[00:00] well rpm is a bitch so i guess thats good [00:01] haha yeah. sort of my feeling. [00:01] well, current rpm + yum isn't too bad, but dpkg + apt-get is generally nicer. [00:02] I still prefer ports to aptitude, but that's more crotchety old habits instead of anything inherent in the two systems [00:02] apt-get is nice yea [00:03] fallous: yeah, i sort of ditched aptitude these days, i just use apt-get and prevu directly, and don't really miss ports anymore. [00:03] but then again, i'm pretty much not into building packages myself anymore either. too much to do. [00:04] i'd rather just get signed good packages from upstream 99% of the time. [00:04] yeah [00:05] although maybe ports has better selection of binary packages these days? I dunno, I haven't used freebsd for anything serious in ages. [00:05] I never much bothered with binary packages in ports since compiling assured things were built to my system setup and worked pretty much flawlessly [00:06] yeah. that's sort of the ports way of things. it's just not the best for big rollouts. especially when the compiling gets hairy. [00:07] hell, even backporting packages with prevu sometimes gets a little crazy these days. I'm glad there's people upstream working to sort that out for me. :) [00:07] I mostly just have a ton of systems to patch and upgrade, and if upstream has binary packages, then awesome. Ubuntu's good for that. :) [00:07] yeah [00:11] unit3: hey back again...hoping you might have some other idea why its not working...i unistalled everything related to apache,php,mysql, and only installed bare essentials, apache and the php...still nothing [00:12] google is also natually unhelpful on the subject [00:12] jacob__: without taking a look at the server, it's hard to say. [00:12] can you put more debugging info into your test file? make it some text, then some php, then some more text, so you can see if it even reads the file or not? [00:13] perhaps you have permission issues. [00:13] as well, I'd suggest *not* setting some random directory in your home dir to your document root. use default settings for everything until you've got the basics working, then make changes one at a time and make sure they don't break anything. [00:16] kk..will run test and try to get more info to you....i know i'm not giving alot of to go on === dendrobates is now known as dendro-afk [00:22] unit3: information on this isn't very clear....i'm getting this error [notice] caught SIGTERM, shutting down [00:22] what's not clear? that's just an informational notice telling you apache shut down at that time. [00:22] it's not an error. [00:29] unit3: ok maybe now i have some usefull info.....when i go to the default server is list my webpages andd i can click on them they open just fine...but still no php [00:29] also no error messages [00:30] not sure what you mean by "they open just fine". [00:31] isg: So, I have a running cloud controller/cluster controller/storage cluster/walrus. Am installing the node controller now. [00:31] isg: I forgot to mention earlier that I've been following these instructions: http://testcases.qa.ubuntu.com/Install/ServerECluster http://testcases.qa.ubuntu.com/Install/ServerENode http://testcases.qa.ubuntu.com/Install/ServerEConfig [00:31] isg: I'm on the second one now. [00:32] sorry....i made a random web page with links to a few other pages added a bunch of text, and a few pictures...all of that works...when i go to the http://127.0.0.1/ is shows me a index of...then all of my sites info is listed below it as in name, size and descriptions of each [00:33] jacob__: right, so did you try to create a test.php or whatever that had some more content and php in it, like i recommended, to see what happens with it? [00:36] unit3: wow just realized the walkthrought i had been looking at was stupid....may have solved it [00:36] haha ok [00:37] you're generally best off reading the docs on help.ubuntu.com and wiki.ubuntu.com before looking at generic documentation. [00:38] lol yea this was a w3school, they are usually pretty good about it....but sadly didn't fix it [00:40] and still no errors [00:40] w3school is just for writing web pages, they shouldn't really have any info about apache configuration... and if they do, I suspect it's massively out of date. [00:40] in any case, can you try setting up a test page with more content in it like i suggested? [00:43] i did that, added a bunch of text, variables for the text...and working on adding a few more things to it atm [00:44] ok, so, you've got some text, some php, and some more txt. can you pastebin the results of "view source" from that? [00:46] yep give me a sec and i will link it to yo [00:46] you( [00:50] unit3: http://pastebin.com/m6f92adc0 === dendro-afk is now known as dendrobates [00:53] errr... ok, that's the code, and is that the same output you get from the web server, or is it different? [00:53] lol ignore my comment i figured out why those other two didnt work [00:53] ok...? so it's working now? [00:55] well, good luck, I'm out. [00:55] ty [00:57] unit3 [00:57] ports wins out [00:57] unix ftw [01:06] Should it take long for a UEC node controller to register with a cluster? [01:07] I've been following the instructions (http://testcases.qa.ubuntu.com/Install/), but my node controller doesn't seem to be finding its cluster. [01:07] how long? [01:11] wish^: 10 minutes? [01:11] I'll try registering it manually. [01:11] im no expert with ubuntu but it shouldnt take that long [01:14] Hrm. [01:14] Even after running euca_conf --register-nodes $IP it still doesn't work. [01:14] Hmm, key synchronization might be the issue. === corp186_ is now known as corp186 [01:36] New bug: #495249 in clamav (main) "ClamAV 0.94 end-of-life announced" [Undecided,Fix released] https://launchpad.net/bugs/495249 [01:51] New bug: #509934 in likewise-open (main) "password caching no longer works" [Undecided,New] https://launchpad.net/bugs/509934 [02:32] weird issue. when i boot up i don't get the login prompt. I have to hit ctrl+alt+f2 [02:32] a different tty or whatever [02:34] mike3, did you check the logs to find the error? [02:35] also, this is a server channel and we assume you didnt install a GUI desktop [02:38] this is ubuntu server [02:44] no errors that i