/srv/irclogs.ubuntu.com/2010/08/02/#ubuntu-server.txt

kinygos	ok...i finally found the answer to my keyboard layout problem...	00:14
kinygos	simply run sudo dpkg-reconfigure console-setup and make the appropriate selections	00:14
kinygos	thanks for the help :)	00:15
EvilPhoenix	anyone know of any cli tools that can show you active ports things are bound to as well as the number of packets being received/sent on those ports?	00:15
EvilPhoenix	similar to top peraps?	00:15
uvirtbot	New bug: #612380 in php5 (main) "mysqli_ssl_set should not expect MYSQLI_STATUS_INITIALIZED" [Undecided,New] https://launchpad.net/bugs/612380	00:46
progre55	hi guys. I want to add a script in /etc/init.d/ to startup, but only after networking is up. so how do I update-rc.d it?	02:07
progre55	anyone? I'm starting a deamon using "start-stop-daemon --start --quiet --pidfile $SCRIPT_PID --startas $DAEMON -- $DAEMON_OPTS", but it doesnt record the pid in the specified file, so the "stop" option doesnt work. Any suggestions, please?	02:29
rdw200169	EvilPhoenix: netstat -pln --inet	03:22
rdw200169	EvilPhoenix: the only way, that i know of, to get the packet count on ports is by doing some iptables packet counting per port	03:23
rdw200169	EvilPhoenix: or, you could use something like ntop, but that's more of a web-gui type thing	03:23
EvilPhoenix	thanks	03:31
rdw200169	did it work the way you wanted?	03:34
EvilPhoenix	rdw200169: havent checked, the server's offline for system updates tonight	03:35
EvilPhoenix	;)	03:35
EvilPhoenix	i can tell you tomorrow if it worked :)	03:35
=== rmk_ is now known as rmk
MTecknology	zul: Hey Chuck... You happen to be around now? I want to thoroughly irritate you. :)	04:56
_Snark	Q - can i softraid across multiple (sata) controllers, or do all raid member disks need to be on the same controller?	05:08
sirninja	How do I run a dummy xserver?	06:00
uvirtbot	New bug: #612428 in dhcp3 (main) "package dhcp3-server 3.1.2-1ubuntu7.1 failed to install/upgrade: ErrorMessage: pacote dhcp3-server já está instalado e configurado" [Undecided,New] https://launchpad.net/bugs/612428	06:26
Yosi123	hi all, new to UB-server... if I want to change the hostname of a system, can I just edit the hosts and the hostname file in /etc, or it it like windows and i have to change 10000 files?	07:26
Yosi123	new to linux	07:26
Jeeves_	Yosi123: Those files will do indeed. But there are some programs which base stuff in their configfile on the hostname	07:42
Jeeves_	so the best thing to do is:	07:42
Jeeves_	sudo grep -r <your old hostname> /etc	07:42
Jeeves_	that will show all the files that contain your old hostname	07:43
Yosi123	awesome	07:43
Yosi123	thanks	07:43
Yosi123	see the problem i'm running into is when i setup the server, i just maid it the domain of my first domain but now i'm holding tons of virtual apache setups	07:43
Yosi123	note sure how dangerous it is to change the domain name of the machine	07:44
Jeeves_	it itsn't	07:44
Yosi123	see now i would liek to gibve it a more generic name...	07:45
Yosi123	but does the system domain have to be a real world domain? does it have to match something?	07:45
Jeeves_	No	07:46
Yosi123	thats what i thought...	07:47
Yosi123	i did the grep u mentioned	07:47
Yosi123	and it only came back in the hosts file and the network files	07:47
Yosi123	so it looks pretty clean	07:47
Yosi123	what si the point of giving the machine a domain to begin with?	07:48
Yosi123	does anyone know, does ubuntu-server support phpmyAdmin?	08:01
joschi	Yosi123: yes	08:02
\sh	apt-get install phpmyadmin	08:04
Yosi123	joschi> is it worth to install it... i need to restore a .sql file.. someone told me its easy with that tool... is there an easier way without it?	08:04
joschi	Yosi123: you could just use `mysql`	08:04
\sh	Yosi123: restoring an sql file is more easy with the client	08:04
Yosi123	sh - which client? the gui?	08:04
\sh	mysql -u root -p database_name < filename.sql	08:05
\sh	Yosi123: mysql client	08:05
Yosi123	yeah, they told me its very standard... so maybe i'll just use that command instead of in stall phpmyadmin just to restore the one file	08:05
\sh	or the much better way: mysql -u root -p \n <login> use <database name> \n set FOREIGN_KEY_CHECKS=0; \n source <filename.sql>; \n set FOREIGN_KEY_CHECKS=0;	08:05
\sh	done	08:05
Yosi123	awesome, thanks...	08:06
\sh	aeh the last set FOREIGN_KEY_CHECKS needs to be =1 ;)	08:06
Yosi123	k	08:06
Yosi123	sh - is there any way to execute the sql from the MySQL Query Tool? I copy and pasted the file into it, but when I hit the execute button it says "No SQL command"	08:11
Yosi123	sql file*	08:11
\sh	Yosi123: I don't know the mysql query tool....	08:17
twb	\sh: why do you need to disable foreign key checks? Is the dump you're restoring out-of-order?	08:17
Jeeves_	Yosi123: Why not just use 'mysql	08:17
Jeeves_	'	08:17
Jeeves_	.\ dumpfile	08:18
\sh	twb: we had some problems before, yes :(	08:18
* twb blames mysql		08:18
\sh	twb: no I blame broken software :) magento is one of them (especially	08:19
\sh	when you are using a mysqldump backup of magento dbs... :()	08:19
twb	\sh: what, the dump was created by something other than the database?	08:19
\sh	twb: no but magento is creating new tables during runtime, and adding some foreign keys to other tables...:(	08:19
twb	Surely if myqsl creates a dump, it SHOULD be coherent, regardless of what app(s) use the database	08:20
twb	Oh, I see	08:20
\sh	twb: and sometimes, if not most of the time, the rollback of an mysqldump gives you problems...	08:20
\sh	regarding magento	08:20
twb	Is the lucid partner repo mirrored anywhere?	08:39
\sh	twb: I'm mirroring it locally ;)	08:39
twb	I'm getting 50kiB/s trying to mirror it directly from archive.canonical.com	08:40
twb	\sh: I mean are public mirrors allowed, and if so, where is a list of them	08:40
jpds	twb: It's not designed to be mirrored.	08:40
\sh	twb: dunno...ask one of the canonical sysadmins	08:40
twb	jpds: that's what I figured; I wanted confirmation	08:40
\sh	since the move of sun-java* packages to partner it should be mirrored somewhere publically	08:41
twb	Indeed; I'm pissed because I found that epiphany Just Doesn't Work with icedtea, so I need to do this dance to get $customer's token java applet to work again :-/	08:41
=== _ng is now known as _NG
YankDownUnder	Anyone have any luck with a Canon LBP-1120 under 10.04?	09:38
PirosB3	hi all, i have ubuntu server 10.04, have external hd connected that ftab mounts on boot, but if it'snot there... i't won't even start!! anyone??	10:08
PirosB3	UUID=......... /home/external/ vfat ro 0 0	10:08
PirosB3	no hd, no boot :(	10:08
joschi	PirosB3: hdd defect? usb port defect?	10:09
PirosB3	not at all,	10:09
joschi	PirosB3: does it work with another OS?	10:09
PirosB3	as soon as i attach drive it boots correctly	10:09
PirosB3	yes, everything works fine	10:10
PirosB3	i'm afraid it's something to do with fstab	10:10
joschi	PirosB3: check the output of `dmesg`. there should be some entries when you plug the hdd in	10:10
PirosB3	[ 6.046500] sd 0:0:0:0: Attached scsi generic sg2 type 0	10:11
PirosB3	[ 6.047292] sd 0:0:0:0: [sdb] 488397168 512-byte logical blocks: (250 GB/232 GiB)	10:11
PirosB3	[ 6.048528] sd 0:0:0:0: [sdb] Write Protect is off	10:11
PirosB3	[ 6.048532] sd 0:0:0:0: [sdb] Mode Sense: 21 00 00 00	10:11
PirosB3	[ 6.048535] sd 0:0:0:0: [sdb] Assuming drive cache: write through	10:11
PirosB3	[ 6.053044] sd 0:0:0:0: [sdb] Assuming drive cache: write through	10:11
PirosB3	[ 6.053073] sdb: sdb1	10:11
PirosB3	[ 6.056795] sd 0:0:0:0: [sdb] Assuming drive cache: write through	10:11
PirosB3	[ 6.056825] sd 0:0:0:0: [sdb] Attached SCSI disk	10:11
PirosB3	[ 6.476964] usb-storage: device scan complete	10:11
PirosB3	ops, sorry	10:11
joschi	PirosB3: `sudo blkid /dev/sdb1` will show you the correct UUID which you can use in your fstab	10:16
PirosB3	joschi: i have the correct uuid	10:17
joschi	PirosB3: what does `mount /home/external` tell you then?	10:17
joschi	PirosB3: because the partition has been correctly detected by your system (see `dmesg`)	10:18
PirosB3	mount: secondo mtab, /dev/sdb1 è già montato su /home/external	10:18
PirosB3	mount non riuscito	10:18
PirosB3	lol	10:18
PirosB3	for mtab, it is already mounted	10:18
PirosB3	mount failed	10:18
joschi	PirosB3: please use LANG=C ;)	10:18
joschi	ah, ok	10:18
PirosB3	translate ;)	10:19
joschi	PirosB3: I hope you have run the mount command with sudo and not as your normal user. maybe you have a stale /etc/mtab file	10:19
PirosB3	lol	10:19
PirosB3	....maybe :)	10:20
PirosB3	ok	10:20
PirosB3	it says mounted	10:20
PirosB3	but it's fstab for me	10:20
joschi	PirosB3: no. fstab is the file you edit, mtab is the file your system generates for it to remember which devices are mounted	10:21
PirosB3	yes, i'm saying my fstab line maybe needs some sort of option	10:21
PirosB3	UUID=......... /home/external/ vfat ro 0 0	10:21
