ubuntu install. my guess.06:03
island_swimmerIt is some Windows compatable one I know, but I don't know which one06:04
geniigoksu: Can you make a single small raid1 and then the rest raid5 in bios/controller ?06:04
island_swimmerIs that why it won't see the drive?06:04
geniiisland_swimmer: If fdisk doesn't see it then it's something at a hardware level and not at some software level like filesystem type or such06:05
island_swimmerOk06:05
island_swimmerI'll check06:05
geniigoksu: If so, suggest to install /boot and grub to the raid1and the system onto the raid5.06:06
goksugenii: ok. if nothing else will work. bu I really did not want to have to do a raid1. :S06:07
geniigoksu: The MBR of a raid1 will be like a normal disk but just twice, so it works with grub. The MBR of a raid 5 can vary wildly06:08
friartuckgoksu genii I would check the system bios, that's separate from the raid setup program.06:08
geniifriartuck: Yes, that may not be a bad idea. It could be also there is a "hidden partition" with system stuff thats causing it06:09
friartuckgoksu genii you should be able to do one raid5 volume, I've done it a bunch of times.06:09
friartuckgoksu genii but you have system bios program and raid card setup program to deal with.06:10
goksuthe ml350 is brand new from the box. I dont think there is any residue in the hdds.06:11
geniifriartuck: He has no probs making a raid5 and ubuntu seeing and installing to it. He has some other probs which seem MBR related since it refers to "drive C:" etc etc06:11
geniigoksu: Is there some other hd in there not int he raid5 which it might be going to first and trying to boot from?06:12
friartuckgenii agreed, but maybe there's an onboard raid conflicting with an installed raid card...or maybe bios needs to know about raid card or something.06:12
goksugenii there is not.06:15
geniigoksu: There seems something on it here: http://ubuntuforums.org/archive/index.php/t-80342.html    which suggests the initramfs needs to preload a driver called cpqarray06:16
geniiIt's an old thread but perhaps still relevent06:16
geniiAlthough this would happen after grub06:16
friartuckgoksu have you managed to get into system bios program?06:18
lwizardlHi06:21
goksufriartuck: yes I think so. everything is factory default. I am rereading the manuals from the hp.com site. they dont have any manuals on the cds attached to the box. :S06:21
geniigoksu: http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1238304153554+28353475&threadId=123764506:22
lwizardlwould it be possible to build a Ubuntu Server that acts as the network firewall and also auto scans everything for malware?06:22
geniigoksu: Same problem you have answered by their tech support06:23
friartuckgenii goksu so you think he should boot off cd and do grub install?06:24
geniifriartuck: Thats what I'd try, yes06:25
goksugenii friartuck I'll do that after I reread the manual.06:25
goksugenii friartuck so I do a "grub-install /dev/cciss/c0d0p1" ?? from a boot from a live cd and from terminal?06:28
geniigoksu: I'd use the name of the drive you installed to, I think it was different than that one06:29
friartuckgenii goksu how would he get the physical? cxdxpx?06:30
geniifriartuck: fdisk should still  list it. I'm gonna scroll up here, he mentioned disk name earlier06:31
genii"<goksu> SCSI.CCISS (-,0,0) (cciss/c0d0) - 440.3GB Compaq smart array."06:31
goksugenii friartuck so it is the same command then.06:32
geniithe "p1" on their command is partition1. I'd try just the disk name without partiton specified06:32
friartuckgoksu genii I agree. try grub-install /dev/cciss/c0d006:34
friartuckgenii goksu I've only installed grub with gentoo. just checked the docs and it leaves off the partition there too.06:37
geniigoksu: Any joy yet?06:50
goksugenii nope not yet. I am looking for the desktop cd. that one was live.06:51
* genii makes more coffee06:52
MusicGeniouswow, lots o people06:52
MusicGeniousanyone wanna help me set up a server?06:53
goksudoes it matter if the desktop cd is a 32 bit or not?06:53
friartuckMusicGenious here's a good place to start: https://help.ubuntu.com/8.10/serverguide/C/index.html06:53
MusicGeniousquick question, which version should i use?06:54
MusicGeniouslts or newest release?06:54
goksuburning 64 bit desktop for grub-install06:55
MusicGeniousi wish there was a puppy linux server edition but ughh nope06:55
friartuckgoksu good idea.06:55
