/srv/irclogs.ubuntu.com/2010/08/19/#ubuntu-server.txt

Trixboxer	Hi	00:03
Trixboxer	I cant boot in run level 1 fro ubuntu 10.04	00:03
Trixboxer	actually its directly going to GUI	00:04
Trixboxer	is there any way .. by which I can boot in grub and then change the runlevel	00:04
=== RudyValencia- is now known as RudyValencia
=== dendro-afk is now known as dendrobates
Sonja	how do i see a list of all the apt-get installations? I think i installed two mail servers, exim and postfix, and i want to remove postfix.	00:15
zash	Sonja: a list or a log?	00:16
xgorg	Guys how to log in automaticly from a server?	00:17
zash	Sonja: I would recomend aptitude	00:17
Sonja	thanks. aptitude looks neat	00:18
Sonja	wow a gui and everything	00:21
zash	:)	00:22
Sonja	clickable putty	00:22
zash	you can do "aptitude search mail \| grep ^i" to list installed mail-related packages	00:22
uvirtbot	New bug: #620174 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/620174	00:36
Sonja	i'm trying to set up a mail server at 69.165.245.9	00:37
Sonja	i think i configured my firewall proprely	00:37
Sonja	one sec	00:37
uvirtbot	New bug: #246190 in nmap (main) "nmap reports wrong service for port 9102" [Low,Triaged] https://launchpad.net/bugs/246190	00:51
randomOfAmber	is there a good way to lock your session in a headless install without logging out?	01:02
randomOfAmber	nevermind... found it (away or vlock)	01:06
kandjar	hi there	01:24
kandjar	I had to reboot my ubuntu server this morning, because the process table was flooded with root process running: /USR/BIN/CRON (all caps); does anyone know a possible reason? or has anyone seen that?	01:24
mase_wk	hmm seems a bit odd	01:26
clusty	hey	01:41
clusty	how the hell does one move NTFS and EXT4 partitions around with sizes specified in sectors and not MBs	01:42
clusty	parted does not support NTFS and asks me to flush the journal by hand before for ext4	01:42
clusty	and gparted is stuck in MB	01:42
RoAkSoAx	hallyn: /win 3	01:59
RoAkSoAx	ups sry	01:59
guest9876543210	Hi all !	02:08
guest9876543210	could someone assist a stupid guy (not me ;) ) who has remove apt & aptitude from his server ?	02:09
shauno	guest9876543210: that does sound awfully fun. do you still have dpkg?	02:10
clusty	:D can you do apt-get remove --purge apt ?	02:10
clusty	this is fun :D	02:10
guest9876543210	yeap, I think he still has dpkg installed (thanks for the answer shauno)	02:10
hallyn	RoAkSoAx: hate when i do that :)	02:11
guest9876543210	shauno : I'm looking for a .deb for apt, but I haven't find it yet	02:12
pmatulis	guest9876543210: try aptitude	02:12
guest9876543210	Of sure, it is a remove server and he doesn't have access to a physical CD-ROM	02:12
guest9876543210	pmatulis : he has removed aptitude too :(	02:13
pmatulis	guest9876543210: no, d/l aptitude package	02:13
guest9876543210	a remote server .. sorry for mistype	02:13
pmatulis	guest9876543210: and install it with dpkg	02:13
shauno	guest9876543210: http://archive.ubuntu.com/ubuntu/pool/main/a/apt/ 0.7.25.3 appears to be current on 10.04	02:13
pmatulis	guest9876543210: not sure about any dependencies that may be missing	02:14
guest9876543210	shauno & pmatulis : thanks for the help, I'll let him know the deb place :)	02:14
shauno	guest9876543210: I might advise duct-taping his fingers together so he doesn't do that again :)	02:15
clusty	guest9876543210: tell your "friend" to think twice and act once :D	02:15
guest9876543210	Yeap, I'm pretty sure he has type a long command and didn't take care ...	02:16
shauno	apt should throw up a warning demanding that he types "Yes, do as I say!". That's usually a big red flag.	02:17
shauno	(assuming he used apt to remove apt ..)	02:17
guest9876543210	shauno : I don't know the exact command he typed, but for sure, it was crazy	02:18
shauno	if he's managed to nuke dpkg as well, you may be interested to know that .deb are just archives that can be peeled apart with the 'ar' command. you can piece things back together by hand, it's just not fun	02:19
guest9876543210	shauno : I don't hink he removed dpkg has he has already tried to reinstall using it	02:20
shauno	I didn't want to second-guess just how crazy crazy is :)	02:20
guest9876543210	arg .. he just told me he's using Lenny and not Ubuntu ..	02:21
shauno	you should be able to track it down with packages.debian.org and do the same thing	02:22
guest9876543210	shauno : thanks, that's the URL I was looking for :)	02:23
guest9876543210	Is someone here a bit used to vmbuilder ? (Virtual Machine)	02:29
guest9876543210	(this is a question from me, this time)	02:29
guest9876543210	So, in resume, I have installed a minimal Lucid server to run as a VM server	02:32
guest9876543210	I have installed successfully the first VM (a Lucid i386) and I can start it	02:33
guest9876543210	(I'm using a brdge network on the server)	02:33
guest9876543210	but once, the VM Lucid is launched, I can't access anymore to the VM server using SSH	02:34
guest9876543210	I have changed the SSH port of the LucidVM to 23, but I still can't access the VM-server ...	02:35
guest9876543210	Has anyone a track, or I am missing completely something about VMs ?	02:35
=== lifeless_ is now known as lifeless
uvirtbot	New bug: #620243 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/620243	04:12
superbrad	Question about DNS: I've set up DNS according the Ubuntu server guide. Do I need to do anything so that it propagates?	04:12
=== EvilTrek is now known as EvilPhoenix
ScottK	Need to tell your domain name registrar where the DNS server is.	04:48
monokrome	I have a Ubuntu server that I have configured to have a static IP - but every few hours, it gets an IP over DHCP. My /etc/network/interfaces looks like this: http://dpaste.com/230918/	05:02
monokrome	Any ideas?	05:02
twb	monokrome: did you install this server using the Ubuntu Server CD, or by some other means?	05:17
guest9876543210	#quit	05:19
qman__	monokrome, have you run `sudo service networking restart` or rebooted the system since configuring it static?	05:21
monokrome	qman__: It's been doing this for 2 months now.	05:38
monokrome	And yes.	05:38
monokrome	twb: I used the official installer.	05:38
monokrome	and an official cd	05:38
twb	You installed a server using the "desktop" or "alternate" CD?	05:39
monokrome	Why would I install a server using a desktop CD?	05:39
twb	Because you're an idiot	05:39
monokrome	Well, I didn't.	05:39
twb	If you didn't do something stupid, that's great, but I have to check for stupid things first	05:40
monokrome	I used the Ubuntu Server distribution	05:40
twb	Good-o.	05:40
twb	Is there a dhclient process running right now?	05:40
twb	Is Network Manager installed?	05:40
monokrome	Just a second. It kicked me off because it changed it's IP again.	05:41
monokrome	okay. Found it again.	05:41
monokrome	Network manager isn't installed - unless that's a default.	05:43
monokrome	There is a dhclient process running - which is weird since I uninstalled it :\|	05:44