joschi	looks good to me. you could add "defaults" to the options ("ro") but the rest is ok	10:22
PirosB3	what does defaults do?	10:25
joschi	add rw, suid, dev, exec, auto, nouser, and async	10:25
joschi	and rw is overridden by your ro	10:26
PirosB3	nono, i need only write	10:26
joschi	-> `man mount` by the way ;)	10:26
PirosB3	:D	10:26
PirosB3	ok 1 sec	10:26
PirosB3	nope :(	10:29
uvirtbot	New bug: #612463 in clamav (main) "Cannot update klamav virus signature" [Undecided,Invalid] https://launchpad.net/bugs/612463	10:29
PirosB3	adding defaults dosen't do it :( sob	10:29
PirosB3	not even with auto!!!	10:31
PirosB3	going nuts	10:31
PirosB3	how can this be so stupid	10:31
bigbrovar	Hi guys I am looking for a system which I could use for centrally administering desktops systems at work. something which would allow me centrally deploy updates and install packages when needed. is there anything which is free (as in beer and speech) which can do this.	11:03
bigbrovar	someone told me about puppet has anyone used it before?	11:04
Jeeves_	bigbrovar: Maybe landscape?	11:05
Jeeves_	Otherwise, cfengine or puppet	11:05
Jeeves_	(i prefer cfengine)	11:06
bigbrovar	Jeeves_: its not free beer.	11:06
Jeeves_	bigbrovar: ?	11:06
uvirtbot	New bug: #612480 in antlr3 (main) "Sync antlr3 3.2-4 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/612480	11:06
bigbrovar	is it possible to configure cfengine or puppet to use as a central update system or mass installation of packages across systems	11:06
bigbrovar	Jeeves_: its not free as in price	11:07
Jeeves_	bigbrovar: cfengine is.	11:07
Jeeves_	puppet is. Only landscape isn't	11:07
bigbrovar	Jeeves_: yeah I know I was asking if if cfengine could be used for updating/updating many systems at once	11:08
Jeeves_	bigbrovar: cfengine has a client-server setup	11:08
Jeeves_	So the client periodically downloads scripts from the server and executes them	11:08
bigbrovar	Jeeves_: oh ok	11:09
bigbrovar	hmm not exactly what I wanted but I would give it a try	11:09
bigbrovar	Jeeves_: might also checkout spicewalk I heard there was plans to make a debian port would see how far that got.	11:10
bigbrovar	Jeeves_: thanks :)	11:10
Jeeves_	yw	11:12
=== _NG is now known as _ng
Zee5han	is it possible to install ubuntu using a virtual drive?	11:16
joschi	Zee5han: define "virtual drive"	11:18
Zee5han	to install ubuntu you need to boot with the CD	11:18
Zee5han	now lets say i dont have a CD and I mount the ISO with PowerISO	11:19
joschi	Zee5han: not necessarily	11:19
joschi	you could install ubuntu over network	11:19
Zee5han	will I still be able to boot and install?	11:19
joschi	or you just use something like wubi	11:20
YankDownUnder	What's wrong with a USB install...?	11:20
joschi	Zee5han: if you have a usb stick and the computer supports booting from usb you could also install ubuntu using unetbootin	11:20
Zee5han	I have tried wubi but when it is downloading the ISO it says itll take around 150hrs	11:21
joschi	Zee5han: so now you have several alternatives: install over network, install over windows, install over usb	11:21
Zee5han	can I also try it out... like Live CD... LIve USB	11:22
joschi	yes	11:23
Zee5han	Thanks	11:23
joschi	Zee5han: unetbootin will just copy the contents of the live cd on a usb drive	11:23
YankDownUnder	Zee5han, The liveUSB is basically the same as the LiveCD - except that you can actually keep changes made to the USB...handy that.	11:23
Zee5han	So I cant make changes on a LiveCD	11:24
Zee5han	lets day my CD is RW	11:24
YankDownUnder	Zee5han, Um...CD's being read-only...	11:24
YankDownUnder	Zee5han, Doesn't matter if your drive is R/W or the CD itself is R/W, doesn't happen like that. However, with the USB, you can make changes...and keep them. Handy for installing clamav and using it for workstations...	11:25
joschi	Zee5han: you can of course remaster a live cd. but on the usb stick you could do changes on the fly	11:25
Zee5han	Thanks	11:26
YankDownUnder	Anyone tried setting up a Canon LBP-1120 on 10.04 server?	11:29
pthsWork	Hi all. I need some help here. I've set up a two node cluster with pacemaker/corosync. Here I'm running DRBD, Samba, Winbind and LDAP (for sid-uid mapping). This works great. Both nodes are member in the AD domain (2008r2) with a virtual IP. The problem is: If I add a user in AD getent passwd wont get the new user (sometimes it does). If I then kill winbindd and change active node it works and the new user is listed. Any ideas	11:58
pthsWork	on what might be going on?	11:58
Roxyhart0	somebody know how i can capture data with tcpdum in intervales of 5 minutes each 5 min?	12:06
YankDownUnder	Roxyhart0, Couldn't you create a script to do so and use cron to handle the job?	12:08
Roxyhart0	maybe, but i am not sure if i want to add the data to the same file ...how to do that	12:09
YankDownUnder	Roxyhart0, Probably append the date or time or something to the file - so that you're creating a file for that particular time? Just a thought...	12:10
Roxyhart0	yes, i cant use >>	12:11
Roxyhart0	as i tried and the file is not in the format that i want	12:11
YankDownUnder	Roxyhart0, Not sure I understand what you mean by "the file is not in the format that I want" => in what, content? In name?	12:12
Roxyhart0	format as i will read with wireshark...i tried to append with >> but after that wireshark doesn accept the format	12:13
YankDownUnder	Append with >> ? Hmm...not sure I grok this - however, something you might find useful: http://www.cyberciti.biz/tips/shell-scripting-creating-reportlog-file-names-with-date-in-filename.html	12:14
=== _ng is now known as _NG
pthsWork	If I simplify my issue: If I add/delete users in Active Directory, getent passwd gets the updates after a few seconds. But for some reason this stops working after some time, so I have to restart windbindd to make it work again.	12:19
TuxSax	big woe!	13:03
uvirtbot	New bug: #612513 in mysql-dfsg-5.1 (main) "package libmysqlclient16 5.1.41-3ubuntu12.6 failed to install/upgrade: erreur lors de l'écriture de « <sortie standard> »: Succès" [Undecided,New] https://launchpad.net/bugs/612513	13:26
TuxSax	uvirtbot: !fr	13:34
uvirtbot	TuxSax: Error: "!fr" is not a valid command.	13:34
TuxSax	!fr > uvirtbot	13:34
ubottu	uvirtbot, please see my private message	13:34
uvirtbot	ubottu: Error: "please" is not a valid command.	13:34
ubottu	Error: I am only a bot, please don't think I'm intelligent :)	13:34
TuxSax	LOL	13:35
pmatulis	having fun?	13:35
TuxSax	yeah	13:35
TuxSax	it has been 10 years since I've left the IRC stuff, I'm back now to find a lot of things evolved in the bots...	13:35
cloakable	heh	13:36
pmatulis	artiifical intelligence has improved somewhat	13:36
TuxSax	still have a lot to find out...	13:36
TuxSax	on how to use those bots...	13:36
pmatulis	*artificial	13:36
pmatulis	TuxSax: you can converse with the bot in private	13:37
cloakable	!botabuse	13:38
ubottu	Please investigate with me only with "/msg ubottu Bot" or in #ubuntu-bots. Search for factoids with "/msg ubottu !search factoid".	13:38
Pici	!usage	13:38
ubottu	Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi - Usage info: http://wiki.ubuntu.com/IRC/Bots	13:38
uvirtbot	New bug: #612525 in openldap (main) "apparmor profile is not good for first backend creation" [Undecided,New] https://launchpad.net/bugs/612525	13:56
blinkiz	Hi there. I would like to edit a line in /etc/ufw/before6.rules. DROP router-advertisement. Should I edit in that file or should I put my own lines somewhere else?	13:57
blinkiz	Put in my own lines.. I mean.. put in some other file?	13:58
simmel	How do I restore the original /etc/init/mysql.conf from mysql-server-5.1 that I accidently removed?	14:10
klaas	simmel just download the package and unzip :)	14:16
simmel	klaas: I'd rather have apt-get/dpkg fix things since it's somewhere in that database. But sure, I've thought about it.	14:18
simmel	I've seen a solution for this before but I can't remember what I searched for then.	14:18
klaas	you can run reinstall	14:19
klaas	or reconfigure	14:19
simmel	aptitude reinstall mysql-server-5.1 ?	14:21
simmel	Because that doesn't solve it.	14:21
ttx	Everyone: You have a few more hours to submit your last papercuts candidates, bugs nomination for the last subcycle is tomorrow !	14:46
sommer	morning :-)	14:55
hggdh	Daviey: good morning, how's eucalyptus doing?	14:56
Daviey	hggdh, Hey! Not too bad.. Been trying to work with Eucalyptus to get some of our patches merged upstream and raise some kitten killer bugs,	14:57
* hggdh likes kitten killers		14:58
hggdh	or even kitchen, for that matter	14:59
hggdh	Daviey: any expectations (great or otherwise) re. timeframe?	15:00
ttx	hggdh: about milestoning to alpha-3 (bug 610987): if you really mean it, you should also "Target to release" to maverick... and assign someone (be it Canonical Server team if you don't know what to put there)	15:02