MusicGenious8.10 or 8.04?06:55
MusicGeniousim putting it on a compaq presario sr1115cl or something06:55
twb14:59 <Alex_21> Oh, Matt, use "Sudo vi /etc/apache2/ports.conf"06:56
twbI recommend sudoedit instead, since it reduces the amount of stuff that is escalated.06:56
friartuckMusicGenious it's up to you. 8.10 has new packages. 8.04 has longer support.06:56
MusicGeniouswill they both allow me to set it up with a dns hostname?... and is that free?06:57
friartuckMusicGenious yes06:57
MusicGeniousi know ubuntu is free, but are host names?06:57
twbMusicGenious: or your own network, certainly.06:57
friartuckMusicGenious hmmm...hostname is just the name of you machine.06:58
MusicGeniousi want access anywhere06:58
MusicGeniouslike if im at school or wherever06:58
twbMusicGenious: then you probably just want to use a gratis dynamic dns service, so you will have something like musicgenious.ath.cx or musicgenious.dyndns.org06:58
MusicGeniouscuz im running on a home network and i got the whole 192.168.x.x thing going lol06:58
MusicGeniouswill that be free?06:59
twbThat will be zero cost.06:59
MusicGeniousWORD!!!06:59
twbi.e. free of charge.06:59
MusicGeniousand using this server will let me open and save things to it from wherever?06:59
twbMusicGenious: that will give your router a permanent FQDN.  You would then use port forwarding to make services visible from the internet.07:00
MusicGeniousok, that will work, but will i be able to save files to it?07:01
MusicGeniouslike if im at school and i do some homework and i wanna upload it, will i be able to do that?07:01
Alex_21Thanks for your help07:02
Alex_21Good night07:02
twbMusicGenious: if you expose that service, and neither you ISP nor your school block your access, then sure.07:03
friartuckMusicGenious the issue is security. making a server available on the internet opens a can of worms.07:03
twbfriartuck: good point.07:03
MusicGeniousaka people can do whatever they want to it?07:03
twbMusicGenious: that depends on your security model.07:04
friartuckMusicGenious if you don't know about security, then yes.07:04
twbFor example, if you enable remote ssh access via passwords instead of keys, then anyone on the internet can just keep trying passwords until they guess what yours is.  Then they have full access to your system running as your user.07:04
MusicGeniousbasically heres what im using it for besides my personal use.  i have friends over and we record music, and i wanna upload all of our stuff so they can access it and show family and friends and stuff, it'll save on the cost of burning a crap load of cd's lol07:05
twbMusicGenious: you realize that is almost certainly a violation of copyright law?07:05
friartucktwb looks like he's talking about originals...07:06
MusicGeniouswhat is a violation of copyright law?  letting people download the music ive recorded that i made myself?07:06
MusicGeniousim not sharing other peoples music, im sharing mine07:06
twbMusicGenious: ah, if it's your music, that's OK.07:06
MusicGenioushence musical genius lol07:06
friartuckMusicGenious not for originals, just don't share Metallica. :)07:06
MusicGeniousyeah or linkin park lol07:06
MusicGeniousm shinoda isnt down with that lol07:07
twbTechnically copyright only applies to creative works.  You could argue that Metallica's albums aren't ;-P07:07
twbAaaanway07:07
friartuckha ha! not since black07:07
MusicGeniousbtw, if you guys are interested www.myspace.com/andyblankfield  take a listen, feel free to critique lol07:07
MusicGeniouslol07:07
twbfriartuck: actually I think their best work was their covers album, garage inc.07:08
friartucktwb Cliff Burton fan?07:08
MusicGeniousthats just me, but im trying to start a music club or whatever and make an album called collaboration generation07:08
friartuckCliff'em All?07:08
twbfriartuck: shrug07:08
twbfriartuck: I don't know much about art.07:08
twbI think we've wandered off-topic.07:09
MusicGeniousnahh im waiting for the server edition to dl07:09
MusicGeniousbtw how long should this take to set up?07:09
goksuok ubuntu desktop 64 bit live cd book ok. :) pretty screen :)07:09
twbMusicGenious: you can do an install just using a mini.iso07:09
MusicGeniousroughly07:09
friartucktwb Cliff Burton was original bass player in Metallica. Yeah, it's way off topic.07:09
MusicGeniousits not hooked up to the internet, im using a usb adaptor at the moment07:10
