[00:03] <Trixboxer> Hi
[00:03] <Trixboxer> I cant boot in run level 1 fro ubuntu 10.04
[00:04] <Trixboxer> actually its directly going to GUI
[00:04] <Trixboxer> is there any way .. by which I can boot in grub and then change the runlevel
[00:15] <Sonja> how do i see a list of all the apt-get installations? I think i installed two mail servers, exim and postfix, and i want to remove postfix.
[00:16] <zash> Sonja: a list or a log?
[00:17] <xgorg> Guys how to log in automaticly from a server?
[00:17] <zash> Sonja: I would recomend aptitude
[00:18] <Sonja> thanks. aptitude looks neat
[00:21] <Sonja> wow a gui and everything
[00:22] <zash> :)
[00:22] <Sonja> clickable putty
[00:22] <zash> you can do "aptitude search mail | grep ^i" to list installed mail-related packages
[00:37] <Sonja> i'm trying to set up a mail server at 69.165.245.9
[00:37] <Sonja> i think i configured my firewall proprely
[00:37] <Sonja> one sec
[01:02] <randomOfAmber> is there a good way to lock your session in a headless install without logging out?
[01:06] <randomOfAmber> nevermind... found it (away or vlock)
[01:24] <kandjar> hi there
[01:24] <kandjar> I had to reboot my ubuntu server this morning, because the process table was flooded with root process running: /USR/BIN/CRON (all caps); does anyone know a possible reason? or has anyone seen that?
[01:26] <mase_wk> hmm seems a bit odd
[01:41] <clusty> hey
[01:42] <clusty> how the hell does one move NTFS and EXT4 partitions around with sizes specified in sectors and not MBs
[01:42] <clusty> parted does not support NTFS and asks me to flush the journal by hand before for ext4
[01:42] <clusty> and gparted is stuck in MB
[01:59] <RoAkSoAx> hallyn: /win 3
[01:59] <RoAkSoAx> ups sry
[02:08] <guest9876543210> Hi all !
[02:09] <guest9876543210> could someone assist a stupid guy (not me ;) ) who has remove apt & aptitude from his server ?
[02:10] <shauno> guest9876543210: that does sound awfully fun.  do you still have dpkg?
[02:10] <clusty> :D can you do apt-get remove --purge apt ?
[02:10] <clusty> this is fun :D
[02:10] <guest9876543210> yeap, I think he still has dpkg installed (thanks for the answer shauno)
[02:11] <hallyn> RoAkSoAx: hate when i do that :)
[02:12] <guest9876543210> shauno : I'm looking for a .deb for apt, but I haven't find it yet
[02:12] <pmatulis> guest9876543210: try aptitude
[02:12] <guest9876543210> Of sure, it is a remove server and he doesn't have access to a physical CD-ROM
[02:13] <guest9876543210> pmatulis : he has removed aptitude too :(
[02:13] <pmatulis> guest9876543210: no, d/l aptitude package
[02:13] <guest9876543210> a remote server .. sorry for mistype
[02:13] <pmatulis> guest9876543210: and install it with dpkg
[02:13] <shauno> guest9876543210: http://archive.ubuntu.com/ubuntu/pool/main/a/apt/     0.7.25.3  appears to be current on 10.04
[02:14] <pmatulis> guest9876543210: not sure about any dependencies that may be missing
[02:14] <guest9876543210> shauno & pmatulis : thanks for the help, I'll let him know the deb place :)
[02:15] <shauno> guest9876543210: I might advise duct-taping his fingers together so he doesn't do that again :)
[02:15] <clusty> guest9876543210: tell your "friend" to think twice and act once :D
[02:16] <guest9876543210> Yeap, I'm pretty sure he has type a long command and didn't take care ...
[02:17] <shauno> apt should throw up a warning demanding that he types "Yes, do as I say!".  That's usually a big red flag.
[02:17] <shauno> (assuming he used apt to remove apt ..)
[02:18] <guest9876543210> shauno : I don't know the exact command he typed, but for sure, it was crazy
[02:19] <shauno> if he's managed to nuke dpkg as well, you may be interested to know that .deb are just archives that can be peeled apart with the 'ar' command.  you can piece things back together by hand, it's just not fun
[02:20] <guest9876543210> shauno : I don't hink he removed dpkg has he has already tried to reinstall using it
[02:20] <shauno> I didn't want to second-guess just how crazy crazy is :)
[02:21] <guest9876543210> arg .. he just told me he's using Lenny and not Ubuntu ..