twb	OK, so I guess the problem is that you changed it to static, then bounced the network -- but the network bounce script saw a static configuration, so didn't try to kill off the original dhclient process	05:44
monokrome	bounced the network?	05:45
twb	If I'm right, killing off dhclient, or rebooting the box, should be a permanent fix.	05:45
monokrome	I've rebooted and it didn't fix it	05:45
twb	"bounce the network" as in "sudo restart networking" or so.	05:45
monokrome	after uninstalling dhclient	05:45
monokrome	which means it's still there :\|	05:45
twb	Then how the hell did the process start	05:45
twb	Unless you issued "shutdown -r now" but it didn't actually do so	05:45
monokrome	I rebooted the server a few minutes after "remove --purge" completed	05:50
monokrome	Proof:	05:51
monokrome	http://dpaste.com/230938/	05:51
twb	And did you try "which dhclient" after your spurious attempt to purge it?	05:52
monokrome	I did that about 2 minutes ago.	05:52
monokrome	I removed dhclient weeks ago.	05:53
monokrome	and yes, I've rebooted since.	05:53
twb	Because "dhclient" isn't a package.	05:53
twb	it's either "isc-dhcp-client" or "dhcp3-client", depending on vintage	05:53
monokrome	ugh. why were they both set to manually installed? :\|	05:54
twb	Because ALL packages in the base install are marked as manually installed, for hysterical reasons.	05:54
monokrome	lol	05:55
twb	Here is a dance I do to make most things markauto'd, immediately after install:	05:55
twb	aptitude --schedule-only markauto ~E '~i!~M(~Rdepends:~i\|~Rrecommends:~i)' && aptitude --schedule-only keep ~aremove && aptitude install	05:55
monokrome	hmm	05:56
MatthewM	Is this the right place to ask questions about Ubuntu Enterprise Cloud?	06:34
alex88	morning guys..	06:34
alex88	MatthewM: #ubuntu-cloud	06:36
alex88	as you can see from https://wiki.ubuntu.com/IRC/ChannelList	06:36
MatthewM	alex88: thanks	06:36
alex88	np	06:36
glick	hey quick question, reading the server docs for installing postfix	06:53
glick	when it asks for a Root and postmaster mail recipient, does that have to be the username for an account on the system?	06:53
glick	or what what should i set that to?	06:53
sailerboy	hey, anyone rent a vps from thrustvps.com or damnvps.com?	07:01
sailerboy	anyone at all?	07:02
sailerboy	hey, anyone rent a vps from thrustvps.com or damnvps.com?	07:10
* Pupeno is a happy Linode costumer.		07:11
sailerboy	Pupeno, what virtualizaton do they use?	07:11
sailerboy	xen or openvz?	07:11
Pupeno	No idea, but I think they use xen.	07:12
=== Q_Continuum_ is now known as Q_Continuum
sailerboy	is it hvm or pv	07:12
* mase_wk also uses Linode and is happy		07:30
sailerboy	Linode is a bit out of my price range	07:31
sailerboy	im happy with a less stable vps for cheaper	07:32
sailerboy	im just having trouble with downloading the server edition to my vps	07:32
sailerboy	i found out that the server i was downloading it from has a corrupt file	07:32
kaushal	hi	07:51
kaushal	is there a way to know from OS which Hardware RAID level has been configured on Ubuntu Server ?	07:51
ivoks	depends on raid controller	07:53
alex88	mdadm -D /dev/md0 ?	07:53
ivoks	alex88: hardware raid	07:53
Error404NotFound	how can i exclude a directory, say /var/log from aide?	07:53
alex88	oh right...sorry :)	07:53
glick	hey in the postfix configuration screen when asks for the limit on mailbox files, what should i put? what does it mean when it says "The upstream default is 51200000"	08:04
mase_wk	glick it means that postfix shipped from postfix.org servers has a default value of 51200000	08:07
glick	whats a good default for a website mase_wk	08:08
mase_wk	website ? i thought you were installing postfix	08:08
mase_wk	postfix is an SMTP server	08:09
glick	mase_wk, yeah i am, its the mail end for a website, for sending confirmation emails, and getting contact emails, etc	08:09
glick	for a django frontend	08:09
kaushal	alex88: its a hardware raid controller and not a software controller	08:09
alex88	kaushal: ivoks already told me :)	08:10
alex88	so i don't know :)	08:10
kaushal	03:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 1078 (rev 04)	08:10
kaushal	ivoks: 03:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 1078 (rev 04)	08:10
glick	what should i set for a mailbox size limit?	08:10
glick	ive never set up a postfix install before	08:10
mase_wk	glick: well since i don't know anything about the amount of mail traffic for your site anything i give you is probably pointless	08:10
mase_wk	you don't have to set a limit	08:11
mase_wk	you can have unlimited	08:11
mase_wk	if in doubt just accept upstream default	08:11
alex88	glick: set something..when the disk is full erase all mailboxes and set lower limit :)	08:11
glick	i guess ill set it to half a gig	08:12
kaushal	ivoks: do you need more info ?	08:12
glick	it doesnt save sent email does it?	08:12
glick	or sent email doesnt contribute to the mailbox size	08:12
glick	only recieved email right?	08:12
alex88	depends if you save sent mails	08:12
alex88	if yes, yes...	08:13
glick	alex88, oh, thats a config option?	08:13
ivoks	kaushal: no :)	08:22
ivoks	kaushal: there's megamgr management tool for those raid controllers	08:23
glick	do i need to define a character for local adress extension?	08:23
glick	im not even sure what that is	08:23
ivoks	at least there was couple of years ago when i decided not to use LSI chips any more :)	08:23
ivoks	kaushal: http://blog.irwan.name/?p=1440	08:24
kaushal	ivoks: so i need to install it to get to know the RAID Controller ?	08:32
kaushal	Raid Level ?	08:32
ivoks	kaushal: yes	08:35
alex88	glick: no, it's not a config..just user decide to save sent mails or not..it goes to mailbox too so the space is shared..	08:35
ivoks	maybe it's possible to get this from the driver itself	08:35
ivoks	i don't have LSI anywhere anymore, so I can't check	08:35
glick	when it asks to specify the network blocks for which the host should relay mail, should i enter the ip address of the host?	08:40
alex88	leave default	08:41
alex88	btw https://help.ubuntu.com/10.04/serverguide/C/postfix.html	08:42
glick	yeah thats what im reading alex88	08:42
glick	alex88, wouldnt the network block by my ip/32?	08:43
glick	by = be	08:43
alex88	dunno.. i've left default	08:44
alex88	and it worked	08:46
ivoks	do you relay mail for others?	08:46
alex88	don't think he needs that...btw, community docs are better https://help.ubuntu.com/community/PostfixBasicSetupHowto	08:47
ivoks	courier?	08:48
ivoks	doh...	08:48
ivoks	stick with official docs :)	08:48
alex88	well, the start was about postfix... :)	09:01
alex88	yeah :)	09:05
alex88	someone knows how can i put ubuntu iso into /boot and boot via grub for restore?	09:05
eagles0513875	hey guys how can i find out what type of ram i have in my server with out taking it offline	09:39
henkjan	eagles0513875: use dmidecode or lshw	09:41
=== Nicke is now known as 18VABDTK5