twbMusicGenious: ah, fair enough.07:10
MusicGeniousthats another thing, will i be able to use ndiswrapper so i can run it from wireless?07:10
lwizardlwould it be possible to build a Ubuntu Server that acts as the network firewall and also auto scans everything for malware?07:11
twbMusicGenious: ndiswrapper will work as well on Ubuntu Server as it does on Ubuntu.07:11
MusicGeniousnever got it working on ubuntu lol07:11
twbMusicGenious: precisely.07:11
MusicGeniousbut it works on puppy linux... weird07:11
twbMusicGenious: I recommend you pay more attention to Linux support when purchasing hardware in future07:12
friartucklwizardl take a look here: http://www.ipcop.org and here: http://www.smoothwall.org07:12
twblwizardl: that depends on how you define `everything' and `malware'.07:12
MusicGeniouslol, well its not a big deal, its just more convenient... but if i can figure this one out i should be able to build a puppy linux server edition myself lol07:12
twbReally, the right way to get rid of malware is to take Windows away from your users.07:13
MusicGeniouslol07:13
lwizardltwb, well i have a few windows users on my desktop and i would like to make sure that they stay safe07:13
twblwizardl: that's not really possible.  The best you can achieve is a holding action.07:14
lwizardltwb, i have enough trouble with her on windows she's almost 60 years old07:14
friartucklwizardl firewall from scratch is long story. ipcop and smoothwall is short story.07:14
twbfriartuck: why not ufw?07:14
twbfriartuck: ultimately they're all just wrappers on top of iptables07:14
lwizardlfriartuck, i've looked at the ipcop stuff but i would like to also have Tor type setup on the same server machine07:15
friartucktwb true, but ipcop and smoothwall rock. ipcop has plugins for snort and all kinds of stuff. you can do it by hand...but if one is asking in a chat-room then doing by scratch is long ways off.07:16
friartucklwizardl tor server on a firewall=bad practice.07:17
goksugenii friartuck I did a boot with livecd 64bit desktop. then did a "grub-install /dev/cciss/c0d0" (also with c0d0p1) I get message "could not find device for /boot: not found or not a block device.07:17
twbRouters are for routing and not services.07:17
lwizardlfriartuck, i don't want to run a tor server for others to access i just want to have all my connections tunneled through it07:18
twbgoksu: you need --root-directory=/mnt after mounting your root filesystem on /mnt and your boot filesystem on /mnt/boot.07:18
twbDoes Tor use tun/tap?07:18
goksutwb: could we go step by step? at the terminal I do what exactly?07:20
goksuI am not that good with the terminal just yet. :)07:21
twbgoksu: OK, so you should at present have partitions for the root and /boot filesystems.07:22
friartucktwb he just booted off live cd.07:23
twbfriartuck: that's why he needs to mount the disks07:23
friartuckgoksu do: sudo fdisk -l   and past at pastebin.com07:26
goksutwb friartuck I think I need to go step by step. 1. I booted from a livecd 64bit. it booted ok. 2. at the terminal I do what? the sintax escapes me.07:26
twbfriartuck: it would be better to get /proc/partitions07:27
friartuckgoksu just cut and paste the output in pastebin.com and hit the send button, then copy and paste the url link in here.07:30
goksuhttp://pastebin.com/d66a1856a07:30
goksuthats a cool site. :)07:31
friartuckgoksu now do: more /proc/partitions07:32
goksuhttp://pastebin.com/d707fd4ec07:35
goksudown below the previous post.07:35
goksulooks like I need to remake the raid5. I have tried 3 installations and it looks like residue from those.07:36
friartuckgoksu well, i dunno. try: mount /dev/cciss/c0d0p1 /07:38
friartuckoops07:38
twbfriartuck: er, don't mount it there07:38
friartucknot that07:39
friartucktwb does he need to make a directory in /mnt ?07:39
twbfriartuck: I don't bother07:40
friartucktwb this is not a production box.07:40
twbfriartuck: it's only a problem if it's a gentoo livecd07:40
friartuckgoksu try: mount /dev/cciss/c0d0p1 /mnt07:40
goksufriartuck twb it will be a production box when it is properly mounted though.07:41
friartuckha07:41
goksufriartuck twb I am at work this is the machine I will transfer my work load to.07:42
friartuckgoksu if it's mounted, you should see some directories with: ls /mnt07:43
goksufriarduck yes it looks like it did mount. I see bin cdrom etc...07:44
friartuckgoksu do you see boot? ls /mnt/boot07:47