uvirtbot	Launchpad bug 610987 in eucalyptus "euca-describe-availability-zones verbose incorrect output" [High,New] https://launchpad.net/bugs/610987	15:02
ttx	otherwise it's just lost	15:02
ttx	I just targeted to maverick	15:03
ttx	and tentatively assigning to Dave (feel free to reassign in UECland)	15:03
Daviey	I've asked Eucalyptus to look into that once.	15:04
hggdh	ttx: thanks. My view right now is that there is nothing to test is these bugs don't get fixed	15:04
Daviey	I'm not entirely convinced it's there issue, it could be one of the patches we are carrying.. but they seemed willing to help debug	15:04
Daviey	I'm scheduling a call with Euca today, i think - to follow up	15:04
hggdh	ttx: I thought that milestoning would be enough, sorry	15:05
Daviey	smoser, free for a quick call?	15:05
smoser	can i have 5 minutes ?	15:05
ttx	Daviey: we should plan to have a "plain" build to reproduce against	15:05
ttx	(even if it's more painful to install)	15:05
ttx	This "must be in the patch you carry" was raised a few times already and was mostly debunked as false in the end	15:06
Daviey	ttx, Yes.. I did for the last Alpha make it only have essential patches in a PPA.. but i don't think that added too much value	15:06
Daviey	Only confirmation, really.	15:06
Daviey	ttx, Actually, euca made no reference to it being our patch - I raised it that out of the patches, this one I wasn't convinced was totally upstreams issue	15:07
Daviey	But they are taking a look regardless.	15:07
ttx	hggdh: for alpha3 IMHO we should concentrate on fixing the basic functionality, like registration and running a single instance.	15:07
ttx	hggdh: there is no way everything will get fixed in the next day	15:07
hggdh	ttx: so just basic functionality tests?	15:08
Daviey	Yes! That is good ttx, i agree...	15:08
hggdh	this is doable, of course. And easy :-)	15:08
ttx	hggdh: well, if that fails, there is no point in fixing how it behaves under load	15:08
hggdh	ttx: ack	15:08
Daviey	The ones that are concerning me at the moment, are "Auto registraion issue" and to a slightly lower priority "instance poor success rate"	15:08
ttx	I think we are spreading thin by trying to fix every regression	15:09
* hggdh will be able to complete tests in about one day \o/		15:09
ttx	and I fear that we won't solve anything if we go that route	15:09
ttx	concentrating on the basic ISO test for alpha3... then fixing everything else after	15:09
Daviey	ttx / hggdh: Euca are quite pleased to get access to the QA machines for this... elmo said it's ok, and i'll file a RT now.	15:09
ttx	at least we'd have something installable	15:10
Daviey	This makes it easy for hggdh to find an issue, ping them - and demostrate via screen etc.	15:10
hggdh	Daviey: GREAT! I think this is an extremely good move	15:10
Daviey	No more faffing with trying to communicate an issue.	15:10
smoser	Daviey, ping	15:10
Daviey	smoser, o/	15:10
ttx	Daviey: could you sum up the key bugs preventing the basic ISO test from succeeding ?	15:10
smoser	mumble	15:11
Daviey	win!	15:11
ttx	Daviey: bug 610987 is clearly not one of them	15:11
uvirtbot	Launchpad bug 610987 in eucalyptus "euca-describe-availability-zones verbose incorrect output" [High,New] https://launchpad.net/bugs/610987	15:11
ttx	I want to keep in the A3 radar only those "basic functionality" issues	15:11
SpamapS	ttx: https://launchpad.net/server-papercuts/+milestone/maverick-beta ... 1 bug targeted? Did I put mine in the wrong place?	15:12
ttx	so remilestoning to beta everything that is a regression under load	15:12
hggdh	ttx: this bug only affects (it seems) when running 'euca-run-instances -n <number>	15:12
ttx	SpamapS: the milestone nomination will occur tomorrow	15:12
ttx	SpamapS: your proposlas should be undecided/New	15:12
SpamapS	ttx: oh.. ok, well I jumped the gun a bit, oops. ;)	15:12
ttx	SpamapS: you just overstpped your authority :)	15:13
SpamapS	removed. :-P	15:13
* SpamapS imagines ttx in Cartman's mirrored glasses.. ...... respect mah authoritah		15:13
ttx	SpamapS: though if you want to handle papercuts from now on, just let me know :P	15:13
* SpamapS dives back into spam can		15:14
ttx	Daviey: so, preventing the "basic tset" from succeeding, we have:	15:14
ttx	bug 609112	15:14
uvirtbot	Launchpad bug 609112 in eucalyptus "euca_conf --discover-nodes fails to register nodes" [High,Confirmed] https://launchpad.net/bugs/609112	15:14
Daviey	ttx, 2 mins.... on call with smoser	15:14
hggdh	ttx: I eould add bug 610259 -- it may be a special case of 609112	15:15
uvirtbot	Launchpad bug 610259 in eucalyptus "inconsistent output euca_conf and euca-describe-availability-zones" [High,Confirmed] https://launchpad.net/bugs/610259	15:15
ttx	hggdh: that doesn't prevent the basic test from succeeding, right ?	15:16
hggdh	expect for the fact that you have no clue of what NCs are in, no	15:16
hggdh	ttX ^	15:16
ttx	hggdh: I think it's the same issue	15:17
hggdh	ttx: I think it can, also. I opened separate because there was a chance it was unrelated	15:17
hggdh	s/it can/it is/	15:18
ttx	the key bug is that euca_conf doesn't register nodes anymore	15:18
hggdh	ack	15:18
smoser	ttx, thta isn't correct	15:19
smoser	it doesn't say it did	15:19
hggdh	smoser: when I tested it, I only got the NCs in via 'euca_conf --register-nodes', never via --discover-nodes'	15:19
smoser	ok.	15:20
smoser	so manybe im' wrong then/	15:20
smoser	my experience is that register-nodes works, but --list-nodes shows no nodes	15:20
hggdh	not sure -- I only tested on topo1 (all-in-one, plus 5 NCs)	15:20
smoser	but things run fine, and euca-describe-availability-zones output is correct.	15:20
ttx	Daviey: if you agree that the node registration issue is the key bug, that's something we can investigate on our side	15:20
ttx	Daviey: I'm sure you welcome external help on this one ?	15:21
hggdh	smoser: hum. I will try again, with a current ISO/UEC images	15:21
smoser	well, as of friday, --list-nodes was broken for me	15:21
hggdh	yes, same (from Thurday, and earlier, no changes in euca-2.0)	15:22
MTecknology	How can I put a user inside a chroot when they log in? Moreso, so they're only dropped into it if they're above uid 1000 (if possible)	15:22
Daviey	ttx, The more help the better :)	15:25
ttx	Daviey: ok, I'll try setting up a system to reproduce that	15:25
Daviey	ttx, Awesome!	15:26
* ttx wonders if he could start from an A2 system		15:26
Daviey	ttx, Hmm.. i'm not sure how the libjibx is handled for upgrade.. need to test that	15:28
ttx	Daviey: I'll figure it out	15:28
* ttx pauses while the ISO loads		15:29
hggdh	smoser: I am reloading the whole shebang. This is actually not bad, since I will be able to test the apparmour issue	15:34
=== ogra_ is now known as ogra
poisonborz	Hola... could someone help me? I've installed ubuntu server with gnome and gdm to log in, but when I run gdmsetup, I get these errors... http://pastebin.com/SGDgqs6k	15:36
Daviey	ttx, If i want to get a new upload of euca into A2, guess it needs to be published before Tues early morning?	15:37
kirkland	Daviey: A3?	15:38
ttx	into A3, you mean ? Given the current state of the ISO...	15:38
Daviey	err yeah	15:38
ttx	I'd say that a late Tuesday upload will make it	15:38
Daviey	ttx, Does that mean Wednesday is likely to be the A3 iso?	15:38
hggdh	poisonborz: it seems you are missing some Gnome packages	15:38
ttx	Daviey: I hope so.	15:39
Daviey	ok, super	15:39
ttx	the current ISo is borken, says no kernel, some apt-cdrom failure apparenbtly	15:39
ttx	given that the release team is... fragmented... it should take some time to fix that.	15:40
poisonborz	hggdh: it would be great if that is all whats wrong... could you tell me what those packages are?	15:40
hggdh	poisonborz: unfortunately, no... perhaps you can try the #ubuntu channel?	15:42
=== dendrobates is now known as dendro-afk
=== mathiaz_ is now known as mathiaz
MTecknology	How hard is it to write a custom pam module that handles crap when you log in over ssh?	16:08
MTecknology	I want to perform a certain set of commands and then drop the user in a certain chroot	16:08
ttx	Daviey: so I targeted the other bugs to -beta, let's focus on the node registration issue	16:12
Daviey	MTecknology, I'm not sure pam is the best way to achieve that... I would suggest a custom shell, perhaps	16:12
Daviey	ttx, Agreed.. if i can whack out a fix for registration - i'll start tackling the others	16:13
Daviey	I would like to land design refresh for A3.. but not sure that is likely now..	16:13
ttx	this might just snowball-fix the others	16:13
Daviey	snowball-break the other features:)	16:13
MTecknology	Daviey: What I'm looking for is user\| ssh user@host.com -> sshd\| cp -r /etc/chroot-skel /tmp/[mktemp]; ln /home/user /tmp/[mktemp]/home/user; mount [stuff]; chroot /tmp/[mktemp] /bin/bash; logount\| rm -r /tmp/[mktemp]	16:16
MTecknology	Daviey: unless there's some better option	16:17
Daviey	MTecknology, A throwaway chroot on every login?	16:17
