[00:14] <kinygos> ok...i finally found the answer to my keyboard layout problem...
[00:14] <kinygos> simply run sudo dpkg-reconfigure console-setup and make the appropriate selections
[00:15] <kinygos> thanks for the help :)
[00:15] <EvilPhoenix> anyone know of any cli tools that can show you active ports things are bound to as well as the number of packets being received/sent on those ports?
[00:15] <EvilPhoenix> similar to top peraps?
[02:07] <progre55> hi guys. I want to add a script in /etc/init.d/ to startup, but only after networking is up. so how do I update-rc.d it?
[02:29] <progre55> anyone? I'm starting a deamon using "start-stop-daemon --start --quiet --pidfile $SCRIPT_PID --startas $DAEMON -- $DAEMON_OPTS", but it doesnt record the pid in the specified file, so the "stop" option doesnt work. Any suggestions, please?
[03:22] <rdw200169> EvilPhoenix: netstat -pln --inet
[03:23] <rdw200169> EvilPhoenix: the only way, that i know of, to get the packet count on ports is by doing some iptables packet counting per port
[03:23] <rdw200169> EvilPhoenix: or, you could use something like ntop, but that's more of a web-gui type thing
[03:31] <EvilPhoenix> thanks
[03:34] <rdw200169> did it work the way you wanted?
[03:35] <EvilPhoenix> rdw200169:  havent checked, the server's offline for system updates tonight
[03:35] <EvilPhoenix> ;)
[03:35] <EvilPhoenix> i can tell you tomorrow if it worked :)
[04:56] <MTecknology> zul: Hey Chuck... You happen to be around now? I want to thoroughly irritate you. :)
[05:08] <_Snark> Q - can i softraid across multiple (sata) controllers, or do all raid member disks need to be on the same controller?
[06:00] <sirninja> How do I run a dummy xserver?
[07:26] <Yosi123> hi all, new to UB-server...   if I want to change the hostname of a system, can I just edit the hosts and the hostname file in /etc, or it it like windows and i have to change 10000 files?
[07:26] <Yosi123> new to linux
[07:42] <Jeeves_> Yosi123: Those files will do indeed. But there are some programs which base stuff in their configfile on the hostname
[07:42] <Jeeves_> so the best thing to do is:
[07:42] <Jeeves_> sudo grep -r <your old hostname> /etc
[07:43] <Jeeves_> that will show all the files that contain your old hostname
[07:43] <Yosi123> awesome
[07:43] <Yosi123> thanks
[07:43] <Yosi123> see the problem i'm running into is when i setup the server, i just maid it the domain of my first domain but now i'm holding tons of virtual apache setups
[07:44] <Yosi123> note sure how dangerous it is to change the domain name of the machine
[07:44] <Jeeves_> it itsn't
[07:45] <Yosi123> see now i would liek to gibve it a more generic name...
[07:45] <Yosi123> but does the system domain have to be a real world domain?  does it have to match something?
[07:46] <Jeeves_> No
[07:47] <Yosi123> thats what i thought...
[07:47] <Yosi123> i did the grep u mentioned
[07:47] <Yosi123> and it only came back in the hosts file and the network files
[07:47] <Yosi123> so it looks pretty clean
[07:48] <Yosi123> what si the point of giving the machine a domain to begin with?
[08:01] <Yosi123> does anyone know, does ubuntu-server support phpmyAdmin?
[08:02] <joschi> Yosi123: yes
[08:04] <\sh> apt-get install phpmyadmin
[08:04] <Yosi123> joschi> is it worth to install it...    i need to restore a .sql file..   someone told me its easy with that tool...  is there an easier way without it?
[08:04] <joschi> Yosi123: you could just use `mysql`
[08:04] <\sh> Yosi123: restoring an sql file is more easy with the client
[08:04] <Yosi123> sh - which client?  the gui?
[08:05] <\sh> mysql -u root -p database_name < filename.sql
[08:05] <\sh> Yosi123: mysql client
[08:05] <Yosi123> yeah, they told me its very standard...  so maybe i'll just use that command instead of in stall phpmyadmin just to restore the one file
[08:05] <\sh> or the much better way: mysql -u root -p \n <login> use <database name> \n set FOREIGN_KEY_CHECKS=0; \n source <filename.sql>; \n set FOREIGN_KEY_CHECKS=0;
[08:05] <\sh> done
[08:06] <Yosi123> awesome, thanks...
[08:06] <\sh> aeh the last set FOREIGN_KEY_CHECKS needs to be =1 ;)
[08:06] <Yosi123> k
[08:11] <Yosi123> sh - is there any way to execute the sql from the MySQL Query Tool?  I copy and pasted the file into it, but when I hit the execute button it says "No SQL command"
[08:11] <Yosi123> sql file*
[08:17] <\sh> Yosi123: I don't know the mysql query tool....
[08:17] <twb> \sh: why do you need to disable foreign key checks?  Is the dump you're restoring out-of-order?
[08:17] <Jeeves_> Yosi123: Why not just use 'mysql
[08:17] <Jeeves_> '
[08:18] <Jeeves_> .\ dumpfile
[08:18] <\sh> twb: we had some problems before, yes :(
[08:18]  * twb blames mysql
[08:19] <\sh> twb: no I blame broken software :) magento is one of them (especially
[08:19] <\sh> when you are using a mysqldump backup of magento dbs... :()
[08:19] <twb> \sh: what, the dump was created by something other than the database?
[08:19] <\sh> twb: no but magento is creating new tables during runtime, and adding some foreign keys to other tables...:(
[08:20] <twb> Surely if myqsl creates a dump, it SHOULD be coherent, regardless of what app(s) use the database
[08:20] <twb> Oh, I see
[08:20] <\sh> twb: and sometimes, if not most of the time, the rollback of an mysqldump gives you problems...
[08:20] <\sh> regarding magento
[08:39] <twb> Is the lucid partner repo mirrored anywhere?
[08:39] <\sh> twb: I'm mirroring it locally ;)
[08:40] <twb> I'm getting 50kiB/s trying to mirror it directly from archive.canonical.com
[08:40] <twb> \sh: I mean are public mirrors allowed, and if so, where is a list of them
[08:40] <jpds> twb: It's not designed to be mirrored.
[08:40] <\sh> twb: dunno...ask one of the canonical sysadmins
[08:40] <twb> jpds: that's what I figured; I wanted confirmation
[08:41] <\sh> since the move of sun-java* packages to partner it should be mirrored somewhere publically
[08:41] <twb> Indeed; I'm pissed because I found that epiphany Just Doesn't Work with icedtea, so I need to do this dance to get $customer's token java applet to work again :-/
[09:38] <YankDownUnder> Anyone have any luck with a Canon LBP-1120 under 10.04?
[10:08] <PirosB3> hi all, i have ubuntu server 10.04, have external hd connected that ftab mounts on boot, but if it'snot there... i't won't even start!! anyone??
[10:08] <PirosB3> UUID=......... /home/external/ vfat ro 0 0
[10:08] <PirosB3> no hd, no boot :(
[10:09] <joschi> PirosB3: hdd defect? usb port defect?
[10:09] <PirosB3> not at all,
[10:09] <joschi> PirosB3: does it work with another OS?
[10:09] <PirosB3> as soon as i attach drive it boots correctly
[10:10] <PirosB3> yes, everything works fine
[10:10] <PirosB3> i'm afraid it's something to do with fstab
[10:10] <joschi> PirosB3: check the output of `dmesg`. there should be some entries when you plug the hdd in
[10:11] <PirosB3> [    6.046500] sd 0:0:0:0: Attached scsi generic sg2 type 0
[10:11] <PirosB3> [    6.047292] sd 0:0:0:0: [sdb] 488397168 512-byte logical blocks: (250 GB/232 GiB)
[10:11] <PirosB3> [    6.048528] sd 0:0:0:0: [sdb] Write Protect is off
[10:11] <PirosB3> [    6.048532] sd 0:0:0:0: [sdb] Mode Sense: 21 00 00 00
[10:11] <PirosB3> [    6.048535] sd 0:0:0:0: [sdb] Assuming drive cache: write through
[10:11] <PirosB3> [    6.053044] sd 0:0:0:0: [sdb] Assuming drive cache: write through
[10:11] <PirosB3> [    6.053073]  sdb: sdb1
[10:11] <PirosB3> [    6.056795] sd 0:0:0:0: [sdb] Assuming drive cache: write through
[10:11] <PirosB3> [    6.056825] sd 0:0:0:0: [sdb] Attached SCSI disk
[10:11] <PirosB3> [    6.476964] usb-storage: device scan complete
[10:11] <PirosB3> ops, sorry
[10:16] <joschi> PirosB3: `sudo blkid /dev/sdb1` will show you the correct UUID which you can use in your fstab
[10:17] <PirosB3> joschi: i have the correct uuid
[10:17] <joschi> PirosB3:  what does `mount /home/external` tell you then?