can find [02:44] nothing that shows me why it's just sitting there [02:53] ok ubuntu geniuses, I've got a challenge for you. "/dev/sdc is apparently in use by the system; will not make a filesystem here!" but it's not mounted or in use [02:54] i'm using ubuntu server [03:01] Hello there !! [03:03] does the ubuntu server edition comes with a GUI packed to install or it must be downloaded ? sorry newbie question [03:03] must be downloaded [03:04] estimated size ? ... [03:05] hmm... not sure [03:05] sudo apt-get install ubuntu-desktop and it should tell you how much space [03:05] you'll have the option to continue or not [03:06] mmm ... [03:06] have to try that .. [03:07] 2nd newbie question... Ubuntu cloud it's a local cloud or you have to be connected to the internet ? login in a web or something ? === Vanhalt is now known as gQuash [03:16] well ... thanks =) [03:16] going to read the docs [03:21] weird issue. when i boot up i don't get the login prompt. I have to hit ctrl+alt+f2 [03:28] How can i return a user's id? I want to be able to (as root) type in "getid bob" and have it return me the UID [03:32] got it. id -u [04:07] is acpi-support the right package for 9.10 to enable acpi? [04:17] evening [04:31] i tried adding the user "apache" to the sudoers list in the following fassion [04:31] apache ALL = NOPASSWD: /usr/sbin/useradd [04:32] j416: acpid enables acpi support. acpi-support-base and acpi-support include some rules which are, generally, Good Things. [04:32] but when i try to run it, it says permission denied [04:32] j416: if you only need to power button to trigger shutdown -h now, just get acpi-support-base. [04:33] twb: ok! thank you. I only need a way to power down my machine externally (I'm running it inside virtualbox). [04:33] so that should be enough then! [04:35] Anyone have any ideas why the user account apache isn't running useradd as root, as it has been instructed to do in /etc/sudoers? [05:11] twb: I tried: sudo apt-get install acpi-support-base [05:11] and I get: "E: Package acpi-support-base has no installation candidate" [05:11] does this mean I have to install the acpi-support package afterall? [05:12] j416: maybe it's called something different where you are [05:13] where I am? [05:13] are package names dependent on .. location? [05:13] Bleh, I don't have apt-file(8) on any Ubuntu hosts, and (bleh) ubuntu-server doesn't support the power button by default. [05:13] j416: FSVO location = distro and release. [05:13] ok [05:13] sorry [05:13] np [05:14] j416: which release are you using? [05:14] 9.10 32-bit [05:14] there seems to be a package called acpid, I wonder if that will do what I need? [05:15] acpid is just the daemon [05:15] yeah, seems so. [05:15] It needs config files to tell it what to do [05:15] need scripts for it eh [05:16] I guess I'll just install acpi-support then [05:17] Yeah, the main problem with that is that it's so bloody bloated, and it pulls in a heap of useless shite [05:17] aah... [05:17] j416: ah, it seems that in Ubuntu 9.10, acpid includes acpi-support-base [05:17] maybe I can just install acpid and make a config file myself? [05:17] oh [05:17] cool [05:17] I'll try that first then [05:18] Because ultimately power button support is these two files: acpid: /etc/acpi/events/powerbtn /etc/acpi/powerbtn.sh [05:18] hah it works [05:18] apt-file is your friend [05:18] yeah :) found that [05:18] thanks [05:19] The system is going down for halt NOW! Power button pressed [05:19] woho [06:36] [REPOST from #ubuntu] i am following https://help.ubuntu.com/community/InstallCDCustomization and when i try to build iso i get http://pastebin.com/m64a867e8, any ideas? [06:36] error404notfound: ow. [06:38] error404notfound: I'd guess the genisoimage command expects to find an hfs.map file and it's not there? [06:38] jmarsden, can't say anything, my first experience with building a custom iso [06:39] error404notfound: it's much easier to just roll a bootable USB key [06:39] And you're doing it for an older Mac... wow... I'd start with customized images for a boring x86 PC if I were you (and I had a boring PC, of course)... [06:39] twb, hmmm, thats also fine, i can try that in vbox as well [06:39] jmarsden: since he's blessing an HFS partition for PowerPC, I'm guessing NewWorld [06:41] jmarsden, me? nope, i am on ubuntu, no hfs stuff, i just copy paste commands from community wiki :) [06:41] error404notfound: Then you copied the wrong stuff. [06:42] jmarsden, good point, let me get to the other LCD [06:42] jmarsden, aah, yes, sorry, dumb me, 4 LCDs are too much for 2 eyes, right? [06:43] error404notfound: As a general rule, you will learn more by using man and actually trying to understand the commands you find in any tutorial type page like taht, *before* you try them out. Especially as root! [06:44] jmarsden, aah yes, agree, but i am of the type that learn by doing instead of reading, which doesn't mean that i never read man pages. [06:44] Maybe I'm just old fashioned, but I simply do not trust random people who create web pages enough to type in commands as root that I do not understand... it is very very dangerous to your system to do that. [06:45] jmarsden: Well, copy-n-pastying random commands as root might actually turn into a very learnable leasons :) [06:45] jmarsden, you are right, but i am about to format this little thinganyway :) [06:45] andol, exactly :) [06:45] jmarsden: that's basically your wetware virus protection system [06:45] andol: ... lessons in how good your backups are :) [06:46] jmarsden: exactly :) [06:46] error404notfound: On a more serious note, you really should be listenting to what jmarsden is trying to tell you. [06:46] * error404notfound is a sysadmin, and understand this but sometimes i am just fine with "whatever", just see if it works if i have gotta format anwyay :) [06:47] andol, i do, i actually never login as root, except when i am using console on servers and recovering data [06:47] error404notfound: That's not what your pastebin suggests... :) [06:48] jmarsden, this isn't a server and i am not recovering data, but this machine is pretty screwed up already, and its not mine, i was handed this over for a fresh ubuntu install :P [07:13] Any experts on bridging/transparent firewalls