RoyK	MTecknology: erm - is it possible to hardlink directories these days?	16:18
MTecknology	RoyK: ln -s	16:19
MTecknology	Daviey: ya	16:19
RoyK	MTecknology: looked more like you were trying to hardlink it	16:19
MTecknology	RoyK: those were far from complete commands. Sorry about leaving out the -s :)	16:20
MTecknology	Daviey: any ideas if somebody did the hard part of that already?	16:22
AndyGraybeal	how do i set global umask in multi-user setting, we'll be using ubuntu server with LTSP and Gnome. is it /etc/profile ?	16:22
MTecknology	AndyGraybeal: yuppers	16:23
AndyGraybeal	thank you MTecknology	16:23
MTecknology	AndyGraybeal: after you change that, you need a reboot iirc	16:24
pmatulis	is /etc/profile read for all shells?	16:25
AndyGraybeal	is it possible to have usernames of andy.graybeal in ubuntu?	16:26
Daviey	MTecknology, The cleanest solution may well be PAM.. There is a PAM module for creating a home dir if it doesn't exist	16:26
Daviey	You could adapt that i suppose, but don't expect it to be too trivial	16:26
AndyGraybeal	Daviey: are you talking to me?	16:27
Daviey	AndyGraybeal, no	16:27
AndyGraybeal	Daviey: :) k	16:27
Daviey	:)	16:27
Daviey	AndyGraybeal, you can have dots in usernames... and it works.. but useradd will complain :)	16:28
MTecknology	Daviey: any ideas for a better solution? My original goal was to just build a whitelist of what apps the user can launch - I'm somewhat considering chmod o-x on everything I don't want them running..	16:28
MTecknology	AndyGraybeal: if you want to avoid headaches.. make sure the first/last character is a letter.. some apps like to complain otherwise. I use dots all the time though.	16:29
MTecknology	some of my user accounts :P -> JF81F5D.s SEF5644E4.s S5A76C029.s SAB0FFB17.s	16:29
Daviey	MTecknology, Not at the moment.. i'm sorry i can't give you more focus atm.. Have lots to do :(	16:29
MTecknology	Daviey: ok, thanks. So far all I've found is libpam-chroot which seems to have no docs.	16:31
pmatulis	MTecknology: why not just create ssh chroots for the users?	16:34
MTecknology	pmatulis: how do I do that?	16:35
MTecknology	pmatulis: I some some docs on it but they weren't very helpful	16:35
pmatulis	MTecknology: there is quite a lot of hits for that. what didn't work?	16:36
MTecknology	pmatulis: it seemed to be almost all for removing ability to access cli and required making the users home directory owned by root:root	16:37
pmatulis	MTecknology: not sure about that but what specifically is wrong with those solutions?	16:39
ttx	Daviey: arh, I downloaded the wrong A2 ISO.	16:40
Daviey	oh dear	16:40
ttx	looks like I won't have time to try it out today, and I don't work tomorrow morning	16:40
ttx	:/	16:41
ttx	Daviey: we can have a discussion now on how to debug it, like how it's supposed to work, if you need any of that info ?	16:41
MTecknology	pmatulis: I can't have everything owned by root, and they need to have cli access	16:42
pmatulis	MTecknology: ownership changes are top level directories, that should be ok since by nature folks are trapped in the chroot	16:43
pmatulis	MTecknology: re cli access, i don't get it, of course they have cli, can you explain?	16:44
MTecknology	pmatulis: I'm only trying to control what the user can do when logged in. I'll initiate processes as the user than I don't want them to be able to do	16:44
Daviey	ttx, Hmm.. i remember following the initial design of how it should work.. I am a little unsure, so it would help.	16:44
ttx	ok, mumble	16:44
* Daviey enages		16:45
pmatulis	MTecknology: oh ok, not a chroot at all then	16:45
MTecknology	pmatulis: That's just the solution I kept getting pointed at	16:45
pmatulis	MTecknology: and it's not like you know what they will be running, just what you don't want them to run?	16:46
MTecknology	pmatulis: If I can restrict them to a whitelist set of apps, that would be ideal	16:46
pmatulis	MTecknology: apps are cli-based?	16:47
MTecknology	pmatulis: ya	16:47
MTecknology	pmatulis: this is on a server	16:47
pmatulis	MTecknology: so just use ssh remote commands via a forced-command checking script :)	16:48
pmatulis	MTecknology: are the apps interactive?	16:48
MTecknology	pmatulis: vim is	16:48
=== _NG is now known as _ng
MTecknology	pmatulis: You mean like make them run ssh -e for every single command?	16:49
pmatulis	MTecknology: yeah	16:51
pmatulis	MTecknology: but not sure about interactive stuff	16:51
MTecknology	it'll almost all be interactive	16:51
MTecknology	They need to use thigns like vim, ssh, pu, pcd, prush, ls, cat, mv, rm, cd, wget, tar <- which covers probably almost all of it	16:52
Doonz	hey guys im using sshfs to mount a remote directory on my local server. Is there a way to make this mount a constant connection because sometimes it disconnnects and then i have to manually remout it	17:04
papertigers	join #ubuntu-community	17:04
papertigers	opps lol	17:05
rdw200169	Doonz: its probably more of a ssh configuration than a sshfs config... i'm guessing a longer ssh connection timeout or something, check the OpenSSH manual	17:05
=== dendro-afk is now known as dendrobates
Doonz	why would it time out tho	17:05
Doonz	box boxes are running and there hasnt been a disconnect for the internet	17:06
rdw200169	Doonz: lots of reasons. sometimes the network bogs down, for whatever reason, and the host/guest connection doesn't see any packets for a while	17:06
rdw200169	Doonz: and then the timeout is satisfied, and the connection is closed	17:06
rdw200169	Doonz: you could also look into enabling the keepalive, so that inactivity doesn't shut your ssh connection	17:07
Doonz	uh	17:07
* Doonz is a noob		17:07
rdw200169	Doonz: you're gonna have the best luck reading the man page for ssh_config. you're looking for 'TCPKeepAlive'	17:08
Doonz	sshfs user@remotehost:/home/user/scripts/ /home/user/scripts/	17:08
Doonz	thats the command i run	17:08
rdw200169	yeah, thats fine, but, on the inside of that command, a 'normal' ssh session is being created, which means your default ssh configuration still applies	17:09
Doonz	k	17:09
Doonz	goind to check it out now	17:09
rdw200169	thus, whatever is causing your ssh connection to be closed, would also affect a normal ssh session	17:09
Doonz	but my normal ssh session never closes	17:09
Doonz	:/	17:09
rdw200169	which is likely due to the fact that, when you have a 'normal' ssh connection, you never stay idle for very long	17:10
ttx	Still downloading, will setup tomorrow.	17:11
rdw200169	keep in mind that, for an sshfs mount, just because the drive is mounted, that your computer isn't necessarily communicating over that connection (unless you're accessing the mount or something)	17:12
Doonz	rdw200169: ok i looked in my ssh_config file and it didnt have TCPKeepAlive so i added it and set it to yes	17:12
Doonz	do i have to do anything now to it?	17:13
rdw200169	you could probably do well to also add it to /etc/ssh/sshd_config on your server too.	17:13
rdw200169	on the server, you could also add ClientAliveInterval 60 to that file as well	17:13
papertigers	I want to buy a new box for ubuntu server..but hmm what to use it for	17:15
Doonz	rdw200169: i cant find clientaliveinterval in the ssh_config man	17:17
hggdh	Doonz: it is actually ServerAliveInterval	17:23
Doonz	well its actuall in the sshd_config	17:24
Doonz	lol	17:24
Doonz	so i set that	17:24
hggdh	and ServerAliveInterval in the client.	17:25
Doonz	not tcpkeepalive?	17:26
AndyGraybeal	MTecknology: hey, about this dots in the name thing, i was reading that the command "chown" doesn;t like it when you need to assign both a username and a groupname like: chown andy.user /srv/userdata	17:27
AndyGraybeal	how would i get around that if i have dots in my name?	17:28
AndyGraybeal	i guess chown gets confused	17:30
AndyGraybeal	aah i guess it's as easy as using a colon to delineate the username from the groupname. peice of cake	17:31
hggdh	Doonz: tcpKeepAlive is, but default, on	17:32
hggdh	s/but/by/	17:32
Doonz	hggdh: it wasnt in my config file tho	17:34
AndyGraybeal	how comfortable do you guys feel about 'automatic security updates'?	17:36
hggdh	AndyGraybeal: very	17:39
AndyGraybeal	k, thank you.	17:39
hggdh	AndyGraybeal: truth be said, I still prefer to manually apply them. I trust them to be correct, but updates are only applied when I decide	17:43
=== dendrobates is now known as dendro-afk
AndyGraybeal	i know that microsoft has made many security updates that mess things up, so the rule in my old job was never automatically update, ever. wait until you read about the update and only apply it on testing machines, then apply to live boxes and only if you need to or some such.	17:45
hggdh	there you go. I do not believe in witches, but that they exist, they do. Better safe than sorry, and all that	17:46
thesheff17	AndyGraybeal: what I do is create a local ubuntu mirror and update it on the 1st of the month....roll all those patches to the test env. If anything breaks it doesn't bring down prod. If the updates don't affect thing for 30 days I update production and repeat.	17:54