[10:18] <joschi> PirosB3: because the partition has been correctly detected by your system (see `dmesg`)
[10:18] <PirosB3> mount: secondo mtab, /dev/sdb1 è già montato su /home/external
[10:18] <PirosB3> mount non riuscito
[10:18] <PirosB3> lol
[10:18] <PirosB3> for mtab, it is already mounted
[10:18] <PirosB3> mount failed
[10:18] <joschi> PirosB3: please use LANG=C ;)
[10:18] <joschi> ah, ok
[10:19] <PirosB3> translate ;)
[10:19] <joschi> PirosB3: I hope you have run the mount command with sudo and not as your normal user. maybe you have a stale /etc/mtab file
[10:19] <PirosB3> lol
[10:20] <PirosB3> ....maybe :)
[10:20] <PirosB3> ok
[10:20] <PirosB3> it says mounted
[10:20] <PirosB3> but it's fstab for me
[10:21] <joschi> PirosB3: no. fstab is the file you edit, mtab is the file your system generates for it to remember which devices are mounted
[10:21] <PirosB3> yes, i'm saying my fstab line maybe needs some sort of option
[10:21] <PirosB3> UUID=......... /home/external/ vfat ro 0 0
[10:22] <joschi> looks good to me. you *could* add "defaults" to the options ("ro") but the rest is ok
[10:25] <PirosB3> what does defaults do?
[10:25] <joschi> add rw, suid, dev, exec, auto, nouser, and async
[10:26] <joschi> and rw is overridden by your ro
[10:26] <PirosB3> nono, i need only write
[10:26] <joschi> -> `man mount` by the way ;)
[10:26] <PirosB3> :D
[10:26] <PirosB3> ok 1 sec
[10:29] <PirosB3> nope :(
[10:29] <PirosB3> adding defaults dosen't do it :( sob
[10:31] <PirosB3> not even with auto!!!
[10:31] <PirosB3> going nuts
[10:31] <PirosB3> how can this be so stupid
[11:03] <bigbrovar> Hi guys I am looking for a system which I could use for centrally administering desktops systems at work. something which would allow me centrally deploy updates and install packages when needed. is there anything which is free (as in beer and speech) which can do this.
[11:04] <bigbrovar> someone told me about puppet has anyone used it before?
[11:05] <Jeeves_> bigbrovar: Maybe landscape?
[11:05] <Jeeves_> Otherwise, cfengine or puppet
[11:06] <Jeeves_> (i prefer cfengine)
[11:06] <bigbrovar> Jeeves_: its not free beer.
[11:06] <Jeeves_> bigbrovar: ?
[11:06] <bigbrovar> is it possible to configure cfengine or puppet to use as a central update system or mass installation of packages across systems
[11:07] <bigbrovar> Jeeves_: its not free as in price
[11:07] <Jeeves_> bigbrovar: cfengine is.
[11:07] <Jeeves_> puppet is. Only landscape isn't
[11:08] <bigbrovar> Jeeves_: yeah I know I was asking if if cfengine could be used for updating/updating many systems at once
[11:08] <Jeeves_> bigbrovar: cfengine has a client-server setup
[11:08] <Jeeves_> So the client periodically downloads scripts from the server and executes them
[11:09] <bigbrovar> Jeeves_: oh ok
[11:09] <bigbrovar> hmm not exactly what I wanted but I would give it a try
[11:10] <bigbrovar> Jeeves_: might also checkout spicewalk I heard there was plans to make a debian port would see how far that got.
[11:10] <bigbrovar> Jeeves_: thanks :)
[11:12] <Jeeves_>  yw
[11:16] <Zee5han> is it possible to install ubuntu using a virtual drive?
[11:18] <joschi> Zee5han: define "virtual drive"
[11:18] <Zee5han> to install ubuntu you need to boot with the CD
[11:19] <Zee5han> now lets say i dont have a CD and I mount the ISO with PowerISO
[11:19] <joschi> Zee5han: not necessarily
[11:19] <joschi> you could install ubuntu over network
[11:19] <Zee5han> will I still be able to boot and install?
[11:20] <joschi> or you just use something like wubi
[11:20] <YankDownUnder> What's wrong with a USB install...?
[11:20] <joschi> Zee5han: if you have a usb stick and the computer supports booting from usb you could also install ubuntu using unetbootin
[11:21] <Zee5han> I have tried wubi but when it is downloading the ISO it says itll take around 150hrs
[11:21] <joschi> Zee5han: so now you have several alternatives: install over network, install over windows, install over usb
[11:22] <Zee5han> can I also try it out... like Live CD... LIve USB
[11:23] <joschi> yes
[11:23] <Zee5han> Thanks
[11:23] <joschi> Zee5han: unetbootin will just copy the contents of the live cd on a usb drive
[11:23] <YankDownUnder> Zee5han, The liveUSB is basically the same as the LiveCD - except that you can actually keep changes made to the USB...handy that.
[11:24] <Zee5han> So I cant make changes on a LiveCD
[11:24] <Zee5han> lets day my CD is RW
[11:24] <YankDownUnder> Zee5han, Um...CD's being read-only...
[11:25] <YankDownUnder> Zee5han, Doesn't matter if your drive is R/W or the CD itself is R/W, doesn't happen like that. However, with the USB, you can make changes...and keep them. Handy for installing clamav and using it for workstations...
[11:25] <joschi> Zee5han: you can of course remaster a live cd. but on the usb stick you could do changes on the fly
[11:26] <Zee5han> Thanks
[11:29] <YankDownUnder> Anyone tried setting up a Canon LBP-1120 on 10.04 server?
[11:58] <pthsWork> Hi all. I need some help here. I've set up a two node cluster with pacemaker/corosync. Here I'm running DRBD, Samba, Winbind and LDAP (for sid-uid mapping). This works great. Both nodes are member in the AD domain (2008r2) with a virtual IP. The problem is: If I add a user in AD getent passwd wont get the new user (sometimes it does). If I then kill winbindd and change active node it works and the new user is listed. Any ideas
[11:58] <pthsWork> on what might be going on?
[12:06] <Roxyhart0>  somebody know how i can capture data with tcpdum in intervales of 5 minutes each 5 min?
[12:08] <YankDownUnder> Roxyhart0, Couldn't you create a script to do so and use cron to handle the job?
[12:09] <Roxyhart0> maybe, but i am not sure if i want to add the data to the same file ...how to do that
[12:10] <YankDownUnder> Roxyhart0, Probably append the date or time or something to the file - so that you're creating a file for that particular time? Just a thought...
[12:11] <Roxyhart0> yes, i cant use >>
[12:11] <Roxyhart0> as i tried and the file is not in the format that i want
[12:12] <YankDownUnder> Roxyhart0, Not sure I understand what you mean by "the file is not in the format that I want" => in what, content? In name?
[12:13] <Roxyhart0> format as i will read with wireshark...i tried to append with >> but after that wireshark doesn accept the format
[12:14] <YankDownUnder> Append with >> ? Hmm...not sure I grok this - however, something you might find useful: http://www.cyberciti.biz/tips/shell-scripting-creating-reportlog-file-names-with-date-in-filename.html
[12:19] <pthsWork> If I simplify my issue: If I add/delete users in Active Directory, getent passwd gets the updates after a few seconds. But for some reason this stops working after some time, so I have to restart windbindd to make it work again.
[13:03] <TuxSax> big woe!
[13:34] <TuxSax> uvirtbot: !fr
[13:34] <TuxSax> !fr > uvirtbot
[13:35] <TuxSax> LOL
[13:35] <pmatulis> having fun?
[13:35] <TuxSax> yeah
[13:35] <TuxSax> it has been 10 years since I've left the IRC stuff, I'm back now to find a lot of things evolved in the bots...
[13:36] <cloakable> heh
[13:36] <pmatulis> artiifical intelligence has improved somewhat
[13:36] <TuxSax> still have a lot to find out...
[13:36] <TuxSax> on how to use those bots...
[13:36] <pmatulis> *artificial
[13:37] <pmatulis> TuxSax: you can converse with the bot in private
[13:38] <cloakable> !botabuse
[13:38] <Pici> !usage
[13:57] <blinkiz> Hi there. I would like to edit a line in /etc/ufw/before6.rules. DROP router-advertisement. Should I edit in that file or should I put my own lines somewhere else?
[13:58] <blinkiz> Put in my own lines.. I mean.. put in some other file?
[14:10] <simmel> How do I restore the original /etc/init/mysql.conf from mysql-server-5.1 that I accidently removed?
[14:16] <klaas> simmel just download the package and unzip :)
[14:18] <simmel> klaas: I'd rather have apt-get/dpkg fix things since it's somewhere in that database. But sure, I've thought about it.
[14:18] <simmel> I've seen a solution for this before but I can't remember what I searched for then.
[14:19] <klaas> you can run reinstall
[14:19] <klaas> or reconfigure
[14:21] <simmel> aptitude reinstall mysql-server-5.1 ?
[14:21] <simmel> Because that doesn't solve it.
[14:46] <ttx> Everyone: You have a few more hours to submit your last papercuts candidates, bugs nomination for the last subcycle is tomorrow !
[14:55] <sommer> morning :-)
[14:56] <hggdh> Daviey: good morning, how's eucalyptus doing?
[14:57] <Daviey> hggdh, Hey!  Not too bad..  Been trying to work with Eucalyptus to get some of our patches merged upstream and raise some kitten killer bugs,
[14:58]  * hggdh likes kitten killers
[14:59] <hggdh> or even kitchen, for that matter
[15:00] <hggdh> Daviey: any expectations (great or otherwise) re. timeframe?
[15:02] <ttx> hggdh: about milestoning to alpha-3 (bug 610987): if you really mean it, you should also "Target to release" to maverick... and assign someone (be it Canonical Server team if you don't know what to put there)
[15:02] <ttx> otherwise it's just lost
[15:03] <ttx> I just targeted to maverick
[15:03] <ttx> and tentatively assigning to Dave (feel free to reassign in UECland)
[15:04] <Daviey> I've asked Eucalyptus to look into that once.