=== skoef is now known as 84XAATDCT
=== geneticx is now known as 94SAAGLLG
uvirtbot	New bug: #620330 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.3 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/620330	10:22
=== maxb_ is now known as Guest7510
=== jmarsden is now known as Guest11851
rapha	Oh. What a netsplit.	10:42
=== 14WAA3OEI is now known as baccenfutter
=== baccenfutter is now known as baccenfutte
glick	should my CSR have a passphrase or no?	10:45
=== baccenfutte is now known as baccenfutter
alex88	glick: csr?	10:49
glick	certificate signing request	10:50
alex88	well...you should have a pass for everything :)	10:52
alex88	for more security	10:52
twb	Adding passwords doesn't necessarily improve security	10:52
twb	e.g. if <user> has four passwords instead of one, they're more likely to write ALL FOUR on a postit note	10:52
alex88	well..that's an example	10:53
alex88	a windows logon without password has not more security	10:53
twb	I've actually argued that making root's password the empty string is MORE secure than giving it a fixed password that nobody bothers to change	10:54
twb	Since the null string can only be used from secure TTYs	10:54
alex88	right.	10:54
alex88	but if only one person remember a password is secure	10:55
twb	Any password can be brute-forced in enough time	10:55
alex88	right..but no one has years to brute-force a pass	10:55
alex88	if it isn't a 4-char pass...	10:56
alex88	that's not the case for most pass..	10:56
twb	There's a nonzero probability that the any password can be brute-forced in O(1) time.	10:57
twb	Since it could guess it right the very first try	10:57
twb	Do you want to be that an attacker is never going to get lucky?	10:57
twb	*to bet	10:57
rapha	I need help, I just received warning from my hosting provider that an attack had been executed from my server. They sent a log of portscanning some IP addresses on port 21. I've asked my users if they did something like that and also ran rkhunter and chkrootkit, all of which came up wihout result. And there's not even nmap installed on the server. The hosting provider expects me to "solve the problem" and "report what countermeasures were taken" ...	10:57
alex88	twb: well.. i've never been so lucky.. :)	10:58
alex88	and also brute-force is the last way	10:58
maswan	twb: That's a rather silly argument, really. Any security protocol could be broken by a really lucky guess, most of the good ones make that sufficiently unlikely though.	10:58
alex88	rapha: O.o Lol	10:59
twb	maswan: I suppose that's true, when you consider that multi-factor authentication has to be digitized at some point, and the attacker could inject their brute-force guesses after that point	10:59
maswan	that said, I only allow ssh key logins instead of passwords to the servers I run	10:59
rapha	alex88: you find that funny?	11:00
maswan	because those are way harder to guess than a password someone can remember	11:00
twb	Right.	11:00
alex88	rapha: really not..	11:00
alex88	maswan: true	11:00
maswan	(and it has the bonus that you get two-factor auth to get root access with a password to sudo)	11:01
rapha	because i could really use a helping hand here ... I've no idea about how computer forensics work	11:01
alex88	rapha: check on user logins at that time	11:01
rapha	alex88: how? i only know how to check who's logged in right now...	11:01
twb	rapha: key-based auth is already two-factor -- the passphrase (something you know) and the private key (something you have).	11:01
rapha	twb: i'm sorry?	11:02
twb	Sorry, bad completion	11:02
rapha	oh k	11:02
alex88	ask on these 2 guys talking in the background :) btw i think /var/log has it	11:02
alex88	in some logs :)	11:02
rapha	there's auth.log	11:03
rapha	maybe that helps me	11:03
rapha	but why would www-data be opening an closing sessions?	11:03
twb	A good introduction to forensics is Venema's book	11:04
twb	http://www.porcupine.org/forensics/forensic-discovery/	11:04
alex88	www-data? maybe you've got hacked by web..	11:04
alex88	*been	11:04
rapha	hmmm	11:05
twb	EVERY attack I've seen in the last decade has been via an insecure web app	11:05
rapha	my own account and the "admin" account are opening and closing sessions all the time, too	11:05
rapha	even though I don't rly use my own account at all	11:05
twb	They might use a kernel vulnerability to escalate from www-data to root, but it's PHP they use to get their foot in the door.	11:05
rapha	there's just a cron job running in it checking the response time of a website every 5 minutes	11:06
alex88	that's yours?	11:06
rapha	alex88: mine is called "rapha"	11:06
alex88	the cron job..	11:06
rapha	yes	11:06
rapha	there's rly not much in /var/log/auth.log besides all the "opening session" and "closing session" chatter. not even failed login attempts.	11:07
alex88	the root passwords of the accounts are the same?	11:07
rapha	the root password is disabled; you can't log in as root - only through sudo.	11:07
rapha	and only user "admin" is allowed to do so.	11:08
alex88	and you never go into it?	11:08
rapha	oh yes, i mostly use the "admin" account, and also use "sudo" quite regularly, e.g. to install updates	11:08
jussi	Hei all. Ive a small issue, I have a mail server that is not in use anymore, except for archival purposes. on the same machine is bugzilla. now bugzilla's mail is being sent with the mail server on that machine, not the external one I need it to. how do I fix thsi?	11:08
rapha	twb: thx for the book ... i need some quick way though to find out who or what did those portscans yesterday evening, or the hosting provider will shut down the machine :(	11:09
alex88	rapha: check the apache log for hack attempts	11:09
rapha	alex88: not running apache but lighttpd ... let me check the logs anyway	11:10
alex88	same thing	11:10
alex88	search for some system commands like cd, ls, /tmp	11:10
twb	If a machine is compromised, you should offline it anyway	11:11
alex88	make a backup of logs, save on your pc and investigate there	11:11
rapha	twb: i'm not sure it is compromised. both rootkit scanners came up empty.	11:11
rapha	the backup is prolly a good idea tho.	11:11
rapha	going to backup /etc and /home as well in case it needs setting up again	11:12
alex88	rapha: also /var/lock/	11:14
alex88	*/var/log	11:14
rapha	alex88: already backed that up when you first suggested it :)	11:15
alex88	:) if you want give me apache logs and i make a qucik search	11:15
rapha	for the time being maybe it would be a good idea to install a firewall that blocks everything from the inside to the outside except for the services that need to run	11:16
alex88	*quick	11:16
alex88	rapha: csf is a very good choise for me	11:16
rapha	it's no prob, i can do the work if somebody tells me what to do :)	11:16
rapha	why not ufw alex88? any specific reason?	11:16
alex88	also has a intrusion detector..	11:16
alex88	rapha: more advanced features, also checks for suspicious process and send mail warnings	11:17