goksufriartuck sorry for the typo. :)07:47
goksufriartuck ye sit is there.07:48
goksuI really need to work on my understanding of the linux file system :/07:48
friartucktwb I've only installed grub a few times with gentoo. do you think he needs: grub-install --root-directory=/mnt /dev/cciss/c0d0 ?07:50
twbfriartuck: yes, that's right.07:50
twbfriartuck: however check that there's something IN /mnt/boot first07:50
twbIf that doesn't work, try adding --recheck07:50
goksuok07:50
friartucktwb he sees boot in /mnt07:50
twbfriartuck: well obviously, because the root directory needs an empty dir there so as to mount a separate /boot, if it is a separate filesystem07:51
friartucktwb he did regular guided partition. shouldn't be separate07:52
twbFair enough07:52
goksuls /mnt/boot has files in it. also grub.07:52
goksuso I go with your command line instruction?07:52
friartuckyeah07:53
goksutwb friartuck ?07:53
goksuok then. :)07:53
goksufriartuck twb I am rebooting now. fingers crossed.07:56
goksufriartuck what does you nick mean?07:57
friartuckgoksu I'm old, single, talk about religion and politics a lot, pot-belly.07:58
friartuckgoksu friartuck is religious character in Robin Hood.07:59
goksuyes wel so? I am 34, working on my pot belly. :) just got married 10 months ago.07:59
goksuoh ok.07:59
goksuHOOLLYYYSHHHHH.t!! server login: ehehehe07:59
friartuckgoksu good luck with that. installing grub is easier than woman07:59
friartuckgoksu yay! thanks for the help twb!08:00
twbMy workstation used to be called rocinante.08:01
twbI was gonna call it bucephalus, but then I thought "let's be fair, pebcak"08:01
goksufriartuck twb genii thank you all for your help. I could not have done it without you. :)08:02
* genii wakes up when his name gets hightlighted08:02
geniiAh, got it working then08:02
geniigoksu: Was the MBR after all then?08:03
friartuckgenii yes, that post you found did the trick.08:03
geniiCool, glad to have been of some service08:03
friartuckgoksu that was hairy. you deserve some easy installs now!08:04
goksutwb: rocinante?08:05
geniitwb: Nice catch on the  --root-directory=/mnt  part btw (just checked backscroll)08:05
twbgoksu: look it up08:05
goksufriartuck: both need plenty of patience.08:05
goksufriartuck: now that I have the server up. I have plenty of more work to do. I'll attack the laptops next. :)08:06
goksuso that was the mbr? so the /boot is the name for the mbr and grub the software we installed in it to kickstart the boot sequence of the OS?08:07
goksutwb friartuck genii thank you all for the help. any time you come give a heads up well go drinking on me.08:10
friartuckgoksu ehh, not exactly. grub is installed in mbr and needs to know where /boot is.08:10
twbgoksu: stop invoking my name, I'm trying to concentrate.08:10
goksut-w/b ok then. :)08:12
CppIsWeirdis there any package that would setup a ubuntu-server to something similar to m0n0wall or pfsense?08:39
friartuckCppIsWeird ipcop and smoothwall are linux equivalent to monowall and pfsense.08:42
friartuckCppIsWeird or you can do netfilter by hand: https://help.ubuntu.com/8.10/serverguide/C/firewall.html08:46
btmsoren: i see your cobbler git branch hasn't seen activity in 9 months. is deploying ubuntu boxes with cobbler (hardware + virt) still on the horizon?09:05
deiAnyone here familiar with DNS? I'm wondering - when I use the Dig command if there should always be an Answer section09:34
deiwell - if the server is working correctly, there should be an answer section... I assume09:34
friartuckdei yeah, there should be an answer. try dig @4.2.2.2 www.google.com to see how it should look.09:41
=== asac_ is now known as asac
=== ObiWanQueNoob is now known as UdontKnow
krautmoin15:37
beawesomeinsteadanyone use jaunty's dovecot-postfix? it looks like postfix doesn't use Dovecot deliver properly out-of-the-box ...16:52
cemcbeawesomeinstead: what do you mean exactly?17:00
* giovani installs it in his jaunty vm17:02
cemcwhen you install dovecot-postfix it changes the mailbox_command in postfix/main.cf to use dovecot's deliver17:03
beawesomeinsteadcemc: Postfix doesn't use Dovecot's deliver out-of-the-box, regarding mailbox_command is specified in main.cf. Another thing is that, as was mentioned on Ubuntu Wiki, Dovecot LDA is default LDA, however postfix still tries to lookup users in it's database (which is not specified) -- IMO, missing <local_recipient_maps = > in main.cf17:04