[15:04] <hggdh> ttx: thanks. My view right now is that there is nothing to test is these bugs don't get fixed
[15:04] <Daviey> I'm not entirely convinced it's there issue, it could be one of the patches we are carrying.. but they seemed willing to help debug
[15:04] <Daviey> I'm scheduling a call with Euca today, i think - to follow up
[15:05] <hggdh> ttx: I thought that milestoning would be enough, sorry
[15:05] <Daviey> smoser, free for a quick call?
[15:05] <smoser> can i have 5 minutes ?
[15:05] <ttx> Daviey: we should plan to have a "plain" build to reproduce against
[15:05] <ttx> (even if it's more painful to install)
[15:06] <ttx> This "must be in the patch you carry" was raised a few times already and was mostly debunked as false in the end
[15:06] <Daviey> ttx, Yes.. I did for the last Alpha make it only have essential patches in a PPA.. but i don't think that added too much value
[15:06] <Daviey> Only confirmation, really.
[15:07] <Daviey> ttx, Actually, euca made no reference to it being our patch - I raised it that out of the patches, this one I wasn't convinced was totally upstreams issue
[15:07] <Daviey> But they are taking a look regardless.
[15:07] <ttx> hggdh: for alpha3 IMHO we should concentrate on fixing the basic functionality, like registration and running a single instance.
[15:07] <ttx> hggdh: there is no way everything will get fixed in the next day
[15:08] <hggdh> ttx: so just basic functionality tests?
[15:08] <Daviey> Yes! That is good ttx, i agree...
[15:08] <hggdh> this is doable, of course. And easy :-)
[15:08] <ttx> hggdh: well, if that fails, there is no point in fixing how it behaves under load
[15:08] <hggdh> ttx: ack
[15:08] <Daviey> The ones that are concerning me at the moment, are "Auto registraion issue" and to a slightly lower priority "instance poor success rate"
[15:09] <ttx> I think we are spreading thin by trying to fix every regression
[15:09]  * hggdh will be able to complete tests in about one day \o/
[15:09] <ttx> and I fear that we won't solve anything if we go that route
[15:09] <ttx> concentrating on the basic ISO test for alpha3... then fixing everything else after
[15:09] <Daviey> ttx / hggdh: Euca are quite pleased to get access to the QA machines for this... elmo said it's ok, and i'll file a RT now.
[15:10] <ttx> at least we'd have something installable
[15:10] <Daviey> This makes it easy for hggdh to find an issue, ping them - and demostrate via screen etc.
[15:10] <hggdh> Daviey: GREAT! I think this is an extremely good move
[15:10] <Daviey> No more faffing with trying to communicate an issue.
[15:10] <smoser> Daviey, ping
[15:10] <Daviey> smoser, o/
[15:10] <ttx> Daviey: could you sum up the key bugs preventing the basic ISO test from succeeding ?
[15:11] <smoser> mumble
[15:11] <Daviey> win!
[15:11] <ttx> Daviey: bug 610987 is clearly *not* one of them
[15:11] <ttx> I want to keep in the A3 radar only those "basic functionality" issues
[15:12] <SpamapS> ttx: https://launchpad.net/server-papercuts/+milestone/maverick-beta ... 1 bug targeted? Did I put mine in the wrong place?
[15:12] <ttx> so remilestoning to beta everything that is a regression under load
[15:12] <hggdh> ttx: this bug only affects (it seems) when running 'euca-run-instances -n <number>
[15:12] <ttx> SpamapS: the milestone nomination will occur tomorrow
[15:12] <ttx> SpamapS: your proposlas should be undecided/New
[15:12] <SpamapS> ttx: oh.. ok, well I jumped the gun a bit, oops. ;)
[15:13] <ttx> SpamapS: you just overstpped your authority :)
[15:13] <SpamapS> removed. :-P
[15:13]  * SpamapS imagines ttx in Cartman's mirrored glasses.. ...... respect mah authoritah
[15:13] <ttx> SpamapS: though if you want to handle papercuts from now on, just let me know :P
[15:14]  * SpamapS dives back into spam can
[15:14] <ttx> Daviey: so, preventing the "basic tset" from succeeding, we have:
[15:14] <ttx> bug 609112
[15:14] <Daviey> ttx, 2 mins.... on call with smoser
[15:15] <hggdh> ttx: I eould add bug 610259 -- it may be a special case of 609112
[15:16] <ttx> hggdh: that doesn't prevent the basic test from succeeding, right ?
[15:16] <hggdh> expect for the fact that you have no clue of what NCs are in, no
[15:16] <hggdh> ttX ^
[15:17] <ttx> hggdh: I think it's the same issue
[15:17] <hggdh> ttx: I think it can, also. I opened separate because there was a chance it was unrelated
[15:18] <hggdh> s/it can/it is/
[15:18] <ttx> the key bug is that euca_conf doesn't register nodes anymore
[15:18] <hggdh> ack
[15:19] <smoser> ttx, thta isn't correct
[15:19] <smoser> it doesn't say it did
[15:19] <hggdh> smoser: when I tested it, I only got the NCs in via 'euca_conf --register-nodes', never via --discover-nodes'
[15:20] <smoser> ok.
[15:20] <smoser> so manybe im' wrong then/
[15:20] <smoser> my experience is that register-nodes works, but --list-nodes shows no nodes
[15:20] <hggdh> not sure -- I only tested on topo1 (all-in-one, plus 5 NCs)
[15:20] <smoser> but things run fine, and euca-describe-availability-zones output is correct.
[15:20] <ttx> Daviey: if you agree that the node registration issue is the key bug, that's something we can investigate on our side
[15:21] <ttx> Daviey: I'm sure you welcome external help on this one ?
[15:21] <hggdh> smoser: hum. I will try again, with a current ISO/UEC images
[15:21] <smoser> well, as of friday, --list-nodes was broken for me
[15:22] <hggdh> yes, same (from Thurday, and earlier, no changes in euca-2.0)
[15:22] <MTecknology> How can I put a user inside a chroot when they log in? Moreso, so they're only dropped into it if they're above uid 1000 (if possible)
[15:25] <Daviey> ttx, The more help the better :)
[15:25] <ttx> Daviey: ok, I'll try setting up a system to reproduce that
[15:26] <Daviey> ttx, Awesome!
[15:26]  * ttx wonders if he could start from an A2 system
[15:28] <Daviey> ttx, Hmm.. i'm not sure how the libjibx is handled for upgrade.. need to test that
[15:28] <ttx> Daviey: I'll figure it out
[15:29]  * ttx pauses while the ISO loads
[15:34] <hggdh> smoser: I am reloading the whole shebang. This is actually not bad, since I will be able to test the apparmour issue
[15:36] <poisonborz> Hola... could someone help me? I've installed ubuntu server with gnome and gdm to log in, but when I run gdmsetup, I get these errors... http://pastebin.com/SGDgqs6k
[15:37] <Daviey> ttx, If i want to get a new upload of euca into A2, guess it needs to be published before Tues early morning?
[15:38] <kirkland> Daviey: A3?
[15:38] <ttx> into A3, you mean ? Given the current state of the ISO...
[15:38] <Daviey> err yeah
[15:38] <ttx> I'd say that a late Tuesday upload will make it
[15:38] <Daviey> ttx, Does that mean Wednesday is likely to be the A3 iso?
[15:38] <hggdh> poisonborz: it seems you are missing some Gnome packages
[15:39] <ttx> Daviey: I hope so.
[15:39] <Daviey> ok, super
[15:39] <ttx> the current ISo is borken, says no kernel, some apt-cdrom failure apparenbtly
[15:40] <ttx> given that the release team is... fragmented... it should take some time to fix that.
[15:40] <poisonborz> hggdh: it would be great if that is all whats wrong... could you tell me what those packages are?
[15:42] <hggdh> poisonborz: unfortunately, no... perhaps you can try the #ubuntu channel?
[16:08] <MTecknology> How hard is it to write a custom pam module that handles crap when you log in over ssh?
[16:08] <MTecknology> I want to perform a certain set of commands and then drop the user in a certain chroot
[16:12] <ttx> Daviey: so I targeted the other bugs to -beta, let's focus on the node registration issue
[16:12] <Daviey> MTecknology, I'm not sure pam is the best way to achieve that... I would suggest a custom shell, perhaps
[16:13] <Daviey> ttx, Agreed.. if i can whack out a fix for registration - i'll start tackling the others
[16:13] <Daviey> I would like to land design refresh for A3.. but not sure that is likely now..
[16:13] <ttx> this might just snowball-fix the others
[16:13] <Daviey> snowball-break  the other features:)
[16:16] <MTecknology> Daviey: What I'm looking for is user| ssh user@host.com -> sshd| cp -r /etc/chroot-skel /tmp/[mktemp]; ln /home/user /tmp/[mktemp]/home/user; mount [stuff]; chroot /tmp/[mktemp] /bin/bash; logount| rm -r /tmp/[mktemp]
[16:17] <MTecknology> Daviey: unless there's some better option
[16:17] <Daviey> MTecknology, A throwaway chroot on every login?
[16:18] <RoyK> MTecknology: erm - is it possible to hardlink directories these days?
[16:19] <MTecknology> RoyK: ln -s
[16:19] <MTecknology> Daviey: ya
[16:19] <RoyK> MTecknology: looked more like you were trying to hardlink it
[16:20] <MTecknology> RoyK: those were far from complete commands. Sorry about leaving out the -s :)
[16:22] <MTecknology> Daviey: any ideas if somebody did the hard part of that already?