rapha	k	11:17
* rapha 'll check it out		11:17
rapha	hmmm backup of the home dirs will naturally take some time ... couple hundred gigs	11:18
alex88	rapha: which web apps do you have on?	11:22
alex88	rapha: http://www.sans.org/reading_room/whitepapers/logging/detecting-attacks-web-applications-log-files_2074	11:23
sherr	jussi: Check the bugzilla "administration" pages (log in as a user with "admin" rights). There's an "email" page, with a setting for "smtpserver".	11:23
jussi	sherr: thanks a lot, Ill go look there.	11:24
rapha	alex88: one custom-built site that is in the process of being replaced by a Contao based one. One Joomla-based site, that will also switch to Contao in the near future. Loads of Redaxo sites. Postfix-Admin. RoundCubeMail. Those should be about it.	11:24
alex88	well...custom-built maybe	11:25
alex88	can you give me address?	11:25
rapha	alex88: yeah its pretty badly made thats why we're replacing it	11:25
alex88	i'll take as a no :)	11:26
rapha	oh ofc sry missed that .., www.overcross.de	11:27
alex88	uh..nice site :)	11:28
rapha	well, yeah, the design. the rest - not so much.	11:28
kaushal	hi	11:28
kaushal	if i provide access to a server and there if i want to block access to the internal lan machines ?	11:29
kaushal	how can it be done using ufw ?	11:30
kaushal	I mean block the user to access all the hosts in the internal LAN	11:30
alex88	rapha: it's sql vulnerable	11:31
glen1	hey	11:36
alex88	hi	11:36
glick	what do i set the host name of the postfix, when its on the same machine as the webserver?	11:36
glick	set it to anything?	11:37
glick	or the actual hostname?	11:37
alex88	it's better to a fqdn	11:38
qman__	you set it to what you want to receive mail for	11:38
rapha	alex88: i was afraid so :-( ... can you /msg me where?	11:38
glick	soo....made_up_name.fqdn	11:38
glick	even if the phsyical host its on is named 43o5u7	11:39
qman__	UFW isn't ideal for servers like that	11:55
qman__	it's a great easy-setup tool for desktops and low profile servers, but you're really missing a lot of things by using it	11:55
qman__	for example, the outgoing port scans could have been prevented entirely by a well-written firewall	11:55
uvirtbot	New bug: #620382 in samba (main) "smbmount allows mounting the same ressource multiple times on the same mountpoint" [Undecided,New] https://launchpad.net/bugs/620382	12:01
glick	root@localhost:/etc/postgresql/8.4/main# service restart postgresql-8.4	12:16
glick	restart: unrecognized service	12:16
glick	isnt that correct name for postgresql?	12:17
=== Guest7510 is now known as maxb
=== maxb is now known as Guest10006
alvin	glick: It is, but the command is # service postgresql-8.4 restart	12:23
glick	riiiiight	12:24
glick	im an idio	12:24
=== ryanakca_ is now known as ryanakca
=== maxb_ is now known as maxb
=== lamont` is now known as lamont
alex88	rapha: check pm	12:33
=== dendrobates is now known as dendro-afk
glick	hmm it says i cant put aliases into httpd.conf	13:21
glick	where should i put them then?	13:21
=== zul_ is now known as zul
tschundeee	hey anyone knows if there is a way to install ubuntu on a pgpdesktop encrypted harddrive?	13:23
=== g0rd0n_ is now known as g0rd0n
Ose	so I just installed 10.04.1 server edition and googled a way to add a gui ( sudo aptitude install x-window-system-core gnome + sudo aptitude install gdm). However, the instructions there as to actually running the gui won't work. Help?	13:27
=== dendro-afk is now known as dendrobates
g0rd0n	gui? on a server?	13:28
Ose	just a little home server experiment	13:28
g0rd0n	Ose: have you tried via tasksel?	13:29
g0rd0n	run tasksel and select "Ubuntu desktop"	13:29
g0rd0n	it should install everything you need and get the gui going	13:29
hj	i've got a question about ubuntu server, sometimes it doesn't respond for a minute or so.. i can't find anything about it in the log files. what should I check next?	13:30
Ose	Actually it worked after a revoot	13:30
Ose	Reboot*	13:31
alex88	g0rd0n: and after having desktop? remote connect to desktop?	13:31
wastl	hj: faulty network driver?	13:31
wastl	did you try adifferent network adaptor?	13:32
hj	i've got a question about ubuntu server, sometimes it doesn't respond for a minute or so.. i can't find anything about it in the log files. what should I check next?	13:32
jpds	Graps.	13:32
jpds	Graphs*	13:32
wastl	hj: try a diffferent network adaptor?	13:32
hj	do you mean replacing the NIC?	13:33
g0rd0n	alex88: i never tried remote connecting to a desktop, i just use headless servers :P	13:35
g0rd0n	hj: could be an hd issue as well, although you should see errors about that	13:36
hj	no, it's a virtual machine, and the ubuntu host server doesn't give any errors either	13:37
hj	the 'downtime' is very random, so it's hard to test something.	13:38
hj	downtime is like a minute max, at the moment i don't know if other VM's aren't reachable too	13:41
noname	gi there	13:42
xampart	gi	13:42
alex88	g0rd0n: me too...but i've just asked what you can do then	13:45
g0rd0n	alex88: well via rdp or similar you surely can take complete control over the gui remotely	13:52
g0rd0n	btw i seem to be having some problems respawning the console to my ttyS0 via upstart, the login prompt doesn't show up in the serial console	13:52
alex88	right.. but i prefer command line :)	13:52
g0rd0n	yeh me too	13:52
alex88	btw, have you heard that on semptember will be released lots of 0day? i think it's gonna be a hot september :)	13:53
g0rd0n	in my /etc/event.d/tty file i have respawn exec /sbin/getty 57600 ttyS0	13:53
g0rd0n	alex88: oh well, will just bit a little bit of aptitude commands then :)	13:53
alex88	update every 3 hours? :) btw, i've seen they release microsoft, apple, adobe stuff..	13:55
alex88	excel, ie, microsoft codecs and cpan will be exploited..	13:56
wastl	argh	13:58
wastl	so may evil words on one pile insid a linux channel	13:58
wastl	shame on you	13:58
wastl	g	13:58
alex88	sorry :)	13:59
g0rd0n	:P	14:00
g0rd0n	i hate apple, adobe and oracle way more than microsoft nowadays	14:00
alex88	me too..maybe adobe is safe..but apple...bleah..	14:01
* wastl recently banned his Mac from his office desk...now there is only a linux box left		14:01
* alex88 likes wastl office		14:02
jdstrand	ufw supports egress filtering btw	14:08
wastl	now there is just one winsucks pc in out office and the rest is linux	14:09
jdstrand	not to mention, you can add any rules you want with the ufw framework, so if you are iptables aware, just edit /etc/ufw/*rules	14:09
wastl	unfortunately we need that one for rdesktopping to it to use some business related apps that won't run in wine :/	14:10
jdstrand	qman__: ^ if there are issues running ufw in production environments for bastion hosts, please file bugs	14:10
uvirtbot	New bug: #620428 in unixodbc (main) "unixodbc-dev: 64bit typedefs don't work" [Undecided,New] https://launchpad.net/bugs/620428	14:11