cemcdefault local_recipient_maps is from passwd file as far as I can tell17:06
giovanihmm, it installs mysql, but then maps users locally?17:07
giovanithat's odd17:07
cemchuh?17:08
beawesomeinsteadgiovani: it installs mysql-common since dovecot is compiled with auth-via-mysql support17:08
giovanibeawesomeinstead: ah ... well they should use it17:08
beawesomeinsteadcemc: i checked, yeah, default auth db for dovecot in pas so yep, default local_recipient_maps makes sense17:09
beawesomeinstead*pam17:09
beawesomeinsteadbut still not sure what's wrong with mailbox_command.  dovecot-postfix works smoothly after adding dovecot deliver as a service into master.cf, but...17:11
beawesomeinstead* and after adding local_deliver = dovecot in main.cf of course17:13
cemcdo you get any error messages?17:14
jpdskees: Could you possibly look into my merge proposal for apparmor at http://tinyurl.com/c5hjlk ?17:16
cemccemc: I just tried installing dovecot-postfix on my jaunty vm, and sent a mail to the local user, and it got delivered17:17
beawesomeinsteadcemc: yep. Here is my postconf -n and error message: http://friendpaste.com/6RFbYIJKqjeQLTbAnmhD5517:17
=== chrisadams is now known as chris_d_adams
cemcbeawesomeinstead: does that flashadmin user exists as a unix user?17:18
beawesomeinsteadcemc: no, flashadmin is a virtual user, notice17:19
beawesomeinsteadlocal_recipient_maps =17:19
cemcoh, I see. well, it you user virtual users, then the mailbox_command won't work. there's virtual_transport = for that, I think17:21
cemcyou would set virtual_transport = dovecot, then define that transport in master.cf17:23
cemcmailbox_command is for the local delivery agent of postfix (man 5 postconf and search for mailbox_command)17:23
beawesomeinsteadcemc: ah, a see. just for the record, in my stack i managed to get it working with <local_transport = dovecot> instead of <virtual_transport = dovecot>17:25
beawesomeinsteadthanks for your assistance!17:26
yann2where is the best place to add a script that should run just after a server boots?17:51
cemcyann2: you could add the script to /etc/rc.local17:53
yann2This script is executed at the end of each multiuser runlevel.17:55
yann2so it gets executed how many times?17:55
yann2just one?17:55
friartuckyann2 here's a good doc: https://help.ubuntu.com/community/UbuntuBootupHowto17:55
keesjpds: yup, did it earlier this morning (though I changed your patch around a bit)18:13
jpdskees: Oh, didn't see. Awesome, thanks. :)18:15
keesjpds: np, thanks for the patch.  :)18:15
jpdsDoes anyone know what the m in requested_mask="::mr" in apparmor is?18:26
keesjpds: "man apparmor.d"  it means, basically, map into memory for execution (a shared library)18:27
jpdskees: Didn't know that manpage, thanks.18:28
keesnp :)18:30
keesit's mentioned at the bottom of "man apparmor" under "SEE ALSO", though it could probably stand out better.18:30
jpdsYeah, I didn't look hard enough.18:35
keesall that said, there are still things missing from the apparmor.d manpage (just some new settings, like "deny" and "allow" prefixes) but there's a bug open for that already.18:37
=== MusicGenious is now known as interwebs
=== interwebs is now known as xrter-1
=== xrter-1 is now known as xrter
=== xrter is now known as Xrterl
=== Xrterl is now known as xRt3r
=== xRt3r is now known as MGMT
dustinubuntu server edition 8.10 with gui- gnome, is it possible to build and if so how would I do it?20:45
giovanidustin: GUIs aren't supported in this channel, yes, you can install the ubuntu-desktop package, which will install everything the desktop would have on top of your server install -- not much point though20:48
dustingiovani: is there anything special I need to do to install server 8.10 on a p3 w/256ram20:57
giovanidustin: nope, but I highly highly doubt you want to run gnome on that machine20:57
giovani256 MB of ram is not enough for any serious desktop environment like kde/gnome20:57
giovaniI'd stick to a straight server install -- no gui20:58
dustinit ran good as a desktop but when I installed apache with php over ubuntu 8.04 I ran into problems20:58
giovaniwhat kinds of problems?20:59
dustinhave you guys had any problems with the iso's on the ubuntu site, (I cant seem to get one to burn right)20:59
giovaniyou should be confirming that the md5 hash of the file you downloaded matches the md5s provided21:00