[16:22] <AndyGraybeal> how do i set global umask in multi-user setting, we'll be using ubuntu server with LTSP and Gnome.  is it /etc/profile ?
[16:23] <MTecknology> AndyGraybeal: yuppers
[16:23] <AndyGraybeal> thank you MTecknology
[16:24] <MTecknology> AndyGraybeal: after you change that, you need a reboot iirc
[16:25] <pmatulis> is /etc/profile read for all shells?
[16:26] <AndyGraybeal> is it possible to have usernames of andy.graybeal in ubuntu?
[16:26] <Daviey> MTecknology, The cleanest solution may well be PAM.. There is a PAM module for creating a home dir if it doesn't exist
[16:26] <Daviey> You could adapt that i suppose, but don't expect it to be too trivial
[16:27] <AndyGraybeal> Daviey: are you talking to me?
[16:27] <Daviey> AndyGraybeal, no
[16:27] <AndyGraybeal> Daviey:  :) k
[16:27] <Daviey> :)
[16:28] <Daviey> AndyGraybeal, you can have dots in usernames... and it works.. but useradd will complain :)
[16:28] <MTecknology> Daviey: any ideas for a better solution? My original goal was to just build a whitelist of what apps the user can launch - I'm somewhat considering chmod o-x on everything I don't want them running..
[16:29] <MTecknology> AndyGraybeal: if you want to avoid headaches.. make sure the first/last character is a letter.. some apps like to complain otherwise. I use dots all the time though.
[16:29] <MTecknology> some of my user accounts :P -> JF81F5D.s SEF5644E4.s S5A76C029.s SAB0FFB17.s
[16:29] <Daviey> MTecknology, Not at the moment.. i'm sorry i can't give you more focus atm.. Have lots to do :(
[16:31] <MTecknology> Daviey: ok, thanks. So far all I've found is libpam-chroot which seems to have no docs.
[16:34] <pmatulis> MTecknology: why not just create ssh chroots for the users?
[16:35] <MTecknology> pmatulis: how do I do that?
[16:35] <MTecknology> pmatulis: I some some docs on it but they weren't very helpful
[16:36] <pmatulis> MTecknology: there is quite a lot of hits for that.  what didn't work?
[16:37] <MTecknology> pmatulis: it seemed to be almost all for removing ability to access cli and required making the users home directory owned by root:root
[16:39] <pmatulis> MTecknology: not sure about that but what specifically is wrong with those solutions?
[16:40] <ttx> Daviey: arh, I downloaded the wrong A2 ISO.
[16:40] <Daviey> oh dear
[16:40] <ttx> looks like I won't have time to try it out today, and I don't work tomorrow morning
[16:41] <ttx> :/
[16:41] <ttx> Daviey: we can have a discussion now on how to debug it, like how it's supposed to work, if you need any of that info ?
[16:42] <MTecknology> pmatulis: I can't have everything owned by root, and they need to have cli access
[16:43] <pmatulis> MTecknology: ownership changes are top level directories, that should be ok since by nature folks are trapped in the chroot
[16:44] <pmatulis> MTecknology: re cli access, i don't get it, of course they have cli, can you explain?
[16:44] <MTecknology> pmatulis: I'm only trying to control what the user can do when logged in. I'll initiate processes as the user than I don't want them to be able to do
[16:44] <Daviey> ttx, Hmm.. i remember following the initial design of how it should work..  I am a little unsure, so it would help.
[16:44] <ttx> ok, mumble
[16:45]  * Daviey enages
[16:45] <pmatulis> MTecknology: oh ok, not a chroot at all then
[16:45] <MTecknology> pmatulis: That's just the solution I kept getting pointed at
[16:46] <pmatulis> MTecknology: and it's not like you know what they will be running, just what you don't want them to run?
[16:46] <MTecknology> pmatulis: If I can restrict them to a whitelist set of apps, that would be ideal
[16:47] <pmatulis> MTecknology: apps are cli-based?
[16:47] <MTecknology> pmatulis: ya
[16:47] <MTecknology> pmatulis: this is on a server
[16:48] <pmatulis> MTecknology: so just use ssh remote commands via a forced-command checking script  :)
[16:48] <pmatulis> MTecknology: are the apps interactive?
[16:48] <MTecknology> pmatulis: vim is
[16:49] <MTecknology> pmatulis: You mean like make them run ssh -e for every single command?
[16:51] <pmatulis> MTecknology: yeah
[16:51] <pmatulis> MTecknology: but not sure about interactive stuff
[16:51] <MTecknology> it'll almost all be interactive
[16:52] <MTecknology> They need to use thigns like vim, ssh, pu, pcd, prush, ls, cat, mv, rm, cd, wget, tar <- which covers probably almost all of it
[17:04] <Doonz> hey guys im using sshfs to mount a remote directory on my local server. Is there a way to make this mount a constant connection because sometimes it disconnnects and then i have to manually remout it
[17:04] <papertigers> join #ubuntu-community
[17:05] <papertigers> opps lol
[17:05] <rdw200169> Doonz: its probably more of a ssh configuration than a sshfs config... i'm guessing a longer ssh connection timeout or something, check the OpenSSH manual
[17:05] <Doonz> why would it time out tho
[17:06] <Doonz> box boxes are running and there hasnt been a disconnect for the internet
[17:06] <rdw200169> Doonz: lots of reasons.  sometimes the network bogs down, for whatever reason, and the host/guest connection doesn't see any packets for a while
[17:06] <rdw200169> Doonz: and then the timeout is satisfied, and the connection is closed
[17:07] <rdw200169> Doonz: you could also look into enabling the keepalive, so that inactivity doesn't shut your ssh connection
[17:07] <Doonz> uh
[17:07]  * Doonz is a noob
[17:08] <rdw200169> Doonz: you're gonna have the best luck reading the man page for ssh_config.  you're looking for 'TCPKeepAlive'
[17:08] <Doonz> sshfs user@remotehost:/home/user/scripts/ /home/user/scripts/
[17:08] <Doonz> thats the command i run
[17:09] <rdw200169> yeah, thats fine, but, on the inside of that command, a 'normal' ssh session is being created, which means your default ssh configuration still applies
[17:09] <Doonz> k
[17:09] <Doonz> goind to check it out now
[17:09] <rdw200169> thus, whatever is causing your ssh connection to be closed, would also affect a normal ssh session
[17:09] <Doonz> but my normal ssh session never closes
[17:09] <Doonz> :/
[17:10] <rdw200169> which is likely due to the fact that, when you have a 'normal' ssh connection, you never stay idle for very long
[17:11] <ttx> Still downloading, will setup tomorrow.
[17:12] <rdw200169> keep in mind that, for an sshfs mount, just because the drive is mounted, that your computer isn't necessarily communicating over that connection (unless you're accessing the mount or something)
[17:12] <Doonz> rdw200169: ok i looked in my ssh_config file and it didnt have TCPKeepAlive so i added it and set it to yes
[17:13] <Doonz> do i have to do anything now to it?
[17:13] <rdw200169> you could probably do well to also add it to /etc/ssh/sshd_config on your server too.
[17:13] <rdw200169> on the server, you could also add ClientAliveInterval 60 to that file as well
[17:15] <papertigers> I want to buy a new box for ubuntu server..but hmm what to use it for
[17:17] <Doonz> rdw200169: i cant find clientaliveinterval in the ssh_config man
[17:23] <hggdh> Doonz: it is actually ServerAliveInterval
[17:24] <Doonz> well its actuall in the sshd_config
[17:24] <Doonz> lol
[17:24] <Doonz> so i set that
[17:25] <hggdh> and ServerAliveInterval in the client.
[17:26] <Doonz> not tcpkeepalive?
[17:27] <AndyGraybeal> MTecknology: hey, about this dots in the name thing, i was reading that the command "chown" doesn;t like it when you need to assign both a username and a groupname like: chown andy.user /srv/userdata
[17:28] <AndyGraybeal> how would i get around that if i have dots in my name?
[17:30] <AndyGraybeal> i guess chown gets confused
[17:31] <AndyGraybeal> aah i guess it's as easy as using a colon to delineate the username from the groupname. peice of cake
[17:32] <hggdh> Doonz: tcpKeepAlive is, but default, on
[17:32] <hggdh> s/but/by/
[17:34] <Doonz> hggdh: it wasnt in my config file tho
[17:36] <AndyGraybeal> how comfortable do you guys feel about  'automatic security  updates'?
[17:39] <hggdh> AndyGraybeal: very
[17:39] <AndyGraybeal> k, thank you.
[17:43] <hggdh> AndyGraybeal: truth be said, I still prefer to manually apply them. I trust them to be correct, but updates are only applied when *I* decide
[17:45] <AndyGraybeal> i know that microsoft has made many security updates that mess things up, so the rule in my old job was never automatically update, ever.  wait until you read about the update and only apply it on testing machines, then apply to live boxes and only if you need to or some such.
[17:46] <hggdh> there you go. I do not believe in witches, but that they exist, they do. Better safe than sorry, and all that
[17:54] <thesheff17> AndyGraybeal: what I do is create a local ubuntu mirror and update it on the 1st of the month....roll all those patches to the test env.  If anything breaks it doesn't bring down prod.  If the updates don't affect thing for 30 days I update production and repeat.