MTecknology	AndyGraybeal: yay :)	17:58
MTecknology	I still wish I could figure out how to make a specific set of commands/apps available to users..	18:02
thesheff17	Mtecknology: have you looked at chroot?	18:02
MTecknology	thesheff17: lol... indeed. The available tools for a chroot option seem to not be possible for what I need though. They seem to all require that the files in the chroot need to be root:root and usually don't offer cli.	18:03
MTecknology	thesheff17: unless you know a lot about it - then maybe you could coax a novice through it?	18:04
thesheff17	it is pretty easy...basically you make a chroot jail and only link the commands you want them to use inside there jail	18:05
thesheff17	MTecknology it also has seperate passwd files if you want so only certain people have access to that chroot...I have created ftp & ssh inside chroot jail before	18:05
maek	can anyone explain to me how to use a local mirror of archive.ubuntu.com for an install source from a preseed file? I tried copying the dvd but it said packages.gz was corrupt. now that I point it at my local mirror of archive it says faild to download a file. here is my preseed mirror section and a tree from my local mirror. http://gist.github.com/504960 - thanks!	18:06
MTecknology	thesheff17: I want to make it so /home/user/* is still user:user - then like you said, they only have a few commands available. My thought process was something kinda like this - user\| ssh user@host.com -> sshd\| cp -r /etc/chroot-skel /tmp/[mktemp]; ln /home/user /tmp/[mktemp]/home/user; mount [stuff]; chroot /tmp/[mktemp] /bin/bash; logount\| rm -r /tmp/[mktemp]	18:07
thesheff17	maek https://www.digisoftinc.org/wiki/index.php/Ubuntu_preseed.cfg_installs_off_PXE_Boot I need to renew my ssl cert	18:07
Pici	MTecknology: Why not give them rbash as their shell?	18:07
maek	thesheff17: thanks	18:08
maek	thesheff17: haha, your preseed is what I have copied :)	18:09
MTecknology	!search rbash	18:09
ubottu	Found:	18:09
MTecknology	oh..	18:10
thesheff17	maek: I will pastebin my mirror.list that I use	18:10
Pici	MTecknology: Its part of bash.	18:10
MTecknology	Pici: .... this thing is pretty spiffy :D	18:10
thesheff17	maek: cool ;) I'm glad someone can use it	18:10
maek	thesheff17: thanks, I think im just have a bit flipped someplace.	18:11
maek	thesheff17: yeah, Its been very helpful, thank you.	18:11
MTecknology	Pici: what about this? http://ubuntuforums.org/showpost.php?p=6301166&postcount=2	18:11
thesheff17	maek: http://pastebin.com/c5DdavDq	18:12
maek	thesheff17: do you then install from that apt-mirror created repo?	18:14
Pici	MTecknology: It depends on what commands you are allowed to use within the shell.	18:14
Pici	MTecknology: See http://pentestmonkey.net/blog/rbash-scp/	18:14
thesheff17	maek: like how do I update the mirror?	18:14
thesheff17	maek: pxeboot file points at my local ubuntu mirror http://192.168.1.4/ubuntu	18:15
maek	thesheff17: no how would you install a single client. in your preseed config you are using archive.ubuntu.org not your local mirror - as far as I can tell	18:15
MTecknology	Pici: Is there any way I can configure what the user can do in it? I'm not seeing any configs for it in the places I assumed it would be, like cd - cd is probably one that shouldn't be allowed that will definitely be needed	18:16
maek	thesheff17: in your pxelinux.cfg/default file you point to the install source? I only point to the preseed file	18:16
MTecknology	Pici: aside from that it looks like the defaults are pretty awesome	18:17
Pici	MTecknology: Then maybe it doesn't fit what you need to do.	18:17
thesheff17	maek: oh this is before I had a local ubuntu mirror on the same as the pxeboot laptop	18:18
thesheff17	maek: just change this d-i mirror/http/hostname string archive.ubuntu.com to d-i mirror/http/hostname string 10.1.1.1	18:18
maek	thesheff17: ok, thats what I have pretty much. it keeps saying bad archive. But I see in your mirror list the debian-installer stuff. let me add that and re mirror. thanks	18:19
thesheff17	maek: yea that drove me nuts for a long time :)	18:19
maek	thesheff17: so thats the key to install from your archive local mirror?	18:19
thesheff17	maek: yea the whole install will be off your pxeboot server	18:20
thesheff17	maek: before I was using iptables to forward traffic to that 10.1.1.1 but it was slow and I was doing so many installs it was worth finding out how to get a local mirror working	18:20
MTecknology	Pici: that's the one and only thing I'm seeing not available that I would need. Everything else is to the very dot exactly what I was hoping for.	18:20
maek	thesheff17: thanks. ill give that a go and see if it fixed the "bad archive mirror" screen	18:20
thesheff17	maek: I also have an issue if you have 2 hard drives in the machine it doesn't work.	18:21
thesheff17	maek: I haven't figured out how to fix that yet.	18:21
maek	thesheff17: preseed doesnt work?	18:21
thesheff17	maek: yea it prompts for something...but then continues on	18:22
maek	thesheff17: wonderful :\| - this seems like a huge step down in "doneness" from kickstart	18:22
batok	I have Ubuntu 9 server karmic koala. I wonder if there's a joomla package ?	18:23
batok	how can I know the available packages ? with dpkg ?	18:24
maek	batok apt-cache search joomla	18:24
Pici	!apt	18:24
ubottu	APT is the Advanced Package Tool, which together with dpkg forms the basic Ubuntu package management toolkit. Short apt-get manual: https://help.ubuntu.com/community/AptGetHowto - Also see !Synaptic (Gnome), !Adept (KDE) or !KPackageKit (KDE)	18:24
maek	dpkg -l \|grep joomla	18:24
thesheff17	maek: yea I have heard if you have all the same hardware and you are configuring them all the same you can use debconf-get-selections --installer > alloptions.cfg	18:24
batok	tks	18:25
thesheff17	maek: and re use that file but I haven't tried since I have never had all the same hardware :-/	18:25
maek	thesheff17: yeah someone pointed me in that direction as well but I have several "kinds" of boxes im trying to get auto installing.	18:25
thesheff17	maek: well you could always add the second drive after the install...and if it is production you should be using hardware raid and it will only present 1 drive to ubuntu.	18:26
maek	thesheff17: yeah they show up as cciss using the hp raid controller, not a big concern but still thats a bit erksom	18:26
thesheff17	maek: yea I wish I knew how to fix it but I don't even know who to ask and I needed the hardware right away.	18:27
maek	thesheff17: so once you got the debian-installer into your local mirror you were able to install a new host 100% from that local mirror ?	18:29
maek	off pxe	18:29
thesheff17	maek: yup	18:29
maek	thesheff17: thanks!	18:29
thesheff17	maek: np it works really well after you installed ubuntu about 10 million times since 6.04 :)	18:30
maek	thesheff17: do you know of a good place to find an explination or listing off all the d-i options?	18:30
thesheff17	maek: http://d-i.alioth.debian.org/manual/en.i386/apbs04.html I would almost search debian when looking for d-i stuff if you can't find it for ubuntu. I think that is how I found the extra settings for my mirror file.	18:31
maek	thesheff17: thanks again	18:33
thesheff17	maek: np glad I could help.	18:33
thesheff17	MTecknology: if you have nice new hardware you could always build virtual machines per function....like ftp server, apache server, etc	18:37
MTecknology	thesheff17: all the need to do is edit files in ~/*	18:38
MTecknology	thesheff17: it looks like rbash won't do what I need - even though it's extremely close - it's simple to break out of	18:38
thesheff17	MTecknology: I think you can only break out of it if you give them access to commands that break it...which commands do you want to restrict to?	18:39
thesheff17	MTecknology: also when a user logs in all file permissions should be user:user	18:40
SpamapS	IIRC, LXC and OpenVZ can do that w/o nice new hardware.	18:43
MTecknology	thesheff17: vim, cd, ls, wget, tar, pcd, pget, prush - I think that's most of it	18:44
thesheff17	MTecknology: well all of those commands are pretty straight forward except vim. vim they can prob break out of	18:46
smoser	SpamapS is correct that LXC (which enabled in ubuntu kernels, openvz is not) does not need hardware virtualization extensions.	18:47
smoser	that said, lxc is not significantly more secure than a chroot.	18:48
thesheff17	MTecknology: they are already using scp right? make them use winscp and edit the files :)	18:48
SpamapS	I seem to recall it doesn't provide quite the same host protection as full virtualiztion tho	18:48
aljosa	i need to enable ICMP or monitoring software reports that server is down but /etc/ufw/before.rules have ACCEPT for all icmp-type(s). any idea what i'm doing wrong?	18:48
MTecknology	thesheff17: winscp from a linux machine?	18:49