dustinphp and apache didnt play well together being installed after OS21:00
giovanito make sure it wasn't corrupt during download21:00
giovaniphp and apache play fine together, it was probably a misconfiguration21:00
dustinthats Y I think that using server edition will help fix that (becouse I wont have to mesh them so I wont be the one to mess it up)21:01
giovanithe desktop and server edition don't have any differences in the apache/php packages they offer21:01
giovaniso that will not solve your problem21:01
dustinhow do I test md5 b4 burning?21:02
giovanion linux, "md5sum filename.iso"21:02
giovaniand then compare that number to the one provided on the download mirror21:02
giovanidustin: you never needed to manually pack them together, the LAMP package simply installs the same packages you would have otherwise21:04
friartuckdustin lamp requires configuration21:04
dustinwell I think its time to burn this php,apache,mysql all in one book becouse that means that all the info in it is wrong :S21:05
giovanithere's no need for a book21:07
giovaniplenty of great documentation on the ubuntu wiki21:07
giovaniand on google21:07
dustinyeah well I am one of those ppl that has a library in my living room and I buy the book then ask why the info is wrong :S21:08
giovaniwell books are not bad ... you just need the RIGHT book21:09
giovaniwhich book have you been following?21:09
dustinI need to start looking more online before I go to barns and noble21:09
dustinits SAMS complete guide to php apache, and mysql all in one21:10
dustinISBN:  978-0-672-32976-0  I think I am going to leave a review with a few bookstores21:12
friartuckl.a.m.p. you can get a full time job administering any of those initials. learning all of them takes more than a reading.21:12
dustinI am learning this in kindof a crash course fashion21:13
dustin:)21:13
giovaniwell ... most jobs involving Apache involve using it with PHP and MySQL :)21:14
giovaniso, that's why there are books covering the topics together21:15
giovanieven if they're basic21:15
dustinjust out of curiosity does anyone know if there is a version of cuda for ati cards that I might be able to use to accelerate my software raid?21:15
friartuckgiovani true that, but if the environment is large enough there will be specialist for each.21:16
giovanifriartuck: not in most companies21:17
giovanimost companies don't hire real specialists -- they hire generalists21:17
dustininstalation question: when I install on this computer(I know these #'s are small) I have ane 20gb hdd and one 40gb hdd shold I raid 20gb of both and use the rest for non critical data?21:18
dustinof course raid1 for the raid21:19
friartuckgiovani the qualifier was "large". I worked at a firm that had a dedicated dns group, nothing but bind all day long.21:19
dustinor would this be a great waste of time21:19
giovanifriartuck: yeah, missed that21:20
dustinso to raid or not to raid is it a waste of time or would I be able to use it I am going to host 5-15 websites and I dont think that I will be using dns binding21:24
dustinI tested the iso and it came out good so I am burning again hoping that it was just a bad disk last time21:24
dustindoes anyone have an opinion on software raid on a system this small?21:26
friartuckdustin lamp like raid is not a trivial topic. it's up to you.21:27
dustinI just was wondering if I would see any gain by using it and if anyone else here would opt for or against it on there own system if it were this small21:28
dustinin other words is there any point to it or am I waisting time trying to use it (my data isnt that critical)21:29
dustinserver edition comes with openssh correct?21:31
giovanidustin: not until you install it21:34
dustinI am just making a list of things to install and things to update while I am here21:36
PhotoJimdustin: it's a good idea to make a list of anything you find useful on your system.  then if you reinstall or make a new system you will know what to install.21:36
dustinand I want to do this right this time because it is realy agrivating when it doesnt work right21:36
PhotoJimdustin: I discovered yesterday that debian lenny doesn't automatically install telnet, which is useful for testing network connections even ify ou don't log into remote systems with it. :)21:37
dustinof course I would get I/O errors now that I have advice on how to install :S21:41
dustinanybody here like to work with hardware errors ;)21:41