[17:58] <MTecknology> AndyGraybeal: yay :)
[18:02] <MTecknology> I still wish I could figure out how to make a specific set of commands/apps available to users..
[18:02] <thesheff17> Mtecknology: have you looked at chroot?
[18:03] <MTecknology> thesheff17: lol... indeed. The available tools for a chroot option seem to not be possible for what I need though. They seem to all require that the files in the chroot need to be root:root and usually don't offer cli.
[18:04] <MTecknology> thesheff17: unless you know a lot about it - then maybe you could coax a novice through it?
[18:05] <thesheff17> it is pretty easy...basically you make a chroot jail and only link the commands you want them to use inside there jail
[18:05] <thesheff17> MTecknology it also has seperate passwd files if you want so only certain people have access to that chroot...I have created ftp & ssh inside chroot jail before
[18:06] <maek> can anyone explain to me how to use a local mirror of archive.ubuntu.com for an install source from a preseed file? I tried copying the dvd but it said packages.gz was corrupt. now that I point it at my local mirror of archive it says faild to download a file. here is my preseed mirror section and a tree from my local mirror. http://gist.github.com/504960 - thanks!
[18:07] <MTecknology> thesheff17: I want to make it so /home/user/* is still user:user - then like you said, they only have a few commands available. My thought process was something kinda like this - user| ssh user@host.com -> sshd| cp -r /etc/chroot-skel /tmp/[mktemp]; ln /home/user /tmp/[mktemp]/home/user; mount [stuff]; chroot /tmp/[mktemp] /bin/bash; logount| rm -r /tmp/[mktemp]
[18:07] <thesheff17> maek https://www.digisoftinc.org/wiki/index.php/Ubuntu_preseed.cfg_installs_off_PXE_Boot I need to renew my ssl cert
[18:07] <Pici> MTecknology: Why not give them rbash as their shell?
[18:08] <maek> thesheff17: thanks
[18:09] <maek> thesheff17: haha, your preseed is what I have copied :)
[18:09] <MTecknology> !search rbash
[18:10] <MTecknology> oh..
[18:10] <thesheff17> maek: I will pastebin my mirror.list that I use
[18:10] <Pici> MTecknology: Its part of bash.
[18:10] <MTecknology> Pici: .... this thing is pretty spiffy :D
[18:10] <thesheff17> maek: cool ;) I'm glad someone can use it
[18:11] <maek> thesheff17: thanks, I think im just have a bit flipped someplace.
[18:11] <maek> thesheff17: yeah, Its been very helpful, thank you.
[18:11] <MTecknology> Pici: what about this? http://ubuntuforums.org/showpost.php?p=6301166&postcount=2
[18:12] <thesheff17> maek: http://pastebin.com/c5DdavDq
[18:14] <maek> thesheff17: do you then install from that apt-mirror created repo?
[18:14] <Pici> MTecknology: It depends on what commands you are allowed to use within the shell.
[18:14] <Pici> MTecknology: See http://pentestmonkey.net/blog/rbash-scp/
[18:14] <thesheff17> maek: like how do I update the mirror?
[18:15] <thesheff17> maek: pxeboot file points at my local ubuntu mirror http://192.168.1.4/ubuntu
[18:15] <maek> thesheff17: no how would you install a single client. in your preseed config you are using archive.ubuntu.org not your local mirror - as far as I can tell
[18:16] <MTecknology> Pici: Is there any way I can configure what the user can do in it? I'm not seeing any configs for it in the places I assumed it would be, like cd - cd is probably one that shouldn't be allowed that will definitely be needed
[18:16] <maek> thesheff17: in your pxelinux.cfg/default file you point to the install source? I only point to the preseed file
[18:17] <MTecknology> Pici: aside from that it looks like the defaults are pretty awesome
[18:17] <Pici> MTecknology: Then maybe it doesn't fit what you need to do.
[18:18] <thesheff17> maek: oh this is before I had a local ubuntu mirror on the same as the pxeboot laptop
[18:18] <thesheff17> maek: just change this d-i mirror/http/hostname string archive.ubuntu.com to d-i mirror/http/hostname string 10.1.1.1
[18:19] <maek> thesheff17: ok, thats what I have pretty much. it keeps saying bad archive. But I see in your mirror list the debian-installer stuff. let me add that and re mirror. thanks
[18:19] <thesheff17> maek: yea that drove me nuts for a long time :)
[18:19] <maek> thesheff17: so thats the key to install from your archive local mirror?
[18:20] <thesheff17> maek: yea the whole install will be off your pxeboot server
[18:20] <thesheff17> maek: before I was using iptables to forward traffic to that 10.1.1.1 but it was slow and I was doing so many installs it was worth finding out how to get a local mirror working
[18:20] <MTecknology> Pici: that's the one and only thing I'm seeing not available that I would need. Everything else is to the very dot exactly what I was hoping for.
[18:20] <maek> thesheff17: thanks. ill give that a go and see if it fixed the "bad archive mirror" screen
[18:21] <thesheff17> maek: I also have an issue if you have 2 hard drives in the machine it doesn't work.
[18:21] <thesheff17> maek: I haven't figured out how to fix that yet.
[18:21] <maek> thesheff17: preseed doesnt work?
[18:22] <thesheff17> maek: yea it prompts for something...but then continues on
[18:22] <maek> thesheff17: wonderful :| - this seems like a huge step down in "doneness" from kickstart
[18:23] <batok> I have Ubuntu 9 server karmic koala.  I wonder if there's a joomla package ?
[18:24] <batok> how can I know the available packages ? with dpkg ?
[18:24] <maek> batok apt-cache search joomla
[18:24] <Pici> !apt
[18:24] <maek> dpkg -l |grep joomla
[18:24] <thesheff17> maek: yea I have heard if you have all the same hardware and you are configuring them all the same you can use debconf-get-selections --installer > alloptions.cfg
[18:25] <batok> tks
[18:25] <thesheff17> maek: and re use that file but I haven't tried since I have never had all the same hardware :-/
[18:25] <maek> thesheff17: yeah someone pointed me in that direction as well but I have several "kinds" of boxes im trying to get auto installing.
[18:26] <thesheff17> maek: well you could always add the second drive after the install...and if it is production you should be using hardware raid and it will only present 1 drive to ubuntu.
[18:26] <maek> thesheff17: yeah they show up as cciss using the hp raid controller, not a big concern but still thats a bit erksom
[18:27] <thesheff17> maek: yea I wish I knew how to fix it but I don't even know who to ask and I needed the hardware right away.
[18:29] <maek> thesheff17: so once you got the debian-installer into your local mirror you were able to install a new host 100% from that local mirror ?
[18:29] <maek> off pxe
[18:29] <thesheff17> maek: yup
[18:29] <maek> thesheff17: thanks!
[18:30] <thesheff17> maek: np it works really well after you installed ubuntu about 10 million times since 6.04 :)
[18:30] <maek> thesheff17: do you know of a good place to find an explination or listing off all the d-i options?
[18:31] <thesheff17> maek: http://d-i.alioth.debian.org/manual/en.i386/apbs04.html  I would almost search debian when looking for d-i stuff if you can't find it for ubuntu.  I think that is how I found the extra settings for my mirror file.
[18:33] <maek> thesheff17: thanks again
[18:33] <thesheff17> maek: np glad I could help.
[18:37] <thesheff17> MTecknology: if you have nice new hardware you could always build virtual machines per function....like ftp server, apache server, etc
[18:38] <MTecknology> thesheff17: all the need to do is edit files in ~/*
[18:38] <MTecknology> thesheff17: it looks like rbash won't do what I need - even though it's extremely close - it's simple to break out of
[18:39] <thesheff17> MTecknology: I think you can only break out of it if you give them access to commands that break it...which commands do you want to restrict to?
[18:40] <thesheff17> MTecknology: also when a user logs in all file permissions should be user:user
[18:43] <SpamapS> IIRC, LXC and OpenVZ can do that w/o nice new hardware.
[18:44] <MTecknology> thesheff17: vim, cd, ls, wget, tar, pcd, pget, prush - I think that's most of it
[18:46] <thesheff17> MTecknology: well all of those commands are pretty straight forward except vim.  vim they can prob break out of
[18:47] <smoser> SpamapS is correct that LXC (which enabled in ubuntu kernels, openvz is not) does not need hardware virtualization extensions.
[18:48] <smoser> that said, lxc is not significantly more secure than a chroot.
[18:48] <thesheff17> MTecknology: they are already using scp right?  make them use winscp and edit the files :)
[18:48] <SpamapS> I seem to recall it doesn't provide quite the same host protection as full virtualiztion tho
[18:48] <aljosa> i need to enable ICMP or monitoring software reports that server is down but /etc/ufw/before.rules have ACCEPT for all icmp-type(s). any idea what i'm doing wrong?
[18:49] <MTecknology> thesheff17: winscp from a linux machine?
[18:49] <MTecknology> thesheff17: :P
[18:50] <aljosa> "iptables --list|grep icmp" returns "REJECT  all  --  anywhere  anywhere  reject-with icmp-port-unreachable" but i can't figure out where is this defined
[18:50] <thesheff17> MTecknology: true
[18:50] <thesheff17> MTecknology: let them use gedit
[18:51] <MTecknology> thesheff17: My devs hate me enough :P
[18:51] <thesheff17> MTecknology: or nano
[18:51] <thesheff17> MTecknology: haha :)
[18:52] <MTecknology> :P
[18:52] <SpamapS> MTecknology: you might enjoy reading up on the concept of "devops".