[02:22] <shauno> you should be able to track it down with packages.debian.org and do the same thing
[02:23] <guest9876543210> shauno : thanks, that's the URL I was looking for :)
[02:29] <guest9876543210> Is someone here a bit used to vmbuilder ? (Virtual Machine)
[02:29] <guest9876543210> (this is a question from me, this time)
[02:32] <guest9876543210> So, in resume, I have installed a minimal Lucid server to run as a VM server
[02:33] <guest9876543210> I have installed successfully the first VM (a Lucid i386) and I can start it
[02:33] <guest9876543210> (I'm using a brdge network on the server)
[02:34] <guest9876543210> but once, the VM Lucid is launched, I can't access anymore to the VM server using SSH
[02:35] <guest9876543210> I have changed the SSH port of the LucidVM to 23, but I still can't access the VM-server ...
[02:35] <guest9876543210> Has anyone a track, or I am missing completely something about VMs ?
[04:12] <superbrad> Question about DNS:  I've set up DNS according the Ubuntu server guide.  Do I need to do anything so that it propagates?
[04:48] <ScottK> Need to tell your domain name registrar where the DNS server is.
[05:02] <monokrome> I have a Ubuntu server that I have configured to have a static IP - but every few hours, it gets an IP over DHCP. My /etc/network/interfaces looks like this: http://dpaste.com/230918/
[05:02] <monokrome> Any ideas?
[05:17] <twb> monokrome: did you install this server using the Ubuntu Server CD, or by some other means?
[05:19] <guest9876543210> #quit
[05:21] <qman__> monokrome, have you run `sudo service networking restart` or rebooted the system since configuring it static?
[05:38] <monokrome> qman__: It's been doing this for 2 months now.
[05:38] <monokrome> And yes.
[05:38] <monokrome> twb: I used the official installer.
[05:38] <monokrome> and an official cd
[05:39] <twb> You installed a server using the "desktop" or "alternate" CD?
[05:39] <monokrome> Why would I install a server using a desktop CD?
[05:39] <twb> Because you're an idiot
[05:39] <monokrome> Well, I didn't.
[05:40] <twb> If you didn't do something stupid, that's great, but I have to check for stupid things first
[05:40] <monokrome> I used the Ubuntu Server distribution
[05:40] <twb> Good-o.
[05:40] <twb> Is there a dhclient process running right now?
[05:40] <twb> Is Network Manager installed?
[05:41] <monokrome> Just a second. It kicked me off because it changed it's IP again.
[05:41] <monokrome> okay. Found it again.
[05:43] <monokrome> Network manager isn't installed - unless that's a default.
[05:44] <monokrome> There is a dhclient process running - which is weird since I uninstalled it :|
[05:44] <twb> OK, so I guess the problem is that you changed it to static, then bounced the network -- but the network bounce script saw a static configuration, so didn't try to kill off the original dhclient process
[05:45] <monokrome> bounced the network?
[05:45] <twb> If I'm right, killing off dhclient, or rebooting the box, should be a permanent fix.
[05:45] <monokrome> I've rebooted and it didn't fix it
[05:45] <twb> "bounce the network" as in "sudo restart networking" or so.
[05:45] <monokrome> after uninstalling dhclient
[05:45] <monokrome> which means it's still there :|
[05:45] <twb> Then how the hell did the process start
[05:45] <twb> Unless you issued "shutdown -r now" but it didn't actually do so
[05:50] <monokrome> I rebooted the server a few minutes after "remove --purge" completed
[05:51] <monokrome> Proof:
[05:51] <monokrome> http://dpaste.com/230938/
[05:52] <twb> And did you try "which dhclient" after your spurious attempt to purge it?
[05:52] <monokrome> I did that about 2 minutes ago.
[05:53] <monokrome> I removed dhclient weeks ago.
[05:53] <monokrome> and yes, I've rebooted since.
[05:53] <twb> Because "dhclient" isn't a package.
[05:53] <twb> it's either "isc-dhcp-client" or "dhcp3-client", depending on vintage
[05:54] <monokrome> ugh. why were they both set to manually installed? :|
[05:54] <twb> Because ALL packages in the base install are marked as manually installed, for hysterical reasons.
[05:55] <monokrome> lol
[05:55] <twb> Here is a dance I do to make most things markauto'd, immediately after install:
[05:55] <twb> aptitude --schedule-only markauto ~E '~i!~M(~Rdepends:~i|~Rrecommends:~i)' && aptitude --schedule-only keep ~aremove && aptitude install
[05:56] <monokrome> hmm
[06:34] <MatthewM> Is this the right place to ask questions about Ubuntu Enterprise Cloud?
[06:34] <alex88> morning guys..
[06:36] <alex88> MatthewM: #ubuntu-cloud
[06:36] <alex88> as you can see from https://wiki.ubuntu.com/IRC/ChannelList
[06:36] <MatthewM> alex88: thanks
[06:36] <alex88> np
[06:53] <glick> hey quick question, reading the server docs for installing postfix
[06:53] <glick> when it asks for a Root and postmaster mail recipient, does that have to be the username for an account on the system?