MTecknology	thesheff17: :P	18:49
aljosa	"iptables --list\|grep icmp" returns "REJECT all -- anywhere anywhere reject-with icmp-port-unreachable" but i can't figure out where is this defined	18:50
thesheff17	MTecknology: true	18:50
thesheff17	MTecknology: let them use gedit	18:50
MTecknology	thesheff17: My devs hate me enough :P	18:51
thesheff17	MTecknology: or nano	18:51
thesheff17	MTecknology: haha :)	18:51
MTecknology	:P	18:52
SpamapS	MTecknology: you might enjoy reading up on the concept of "devops".	18:52
MTecknology	thesheff17: if I could make them use rbash and also keep them from touching a few other commands - this might work nicely enough	18:53
thesheff17	MTecknology: I just think vim is too powerful with too many commands that prob can break out of rbash	18:53
MTecknology	thesheff17: it seems to capture it..	18:53
thesheff17	MTecknology: cool	18:54
aljosa	how can i enable icmp/ping on server?	18:54
MTecknology	thesheff17: now.. what was that other tool mentioned?? I need to go up and find it	18:55
pmatulis	aljosa: read up on ufw and where it stores it's files	18:55
thesheff17	Mtecknology: http://pentestmonkey.net/blog/rbash-scp/	18:55
pmatulis	aljosa: or just 'sudo grep -r REJECT /etc'	18:56
thesheff17	MTecknology: you just have to be careful with what commands you give you devs. You have to give them a little trust don't you :)	18:56
aljosa	pmatulis: i've just figured out that i can ping localhost but not public address, any idea why? also, i have no REJECT rules in /etc	18:57
MTecknology	thesheff17: ya, but I know what they need to use - the way things are right now (they don't know it) they can become root simply by not completing one of the commands that they use a few times a day.	18:57
pmatulis	aljosa: turn off iptables and make sure you can ping	18:57
thesheff17	MTecknology: well if they aren't running things as root now rbash will be just another layer they will have to "break" to get to root.	18:59
aljosa	pmatulis: i've did ufw disable, iptables --list has no rules. still can't ping public ip address. what else could be a problem?	18:59
thesheff17	MTecknology: and harder in a chroot env	18:59
thesheff17	aljosa: your route	18:59
thesheff17	aljosa: default gateway	18:59
MTecknology	thesheff17: I'm trying to fix the masive gaping security holes.. a chroot as i described earlier would be absolutely perfect - but it doesn't sound like that's possible	19:00
thesheff17	MTecknology: sorry I missed...what was the problem with chroot?	19:01
MTecknology	thesheff17: give me a minute...	19:01
aljosa	can somebody try to ping 79.125.24.103? it's hosted on amazon, do you get any response?	19:05
abrightwell	no response.	19:05
thesheff17	aljosa: doesn't ping you prob don't have icmp enabled in the security group	19:05
abrightwell	has anyone have any experience with openfire or other XMPP server on Ubuntu?	19:06
MTecknology	thesheff17: http://dpaste.com/224302/	19:07
kees	aljosa: "hosted on amazon"? do you mean it's an EC2 instance? you have to open the EC2 firewall to talk to any of your instances there	19:07
SpamapS	ugh.. we're sucking at bug triage again	19:08
MTecknology	SpamapS: reminding me I need to file and fix a bug	19:09
thesheff17	MTecknology: what if you build the chroot env and then do a useradd -m	19:09
thesheff17	MTecknology: to create the home directory	19:09
MTecknology	thesheff17: I have a few hundred users, that would get to be a whole lot of chroots - usually only one or two of the accounts is used on any given day	19:10
MTecknology	thesheff17: usually they also log in at the beginning of the day and they're on for most of it	19:11
aljosa	kees: yes, but does icmp have port? i can't find any info	19:13
thesheff17	MTecknology: I think the problem is that you want a directory outside chroot available in chroot which defeats the purpose. I would just create a whole chroot env for all user /home/chroot/user	19:15
kees	aljosa: ICMP is a protocol, like UDP and TCP. I don't have the EC2 documentation handy, but I'm pretty sure you can open that up.	19:15
MTecknology	thesheff17: I'll still need t5o fight with not making the user/group of the home directory not have to be root:root	19:16
thesheff17	MTecknology: I believe you are seeing root:root because it is a symlink but it should still confirm to the link back. I could be wrong though	19:17
MTecknology	thesheff17: everything I read said that anything that's inside of a chroot need to be root:root on the fs	19:17
hggdh	Daviey: when you installed Euca 2.0, did it identify all components (walrus, cluster, scs)?	19:18
thesheff17	MTecknology: I don't think that is the case. I have had ftp & scp users send files to the server under chroot and I'm pretty sure the files inside the chroot permissions are correct.	19:18
Daviey	hggdh: Seemed to.. I'll have a better idea in a bit.	19:19
MTecknology	thesheff17: it kinda sucks.. I thought this would be an easy task :P	19:19
thesheff17	MTecknology: Though this was debian and I don't have the server anymore :(	19:19
Daviey	hggdh: There is different behaviour between ubuntu-server -> UEC conversion, and a fresh install of UEC	19:19
thesheff17	MTecknology: I would try one chroot env with all your users inside there with rlogin limited to the commands you want. also have a separate home directories for the server and chroot env	19:20
thesheff17	MTecknology: rbash I mean	19:21
MTecknology	thesheff17: so make a chroot, ln -s /chroot/home -T /home; and then?	19:21
thesheff17	MTecknology: yea	19:22
MTecknology	thesheff17: what would I do after that to make it work?	19:22
hggdh	Daviey: hum. In my case it is always a new install	19:22
thesheff17	MTecknology: sorry that isn't right....don't have home a symlink. create a new home dir for the chroot env.	19:23
Daviey	hggdh: What behaviour are you seeing?	19:24
MTecknology	thesheff17: ok, I'll cp it	19:24
AndyGraybeal	MTecknology: back to 'dots' in the username, so you say: adduser andy.graybeal --force-badname ?	19:24
MTecknology	thesheff17: so then?	19:24
MTecknology	AndyGraybeal: I just do useradd -m -s /bin/bash SOMEUSER.s	19:25
thesheff17	you can just copy /etc/passwd to the chroot	19:25
AndyGraybeal	MTecknology: thank you	19:25
MTecknology	thesheff17: and then?	19:25
MTecknology	thesheff17: That part doesn't seem too hard	19:26
MTecknology	I'm building the chroot now	19:27
thesheff17	MTecknology: there a bunch of files you need for a chroot env...here is a how to: http://www.cyberciti.biz/tips/howto-linux-unix-rssh-chroot-jail-setup.html	19:27
hggdh	Daviey: absolutely no component registered	19:29
thesheff17	MTecknology: then when the users login there is something in /etc/passwd that sends the user into the chroot env...sorry it has been a really long time since I have done all this ;)	19:29
hggdh	Daviey: so I had to euca_conf --register* on each	19:29
Daviey	hggdh: Ok! Can you pastebin your registraion.log?	19:30
hggdh	Daviey: one more thingy -- current ISO -- libvirt-bin did not start up on boot	19:30
MTecknology	thesheff17: I'm using debootstrap now. I figure I can trim that down after things are working..	19:30
Daviey	sigh	19:30
Daviey	hggdh: thanks for letting me know	19:30
thesheff17	MTecknology: that will work	19:31
MTecknology	thesheff17: then I need to copy home, resolve.conf, passwd, shadow, and mount proc?	19:31
MTecknology	thesheff17: then.. I've no idea :P	19:31
hggdh	Daviey: http://pastebin.com/mZ1U8GVK	19:32
MTecknology	thesheff17: unpacking this much data takes a while :P	19:32
hggdh	Daviey: my pleasure ;-)	19:33
Daviey	hggdh: I'm somewhat concerned about the cluster not being recognised	19:34
Daviey	I've not seen that issue here :S	19:34
hggdh	Daviey: might be something that changed in the eucalyptus-udeb?	19:35
SpamapS	ugh.. thats 3 times in a row today where I triaged one bug, and in the time it took, another one was reported. >:	19:35
Daviey	hggdh: I think this might be the case	19:37
Daviey	sigh	19:37
jord	I've got a problem with Avahi. It starts at boot but does not advertise it's services until I restart it. Any ideas?	19:37
Daviey	hggdh: I'm firing up a cloud in a while from the latest daily, and will report my findings... hopefully they match	19:38
Daviey	jord: No idea.. but please keep me posted about what you find out. This might be causing me an issue aswell, so i'd appreciate it if you can let me know what happend.	19:38
jord	Daviey: sure, it's pretty annoying!	19:39
MTecknology	thesheff17: another fun issue... out of disk space	19:39
thesheff17	MTecknology: hehe your devs won't be doing much with no disk space :p	19:40
SpamapS	is Avahi an upstart job or rc script still?	19:41
MTecknology	thesheff17: I cleared it up enough that they can - for now	19:41
SpamapS	seems like if anything would need a real IP assigned, it would be avahi	19:41
MTecknology	thesheff17: gotta fix this issue first :P	19:41