joe-mac1	if i put a new upstart job in /etc/event.d on hardy, how do i make initctl recognize it?	14:15
joe-mac1	initctl list does not show it	14:15
=== dantalizing_ is now known as dantalizing
joe-mac1	anybody, at all?	14:19
=== dendrobates is now known as dendro-afk
uvirtbot	New bug: #620441 in mysql-dfsg-5.1 (main) "MySQL upstart stop job does not cleanly shutdown mysql" [Undecided,New] https://launchpad.net/bugs/620441	14:36
* zul shakes his fist at mysql and upstart		14:37
=== luis__lopez is now known as luis_lopez
Egonis	I need to use a static IP for my ppp0 interface, and can't seem to find any howto's. I'm using Ubuntu Server 10.04	14:41
joe-mac1	anybody else think replacing init in -server was a stupid idea?	14:44
alvin	To be honest, I do	14:45
Egonis	Does anyone have any pointers on using a static ip with ppp0 using pppoeconf?	14:48
g0rd0n	joe-mac1: replacing init?	14:49
joe-mac1	g0rd0n: yes, with upstart	14:49
g0rd0n	oh you mean this upstart thing	14:49
joe-mac1	for my sub ten secfond boot times on servers i reboot once a quarter	14:49
joe-mac1	real awesome	14:49
g0rd0n	heh i am having trouble getting my freakin serial console to work with upstart	14:49
joe-mac1	duide	14:49
joe-mac1	same here	14:49
joe-mac1	in 10.04 i can	14:49
joe-mac1	in 8.04, having no luck	14:49
joe-mac1	i need this to work for the VPS on HP boxes	14:49
g0rd0n	uh? i am running 10.04 with upstart and the respawn on ttyS0 just doesnt work	14:50
g0rd0n	i cannot login via serial console	14:50
joe-mac1	i ddi initctl reload-configuration on 10.04 and it started working fine	14:50
g0rd0n	does not help here	14:51
g0rd0n	also, if i type 'initctl start ttyS0'	14:51
g0rd0n	i get 'initctl: Unknown job: ttyS0'	14:51
g0rd0n	it's a fujitsu server with iRMC S2... only thing that works are the kernel messages... but not even grub does show up for some reason	14:52
sherr	g0rd0n: "Unknown job" is just a missing /etc/init/ttyS0.conf isn't it?	14:53
joe-mac1	g0rd0n: well you need to make the job	14:53
joe-mac1	did you make the job?	14:53
joe-mac1	my problem is it doesn't see the job after i make it on 8.04	14:53
joe-mac1	i get unknown job, even though it's clearly there	14:54
g0rd0n	sherr: ehm yeh i dont have that file... embarassed	14:54
g0rd0n	my debian 5.0 server doesnt have that either... will need to google then	14:54
joe-mac1	it's just like the tty1 file	14:55
joe-mac1	but you use your com port instead	14:56
joe-mac1	not rocket science, point is, in 8.04 apparentlt upstart is something like a beta	14:56
g0rd0n	joe-mac1: oh so why is there /etc/init/tty1.conf AND /etc/events.d/tty1?	14:57
joe-mac1	g0rd0n: you did an in place upgrade from 8.04 to 10.04	14:57
g0rd0n	yes :(	14:57
joe-mac1	and the upgrade script didn't remove events.d	14:57
joe-mac1	which is now obselete	14:57
g0rd0n	really	14:57
g0rd0n	oh for fucks sake	14:57
joe-mac1	yes /etc/init is the place	14:57
g0rd0n	lol	14:57
joe-mac1	i have this working fien on 10.04, can somebody tell me how on 8.04 to get upstart to recognize new jobvs wiuthout rebooting?	14:58
g0rd0n	sorry cant help you on that	15:00
g0rd0n	yay, respawn works now :)	15:00
g0rd0n	i wonder why upgrade didnt migrate my events.d/ttyS0 file but whatever	15:00
joe-mac1	g0rd0n: so you had this owrking on 8.04?	15:01
joe-mac1	did you have to reboot to gegt it to work?	15:01
g0rd0n	joe-mac1: tbh i am not so so sure if it worked, but i suppose it did since 8.04 minimal came with the server	15:01
sherr	g0rd0n: Debian doesn't use upstart. Ubuntu 10.04 does - it is replacing sys-V init scripts. See : http://upstart.ubuntu.com/getting-started.html	15:02
sherr	+ man init	15:02
g0rd0n	joe-mac1: want me to paste my old /etc/event.d/ttyS0 file?	15:02
g0rd0n	s/paste/pastebin	15:02
g0rd0n	or pm	15:02
g0rd0n	btw i have these two lines in /boot/grub/menu.lst (still using grub1) which are 'serial --unit=0 --speed=57600' and 'terminal serial' however i still don't see grub in the serial console... any ideas as to why?	15:04
g0rd0n	btw i have a real problem with the video redirection, i suppose it has to do something with the framebuffer... while booting i see text normally, but at a certain point something changes and i just see garbage. i tried putting vga=normal kernel parameter, but it didnt help. any clues on this one?	15:06
g0rd0n	didnt have this problem on 8.04, seems to be new to 10.04	15:07
g0rd0n	is also the reason why i couldn't freshly install 10.04 with remote media, cause the screen becomes broken...	15:07
_ruben	i guess plymouth is to blame for that	15:09
_ruben	and/or kms	15:09
g0rd0n	i seem to have plymouth... can i safelly uninstall it?	15:10
_ruben	dunno, havent really looked into it	15:10
g0rd0n	looks like i cannot... oh well... not so important now, as long as i get grub to display on serial i am happy	15:13
alvin	g0rd0n: You can't. It's tightly bound to upstart	15:13
joe-mac1	ubuntu 8.04 also uses upstart	15:13
joe-mac1	the very beginnings of it actually	15:13
joe-mac1	inittab is gone	15:13
joe-mac1	absolutely infuriating	15:13
alvin	yes, but in compatibility mode	15:13
g0rd0n	it sucks i cant clean install 10.04	15:14
joe-mac1	alvin: do you know an 8.04/10.04 agnostic way to reload upstart jobs?	15:14
joe-mac1	the docs are wrong	15:14
joe-mac1	sending SIGHUP to init doesn't do it	15:14
joe-mac1	on 10.04 it seems initctl reload-configuration works	15:14
alvin	It seems to change every release and is different for different services. There's $ sudo reload/restart <service> and $ sudo <service> reload/restart	15:15
g0rd0n	heh	15:16
g0rd0n	i noticed that on a clean isntalled 10.04 the /etc/motd file contains some useful info... how can i get that on my upgraded 10.04 system?	15:16
alvin	No, I meant sudo service <service> reload/restart	15:16
joe-mac1	no i added a new job	15:18
joe-mac1	to start serial console on ttyS0 and ttyS1	15:18
=== 18VABDTK5 is now known as Nicke_
joe-mac1	says unrecognized job on 8.04	15:18
joe-mac1	OMFG	15:23
joe-mac1	you've gotta be kidding me	15:23
joe-mac1	the jobs for some reason in 8.04 can't be arbitrarily-named	15:23
joe-mac1	mine wasn amed serial-consoles	15:23
joe-mac1	changed it to ttyS0 and it worked	15:24
uvirtbot	New bug: #620460 in net-snmp (main) "snmpd didn't support diskpartitions larger than 2TB" [Undecided,New] https://launchpad.net/bugs/620460	15:26
g0rd0n	joe-mac1: haha!	15:32
smoser	RoAkSoAx, ping	15:39
smoser	http://uec-images.ubuntu.com/.manifest-daily and http://uec-images.ubuntu.com/.manifest are available.	15:39
RoAkSoAx	smoser: pong	15:53
RoAkSoAx	smoser: awesome	15:53
smoser	so, our goal is to have this in and functional by next thursday.	15:54
smoser	as i said, i was expecting to do this myself(ish), so if you are planning on doing it, then please let me knwo what i can do to help.	15:55
joe-mac1	thank god i have puppe to handle this across all 80 or so boxes	15:55
joe-mac1	anyways, see ya, upstart sucks	15:55
smoser	not trying to add pressure at all, but rather to say, if you can't do it, just say so and I will, RoAkSoAx	15:55