[18:53] <MTecknology> thesheff17: if I could make them use rbash and also keep them from touching a few other commands - this might work nicely enough
[18:53] <thesheff17> MTecknology: I just think vim is too powerful with too many commands that prob can break out of rbash
[18:53] <MTecknology> thesheff17: it seems to capture it..
[18:54] <thesheff17> MTecknology: cool
[18:54] <aljosa> how can i enable icmp/ping on server?
[18:55] <MTecknology> thesheff17: now.. what was that other tool mentioned?? I need to go up and find it
[18:55] <pmatulis> aljosa: read up on ufw and where it stores it's files
[18:55] <thesheff17> Mtecknology: http://pentestmonkey.net/blog/rbash-scp/
[18:56] <pmatulis> aljosa: or just 'sudo grep -r REJECT /etc'
[18:56] <thesheff17> MTecknology: you just have to be careful with what commands you give you devs.  You have to give them a little trust don't you :)
[18:57] <aljosa> pmatulis: i've just figured out that i can ping localhost but not public address, any idea why? also, i have no REJECT rules in /etc
[18:57] <MTecknology> thesheff17: ya, but I know what they need to use - the way things are right now (they don't know it) they can become root simply by not completing one of the commands that they use a few times a day.
[18:57] <pmatulis> aljosa: turn off iptables and make sure you can ping
[18:59] <thesheff17> MTecknology: well if they aren't running things as root now rbash will be just another layer they will have to "break" to get to root.
[18:59] <aljosa> pmatulis: i've did ufw disable, iptables --list has no rules. still can't ping public ip address. what else could be a problem?
[18:59] <thesheff17> MTecknology: and harder in a chroot env
[18:59] <thesheff17> aljosa: your route
[18:59] <thesheff17> aljosa: default gateway
[19:00] <MTecknology> thesheff17: I'm trying to fix the masive gaping security holes.. a chroot as i described earlier would be absolutely perfect - but it doesn't sound like that's possible
[19:01] <thesheff17> MTecknology: sorry I missed...what was the problem with chroot?
[19:01] <MTecknology> thesheff17: give me a minute...
[19:05] <aljosa> can somebody try to ping 79.125.24.103? it's hosted on amazon, do you get any response?
[19:05] <abrightwell> no response.
[19:05] <thesheff17> aljosa: doesn't ping you prob don't have icmp enabled in the security group
[19:06] <abrightwell> has anyone have any experience with openfire or other XMPP server on Ubuntu?
[19:07] <MTecknology> thesheff17: http://dpaste.com/224302/
[19:07] <kees> aljosa: "hosted on amazon"? do you mean it's an EC2 instance? you have to open the EC2 firewall to talk to any of your instances there
[19:08] <SpamapS> ugh.. we're sucking at bug triage again
[19:09] <MTecknology> SpamapS: reminding me I need to file and fix a bug
[19:09] <thesheff17> MTecknology: what if you build the chroot env and then do a useradd -m
[19:09] <thesheff17> MTecknology: to create the home directory
[19:10] <MTecknology> thesheff17: I have a few hundred users, that would get to be a whole lot of chroots - usually only one or two of the accounts is used on any given day
[19:11] <MTecknology> thesheff17: usually they also log in at the beginning of the day and they're on for most of it
[19:13] <aljosa> kees: yes, but does icmp have port? i can't find any info
[19:15] <thesheff17> MTecknology: I think the problem is that you want a directory outside chroot available in chroot which defeats the purpose.  I would just create a whole chroot env for all user /home/chroot/user
[19:15] <kees> aljosa: ICMP is a protocol, like UDP and TCP. I don't have the EC2 documentation handy, but I'm pretty  sure you can open that up.
[19:16] <MTecknology> thesheff17: I'll still need t5o fight with not making the user/group of the home directory not have to be root:root
[19:17] <thesheff17> MTecknology: I believe you are seeing root:root because it is a symlink but it should still confirm to the link back.  I could be wrong though
[19:17] <MTecknology> thesheff17: everything I read said that anything that's inside of a chroot need to be root:root on the fs
[19:18] <hggdh> Daviey: when you installed Euca 2.0, did it identify all components (walrus, cluster, scs)?
[19:18] <thesheff17> MTecknology: I don't think that is the case.  I have had ftp & scp users send files to the server under chroot and I'm pretty sure the files inside the chroot permissions are correct.
[19:19] <Daviey> hggdh: Seemed to.. I'll have a better idea in a bit.
[19:19] <MTecknology> thesheff17: it kinda sucks.. I thought this would be an easy task :P
[19:19] <thesheff17> MTecknology: Though this was debian and I don't have the server anymore :(
[19:19] <Daviey> hggdh: There is different behaviour between ubuntu-server -> UEC conversion, and a fresh install of UEC
[19:20] <thesheff17> MTecknology: I would try one chroot env with all your users inside there with rlogin limited to the commands you want.  also have a separate home directories for the server and chroot env
[19:21] <thesheff17> MTecknology: rbash I mean
[19:21] <MTecknology> thesheff17: so make a chroot, ln -s /chroot/home -T /home; and then?
[19:22] <thesheff17> MTecknology: yea
[19:22] <MTecknology> thesheff17: what would I do after that to make it work?
[19:22] <hggdh> Daviey: hum. In my case it is always a new install
[19:23] <thesheff17> MTecknology: sorry that isn't right....don't have home a symlink.  create a new home dir for the chroot env.
[19:24] <Daviey> hggdh: What behaviour are you seeing?
[19:24] <MTecknology> thesheff17: ok, I'll cp it
[19:24] <AndyGraybeal> MTecknology: back to 'dots' in the username, so you say: adduser andy.graybeal --force-badname  ?
[19:24] <MTecknology> thesheff17: so then?
[19:25] <MTecknology> AndyGraybeal: I just do useradd -m -s /bin/bash SOMEUSER.s
[19:25] <thesheff17> you can just copy /etc/passwd to the chroot
[19:25] <AndyGraybeal> MTecknology: thank you
[19:25] <MTecknology> thesheff17: and then?
[19:26] <MTecknology> thesheff17: That part doesn't seem too hard
[19:27] <MTecknology> I'm building the chroot now
[19:27] <thesheff17> MTecknology: there a bunch of files you need for a chroot env...here is a how to: http://www.cyberciti.biz/tips/howto-linux-unix-rssh-chroot-jail-setup.html
[19:29] <hggdh> Daviey: absolutely no component registered
[19:29] <thesheff17> MTecknology: then when the users login there is something in /etc/passwd that sends the user into the chroot env...sorry it has been a really long time since I have done all this ;)
[19:29] <hggdh> Daviey: so I had to euca_conf --register* on each
[19:30] <Daviey> hggdh: Ok!  Can you pastebin your registraion.log?
[19:30] <hggdh> Daviey: one more thingy -- current ISO -- libvirt-bin did *not* start up on boot
[19:30] <MTecknology> thesheff17: I'm using debootstrap now. I figure I can trim that down after things are working..
[19:30] <Daviey> *sigh*
[19:30] <Daviey> hggdh: thanks for letting me know
[19:31] <thesheff17> MTecknology: that will work
[19:31] <MTecknology> thesheff17: then I need to copy home, resolve.conf, passwd, shadow, and mount proc?
[19:31] <MTecknology> thesheff17: then.. I've no idea :P
[19:32] <hggdh> Daviey: http://pastebin.com/mZ1U8GVK
[19:32] <MTecknology> thesheff17: unpacking this much data takes a while :P
[19:33] <hggdh> Daviey: my pleasure ;-)
[19:34] <Daviey> hggdh: I'm somewhat concerned about the cluster not being recognised
[19:34] <Daviey> I've not seen that issue here :S
[19:35] <hggdh> Daviey: might be something that changed in the eucalyptus-udeb?
[19:35] <SpamapS> ugh.. thats 3 times in a row today where I triaged one bug, and in the time it took, another one was reported. >:
[19:37] <Daviey> hggdh: I think this might be the case
[19:37] <Daviey> *sigh*
[19:37] <jord> I've got a problem with Avahi. It starts at boot but does not advertise it's services until I restart it. Any ideas?
[19:38] <Daviey> hggdh: I'm firing up a cloud in a while from the latest daily, and will report my findings... hopefully they match
[19:38] <Daviey> jord: No idea.. but please keep me posted about what you find out.  This might be causing me an issue aswell, so i'd appreciate it if you can let me know what happend.
[19:39] <jord> Daviey: sure, it's pretty annoying!
[19:39] <MTecknology> thesheff17: another fun issue... out of disk space
[19:40] <thesheff17> MTecknology: hehe your devs won't be doing much with no disk space :p
[19:41] <SpamapS> is Avahi an upstart job or rc script still?
[19:41] <MTecknology> thesheff17: I cleared it up enough that they can - for now
[19:41] <SpamapS> seems like if anything would need a real IP assigned, it would be avahi
[19:41] <MTecknology> thesheff17: gotta fix this issue first :P
[19:41] <hggdh> Daviey: good. I do hope it matches -- I also tested with the current dailies. Meanwhile, time to dig in the installer/syslog
[19:41] <MTecknology> !kvm
[19:42] <Daviey> hggdh: Cool.. please do let me know what you find. :)
[19:48] <SpamapS> Daviey: I installed eucalyptus-cc trying to test the ganglia script, but I never got any stats files...