hggdh	Daviey: good. I do hope it matches -- I also tested with the current dailies. Meanwhile, time to dig in the installer/syslog	19:41
MTecknology	!kvm	19:41
ubottu	kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM	19:41
Daviey	hggdh: Cool.. please do let me know what you find. :)	19:42
SpamapS	Daviey: I installed eucalyptus-cc trying to test the ganglia script, but I never got any stats files...	19:48
SpamapS	do I have to spawn nodes to get stats?	19:48
=== _ng is now known as _NG
MTecknology	thesheff17: yay, so simple - now for a lot of moving files around	19:50
thesheff17	MTecknology: excellent :)	19:50
Daviey	SpamapS, sadly - you do :/	19:50
Daviey	SpamapS, Is there any thing me or hggdh can do to provide data?	19:51
ivoks	Daviey: no :)	19:51
ivoks	Daviey: but i will start now :D	19:51
MTecknology	I love it when something doesn't die on kill -9...	19:51
Daviey	ivoks, RE: the postfix bug?	19:51
ivoks	Daviey: yes	19:51
Daviey	oh cool! You rock!	19:51
ivoks	eh? not really	19:52
MTecknology	It'd be great if there was one end-all-be-all command to destroy a process	19:52
batok	is there a default password for user root in mysql ? First time accesing mysql in ubuntu 9.10	19:53
MTecknology	batok: no, when you install mysql it asks you for that	19:53
ivoks	nope	19:53
Daviey	ivoks, you rock for doing it now :)	19:54
ivoks	batok: if you don't know it, sudo dpkg-reconfigure mysql-server-5.0	19:54
batok	well I just did the apt-get	19:54
batok	ok tks	19:54
Doonz	Hey guys	19:55
Doonz	hey guys im using sshfs to mount a remote directory on my local server. Is there a way to make this mount a constant connection because sometimes it disconnnects and then i have to manually remout it	19:56
Doonz	ive tried the tcpalive and clientinative and serverinactive but its still disconnects	19:56
Doonz	is there something else i could do?	19:56
ivoks	why does it disconnect?	19:57
Doonz	dunno	19:57
Doonz	ls: cannot open directory .: Transport endpoint is not connected	19:57
ivoks	does your internet connection gets disconnected?	19:57
Doonz	nope	19:57
MTecknology	thesheff17: gah! Disk IO needs to become limitless	19:58
ivoks	is there a timeout on ssh server? does it get periodily disconnected or in case on inactivity?	19:58
MTecknology	thesheff17: mkfs has been running for 5min now :(	19:58
MTecknology	on only 30GB	19:59
SpamapS	Daviey: If you wanted to tar up your /var/run/eucalyptus and /var/log/eucalyptus, and send those to me, that would help	19:59
Doonz	i just remount it and everything is good	19:59
SpamapS	Daviey: otherwise I'll just start spawning nodes. ;)	19:59
Doonz	ill check the timeout on the server	20:00
thesheff17	MTecknology: you can run nice before the command so it doesn't stress other things running	20:00
ivoks	Doonz: remounting doesn't answer the question	20:01
Doonz	theres no timeout specified in the sshd_config file	20:01
MTecknology	thesheff17: I'd probably make it not so nice to oth3er things :P	20:01
ivoks	Doonz: is your conenction dropped after period of inactivity or every, let's say, 5 minutes?	20:01
Doonz	nope	20:01
MTecknology	thesheff17: it's only 30GB - it shouldn't take this long :S... it's virtual i guess	20:01
Daviey	SpamapS, It might be a good learning experience to deploy your own cloud. :)	20:01
Daviey	(if you have the time / motivation )	20:02
thesheff17	MTecknology: yea 30GB should be quick	20:02
MTecknology	thesheff17: I'm still waiting	20:02
ivoks	Doonz: 'or' questions can't be answered with yes or no :)	20:02
Doonz	my ssh never drops	20:04
millerd	So I have a computer lab of imaged Ubuntu machines, using cluster ssh how do I connect to them all?	20:05
ivoks	Doonz: what i've asked is:	20:05
ivoks	Doonz: does you connection drops while you are using that mount?	20:06
ivoks	Doonz: or is it just dropping after some time when you aren't using it	20:06
Doonz	its if i havent used it	20:06
ivoks	so, it's timeout	20:06
Doonz	client side or server side?	20:06
ivoks	something kills the connection cause of inactivity	20:06
hggdh	Daviey: I can see no errors on the installer/syslog	20:08
hggdh	Daviey: I think I will reinstall from scratch, and -- before doing anything else -- check on the settings	20:09
lenios	does anyone have experience with encrypted disk (luks) containing LVM? i broke the mbr, and having issues booting it	20:10
lenios	initrd and linux image should be safe, but /boot/grub was overwritten	20:11
ivoks	Doonz: probably client side	20:12
Doonz	well that brok it more	20:12
Doonz	lol	20:12
Doonz	read: Connection reset by peer	20:12
ivoks	what broke it?	20:13
millerd	So I have a computer lab of imaged Ubuntu machines, using cluster ssh how do I connect to them all so I can manage them, update them etc?	20:14
Doonz	connection time	20:16
=== _NG is now known as _ng
Doonz	too many 9's	20:16
Doonz	fixed it only one way to see if that fixes it	20:16
ivoks	9?	20:16
ivoks	i'm not telephatic	20:17
ivoks	or however it is spelled	20:17
Doonz	connection timeout was 99999999999999999	20:18
Doonz	it didnt like that	20:18
ivoks	it could be your gateway that's killing the connection	20:19
thesheff17	millerd: I would use private/public ssh keys and write a script to run commands on the remote servers.	20:19
millerd	How do I do that?	20:19
thesheff17	millerd: search google for ssh keys and learn how they work	20:22
MTecknology	thesheff17: OK! chroot is setup and I can become users inside of it	20:22
MTecknology	thesheff17: now what? :P	20:22
thesheff17	thesheff17: I would get rbash working for each user with each command you want	20:24
MTecknology	thesheff17: rbash won't do what I need it to	20:25
MTecknology	thesheff17: in #bash they even said it's a bad idea to rely on it at all	20:25
thesheff17	MTecknology: with chroot all the commands are disabled....you should symlink the commands you want	20:26
uvirtbot	New bug: #452910 in asm2 "Encoding javac and javadoc warnings during build" [Low,New] https://launchpad.net/bugs/452910	20:26
MTecknology	thesheff17: yup- I have a fully functional chroot right now	20:28
MTecknology	thesheff17: I can ping google and su users from inside of it	20:28
thesheff17	MTecknology: nice what else do you need to do?	20:31
MTecknology	thesheff17: drop the user into that chroot as their user	20:32
thesheff17	MTecknology: its something in the /etc/passwd	20:34
thesheff17	MTecknology: that forwards them into the chroot env	20:35
MTecknology	!search chrootshell	20:38
ubottu	Found:	20:38
thesheff17	MTecknology: Even with the chrooted SSH that we have just installed you can log in without being chrooted (which makes sense if you log in as root, for example). Now, how does the chrooted SSH decide whom to chroot and whom not? That's easy: the chrooted SSH looks up the user who is trying to log in in /etc/passwd. If the user's home directory in /etc/passwd has a . (dot) in it, then the user is going to	20:39
thesheff17	be chrooted.	20:39
MTecknology	thesheff17: This? /chroot/./home/user ?	20:41
thesheff17	MTecknology: http://www.howtoforge.com/chroot_ssh_sftp_debian_etch yea	20:41
MTecknology	or in my case - SEF5644E4.s:x:1027:1028::/chroot/./home/SEF5644E4.s:/bin/bash	20:41
thesheff17	MTecknology: that is where I got the example	20:41
MTecknology	thesheff17: I tried changing that - but didn't wind up in the chroot	20:43
thesheff17	MTecknology: you are putting the . in the /etc/passwd and not the one in the chroot env right?	20:45
MTecknology	thesheff17: right	20:45
MTecknology	thesheff17: I did it on my own user account - michael:x:1001:1001::/chroot/./home/michael:/bin/bash	20:45
thesheff17	MTecknology: actually it looks like it needs to be in both: I see them do this: grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd	20:46
MTecknology	thesheff17: ...	20:48
MTecknology	thesheff17: I landed my user in the chroot - but somehow the php commands are still available :S	20:49
MTecknology	it's like the only thing that changed is my home directory	20:49
thesheff17	MTecknology: is the . in both passwd files?	20:50
MTecknology	yup	20:50
thesheff17	MTecknology: also fix the group file	20:50
MTecknology	thesheff17: What is it I need to change there?	20:51
hggdh	kirkland: there?	20:51
thesheff17	MTecknology: also the .	20:51
kirkland	hggdh: yo	20:51
MTecknology	thesheff17: SEF5644E4.s:x:1028: -> SEF5644E4.s:/chroot/.x:1028: ??	20:52
hggdh	kirkland: on /etc/init/eucalyptus-network.conf: what did you want to do with 'INSTANCE $IFACE'? Can I just replace/take it out?	20:52
thesheff17	MTecknology: nm that isn't right you shoudn't have to do anything /etc/group	20:53
MTecknology	thesheff17: su - SEF5644E4.s	20:53
MTecknology	pwd -> /chroot/./home/SEF5644E4.s	20:53
MTecknology	:S that seems wrong	20:53
thesheff17	MTecknology: do all your home dirs have . in them?	20:54
MTecknology	most all of them	20:54
thesheff17	MTecknology: is that for security?	20:54
kirkland	hggdh: can you pastebin that file for me?	20:55
kirkland	hggdh: i don't have it in front of me	20:55