here? I have an odd issue which is that arp from the inside segment gets out, but only about 33% is replies get back to the requestor [07:14] domito: proxyarp? [07:14] proxy_arp did not help [07:14] Oops, I don't think that's for bridges. [07:14] no that's for nat [07:15] the traffic coming back hits the eth0 and the br0, but not all get to eth1 on the inside [07:15] very bizarre [07:15] been banging my head on it for days [07:15] domito: does dmesg say anything? [07:15] Have you tried swapping in a different NIC (with a different chipset)? [07:15] twb: no, but it is currently full of ebtables logging :) [07:15] If it's a shitty old machine, I suppose it could be overloaded [07:16] domito: it sounds like you're already at least as competent as I am, so I don't have any other ideas. [07:16] twb: no, it's running under ESX ... I have ensured that the vmxnet driver is working and pcnet32 is no longer in the mod stack [07:17] twb: it's not old, running 8.04 server [07:17] lts [07:17] I meant old as in old hardware, but if it's running under ESX then I dunno [07:17] anyone ever used parprouted? would that work? [07:17] You should also talk to #vmware, it might just be a known suck with vmware [07:18] you really gotta dig for any info on bridging firewalls [07:18] ya I may try that channel [07:18] FWIW I have OpenVZ hosts on the same 192.168.1/24 as the physical machines, and I remember that I had to turn on proxy arp to make that work. [07:18] Because the bridge is at layer 3, not layer 2, if you follow me [07:18] I can't really snoop the physical interfaces from the vhost shell, which sucks [07:19] domito: get a hub (not a switch) and force everything to promiscuous? [07:19] twb: switching is all done via vmware ... it's a virtual switch [07:19] Oops, of course [07:20] to make matters worse, the co-lo thinks that giving ppl 12 IPs out of a /24 is a good idea, no proper subnetting which would probably have fixed the whole thing [07:21] Ah, then the solution is simple! Switch provider! :-) [07:21] working on them to do so [07:21] in the meantime I have to give all servers inside the bridge static arp entries to keep the lights on [07:23] which brings me here to see if anyone around these parts have done bridging and maybe fixed the same issue [07:23] never hurts to ask heh [07:25] Not me, sorry. [07:26] well thanks for trying, I appreciate it [08:40] hi all [08:41] is it possible to disable a ssh password login for a user and only allow him pubkey authentication? Only for one user though, not server-wide [08:42] milestone: if that user is root, yes [08:43] milestone: otherwise, I think you can do it by giving that user the "null" password, which will prevent all pam password auth for that user unless they're on a "trusted" tty, as defined by /etc/securetty [08:43] You might be able to get that effect by "locking" the account or giving it an invalid password, too -- try it and see. [08:43] Note that in either of the latter two approaches, sudo won't work, either. [08:44] (Er, assuming you've got sudo configured to prompt for a password.) === erichammond1 is now known as erichammond === erichammond1 is now known as erichammond [08:53] twb: i have setup sudo [08:53] but for this certain account [08:54] with NOPASSWD [08:54] will this work after "locking" the account? [08:54] I don't know. [08:54] Of course, it would be far simpler to disable sshd's password-based auth outright. [08:55] twb: i know [08:55] but it is a customers machine for whom i do remote services [08:56] he needs password based auth [08:56] i don't [08:56] and i usually disable it on my machines [08:56] for security reasons [08:57] milestone: What do you mean by "locking"? [08:57] It is a good idea to teach him how to use keys [08:57] soren: sticking an "x" or so in /etc/shadow [08:57] milestone: If the account is locked such that you can't log into it, it can't get to use sudo anyway. [09:10] What is the easiest way to migrate an existing 32bit instalation to 64bit? === erichammond1 is now known as erichammond [09:18] a_ok: reinstall [09:19] ok [09:21] twb: I take it I can install over the existing installation [09:28] a_ok: I don't recommend that. [09:38] a_ok: I would take the list of installed packages (using dpkg --get-selections), store it in a file, install a 64 bit version of ubuntu, install all the same packages (using dpkg --set-selections < selections.txt ; dselect install), and move all my data (/home, relevant parts of /etc and /var, etc.) to the new system. [09:40] Hi, is there a Ubuntu Sever secruity update mail list I can join, [09:40] soren: Thanks I was thinking the same. [09:42] just found it, thanks https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce === ttx_ is now known as ttx [10:40] i cant find dccd from apt, is it included in ubuntus version of dcc ? [11:06] New bug: #510038 in squid (main) "[patch] Please provide a example refresh_pattern for debs" [Undecided,New] https://launchpad.net/bugs/510038 [11:08] anyone know of some open source software I can use on a domain tha will allow people to automatically create an email account from the web browser? [11:10] da65: citadel groupware I believe [11:10] ty, will take a look [12:21] New bug: #510065 in freeradius (main) "dynamic-client support doesn't work" [Undecided,New] https://launchpad.net/bugs/510065 === jono is now known as Guest95190 [13:23] morning [13:25] morning, how i could link https://bugs.launchpad.net/ubuntu/+source/mc/+bug/263442 as a Server usability papercut ? [13:25] Launchpad bug 263442 in mc "mcedit is not longer the default editor" [Undecided,Confirmed] [13:44] ttx: hi... could you add https://launchpad.net/bugs/194472 to the server papercuts? [13:44] Launchpad bug 194472 in sudo "Entering password in Terminal gives no visual feedback" [Unknown,Fix released] [13:45] i brought it up a few days back.. you asked me to remind you when server papercuts were started ;) [13:45] vish: can't you use "Affect project" yourself ? [13:45] and point to "server-papercuts" as the affcetd project ? [13:45] ttx: i can , but just wanted to make sure , if i was allowed :) [13:46] That would track more accurately /who/ proposed it [13:46] * vish adding task [13:46] thanks [13:46] ty [13:50] ttx: hi! [13:50] mathiaz: o/ [13:50] ttx: should the server team be still subscribed to likewise-open bugs? [13:50] mathiaz: probably not. Let's trade it against python-boto [13:53] mathiaz: I'll stay subscribed to those for a few [13:53] ttx: ok. I've swaped likewise-open for python-boto [13:57] ttx, mathiaz: I've picked up the two new bugs that will filed against likewise-open. I'll get a repro in the day hopefully. [13:58] coffeedude: cool, thx [14:14] hi boys need little help, don't know how to start php extensions gd-bundled and imagemagick library.. could someone help me? show me the way? [14:24] zul: hi - any reason to sync munin from unstable rather than testing? [14:24] mathiaz: upstream prefers us to use the version in unstable [14:25] zul: is that the best option given we're targeting an LTS? [14:25] mathiaz: i think so [14:25] it has a whole bunch of bug fixes as well [14:25] and it has all of our changes === dendrobates is now known as dendro-afk [14:53] ttx, soren, mathiaz is ubuntu-devel appropriate place for this discusion, rather than a more kernel specific list [14:53] ubuntu-devel is ok [14:54] smoser: you might want to wait until I publish the minutes though, to have some background [14:54] (for free) [14:55] will do === dendro-afk is now known as dendrobates === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates === g-zus is now known as g-zuis [15:37] Hey All. [15:37] Stupid question time [15:38] I have a 8 disc RAID array (RAID 5) - if for whatever reason, power gets cut to like 4 discs [15:38] I know the RAID has failed [15:38] however, if I think restore power to the 4 discs that lost power, would the RAID come back online? [15:38] *if I then [15:39] Wrong forum, if the disks come back on, the array should be able to rebuild [15:39] would it need to rebuild? [15:39] you could suffer data loss though [15:39] depends on your adapter [15:40] I mean, if you lost 4 discs it couldnt rebuild a RAID 5 array [15:40] but then if all the discs came back, surly if I reboote the server it'd recognise the array and chug along? [15:40] as long as those disks are readable [15:40] it "should" work [15:40] k [15:40] Bullterd: although they probably will be inconsistent [15:40] too late.. [15:40] he legt [15:40] left [15:40] lol [15:41] I hope he isn't trying something stupid [15:41] lol [15:41] sounds like somebody messed up and doesn't know how to fix it [15:42] Raid failure is a nightmare :( [15:42] Yep [15:42] hi folks [15:42] so use rsnapshot! [15:42] backup, and you won't have to worry about it [15:42] lol [15:42] yep [15:42] just replace the disk(s), doesn't rebuild, restore it from a new snapshot [15:43] ;-) [15:52] jjohansen, ping [15:52] pong [15:53] smoser: ^ [15:53] do you know how /dev is mounted in the kernel? [15:53] without ramdisk, I still get a 'evtmpfs /dev devtmpfs rw,size=251292k,nr_inodes=62823 0 0' [15:53] mounted [15:54] Any experts on bridging/transparent firewalls here? I have an odd issue which is that arp from the inside segment gets out, but only about 33% of replies get back to the requestor [15:54] the kernel is doign it, as I verifiy its there by an 'init=' program [15:54] the traffic coming back hits the eth0 and the br0, but not all get to eth1 on the inside [15:54] is it possible that the ec2 kernel is failing to do that devtmpfs mount? [15:54] smoser: hrmm, no I don't know how its mounted, I'll need to look into it [15:55] smoser: possibly, but I need to figure out what it is doing first [15:55] just looked, on the uec kernel i get a line like: [15:55] [ 0.660664] devtmpfs: mounted [15:56] i do not see anything like that in the ec2 kernel's boot log [15:57] hrmm, okay I'll poke and see what I can find [15:57] smoser: http://lwn.net/Articles/345480/ [16:12] I added the user apache to the sudoers file (apache ALL = NOPASSWD: /usr/sbin/useradd) to be able to use the command useradd without a password. When i run my command via PHP, it doesn't work. But if i log in as apache, and paste the line into the console, it works. Is something wrong with my sudoers entry? [16:14] jjohansen, https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/510130 [16:14] Launchpad bug 510130 in upstart "ec2 instance fails to boot if registered without ramdisk" [Undecided,New] [16:14] i think this is related to "# CONFIG_DEVTMPFS is not set" [16:14] l [16:15] smoser: hrmm, yep. Will look into it, expect an EC2 update this week [16:15] re kvm dhcp-enabled guests, is there any decent way to discover ip addresses (w/o going through the vnc console)? [16:16] terminal ifconfig ? [16:16] I might be in the wrong place to ask this question and if so please excuse me. I have 5 servers at our central office 2 running ubuntu 3 running other flavors. We have a site2site vpn which connects our remote office into our domain controller and all of our internal resources. Well my problem is this. I can ping and connect to every device from the remote office except the ubuntu boxes. [16:16] I've checked iptables and it is flushed and I can ping the box from the central office maches. Any suggestions what I might check? [16:16] jjohansen, i cant' easily get debug logs without a ramdisk (I'd have to rebundle and upload, which is just time consuming), but at very least its a difference that should be removed. [16:16] jtrimmer: ifconfig in console [16:17] smoser: yep there are a few other config differences to resolve as well [16:17] pmatulis: do you have access to the DHCP server log? [16:17] Reepicheep: nope :) [16:18] man .. that would be to easy wouldn't it [16:18] pmatulis: dig [16:18] pmatulis: then do you have access to sniff the traffic? [16:19] for instance .. the bridge interface on the KVM machine.. [16:19] Reepicheep: that's what i tried (tcpdump on the bridge interface) but i have a lot of guests! [16:19] that is assuming that it is on the bridge [16:19] eth1 Link encap:Ethernet HWaddr 00:1e:c9:fd:9a:d7 / inet addr:10.1.0.15 Bcast:10.1.1.255 Mask:255.255.254.0 / inet6 addr: fe80::21e:c9ff:fefd:9ad7/64 Scope:Link / UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 / RX packets:39168 errors:0 dropped:0 overruns:0 frame:0 / TX packets:24173 errors:0 dropped:0 overruns:0 carrier:0 / collisions:0 txqueuelen:1000 [16:19] RX bytes:16177505 (15.4 MB) TX bytes:6110109 (5.8 MB) / Interrupt:16 Memory:f4000000-f4012100 [16:19] jjohansen, i assigned that bug to you. [16:19] you should be able to use filter on tcpdump to show you only the DHCP traffic [16:19] Reepicheep: i'm working remote right now, usually i would bow down and check the vnc console [16:20] As root, when i type in sudo -u apache /usr/sbin/useradd, i get a permission denied, yet apache is added to the sudoers file, why? [16:20] scream loudly if you object. [16:20] smoser: okay [16:20] smoser: nope, I need to fix the kernel config [16:20] Reepicheep: my b/w seems low b/c i can't x-forward the console [16:21] marks256: it sounds environment related ... processes do not always get the full shell env when running from apache [16:21] Reepicheep: yes, i suppose i could try rebooting and checking dhcp traffic [16:21] last time I had this exact same issue tho it was selinux related [16:21] domito_, any ideas on how to fix that? [16:21] might be apparmor if you are using that [16:22] add a wrapper around your call to the shell and trap the error messages might help [16:22] pmatulis: maybe something like "tcpdump -i bridgeinterface port 67 and port 68" [16:22] domito_, i'll have to look into that [16:23] if you are using selinux then check the audit log using audit2why [16:24] create rules with audit2allow [16:24] if you can create a simple script to pump out the env as well as the results of 'sudo -l' it may shed some light [16:24] Reepicheep: hell of a way though... rebooting. thanks [16:26] any thoughts? [16:29] pmatulis: you may need to add -n to make it not resolve IPs and ports [16:29] domito_, well i'm using centos, but selinux is disabled [16:30] also.. I just tried it and by default tcpdump is not decoding the data of the response [16:30] marks256, domito_: this should not be apparmor related-- useradd is not confined by apparmor in Ubuntu [16:30] you can check /var/log/kern.log to be sure [16:31] jdstrand, i'm using centos *hangs head in shame for being on #ubuntu-server* [16:31] marks256: disabled or permissive? [16:31] ah, ok [16:31] domito_, disabled [16:31] ah ok [16:31] then it *definitely* isn't apparmor [16:32] ;) [16:32] hmm [16:32] then I would check the env [16:32] marks256: are you able to to run any commands via sudo -u apache? [16:32] meaning? [16:32] sbeattie, well. that's the thing. i get permission denied when i type in sudo -u apache /usr/sbin/useradd -d /home/dusty -p '$1$r6Gu3ZU/$QpuDJOUcf13xDfPgh724b.' --shell=/bin/bash dusty [16:33] sbeattie, but if i log in as apache, and paste that in (minus the -u apache), it works fine [16:33] what does your sudoers line look like? [16:33] did you specify the path to useradd? [16:33] you may need to use /usr/sbin/useradd* to catch the parms [16:33] oh wait, you're trying to run useradd as user apache and not as root; that's surely not going to work, no [16:34] apache ALL = NOPASSWD: /usr/sbin/useradd [16:34] domito_, ^ [16:34] (that sounds kinda scary) [16:35] yeah i know. i've got quite a bit of catches around the command though to keep out as much riffraff as possible [16:35] if all else fails, i'll create a file with the user information in it, and have a cron job run once a minute or so to create the user [16:36] try this [16:36] marks256: "sudo -u apache" changes you *to* user apache. useradd still needs to run as root, your sudoer config allows user apache to sudo *to* the root user to run adduser with root's privilege. [16:36] apache ALL = NOPASSWD: /usr/sbin/useradd* [16:37] or you chould suid useradd, but that would be a bad idea [16:37] sbeattie, aah... you might be on to something there [16:37] domito_, what does the * mean at the end of the line then? [16:37] for example, under your config (I think) sudo -u apache sudo useradd [blah...] should work. [16:38] sbeattie, i'll try that quick. when you say under the config, what do you mean? just my command to run? [16:38] marks256: it does not work for all sudo implementations, but it's a wildcard so you can add parameters [16:38] domito_, ok i'll try that [16:38] I have had to add that on a couple boxes, not sure which OS those were offhand tho [16:39] under your sudoers config that allows the apache user to sudo to root to run the adduser command. [16:39] sbeattie: I see what you are saying ... not sudo -u apache, apache runs sudo [16:40] so the apache user should not be running "sudo -u apache" [16:40] sbeattie, domito_ right, but i don't understand why i can run my command fine sshed into the apache account, but not from apache its self [16:41] as root i typed in sudo -u apache sudo /usr/sbin/useradd -d /home/dusty -p '$1$r6Gu3ZU/$QpuDJOUcf13xDfPgh724b.' --shell=/bin/bash dusty and it worked [16:42] what does 'sudo -u apache -l' give you? [16:43] that -u and -l cannot be used together :) [16:43] d'oh [16:43] marks256: right, in that command you've gone from user root --[sudo -u]--> user apache --[sudo]--> user root where adduser gets run. [16:44] sbeattie, right. that makes sense [16:45] domito_, i logged in as apache and typed in 'sudo -l' here is the output (root) NOPASSWD: /usr/sbin/useradd [16:46] and if you run the 'sudo /usr/sbin/useradd ...' in that shell it works? [16:46] not sudo -u apache mind you, it already knows it's apache [16:47] Correct. [16:48] jjohansen, so how do would you bypass CONFIG_SCSI_SYM53C8XX_2=y, if you didn't like it? [16:48] (ie, if it was buggy for your hardware) [16:48] pmatulis: using tcpdump with the -X flag and increasing the snaplenth will show you the data.. but you will have to decode the IP address returned by hand.. [16:49] ok then my previous advise stands, change your script to capture the environment and full output and then see what it shows you [16:49] smoser: hrmm give me a minute need to look up how to do it again [16:49] domito_, i do have it returning all output. There is no return. [16:49] pmatulis: but I just tried an app called dnstop.. it decode it.. if you have a lot of dns traffic you will just need to figure out which one it is [16:50] question, im thinking about running ubuntu server as my router. on this server i am storing backups of my machines, pictures, etc. is there anything i should keep my stuff safe? [16:51] marks256: does it return the `env` command output? if not, can you