[19:48] <SpamapS> do I have to spawn nodes to get stats?
[19:50] <MTecknology> thesheff17: yay, so simple - now for a lot of moving files around
[19:50] <thesheff17> MTecknology: excellent :)
[19:50] <Daviey> SpamapS, sadly - you do :/
[19:51] <Daviey> SpamapS, Is there any thing me or hggdh can do to provide data?
[19:51] <ivoks> Daviey: no :)
[19:51] <ivoks> Daviey: but i will start now :D
[19:51] <MTecknology> I love it when something doesn't die on kill -9...
[19:51] <Daviey> ivoks, RE: the postfix bug?
[19:51] <ivoks> Daviey: yes
[19:51] <Daviey> oh cool!  You rock!
[19:52] <ivoks> eh? not really
[19:52] <MTecknology> It'd be great if there was one end-all-be-all command to destroy a process
[19:53] <batok> is there a default password for user root in mysql ?  First time accesing mysql in ubuntu 9.10
[19:53] <MTecknology> batok: no, when you install mysql it asks you for that
[19:53] <ivoks> nope
[19:54] <Daviey> ivoks, you rock for doing it now :)
[19:54] <ivoks> batok: if you don't know it, sudo dpkg-reconfigure mysql-server-5.0
[19:54] <batok> well I just did the apt-get
[19:54] <batok> ok tks
[19:55] <Doonz> Hey guys
[19:56] <Doonz> hey guys im using sshfs to mount a remote directory on my local server. Is there a way to make this mount a constant connection because sometimes it disconnnects and then i have to manually remout it
[19:56] <Doonz> ive tried the tcpalive and clientinative and serverinactive but its still disconnects
[19:56] <Doonz> is there something else i could do?
[19:57] <ivoks> why does it disconnect?
[19:57] <Doonz> dunno
[19:57] <Doonz> ls: cannot open directory .: Transport endpoint is not connected
[19:57] <ivoks> does your internet connection gets disconnected?
[19:57] <Doonz> nope
[19:58] <MTecknology> thesheff17: gah! Disk IO needs to become limitless
[19:58] <ivoks> is there a timeout on ssh server? does it get periodily disconnected or in case on inactivity?
[19:58] <MTecknology> thesheff17: mkfs has been running for 5min now :(
[19:59] <MTecknology> on only 30GB
[19:59] <SpamapS> Daviey: If you wanted to tar up your /var/run/eucalyptus and /var/log/eucalyptus, and send those to me, that would help
[19:59] <Doonz> i just remount it and everything is good
[19:59] <SpamapS> Daviey: otherwise I'll just start spawning nodes. ;)
[20:00] <Doonz> ill check the timeout on the server
[20:00] <thesheff17> MTecknology: you can run nice before the command so it doesn't stress other things running
[20:01] <ivoks> Doonz: remounting doesn't answer the question
[20:01] <Doonz> theres no timeout specified in the sshd_config file
[20:01] <MTecknology> thesheff17: I'd probably make it not so nice to oth3er things :P
[20:01] <ivoks> Doonz: is your conenction dropped after period of inactivity or every, let's say, 5 minutes?
[20:01] <Doonz> nope
[20:01] <MTecknology> thesheff17: it's only 30GB - it shouldn't take this long :S... it's virtual i guess
[20:01] <Daviey> SpamapS, It might be a good learning experience to deploy your own cloud. :)
[20:02] <Daviey> (if you have the time / motivation )
[20:02] <thesheff17> MTecknology: yea 30GB should be quick
[20:02] <MTecknology> thesheff17: I'm still waiting
[20:02] <ivoks> Doonz: 'or' questions can't be answered with yes or no :)
[20:04] <Doonz> my ssh never drops
[20:05] <millerd> So I have a computer lab of imaged Ubuntu machines, using cluster ssh how do I connect to them all?
[20:05] <ivoks> Doonz: what i've asked is:
[20:06] <ivoks> Doonz: does you connection drops while you are using that mount?
[20:06] <ivoks> Doonz: or is it just dropping after some time when you aren't using it
[20:06] <Doonz> its if i havent used it
[20:06] <ivoks> so, it's timeout
[20:06] <Doonz> client side or server side?
[20:06] <ivoks> something kills the connection cause of inactivity
[20:08] <hggdh> Daviey: I can see no errors on the installer/syslog
[20:09] <hggdh> Daviey: I think I will reinstall from scratch, and -- before doing anything else -- check on the settings
[20:10] <lenios> does anyone have experience with encrypted disk (luks) containing LVM? i broke the mbr, and having issues booting it
[20:11] <lenios> initrd and linux image should be safe, but /boot/grub was overwritten
[20:12] <ivoks> Doonz: probably client side
[20:12] <Doonz> well that brok it more
[20:12] <Doonz> lol
[20:12] <Doonz> read: Connection reset by peer
[20:13] <ivoks> what broke it?
[20:14] <millerd> So I have a computer lab of imaged Ubuntu machines, using cluster ssh how do I connect to them all so I can manage them, update them etc?
[20:16] <Doonz> connection time
[20:16] <Doonz> too many 9's
[20:16] <Doonz> fixed it only one way to see if that fixes it
[20:16] <ivoks> 9?
[20:17] <ivoks> i'm not telephatic
[20:17] <ivoks> or however it is spelled
[20:18] <Doonz> connection timeout was 99999999999999999
[20:18] <Doonz> it didnt like that
[20:19] <ivoks> it could be your gateway that's killing the connection
[20:19] <thesheff17> millerd: I would use private/public ssh keys and write a script to run commands on the remote servers.
[20:19] <millerd> How do I do that?
[20:22] <thesheff17> millerd: search google for ssh keys and learn how they work
[20:22] <MTecknology> thesheff17: OK! chroot is setup and I can become users inside of it
[20:22] <MTecknology> thesheff17: now what? :P
[20:24] <thesheff17> thesheff17: I would get rbash working for each user with each command you want
[20:25] <MTecknology> thesheff17: rbash won't do what I need it to
[20:25] <MTecknology> thesheff17: in #bash they even said it's a bad idea to rely on it at all
[20:26] <thesheff17> MTecknology: with chroot all the commands are disabled....you should symlink the commands you want
[20:28] <MTecknology> thesheff17: yup- I have a fully functional chroot right now
[20:28] <MTecknology> thesheff17: I can ping google and su users from inside of it
[20:31] <thesheff17> MTecknology: nice what else do you need to do?
[20:32] <MTecknology> thesheff17: drop the user into that chroot as their user
[20:34] <thesheff17> MTecknology: its something in the /etc/passwd
[20:35] <thesheff17> MTecknology: that forwards them into the chroot env
[20:38] <MTecknology> !search chrootshell
[20:39] <thesheff17> MTecknology: Even with the chrooted SSH that we have just installed you can log in without being chrooted (which makes sense if you log in as root, for example). Now, how does the chrooted SSH decide whom to chroot and whom not? That's easy: the chrooted SSH looks up the user who is trying to log in in /etc/passwd. If the user's home directory in /etc/passwd has a . (dot) in it, then the user is going to
[20:39] <thesheff17> be chrooted.
[20:41] <MTecknology> thesheff17: This?   /chroot/./home/user ?
[20:41] <thesheff17> MTecknology: http://www.howtoforge.com/chroot_ssh_sftp_debian_etch yea
[20:41] <MTecknology> or in my case - SEF5644E4.s:x:1027:1028::/chroot/./home/SEF5644E4.s:/bin/bash
[20:41] <thesheff17> MTecknology: that is where I got the example
[20:43] <MTecknology> thesheff17: I tried changing that - but didn't wind up in the chroot
[20:45] <thesheff17> MTecknology: you are putting the . in the /etc/passwd and not the one in the chroot env right?
[20:45] <MTecknology> thesheff17: right
[20:45] <MTecknology> thesheff17: I did it on my own user account - michael:x:1001:1001::/chroot/./home/michael:/bin/bash
[20:46] <thesheff17> MTecknology: actually it looks like it needs to be in both: I see them do this: grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd
[20:48] <MTecknology> thesheff17: ...
[20:49] <MTecknology> thesheff17: I landed my user in the chroot - but somehow the php commands are still available :S
[20:49] <MTecknology> it's like the only thing that changed is my home directory
[20:50] <thesheff17> MTecknology: is the . in both passwd files?
[20:50] <MTecknology> yup
[20:50] <thesheff17> MTecknology: also fix the group file
[20:51] <MTecknology> thesheff17: What is it I need to change there?
[20:51] <hggdh> kirkland: there?
[20:51] <thesheff17> MTecknology: also the .
[20:51] <kirkland> hggdh: yo
[20:52] <MTecknology> thesheff17: SEF5644E4.s:x:1028: -> SEF5644E4.s:/chroot/.x:1028: ??
[20:52] <hggdh> kirkland: on /etc/init/eucalyptus-network.conf: what did you want to do with 'INSTANCE $IFACE'? Can I just replace/take it out?
[20:53] <thesheff17> MTecknology: nm that isn't right you shoudn't have to do anything /etc/group
[20:53] <MTecknology> thesheff17: su - SEF5644E4.s
[20:53] <MTecknology> pwd -> /chroot/./home/SEF5644E4.s
[20:53] <MTecknology> :S that seems wrong
[20:54] <thesheff17> MTecknology: do all your home dirs have . in them?
[20:54] <MTecknology> most all of them
[20:54] <thesheff17> MTecknology: is that for security?