MTecknology	no, I just have a lot of scripts that parse things and that's one thing they parse on	20:55
MTecknology	I can't imagine adding a dot would make it any more secure	20:56
thesheff17	MTecknology: well usually the home dir is the same as the username :)	20:56
thesheff17	MTecknology: is what I meant for security	20:56
hggdh	kirkland: http://pastebin.ubuntu.com/472341/	20:57
MTecknology	thesheff17: that is the username	20:57
MTecknology	thesheff17: I just tried it with a user w/o a dot and got the same thing	20:57
MTecknology	thesheff17: I'm definitely dropped into the right directory - but this is definitely not a chroot :P	20:58
smoser	Daviey, i tested the package that i have in my ppa	20:59
smoser	so that merge suggestion is good.	21:00
Daviey	smoser: rockin'	21:00
MTecknology	thesheff17: I feel like this has to be increibly close though :)	21:00
thesheff17	MTecknology: yea I think you are really close.	21:02
MTecknology	thesheff17: any app I'm maybe missing to do the rest?	21:03
millerd	Can anyone explain to me how cluster ssh works? Like does anyone know of a good diagram or something?	21:05
AndyGraybeal	how do i list all groups from the command line? i figure it might be like: groups --list .. but alas..	21:06
thesheff17	MTecknology: i'm not sure I would follow this how to and see if a new user works http://www.howtoforge.com/chroot_ssh_sftp_debian_etch	21:07
MTecknology	AndyGraybeal: cat /etc/group	21:07
MTecknology	thesheff17: I was trying to follow it, I also saw another one very similar	21:07
thesheff17	MTecknology: yea you are really close	21:08
jord	Anyone know about Avahi? It won't start at boot correctly.	21:09
MTecknology	thesheff17: If I manage to get this working I may very well use it on my own system :P	21:10
thesheff17	MTecknology: yea chroot works really well...and it really helps protect the operating system	21:10
MTecknology	thesheff17: :'( Everything I read says that should be it...	21:12
oru_work	is there such thing as "reminder" software by email ?	21:13
MTecknology	thesheff17: same with a new user too	21:14
thesheff17	MTecknology: sounds like it is missing some file maybe....maybe something in the logs?	21:15
MTecknology	thesheff17: nope	21:16
MTecknology	gah... meeting time	21:17
MTecknology	I have to meet with a board - back in a few	21:17
oru_work	can anyone recommend a web based callendar ?	21:20
AndyGraybeal	i've been looking at one that is named after a monk, the name isn't coming to my mind right now.	21:22
AndyGraybeal	bedework	21:23
AndyGraybeal	i've never used it though, it looks like the best group calendar	21:23
AndyGraybeal	oru_work: i've been looking at bedework	21:25
zenmower	..	21:33
progre55	hi people! I'm starting a deamon using "start-stop-daemon --start --quiet --pidfile $SCRIPT_PID --startas $DAEMON -- $DAEMON_OPTS", but it doesnt record the pid in the specified file, so the "stop" option doesnt work. Any suggestions, please?	21:42
AndyGraybeal	i have a newb quesiton, sorry for this. i have a folder that is owned by the group 'tech' and andy.graybeal is in the 'tech' group and has access to write to this folder. andy.graybeal's primary group is the 'users' group. infact all the users are a part of the 'user' group so we can share files easily. when he creates a file in the 'tech' folder that files group is 'user'. andy doesn't want anyone to edit it because it'	21:45
corpsegrindr	Hey, does anyone know if its possible to put music on an ipod from lucid server?	21:49
cloakable	corpsegrindr: presumably.	21:51
cloakable	corpsegrindr: You'd likely want some way to update the database, though.	21:52
corpsegrindr	just manual adding would be fine. I do not need auto sync. I am just not sure how to add it since the ipod does not show up like an external drive	21:53
ScottK	SpamapS: I got mail over the weekend from the Kolab PHP guy (even though he's on vacation). The short version is "We want the patches upstream, doing the configure changes is no problem. We can't promise what upstream will do."	22:04
ScottK	SpamapS: I think that's reasonable.	22:04
SpamapS	ScottK: yeah totally, it looks like the only debate is whether or not upstream of c-client will apply the patches. I think the PHP guys are totally gung-ho and ready to add functionality... its pretty much what the live an breathe. ;)	22:05
ScottK	SpamapS: But with the configure time checks, getting c-client to accept the patches doesn't have to block progress with php.	22:06
ScottK	SpamapS: Any objections if we go ahead and patch c-client/php-imap in Ubuntu?	22:06
SpamapS	ScottK: no objections, but I would like to see the c-client patches pushed hard toward upstream.	22:07
SpamapS	Seems like they're reasonable, if uninterested fellows and will probably apply the patch w/o much fuss.	22:08
ScottK	OK. I'll follow up with the Kolab folks on that.	22:08
ScottK	I think that just leaves the cyrus-imap patches and those looked pretty safe to me.	22:09
SpamapS	totally	22:10
ScottK	SpamapS: Would you rather prepare the uploads and I'll sponsor them or that I just do it?	22:11
uvirtbot	New bug: #612734 in vm-builder (universe) "linux-ec2 is no longer needed in uec images" [Undecided,New] https://launchpad.net/bugs/612734	22:12
SpamapS	ScottK: I wouldn't count on me having any time before FF.. :-/	22:12
ScottK	OK. I'll do it then.	22:13
AndyGraybeal	let me reword this: how do i get it so group ownership of all files under a folder stay to the group. i know i can 'chgrp -R tech Tech_folder' but then a user comes in an creates a file, that file is now under group ownership of that person default group. how do i make it so that the group ownership stays as the folder's group?	22:24
guntbert	AndyGraybeal: I'm not sure but you could give write permissions for the directory only to the group	22:27
AndyGraybeal	aah thank you guntbert, sorry for my newbness	22:27
guntbert	AndyGraybeal: no problem :) and I am not sure if it will work	22:27
AndyGraybeal	i will test it.	22:28
AndyGraybeal	guntbert: yea, i'm not sure how to do that exactly.	22:29
AndyGraybeal	i mean i think it might already be that way, but i'm confused.	22:30
guntbert	AndyGraybeal: paste the output of ls -ld <pathToFolder>	22:31
AndyGraybeal	as it stands the Tech folder is drwxrwxr-x ; the group is 'tech'	22:31
AndyGraybeal	hold lemme paste it	22:31
AndyGraybeal	aah thank you guntbert, sorry for my newbnessandy@buddleia:/srv/Desktop$ ls -ld Tech	22:33
AndyGraybeal	drwxrwxr-x 7 andy tech 4096 2010-08-02 16:41 Tech	22:33
AndyGraybeal	crap	22:33
AndyGraybeal	but anyone there it is	22:34
guntbert	AndyGraybeal: chmod u-w Tech, then you should get dr-xrwxr-x 7 andy tech 4096 2010-08-02 16:41 Tech	22:35
AndyGraybeal	okay, let me test	22:36
AndyGraybeal	guntbert: i made a file as 'andy.graybeal' in the Tech folder. the user andy.graybeal is in the groups users and tech. users is his primary group, as well as all the other users. i logged in and i could edit that file as another user only in the 'user' folder, not the tech folder. i know this is how it is supposed to work, but how can i accomplish it so when i make a file under the 'tech' folder only the people in the 't	22:42
AndyGraybeal	oh crap.. my words are mixed up.	22:43
AndyGraybeal	i edited that file as another user, in the 'users' group, not the 'tech' group.	22:43
AndyGraybeal	anyway, i don't think there is a way to fix this the way i'm thinking.	22:44
guntbert	AndyGraybeal: please create a new file there and look at its permissions (ls -l newfile)	22:44
AndyGraybeal	andy.graybeal@buddleia:/srv/Desktop/Tech$ touch testing123	22:46
AndyGraybeal	andy.graybeal@buddleia:/srv/Desktop/Tech$ ls -l testing123	22:46
AndyGraybeal	-rw-rw-r-- 1 andy.graybeal users 0 2010-08-02 17:45 testing123	22:46
AndyGraybeal	a person in the 'users' group can edit that file.	22:46
AndyGraybeal	and this is good if the file wasn't under the 'tech' folder, but maybe say it was under our 'shared_data' folder.	22:47
AndyGraybeal	i have my umask set to 002 btw	22:48
AndyGraybeal	i think what i'm trying to accomplish isn't possible.	22:49
=== _ng is now known as _NG
AndyGraybeal	i'm sorry that was so confusing.	22:56
guntbert	AndyGraybeal: might be it is not possible - but ...	23:00
AndyGraybeal	i'm sure that what i'm thinking is somewhat common; we want everything to be able to be read, but want the things under folders protected from writing by those not in the group; people can be in many groups, the folders can only be in one group. so for instance; if i'm in 'hr' and 'tech' group, i want to be able to read and write things in the 'hr' and 'tech' folders. and i want everyone else in those folders to be able to	23:04
AndyGraybeal	i don't know how to accomplish that.	23:04
AndyGraybeal	maybe i'll email the list, it may make more sense if i do that.	23:09
=== JanC_ is now known as JanC
=== dendro-afk is now known as dendrobates

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!