dustinI installed this iso on a virtual machine that matched my specs without problems and now that I have the disk I cant get the thing to go grrrr21:43
PhotoJimHardware errors are a real b**ch.21:43
dustinespecialy after you just removed a working build21:44
dustin*not a good working build but working just the same21:44
PhotoJimI had some RAM issues with my server at home for awhile.  it took me awhile to figure out the problem.21:45
PhotoJimhad some data corruption as a consequence.21:46
dustinwell reset bios to defaults and try again :)21:46
PhotoJimIt felt amazingly good to figure it out though.21:46
PhotoJimgood luck.21:46
PhotoJimactually, I learned one thing out of my RAM troubles.  my server ran amazingly well with only 192 MB of RAM.21:46
PhotoJimand better 192 MB of reliable RAM than 768 of dodgy :)21:46
PhotoJim(only one stick was bad, thankfully.  so I ran at 640 a bit until I got another 256M stick.)21:47
dustinthis server was running with 256mb ram 933mhz proc and 2 hdd newly added-- dvdrom and cdr drives for reload21:49
matttis this channel for people running the server version of ubuntu, or for people running any ubuntu version in a server environment?  :)21:49
dustinand the drives are the only change since last load21:49
PhotoJimmattt: I don't know for sure, but primarily 1.  2 is welcome I'm sure though.21:50
dustinyup we all are running or trying to get running servers21:50
dustinso far as I can tell anyway21:50
dustinphotojim it was the disk ',(21:55
PhotoJimdustin:  as in the media?21:55
PhotoJimas in the drive?21:55
dustindoes anyone have a cdrom drive cleaning disk I can borrow (jk) and yes the media was the problem21:55
dustinI think my burner has a dirty lens or something21:56
PhotoJimentirely possible.21:56
PhotoJimlaptop or desktop?  laptop drives are easy to clean.21:56
PhotoJimdesktop drives are trickier.21:56
PhotoJimI thought you'd tried multiple drives which is why I wasn't attributing your problem to your drive.21:57
dustindesktop and I have plenty of drives to try I will try different ones soon becouse I just tried to verify a known good disk and it failed the md5 test21:58
dustinknown good as in I just built a working computer with it 2 days ago21:59
PhotoJimwell I'm glad you figured it out.21:59
dustinbut at least it didnt give the I/O error21:59
PhotoJimat least drives are cheap.  if you need to replace it it isn't a huge problem.22:00
dustinactualy I have 5 computers I can canibalize for one22:00
PhotoJimyes, I've done that.22:01
dustinfinal count 3 burners 1 dvdrom and 4 cdrom drives22:01
dustinmy family was complaining about there computers always crashing so I built them a couple that I need to mail out but so long as they are here ;D22:03
PhotoJim:)22:05
PhotoJimI have a bunch of spare drives.22:06
PhotoJimnot worth selling.22:06
PhotoJimnothiing wrong with a 16x DVD burner.22:06
PhotoJimand the 8x in my server does fine, not worth tearing the machine apart to upgrade.22:06
dustinwell how often do u realy use a cdrom in your server22:06
PhotoJimnot very often.22:07
PhotoJimbut once in awhile.22:07
PhotoJimpeople send me DVDs of stuff occasionally.22:07
dustinI have my desktop for gaming and media and next to it is the server that just kinda sits there looking good22:08
dustinbrb switching desktops22:09
dustinthat feels better22:10
dustinI was in kde to help walk someone through something22:11
SupertankerHi, on Ubuntu 8.10 server the libpam-chroot package appears to be roken22:51
Supertankerbroken22:51
ivoksbest way to deal with that is to report the bug22:52
SupertankerHow?22:54
Supertanker(Sorry, I haven't done many bug reports)22:54
ivokshttps://bugs.edge.launchpad.net/ubuntu/+source/libpam-chroot22:56
SupertankerThank you22:58
matttSupertanker: why's it broken?23:00
ivoksthere's a bug about that already23:00
SupertankerI'm loading to see if it's the same one23:00
SupertankerI read somewhere it was because it was linked with ld instead of gcc, or something really weird like that.23:01
SupertankerYeah, same bug23:01
ivokshttps://bugs.edge.launchpad.net/ubuntu/+source/libpam-chroot/+bug/23730823:01
uvirtbotLaunchpad bug 237308 in libpam-chroot "libpam-chroot broken" [Undecided,Confirmed]23:01
ivoksi'll check it in jaunty tomorrow23:02
ivoks'night23:02
SupertankerHah23:03
SupertankerOkay, I fixed that bug; now I get "Connection reset by Peer" instantly when I try to ssh to my server with the chroot'd user.23:03