RoAkSoAx	smoser: well I'm planning to do the initial integration so that everything is showed in the UIs. Once that';s done, syncing will be easy. What would require more tweaking would be preparing the image and running in with kvm	15:56
RoAkSoAx	smoser: btw... is this something that you are looking for to have in testdrive-gtk or in testdrive-cli	15:57
smoser	well, ideally both.	15:58
smoser	i was expecting only -cli at the beginning.	15:58
smoser	i would have thought that having support in cli was a precursor to having support in -gtk	15:59
RoAkSoAx	smoser: that's what we can do. First work on the cli, and then I'll work on getting it on the GTK	15:59
smoser	RoAkSoAx, ok... so i'm not perfectly clear, sorry for being dense. what do you / will you need from me ?	16:01
RoAkSoAx	smoser: for now just how to prepare the .tar.gz to be able to launch it with kvm. And off course everything necessary to be to KVM to launch it (or if it's just a single 'kvm etc etc' command, an example one)	16:04
b0gatyr	Greetings	16:04
RoAkSoAx	s/be to/prepare	16:04
smoser	RoAkSoAx, see the final comment in https://bugs.launchpad.net/ubuntu/+source/testdrive/+bug/619974	16:30
uvirtbot	Launchpad bug 619974 in testdrive "[FFE] testdrive should support booting uec images" [Wishlist,In progress]	16:30
smoser	and let me know if that isn't enough	16:30
=== SpamapS_ is now known as SpamapS
RoAkSoAx	smoser: that's enough. If I have something else I'll let you know	16:39
iulian	soren: Hi. I'm currently looking at bug#620367.	16:47
iulian	You're talking about http://swift.openstack.org/, right?	16:48
iulian	A short description about this package would have been nice to see in the bug report.	16:49
iulian	soren: Can you find an archive admin to process it?	16:49
Kaelten	how can I tell what apt-key I need for a given package?	16:50
Egonis	I'm trying to assign a static IP on my PPPoE connection using Ubuntu Server 10.04 -- how would I go about doing this? I can see in /etc/ppp/peers/dsl-provider that there is a setting called 'noipdefault', which tells me I can do this somehow. I cannot find any useful HOWTO's anywhere, unfortunately	16:57
aljosa	what do you use for timezone when you setup an image for amazon or when you don't know timezone that will be used? UTC or something else?	17:03
Pupeno	Unnatended upgrades on my ubuntu server are just not happening, any ideas what might be the issue?	17:10
sherr	Pupeno: Check the logs? e.g. /var/log/apt ? How's it supposed to work - cron job? Check jobs?	17:13
Pupeno	sherr: It's using unnatended upgrades: https://help.ubuntu.com/10.04/serverguide/C/automatic-updates.html	17:15
Pupeno	sherr: I don't see anything on /var/log/apt/* that is relevant... I might be missing something though.	17:17
=== luis__lopez is now known as luis_lopez
sherr	So, nothing logged in /var/log/unattended-upgrades ?	17:25
=== michael_ is now known as masoncloud
daniele9821	salve a tutti	18:12
guntbert	!it	18:13
ubottu	Vai su #ubuntu-it se vuoi parlare in italiano, in questo canale usiamo solo l'inglese. Grazie! (per entrare, scrivi « /join #ubuntu-it » senza virgolette)	18:13
daniele9821	sorry, hello all	18:13
guntbert	!hi \| daniele9821	18:13
ubottu	daniele9821: Hi! Welcome to #ubuntu-server! Feel free to ask questions and help people out. The channel guidelines are at https://wiki.ubuntu.com/IRC/Guidelines . Enjoy your stay!	18:13
daniele9821	i search a bit of information according to SNMP. I've an HP MSA2324sa Cluster and i've seen in configuration there's SNMP where i can set the ip address. I want now configure a server to receive the snmp trap sent by HP ( i don't want sent trap to hp but i want only receive), it's possible??	18:16
jetsaredim	anyone know what the current state of xen support is?	18:23
=== dendro-afk is now known as dendrobates
qwe	Can anyone give me proper details about using SpamAssasin??	18:51
qwe	Can anyone give me proper details about using SpamAssasin??	18:52
guntbert	there are people without any patience ...	18:54
SpamapS	guntbert: he was very patient.. he waited 2 minutes.	19:07
guntbert	SpamapS: and didn't ask every 30 seconds ... you are right :)	19:09
SpamapS	guntbert: maybe if he had asked 3 or 4 more times in his 2 minutes, he'd have gotten a response.. but.. we can't cater to lazy people who only ask once per minute.	19:11
guntbert	you convinced me - I'll keep that in mind for dealing with my next problem	19:11
qman__	I'm having a problem with zoneminder on ubuntu 9.10, tried posting on their forum but got no response	19:25
qman__	the problem is that the ajax video control buttons aren't working	19:25
qman__	it records just fine, and playback works	19:25
qman__	but you can't skip around, fast forward, or rewind	19:26
erichammond	qman__: Ubuntu 10.04 has a newer version of zoneminder. Don't know if it might fix your issues.	19:27
qman__	thanks, but I'm not sure if I want to open that can of worms just yet	19:28
qman__	I don't have local access	19:28
erichammond	qman__: I just upgraded my zoneminder server from 9.10 to 10.04 remotely last night with no problems.	19:29
soren	iulian: I'm sure I can once I get around to uploading it.	19:29
erichammond	qman__: Also, I've found that the zoneminder web UI only works for me on Firefox, and not Chromium.	19:29
qman__	well, the local firefox doesn't work either, but I haven't tried firefox on windows	19:29
qman__	don't have firefox installed on this desktop	19:30
qman__	yeah, it's doing the same thing, firefox on windows	19:31
qman__	alright then, I guess I'll try upgrading	19:33
qman__	but I'll need to go make a backup first	19:33
qman__	not risking it	19:33
qman__	thanks for the tip	19:33
=== ivoks is now known as ivoks-away
alex88	if i have created a deb file, and want to upload to ppa for the first time..what should i do?	19:38
alex88	i've created ppa etc	19:38
=== unreal_ is now known as unreal
Friar	anyone here at all familiar with openvpn? I'm having some trouble getting my vpn connection going.	19:45
alex88	Friar: tell me	19:48
Friar	here is my log...I have no idea what it means: http://paste.ubuntu.com/480568/	19:50
Friar	I have a server running and I downloaded the 2 certificate files, a key file, and a config file from the server as per the instructions. I've loaded them into kvpnc, but for some reason it isn't connecting.	19:51
alex88	O.o what are you running? openvpn? ubuntu?	19:53
alex88	look at the server guide	19:53
Friar	alex88, the disconnect request was something that I did.	19:53
Friar	I'm running ubuntu on the client.	19:53
alex88	and on the server?	19:53
Friar	my server is running clearOS. another linux distro...	19:54
Friar	so this might be the wrong place, but I need some openvpn schooling...	19:54
alex88	well..i've followed the server guide and it works fine..try to look at it and configure fine the server..because the oepnvpn software is the same	19:54
Friar	I see....is the server guide on ubuntuforums?	19:55