redirect the output to a file? [16:52] resno: if it's connected to the internet then it's not safe period [16:52] you can lock them down by permissions etc but a root sploit will still give someone access [16:52] domito_, yes. env returns values [16:52] if you want them safe find a network nas appliance or something [16:53] marks256: are the env the same as when you are in a shell? [16:53] domito_: so just forget about running the server and use the router instead? [16:53] server within the home netowkr isntead of outside it [16:53] are there any known issues concerning nfs-server in server 9.10? [16:54] domito_, no. There is much less returned from the php vs the shell [16:56] Reepicheep: thanks for the info [16:58] domito_, essentially the only thing that the php script returns for env is path and TERM. the shell returns hostname, term, shell, user, and a bunch of other stuff [16:58] and user = apache? [16:59] is there anything in your apache error_log? [16:59] domito_, in the shell, yes, from the script, user doesn't exist [17:00] then capture `echo $USER` in the script [17:00] silly question, but your httpd is running as apache right? not running as nobody or another user? [17:01] domito_, you know... that is a VERY good question! [17:01] domito_, it should be... [17:01] ps aux|grep httpd [17:02] domito_, yes apache [17:02] domito_, echo $USER in the script returns nothing [17:02] ok, good to clear that possibility anyways :) [17:02] that's very strange [17:02] domito_, whoami returns apache though [17:02] ok [17:02] do you get any output from `sudo -l`? [17:03] smoser: sym53c8xx.blacklist=true at the root prompt might do it /me has to test yet [17:03] does sudo need the $USER to work? perhaps you need to force the variable in your script? [17:03] domito_, no output from sudo -l... [17:03] domito_, that's what i was just thinking... [17:04] domito_, export $USER = "apache" right? [17:04] jjohansen, i assumed such things only hinted to userspace to populate modules.blacklist (or respond similarly) and tha tthey didnt' work for builtin [17:05] marks256: that's right [17:05] or you could `USER=apache /usr/sbin/sudo ....` [17:06] smoser: maybe I am not sure about .blacklist I need to look at it more [17:06] domito_, aah. no $ on the export command [17:07] d'oh! right you are [17:07] was up all night banging my head againt a bridge [17:07] speaking of which ... [17:07] Any experts on bridging/transparent firewalls here? I have an odd issue which is that arp from the inside segment gets out, but only about 33% of replies get back to the requestor [17:08] the traffic coming back hits the eth0 and the br0, but not all get to eth1 on the inside [17:08] * domito_ has been fighting this for a week now ... someone please hit me with some ideas :) [17:08] domito_, hmm... setting $USER to 'apache' doesn't do squat. export USER='apache'; echo $USER returned nothing [17:09] dam [17:09] domito_, well. this idea clearly bad, so i think i'll just do that cron job. Bit extra work, but more likely to actually work :) [17:09] domito_, thanks for the help though! [17:10] for what it was ... you may also have luck calling a different script from php, which is a wrapper for useradd that has a !#/bin/bash [17:10] how can you make the system information shown on the first login of a system after install show everytime you login to the console? [17:10] which may help populate the env [17:10] bogeyd6: /etc/motd [17:11] domito_, ok. i'll give that a go. i've already got a wrapper written, so maybe it'll work. [17:11] domito, think along these lines http://ubuntuforums.org/showthread.php?t=1202331 [17:12] domito_, although the reason i was running the adduser from the php directly is because i had no luck wiht my wrapper either. [17:13] domito, enough googling reveals this http://joshmoles.com/2009/01/21/supercharge-the-ubuntu-motd/ [17:15] hi guys, I am sortof fighting with this mysqld_safe bug, on ubuntu hardy server. it seems rather well known, was wondering if anyone here had any advise on how to fix it in a scriptable fashion .. [17:16] basically, you install mysql-server-5.0, then the next time you restart mysqld_safe is runaway consuming 100%cpu [17:16] found a ton of bug reports on this, but no real resolution! [17:26] list [17:26] d'oh [17:27] bogeyd6: cool [17:40] http://gregdekspeaks.wordpress.com/2010/01/20/announcing-the-fedora-cloud-sig/ [17:55] \clear [17:55] oops [17:56] mathiaz: hey, I couldn't resist to try the new sssd. there's a problem though; error: /usr/lib/sssd/libsss_krb5.so: undefined symbol: krb5_cc_retrieve_cred [17:56] so the krb provider doesn't work [17:57] ldd libsss_krb5.so looks wrong [17:59] http://pastebin.ubuntu.com/359648/ [18:19] anyone know how I can capture just packet fragments in tcpdump/tshark? [18:26] Hi everyone [18:26] I'm coming from the Edubuntu / LTSP community here, decided to add #ubuntu-server to my idle chan list ;) [18:27] :) [18:28] heya [18:28] Sounds like it'd be a good idea since most LTSP and a lot of Edubuntu installs are multi-user and require some heavy lifting (not to mention some good tools for admin) [18:31] makes sense. === robbiew is now known as robbiew-afk [18:32] Has anyone got any opinion on a good LDAP setup/admin GUI? [18:32] We've been struggling to come up with something for the longest time. [18:34] 389 (was fedora) directory server looks nice, but the Ubuntu packaging seems to have stalled, so you'd probably have to run it on CentOS or Fedora. [18:35] alternatively (and better in the long run) would be to poke at the 389 packaging team (https://launchpad.net/~ubuntu-389-directory-server) [18:35] and get them to update their packages. [18:35] ;) [18:35] hell, help them out. I'm sure it's just a matter of manpower, really. [18:39] unit3: thank you! That's some good info [18:39] no problem. i'd like there to be a decent, graphically managed directory server OOTB in Ubuntu too. [18:39] it'd certainly make my life easier. :) [18:39] how can i edit my network settings from the console? [18:40] kaffien: ifconfig [18:40] what do you need to edit? [18:40] kaffien: look in the /etc/network directory. [18:40] interfaces has a man page. [18:40] ip address and host name [18:40] /etc/hostname too then. [18:40] unit3: indeed. =) [18:40] kk [18:41] kaffien: if you change the hostname, you'll likely have to doublecheck /etc/hosts as well, to make sure your ip in there matches the new hostname. [18:43] yep [18:43] the problem is this is a duped VM. it almost looks like it booted up without an eth0 device [18:44] that'd be weird. oh, but it might have! [18:44] perhaps another reboot with a different host name will help things along [18:44] because udev assigns eth names based on mac address. [18:44] if you cloned the hd, it's likely got a different mac assigned, and so that interface would become eth1. [18:44] check output of "ifconfig -a" and see if it's there. [18:44] if it's there as eth1, I can tell you how to correct that. [18:57] Any experts on bridging/transparent firewalls here? I have an odd issue which is that arp from the inside segment gets out, but only about 33% of replies get back to the requestor [18:57] the traffic coming back hits the eth0 and the br0, but not all get to eth1 on the inside [18:58] ubuntu-server 8.04 btw [19:01] vmware tools was botched due to kernel upgrade ... silly me. [19:02] it's been far to long since i got my 'hands dirty'. [19:02] ah well at lest its not gentoo [19:03] I know it's not exactly a good idea but i need an older version of mysql is it as simple as removing 5.0 and apt-get mysql-4.x ? [19:03] apt-get install mysql-4.x that is. [19:05] kaffien: no, it's probably been dropped from the repos for the current releases. however, you should be able to grab and install from packages.ubuntu.com. [19:06] hopefully the dependacy list isn't to large [19:07] 5.0 upgraded some of the calls which basically screwed over our old CRM. [19:07] so we had to switch back to our ancient server that likes to die whenever it feelsl ike it [19:11] kaffien: yeah, it'll be an old package, depending on old libs, so as long as it doesn't conflict with new ones, you should be alright. [19:11] also, you could use prevu on the .dsc and forward-port it. [19:11] if deps are a problem, anyway. [19:22] tjaalton: thanks - I've filed bug 510295 [19:22] Launchpad bug 510295 in sssd "/usr/lib/sssd/libsss_krb5.so: undefined symbol: krb5_cc_retrieve_cred" [Undecided,New] https://launchpad.net/bugs/510295 [19:23] mathiaz: heh, and I filed 510290 :) [19:23] mathiaz: sgallach has an idea about it.. I'll keep you posted [19:24] tjaalton: great - seems like things are looked at [19:24] tjaalton: I'll mark my bug a duplicate [19:24] mathiaz: ok, cool [19:32] New bug: #510299 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/510299 [19:34] mathiaz: seems to be a tarball bug, fedora builds it with -lkrb5 which shouldn't be necessary === robbiew-afk is now known as robbiew [20:20] Hello all, any of you running Jeos in a production environment? [20:20] It's been merged into server now, have been experimenting with it here. [20:26] can I put ubuntu onto an SD-Card and install from there? [20:26] sure [20:27] I've got an usb plug for that [20:27] Aison: you can as long as your system will boot off SD. [20:27] i'm not ;) i've got only a sd card slot^^ [20:28] Aison: you can install on an sd card just as you can install on a spinning drive [20:29] I don't want to install it on an sd card, I would like to install it FROM an sd card ;) [20:29] so I need to copy the install cd to the sd card [20:29] Aison: yeah, the default tools to make bootable usb keys should work just as well for an SD card. [20:29] but you'll have to make sure your system boots off SD. [20:29] ok [20:29] I guess that works [20:30] should, yeah. [20:36] Jeos, anyone? [20:40] the howto says, that I have to use usbcreator on linux, to create the bootable usbstick [20:40] but where can I get this tool on non-ubuntu linux platform? ^^ [20:40] I mounted the ISO file and there's a usbcreator.exe for windows ;) that's not really a help [20:40] technicallyrite: I've been running jeos in production, yes [20:40] same thing as the not-so-stripped-down version [20:41] Aison: there's other tools that run on other variants, like unetbootin or whatever. [20:41] they're slightly more work, but they'll do the job. [20:47] royk: sweet, thanks. I'm assuming you like it, did you add much other than your app dependencies? [20:47] no [20:47] and shortly after, I switched back to standard ubuntu server, since it's not really very big anyway === astechgeek is now known as Guest45568 [21:01] what is the command to return the full path of the current directory? [21:04] can i remove JUST the mysql-common package? [21:04] when i try it tries to remove like 175 packages [21:07] wierdness [21:07] marks256: pwd? [21:07] i remove it and it takes kde with it [21:08] kaffien: perhaps kde came with it or vice-versa, try reinstalling kde after mysql-common is gone. [21:10] so i did it (removed it) then i went to install php5 and it wants mysql-common [21:10] lol [21:11] i might not be able to get away with using mysql 4.1 [21:12] Maybe not. [21:14] hrrrm [21:14] i have remove all the mysql packages that i can figure [21:14] then i tried dpkg -i mysql 4.1 and its spouting about an upgrade still [21:25] i wonder if i would be able to use hard haron for this [21:25] i should be able to downgrade mysql as it would still be the hardy repositories in theory [21:37] well, use packages.ubuntu.com and check to see if it's in hardy still. [21:38] its in dapper for sure [21:38] cant seem to find it in hardy === cyphermo1 is now known as cyphermox [21:53] I have ubuntu-server installed on a mac-mini. Occasionally on boot grub appears and without a timeout. This results in a non-booting server. Massive problem and I really don't know how to sort it with grub2 [21:53] Its running ubuntu server 9.10 [22:03] hey everyone, i'm having problems compiling drivers for my nic (which is messing around) [22:03] when doing "sudo make all" i get "no rule to make kernel/bounds.c" [22:03] and i can't seem to get the proper kernel source =/ [22:03] i tried following these instructions http://ubuntuforums.org/showthread.php?t=1047374 [22:06] but when i did "sudo tar -xvjf linux-source-2.6.31-17-server.tar.bz" it told me that file couldn't be opened because it couldn't be found (sorry am translating from german) [22:14] has anyone run QuickBooks in a virtual machine? [22:15] Ok, I