* Supertanker looks that up too23:03
SupertankerThanks guys.23:03
matttSupertanker: heh, i set this up the other week23:04
matttSupertanker: a few notes ... make sure you mount /dev/pts and /proc23:04
fevel            whats a good way to monitor my ubuntu gateway's traffic? I would like to check wich IP is consuming the most bandwidth23:04
matttSupertanker: so, like ... mount --bind /dev/pts /chroot/dev/pts23:04
matttSupertanker: and finally, make sure there is a passwd entry in the chroot for the user you're ssh'ing in w/23:05
Supertankermattt, oooh, I didn't think you needed a proc or the pts23:05
matttSupertanker: this is probably the best resource i found:  http://chains.ch/2008/01/26/chroot-environment-on-debian/23:06
SupertankerThanks23:06
SupertankerEh23:07
SupertankerSomehow in my /chroot/dev I only have two files now: 0 and 123:07
SupertankerAnd I can't remove them23:07
Supertanker:o23:08
SupertankerYou know what, mattt?23:08
SupertankerIn my /dev/ there's no /pts, but there's a directory called pts23:08
SupertankerIs that what I need?23:08
matttyeah23:09
mattta directory called pts under dev :)23:09
matttaka /path/to/dev/pts/23:09
SupertankerAh okay23:10
matttSupertanker: but, i think not having /dev/pts mounted would give you a different error23:13
Supertankermattt, ahh, I see23:14
SupertankerPTY allocation request failed on channel 023:14
SupertankerNow I'm getting somewhere :P23:14
matttSupertanker: ah!23:14
matttthat's the one :)23:14
Supertanker(It turns out I needed to set UsePrivledgeSeperation no in sshd_config)23:15
matttah, crappy ... the box i'm using (debian lenny) didn't require that23:15
SupertankerHuh23:16
SupertankerI have /chroot/dev/pts created and it has two files inside23:16
SupertankerSo why am I getting that error still?23:16
mattthmm23:17
matttlet me have a look on my box23:17
SupertankerOkay23:18
matttSupertanker: try mount --bind /proc /path/to/chroot/proc23:19
matttSupertanker: btw, those files are probably there because of the --bind, you're remounting your /dev/pts on top of that directory23:20
Supertanker...oh duh23:20
* Supertanker tries23:20
SupertankerNope :/23:21
SupertankerYeah, I fixed that already23:21
matttyour user is defined in the chroot's /etc/passwd, right?23:21
matttand lastly, may want to install udev in the chroot23:21
SupertankerYes to the first and I'll try that in a bit for the second23:23
matttwait23:23
Supertanker?23:23
mattti just removed udev from my chroot and it still works ... sooo23:23
matttthe only last suggestion i have is ... to verify your /etc/security/chroot.conf file23:24
matttSupertanker: what does your chroot line look like?23:24
SupertankerJust a sec23:24
SupertankerIt appears to be valid23:25
SupertankerThe last entry into the auth.log is "preparing to chroot()"23:25
SupertankerAfter saying it found the chroot_dir, etc, etc.23:25
SupertankerI could just try doing ./makedev generic and seeing if it's a device problem or not23:26
matttsec23:27
matttcan you copy the line from chroot.conf?23:27
matttcuz that caught me out too23:27
SupertankerWhat line?23:27
matttwhere you define your user's chroot23:27
SupertankerIt's just 'sentharn           /chroot/home/sentharn'23:27
matttthat's the problem23:28
matttchange it to23:28
matttsentharn /chroot23:28
SupertankerAhhh23:28
matttthat wasn't clear to me either :)23:28
SupertankerWell we got a step closer23:28
SupertankerNow it doesn't kick me out23:28
SupertankerBut it still says PTY failed23:28
SupertankerOh duh23:29
SupertankerThat's because I have no pts23:29
* Supertanker recreates it23:29
SupertankerBoooh-yah!23:29
* Supertanker hugs mattt 23:29
SupertankerThanks!23:29
* mattt cheers23:29
matttsweet23:29
SupertankerHmmm23:34
SupertankerIs /proc really necessary?23:34
SupertankerIt'd be kind of nice if I didn't have to put it in the chroot23:34
matttdon't think so23:35
matttbut then you can't ps, df, etc.23:35
matttactually, try to unmount and see if you can still ssh in, not 100% sure23:35
SupertankerIt closes the connection as soon as I log in if I try without it23:35
SupertankerI don't think it likes not having it much.23:36
uvirtbotNew bug: #351275 in mysql-dfsg-5.0 (main) "AppArmor rules cause tmp table problem" [Undecided,New] https://launchpad.net/bugs/35127523:56
=== owh is now known as owh_
=== owh_ is now known as owh

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!