alex88	w8 a sec	19:55
alex88	https://help.ubuntu.com/10.04/serverguide/C/openvpn.html	19:56
Friar	haha, i just found it right as you sent the link.	19:57
Friar	I'm going to read and learn!!!	19:57
guntbert	Friar: and if you forget/loose the link just ask ubottu: !serverguide	20:00
Friar	thanks guntbert	20:00
guntbert	Friar: no problem :) have fun!	20:01
pmatulis	SpamapS: re old-style partition nomenclature, it's to avoid having to deal with uuid conflicts on a restored system (from non-image backup)	20:02
pmatulis	SpamapS: of course we have bug #499483	20:03
uvirtbot	Launchpad bug 499483 in grub2 "/etc/default/grub cannot disable use of UUID" [Undecided,Confirmed] https://launchpad.net/bugs/499483	20:03
alex88	guntbert: is there a command list for ubottu?	20:06
guntbert	!brain \| alex88	20:06
hggdh	kirkland: interesting: I am running a long term on r1232, and I am not seeing that many errors, in fact, pretty good -- so far --, 470 instances started, 21 failures	20:06
ubottu	alex88: Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi - Usage info: http://wiki.ubuntu.com/IRC/Bots	20:06
guntbert	alex88: yes :)	20:06
alex88	thank you :)	20:08
qman__	Friar, yeah, that's pretty badly misconfigured somewhere, if you still need help, pastebin your server and client side config files	20:08
Friar	qman_, I'll do that...I just need to find them.	20:08
Friar	qman_, I have two files in /etc/openvpn on my client. one is .conf, and the other is .ovpn	20:11
qman__	I think the linux client uses the .conf one	20:13
qman__	windows clients use the .ovpn one	20:13
Patrickdk	I thought the linux one uses both	20:13
Patrickdk	the windows gui will only use .ovpn though	20:13
qman__	the linux client might use both, but there should only be one configuration file for the client	20:13
alex88	linux uses which one you select.. :)	20:13
Patrickdk	if you use the full name :)	20:14
Friar	Well, I told it the .ovpn one....it is called server.neezer.poweredbyclear.com.ovpn	20:14
Patrickdk	init.d script only uses .conf	20:14
SpamapS	pmatulis: but.. preseed.. ?	20:15
Friar	here is the paste bin of the client .ovpn file http://paste.ubuntu.com/480580/	20:15
pmatulis	SpamapS: sorry?	20:16
SpamapS	pmatulis: for grub yeah, I can see where you need to be able to distinguish for booting purposes... but once you're booted.. tune2fs /dev/X -U random works. ;)	20:16
SpamapS	pmatulis: the UUID vs. device location question	20:17
SpamapS	pmatulis: your original context was preseed	20:17
pmatulis	SpamapS: yes, preseed creates fstab essentially, and that file will conflict on a restored system	20:19
pmatulis	SpamapS: so the point is not to have to use tune2fs and edit fstab	20:19
pmatulis	SpamapS: actually, just discovering the new uuids and editing fstab, why you say to create new uuids with tune2fs?	20:21
alex88	does the gpg key stored in home dir?	20:21
iulian	soren: Alrighty.	20:23
Friar	I'm having a real hard time finding my server config file as it is not an ubuntu machine. does it have to be in etc/openvpn/?	20:25
soren	iulian: Why do you ask, btw?	20:26
alex88	Friar: in ubuntu..yes...	20:27
Friar	haha thanks alex88. I'll keep looking. does there look like anything is wrong with my client config? or can you not tell unless you see the server config as well.	20:27
alex88	there are no particular errors there.. :)	20:28
iulian	soren: Hm, ask what?	20:28
Friar	on my server i have a clients.conf file in /etc/openvpn....could that be in?	20:31
Friar	*it?	20:31
iulian	soren: You mean the last question I addressed to you?	20:32
alex88	it's clients.conf not server.. :)	20:32
alex88	if you look in man openvpn maybe there's the default config file	20:33
Friar	ah...ok. so clients.conf is the config file for the server?	20:33
iulian	soren: If that is what you meant, it is because as far as I know the archive admins don't really have the necessary time to review new packages once we are in FF.	20:33
Friar	here is my clients.conf from my server in /etc/openvpn: http://paste.ubuntu.com/480591/	20:35
yonahw	I want to add a new user to my server with admin rights to use instead of root. I don't have an admin group though. Is this normal? What should I be doing instead? Links to documentation would suffice.	20:36
soren	iulian: ah, right, ok.	20:39
soren	iulian: Yeah, don't worry about it. I'll pull a few strings.	20:39
iulian	soren: Awesome. :)	20:40
guntbert	yonahw: what system do you have?	20:40
yonahw	guntbert: ubuntu-server 10.04	20:41
MTecknology	Any of you set up mailman with nginx?	20:44
guntbert	yonahw: usually there is an admin and an adm group, any administrative user should be member of those two to be able to use sudo, but you can go the "old linux way" too	20:44
yonahw	guntbert: I have an adm group but not an admin group. would it suffice to add to the adm group? what would the "old linux way" be?	20:45
MTecknology	I have everything working except the nginx part - had it on apache but I'm pretty sick of Microsoft (err.. I mean Apache)..	20:46
guntbert	yonahw: old way: use sudo visudo to add a line to /etc/sudoers, like: admuser ALL=(ALL) ALL	20:48
yonahw	guntbert: would admuser in this case by my new user's login?	20:49
qman__	yonahw, you can add the "adm" group to sudoers in the same way, or create an "admin" or other group and add it	20:50
qman__	or add individual users	20:50
guntbert	yonahw: yes, thats what I meant	20:50
yonahw	guntbert: thanks for your help	20:52
guntbert	yonahw: you're welcome :-)	20:52
worldsayshi	I've previously set up lamp on my home server and now I try to get my head around php. But I have some trouble understanding the thought behind the default ownership settings. The var/www folder is set to be owned by root. Is that really right? Shouldn't the web content be owned by the same process that is running the lamp server? Hmm... That would allow the web server to edit the web content though. That might not be how it is int	21:20
ewook	worldsayshi: well, check what user apache is running under and you'll see.	21:22
worldsayshi	wow, seems I have 8 apache processes running :S	21:26
shauno	I believe /var/www defaults to root:root, and apache as www-data. It seems like a safe/sane default, but not sure what best practice on changing it is	21:26
worldsayshi	I guess that if I'm going to run an sql server the apache server needs write permissions to the data base. But maybe it only needs it for the database itself	21:28
worldsayshi	My web server is run by www-data	21:28
shauno	that'll depend what database you're using. SQL for example, handles authentication when a process connects to it, rather than thru filesystem permissions	21:29
qman__	exactly, the directory is root-owned so that the web server can't modify it by default	21:30
qman__	if you want to allow it to edit certain files or directories, you must change the permissions on them	21:30
worldsayshi	Guess thats a good idea?	21:30
worldsayshi	seems sensical	21:31