found a work around to my problem but I tried something similar earlier today, and upon doing update-grub it resulted in just grub with a flashing _ after rebooting. It required reinstalling grub from a cd. I want to avoid that but I dont know how [22:18] frenzy_usa: yes [22:20] Lns: What vm program are you using? VirtualBox, VMware, other? [22:20] frenzy_usa: vmware server [22:20] It works fine for a single person using it.... [22:22] Lns: Planning on installing the QB database server and start testing tomorrow for multi-user [22:22] frenzy_usa: i'm sorry :( [22:22] * Lns has had nothing but major issues w/qb database server [22:22] (not on my own install, but one of my clients) [22:23] Single user didn't give me any trouble so I'm gonna hope multi-user will behave as well. [22:25] uh huh... ;) [22:27] ach, now I managed to get ubuntu netinstall cd to run from USB stick, but now, my networkdevice AR8132 is not detected ;) [22:27] *sigh* [22:27] does really nobody have a clue? [22:28] nuckable: why are you compiling drivers, what kind of NIC do you have? [22:29] it's an asus nx1101 [22:29] and it's jerking around if load is put on it [22:29] so i'm hoping the official drivers might fix that, otherwise i'd have to send it back =/ [22:30] i got the latest version and the README just tells me to make all [22:30] not helpful. [22:30] but it keeps complaining about having "no rule to make kernel/bounds.s [22:30] i mean kernel/bounds.c [22:30] you've got the kernel headers package for your kernel installed, right? [22:30] yup [22:30] and the build-essentials [22:30] and the linux-source [22:31] apt-get installed them all [22:31] well then, I suspect their build scripts just suck. [22:31] hi, I've got some problems with pptpd server. I've managed to set up with static ip's in chap-secrets and some dynamic pool. Works fine. client gets IP from chap secrets, but (!!!) I don't know how can I kill that connection (pppX). [22:31] ps ax | grep ppp shows ip from dynamic pool, not static. [22:31] (ubuntu 9.10_amd_x64) [22:31] can you tell me what nic it says you have in lspci? [22:33] unit3, theres 2 [22:33] not sure which one is this one [22:33] one is "01:05.0 Ethernet controller: Sundance Technology Inc / IC Plus Corp IP1000 Family Gigabit Ethernet (rev 41)" [22:34] the other is "04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)" [22:34] well, the realtek one will be well supported in-kernel, so it's probably the weird sundance one. I see a lot of problems listed with that one online. [22:35] *sigh* [22:35] yeah. === Chex_ is now known as Chex [22:36] the other problem i run into is that i'm using the german version of ubuntu, so i'm not always 100% how to translate stuff to get more info =/ [22:36] ahhhh... [22:36] looks like asus really sucks at network devices [22:36] yep, I think they do. [22:36] i've avoided the eee stuff since other netbook options came out, because of that. [22:41] Is Ubuntu's lvm built without support for locking type 3 (internal clustered locking)? [22:41] it doesn't seem to be working here. [22:46] unit3, sorry was that question for me? [22:48] *sigh* well good night people, off to bed =/ [22:48] no, that was just a general question for the channel. ;) [22:48] later. [22:49] who works with pptpd server on ubuntu for windows clients ? [22:51] goes any one know of samba sharing with xbox360 [22:51] mealstrom: probably not most people in here. given its history of security problems as a protocol, most people tend towards things like openvpn these days, or ipsec if you're getting fancy. ;) [22:51] killaxxl: no, 360 only supports a upnp server, not samba. There's a supported on in Ubuntu though. [22:52] as long as your files are in the right format, anyway. [22:52] ushare is the one. it has a 360 compatibility option, and I've used it recently. [22:52] mealstrom: why are you asking? [22:52] aleks: he's having trouble with his pptp setup, he posted above. [22:52] in chap-secrets I put static ips for users [22:53] thx, i'll look into it [22:53] and set one dynamic ip range [22:53] and when user conencts with static ip -- it takes that ip , but in ps ax | grep ppp --- it has ip from dynamic range [22:53] killaxxl: note that it won't convert media, so it'll only work if your files are in formats the 360 already understands. [22:54] hmm I only used dynamic ip's [22:55] I don't know how to kill user by his login or static ip :( [22:55] you should have a process for each connection [22:56] yes. I've got pppX for each connection [22:56] I get this: /usr/sbin/pppd local file /etc/ppp/pptpd-options 115200 192.168.0.1:192.168.0.200 [22:56] /usr/sbin/pppd local file /etc/ppp/pptpd-options 115200 192.168.3.1:192.168.3.21 ipparam 109.86.31.222 plugin /usr/lib/pptpd/pptpd-logwtmp.so pptpd-original-ip 109.86.31.222 [22:57] ppp1 Link encap:Point-to-Point Protocol [22:57] inet addr:192.168.3.1 P-t-P:192.168.3.25 Mask:255.255.255.255 [22:57] ppp1 from ifconfig [22:57] yeah, figured asmuch [22:58] there is different ip's 192.168.3.25 and 192.168.3.21 | 21 is from dynamic range / 25 from static [23:00] and I cannt take login parameter for ip-up script :( [23:00] hmmm [23:00] hrm... what are the potential problems with using lvm on a shared device without using clvm (since it's a POS that won't stay working without dying for more than a week) [23:01] presumably after doing a change on one machine, I'd need to rescan things on the other. [23:01] and it won't coordinate locking between them, so I'd have to be careful about accessing resources. [23:01] other than that...? [23:06] mealstrom: maybe you can cause pptpd or pppd to dump the username to syslog [23:06] you have the ip and process number there [23:06] it is possible to connect interface to users ip address in ip-up script. [23:07] mealstrom: I also notice my pptpd is configure to log users to wtmp [23:08] ifconfig pppX down doesn't disconnect user :( [23:08] no, but tail/whatever syslog | grep pppX -> find the process and kill it surely will [23:09] you could just record the pid of ppp into a /foo/%U file [23:29] I'd like to replace the default shell for certain users who ssh in to something like: script -aqf /var/log/theirname ... seems problemmatic however. Any other kind of solution like this?