[20:55] <kirkland> hggdh: can you pastebin that file for me?
[20:55] <kirkland> hggdh: i don't have it in front of me
[20:55] <MTecknology> no, I just have a lot of scripts that parse things and that's one thing they parse on
[20:56] <MTecknology> I can't imagine adding a dot would make it any more secure
[20:56] <thesheff17> MTecknology: well usually the home dir is the same as the username :)
[20:56] <thesheff17> MTecknology: is what I meant for security
[20:57] <hggdh> kirkland: http://pastebin.ubuntu.com/472341/
[20:57] <MTecknology> thesheff17: that is the username
[20:57] <MTecknology> thesheff17: I just tried it with a user w/o a dot and got the same thing
[20:58] <MTecknology> thesheff17: I'm definitely dropped into the right directory - but this is definitely not a chroot :P
[20:59] <smoser> Daviey, i tested the package that i have in my ppa
[21:00] <smoser> so that merge suggestion is good.
[21:00] <Daviey> smoser: rockin'
[21:00] <MTecknology> thesheff17: I feel like this has to be increibly close though :)
[21:02] <thesheff17> MTecknology: yea I think you are really close.
[21:03] <MTecknology> thesheff17: any app I'm maybe missing to do the rest?
[21:05] <millerd> Can anyone explain to me how cluster ssh works? Like does anyone know of a good diagram or something?
[21:06] <AndyGraybeal> how do i list all groups from the command line?  i figure it might be like: groups --list .. but alas..
[21:07] <thesheff17> MTecknology: i'm not sure I would follow this how to and see if a new user works http://www.howtoforge.com/chroot_ssh_sftp_debian_etch
[21:07] <MTecknology> AndyGraybeal: cat /etc/group
[21:07] <MTecknology> thesheff17: I was trying to follow it, I also saw another one very similar
[21:08] <thesheff17> MTecknology: yea you are really close
[21:09] <jord> Anyone know about Avahi? It won't start at boot correctly.
[21:10] <MTecknology> thesheff17: If I manage to get this working I may very well use it on my own system :P
[21:10] <thesheff17> MTecknology: yea chroot works really well...and it really helps protect the operating system
[21:12] <MTecknology> thesheff17: :'( Everything I read says that should be it...
[21:13] <oru_work> is there such thing as "reminder" software by email ?
[21:14] <MTecknology> thesheff17: same with a new user too
[21:15] <thesheff17> MTecknology: sounds like it is missing some file maybe....maybe something in the logs?
[21:16] <MTecknology> thesheff17: nope
[21:17] <MTecknology> gah... meeting time
[21:17] <MTecknology> I have to meet with a board - back in a few
[21:20] <oru_work> can anyone recommend a web based callendar ?
[21:22] <AndyGraybeal> i've been looking at one that is named after a monk, the name isn't coming to my mind right now.
[21:23] <AndyGraybeal> bedework
[21:23] <AndyGraybeal> i've never used it though, it looks like the best group calendar
[21:25] <AndyGraybeal> oru_work: i've been looking at bedework
[21:33] <zenmower> ..
[21:42] <progre55> hi people!  I'm starting a deamon using "start-stop-daemon --start --quiet --pidfile $SCRIPT_PID --startas $DAEMON -- $DAEMON_OPTS", but it doesnt record the pid in the specified file, so the "stop" option doesnt work. Any suggestions, please?
[21:45] <AndyGraybeal> i have a newb quesiton, sorry for this.  i have a folder that is owned by the group 'tech' and andy.graybeal is in the 'tech' group and has access to write to this folder.  andy.graybeal's primary group is the 'users' group.  infact all the users are a part of the 'user' group so we can share files easily.  when he creates a file in the 'tech' folder that files group is 'user'.  andy doesn't want anyone to edit it because it'
[21:49] <corpsegrindr> Hey, does anyone know if its possible to put music on an ipod from lucid server?
[21:51] <cloakable> corpsegrindr: presumably.
[21:52] <cloakable> corpsegrindr: You'd likely want some way to update the database, though.
[21:53] <corpsegrindr> just manual adding would be fine. I do not need auto sync. I am just not sure how to add it since the ipod does not show up like an external drive
[22:04] <ScottK> SpamapS: I got mail over the weekend from the Kolab PHP guy (even though he's on vacation).  The short version is "We want the patches upstream, doing the configure changes is no problem.  We can't promise what upstream will do."
[22:04] <ScottK> SpamapS: I think that's reasonable.
[22:05] <SpamapS> ScottK: yeah totally, it looks like the only debate is whether or not upstream of c-client will apply the patches. I think the PHP guys are totally gung-ho and ready to add functionality... its pretty much what the live an breathe. ;)
[22:06] <ScottK> SpamapS: But with the configure time checks, getting c-client to accept the patches doesn't have to block progress with php.
[22:06] <ScottK> SpamapS: Any objections if we go ahead and patch c-client/php-imap in Ubuntu?
[22:07] <SpamapS> ScottK: no objections, but I would like to see the c-client patches pushed hard toward upstream.
[22:08] <SpamapS> Seems like they're reasonable, if uninterested fellows and will probably apply the patch w/o much fuss.
[22:08] <ScottK> OK.  I'll follow up with the Kolab folks on that.
[22:09] <ScottK> I think that just leaves the cyrus-imap patches and those looked pretty safe to me.
[22:10] <SpamapS> totally
[22:11] <ScottK> SpamapS: Would you rather prepare the uploads and I'll sponsor them or that I just do it?
[22:12] <SpamapS> ScottK: I wouldn't count on me having any time before FF.. :-/
[22:13] <ScottK> OK.  I'll do it then.
[22:24] <AndyGraybeal> let me reword this:  how do i get it so group ownership of all files under a folder stay to the group.  i know i can 'chgrp -R tech Tech_folder'  but then a user comes in an creates a file, that file is now under group ownership of that person default group.  how do i make it so that the group ownership stays as the folder's group?
[22:27] <guntbert> AndyGraybeal: I'm not sure but you could give write permissions for the directory only to the group
[22:27] <AndyGraybeal> aah thank you guntbert, sorry for my newbness
[22:27] <guntbert> AndyGraybeal: no problem :) and I am not sure if it will work
[22:28] <AndyGraybeal> i will test it.
[22:29] <AndyGraybeal> guntbert: yea, i'm not sure how to do that exactly.
[22:30] <AndyGraybeal> i mean i think it might already be that way, but i'm confused.
[22:31] <guntbert> AndyGraybeal: paste the output of ls -ld <pathToFolder>
[22:31] <AndyGraybeal> as it stands the Tech folder is drwxrwxr-x ; the group is 'tech'
[22:31] <AndyGraybeal> hold lemme paste it
[22:33] <AndyGraybeal> aah thank you guntbert, sorry for my newbnessandy@buddleia:/srv/Desktop$ ls -ld Tech
[22:33] <AndyGraybeal> drwxrwxr-x 7 andy tech 4096 2010-08-02 16:41 Tech
[22:33] <AndyGraybeal> crap
[22:34] <AndyGraybeal> but anyone there it is
[22:35] <guntbert> AndyGraybeal: chmod u-w Tech, then you should get dr-xrwxr-x 7 andy tech 4096 2010-08-02 16:41 Tech
[22:36] <AndyGraybeal> okay, let me test
[22:42] <AndyGraybeal> guntbert: i made a file as 'andy.graybeal' in the Tech folder.  the user andy.graybeal is in the groups users and tech.  users is his primary group, as well as all the other users.  i logged in and i could edit that file as another user only in the 'user' folder, not the tech folder.   i know this is how it is supposed to work, but how can i accomplish it so when i make a file under the 'tech' folder only the people in the 't
[22:43] <AndyGraybeal> oh crap.. my words are mixed up.
[22:43] <AndyGraybeal> i edited that file as another user, in the 'users' group, not the 'tech' group.
[22:44] <AndyGraybeal> anyway, i don't think there is a way to fix this the way i'm thinking.
[22:44] <guntbert> AndyGraybeal: please create a new file there and look at its permissions (ls -l newfile)
[22:46] <AndyGraybeal> andy.graybeal@buddleia:/srv/Desktop/Tech$ touch testing123
[22:46] <AndyGraybeal> andy.graybeal@buddleia:/srv/Desktop/Tech$ ls -l testing123
[22:46] <AndyGraybeal> -rw-rw-r-- 1 andy.graybeal users 0 2010-08-02 17:45 testing123
[22:46] <AndyGraybeal> a person in the 'users' group can edit that file.
[22:47] <AndyGraybeal> and this is good if the file wasn't under the 'tech' folder,  but maybe say it was under our 'shared_data' folder.
[22:48] <AndyGraybeal> i have my umask set to 002 btw
[22:49] <AndyGraybeal> i think what i'm trying to accomplish isn't possible.
[22:56] <AndyGraybeal> i'm sorry that was so confusing.
[23:00] <guntbert> AndyGraybeal: might be it is not possible - but ...
[23:04] <AndyGraybeal> i'm sure that what i'm thinking is somewhat common; we want everything to be able to be read, but want the things under folders protected from writing by those not in the group; people can be in many groups, the folders can only be in one group.  so for instance; if i'm in 'hr' and 'tech' group, i want to be able to read and write things in the 'hr' and 'tech' folders.  and i want everyone else in those folders to be able to 
[23:04] <AndyGraybeal> i don't know how to accomplish that.
[23:09] <AndyGraybeal> maybe i'll email the list, it may make more sense if i do that.