worldsayshi	shauno: But I assume the process connecting to the database must still have write access to it	21:34
worldsayshi	...If it wants to modify	21:34
qman__	database access is handled by the database	21:34
qman__	see mysql authentication	21:34
worldsayshi	aha, so the database is run as a separate process?	21:35
qman__	it's handled over either local unix sockets or IP	21:35
qman__	yes, the database server is separate	21:35
worldsayshi	okok. Thanks!	21:35
qman__	PHP does not modify files directly to write to the database	21:36
worldsayshi	I see	21:36
RoyK	worldsayshi: create a database user with something like "GRANT ALL on thisdb.thistable TO thisuser IDENTIFIED BY "thispassword"	21:37
RoyK	or even	21:38
RoyK	worldsayshi: create a database user with something like "GRANT ALL on thisdb.thistable TO thisuser@localhost IDENTIFIED BY "thispassword"	21:38
RoyK	then connect to the db with that user and password	21:38
veenenen	worldsayshi: As for the ownership stuff for /var/www. I'd advise keeping it as root. That way the default is for www-data not to have write access to any folders that are visible to the outside world. However, when you want to allow php to write files to /var/www you can change the ownership of individual folders. Just make sure you're not writing the file to the server with execute permissions. If you need a place to write temporary files, there's a	21:42
shauno	it's a sensible default for a reason. I believe forums being able to write to the same files they're executing is the leading cause of buggy forums turning into system vulnerabilities	21:44
JasonMSP	i need help configuring VSFTPD I have multiple sites with multiple users. I want multiple users to be constrained to their /srv/www/theirwebsite folder.	21:45
JasonMSP	(with ftp access)	21:45
uvirtbot	New bug: #620674 in apache2 (main) "package apache2-mpm-worker 2.2.14-5ubuntu8 failed to install/upgrade: el paquete apache2-mpm-worker ya está instalado y configurado" [Undecided,New] https://launchpad.net/bugs/620674	21:46
JasonMSP	users won't have shell access. only ftp so no need for home directories or any other access other than their webfolder.	21:46
shauno	JasonMSP: if that's the only access they require, I'd be tempted to set that as their home directory. then chroot_local_user=YES in vsftpd.conf is all that's needed	21:50
JasonMSP	shauno: Maybe there is a better solution out there then VSFTPD for me but I haven't seen anything. i've created a group ftpusers. They don't have shell access and I've tuyrned on chroot_local_users and list_enable	21:57
qman__	there is a better solution, SFTP	22:03
JasonMSP	shauno: i set their local directories as such, but they are able to cd .. up. Ie they are not locked into their home folde, thats just where they start out	22:04
qman__	with match blocks and chrootdirectory, you could simply add new users to the group and be done with it	22:05
qman__	and eliminate usage of the outdated, insecure, and cumbersome FTP, two birds with one stone	22:05
JasonMSP	qman: can you point me to a good setup page?	22:06
qman__	http://www.debian-administration.org/articles/590	22:07
qman__	though I would skip the part where he sets their home directory to "/"	22:07
qman__	switch "/home/%u" with "/srv/www/%u"	22:07
penllawen	hey channel	22:08
penllawen	I have a problem with Screen permissions on a freshly build 10.04 machine, if anyone could help?	22:08
JasonMSP	qman: switching to www/%u though would only allow one user and their name would have to be the same as the webfolder wouldn't it?	22:10
qman__	JamesHarrison, it would, I think there's an equivalent variable for $HOME if you want to use that instaed	22:10
qman__	instead*	22:10
qman__	probably %h but I need to look it up	22:11
qman__	yep, %h is their complete home directory	22:11
JasonMSP	thanks..	22:12
qman__	so you could just do "ChrootDirectory %h" and then set their home to their folder	22:12
qman__	the new built in features make this FAR easier than it used to be	22:13
JasonMSP	qman: so for every client that needs to upload files to their site, I would only need to create them with adduser and set their homedirectory correctly. I'd like to make sure they are locked out of the rest of the server as well. With VSFTPD I had created a ftpuser group and only those users could ftp in. Is there a way to do this with SFTP?	22:15
qman__	JasonMSP, yes, it works the same way	22:16
qman__	the "Match group sftponly" part is for that purpose	22:16
qman__	add the user to that group, and then they are only allowed to sftp, and only to their home directory	22:16
=== ]oestewart is now known as joestewart\|afk
qman__	if you want, just change "sftponly" to your existing group, "ftpuser"	22:16
JasonMSP	qman: thanks! I need to head out. Im sure ill have more questions later.	22:23
hggdh	kirkland: can you please have a look at bug 619843? I am not sure this is an Eucalyptus issue anymore	22:39
uvirtbot	Launchpad bug 619843 in eucalyptus "euca-get-console-output returns one single line" [High,Confirmed] https://launchpad.net/bugs/619843	22:39
=== A-Tuin_ is now known as A-Tuin
Andre_Gondim	does any one knows how to solve this problem? http://paste.ubuntu.com/480650/	23:03
qman__	Andre_Gondim, update-grub is missing	23:05
qman__	you can either download it manually from the package, or create an empty script to make it happy	23:05
qman__	if you do the latter, I suggest reinstalling grub and everything related, though	23:06
qman__	or copy it from another system running the same version	23:07
=== dendrobates is now known as dendro-afk
Andre_Gondim	thanks qman__	23:14
Andre_Gondim	qman__, if I reboot my system, the system will crash?	23:16
qman__	Andre_Gondim, only if grub is currently in a broken state	23:18
qman__	update-grub being missing means that it can't update it with new information	23:19
Andre_Gondim	how I could check this?	23:19
=== rmk_ is now known as rmk
qman__	the easiest way is by rebooting and finding out	23:19
qman__	but don't do that unless you have a live CD handy	23:19
Andre_Gondim	so complicated to me, my server is in other location and if I reboot with CD don't have wireless and ssh automaticaly	23:20
=== rmk_ is now known as rmk
qman__	while it's not a guarantee, check to make sure that /boot/grub/menu.lst (grub1) or /etc/default/grub (grub2) has sane settings, and that /boot/grub exists	23:21
qman__	and that there are kernels and initramfs files in /boot	23:21
=== rmk_ is now known as rmk
Andre_Gondim	qman__, yes, there is kernels and /etc/default/gub	23:22
=== rmk_ is now known as rmk
worldsayshi	what is the name of the process that is the svn server?	23:37
worldsayshi	trying to figure out what permissions my svn server has	23:38
worldsayshi	and what user is running it	23:40
SpamapS	soren: I seem to recall you had some experience with glusterfs... any chance you're around?	23:45

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!