[06:53] <glick> or what what should i set that to?
[07:01] <sailerboy> hey, anyone rent a vps from thrustvps.com or damnvps.com?
[07:02] <sailerboy> anyone at all?
[07:10] <sailerboy> hey, anyone rent a vps from thrustvps.com or damnvps.com?
[07:11]  * Pupeno is a happy Linode costumer.
[07:11] <sailerboy> Pupeno, what virtualizaton do they use?
[07:11] <sailerboy> xen or openvz?
[07:12] <Pupeno> No idea, but I think they use xen.
[07:12] <sailerboy> is it hvm or pv
[07:30]  * mase_wk also uses Linode and is happy
[07:31] <sailerboy> Linode is a bit out of my price range
[07:32] <sailerboy> im happy with a less stable vps for cheaper
[07:32] <sailerboy> im just having trouble with downloading the server edition to my vps
[07:32] <sailerboy> i found out that the server i was downloading it from has a corrupt file
[07:51] <kaushal> hi
[07:51] <kaushal> is there a way to know from OS which Hardware RAID level has been configured on Ubuntu Server ?
[07:53] <ivoks> depends on raid controller
[07:53] <alex88> mdadm -D /dev/md0 ?
[07:53] <ivoks> alex88: hardware raid
[07:53] <Error404NotFound> how can i exclude a directory, say /var/log from aide?
[07:53] <alex88> oh right...sorry :)
[08:04] <glick> hey in the postfix configuration screen when asks for the limit on mailbox files, what should i put? what does it mean when it says "The upstream default is 51200000"
[08:07] <mase_wk> glick it means that postfix shipped from postfix.org servers has a default value of 51200000
[08:08] <glick> whats a good default for a website mase_wk
[08:08] <mase_wk> website ? i thought you were installing postfix
[08:09] <mase_wk> postfix is an SMTP server
[08:09] <glick> mase_wk, yeah i am, its the mail end for a website, for sending confirmation emails, and getting contact emails, etc
[08:09] <glick> for a django frontend
[08:09] <kaushal> alex88: its a hardware raid controller and not a software controller
[08:10] <alex88> kaushal: ivoks already told me :)
[08:10] <alex88> so i don't know :)
[08:10] <kaushal> 03:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 1078 (rev 04)
[08:10] <kaushal> ivoks: 03:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 1078 (rev 04)
[08:10] <glick> what should i set for a mailbox size limit?
[08:10] <glick> ive never set up a postfix install before
[08:10] <mase_wk> glick: well since i don't know anything about the amount of mail traffic for your site anything i give you is probably pointless
[08:11] <mase_wk> you don't have to set a limit
[08:11] <mase_wk> you can have unlimited
[08:11] <mase_wk> if in doubt just accept upstream default
[08:11] <alex88> glick: set something..when the disk is full erase all  mailboxes and set lower limit :)
[08:12] <glick> i guess ill set it to half a gig
[08:12] <kaushal> ivoks: do you need more info ?
[08:12] <glick> it doesnt save sent email does it?
[08:12] <glick> or sent email doesnt contribute to the mailbox size
[08:12] <glick> only recieved email right?
[08:12] <alex88> depends if you save sent mails
[08:13] <alex88> if yes, yes...
[08:13] <glick> alex88, oh, thats a config option?
[08:22] <ivoks> kaushal: no :)
[08:23] <ivoks> kaushal: there's megamgr management tool for those raid controllers
[08:23] <glick> do i need to define a character for local adress extension?
[08:23] <glick> im not even sure what that is
[08:23] <ivoks> at least there was couple of years ago when i decided not to use LSI chips any more :)
[08:24] <ivoks> kaushal: http://blog.irwan.name/?p=1440
[08:32] <kaushal> ivoks: so i need to install it to get to know the RAID Controller ?
[08:32] <kaushal> Raid Level ?
[08:35] <ivoks> kaushal: yes
[08:35] <alex88> glick: no, it's not a config..just user decide to save sent mails or not..it goes to mailbox too so the space is shared..
[08:35] <ivoks> maybe it's possible to get this from the driver itself
[08:35] <ivoks> i don't have LSI anywhere anymore, so I can't check
[08:40] <glick> when it asks to specify the network blocks for which the host should relay mail, should i enter the ip address of the host?
[08:41] <alex88> leave default
[08:42] <alex88> btw https://help.ubuntu.com/10.04/serverguide/C/postfix.html
[08:42] <glick> yeah thats what im reading alex88
[08:43] <glick> alex88, wouldnt the network block by my ip/32?
[08:43] <glick> by = be
[08:44] <alex88> dunno.. i've left default
[08:46] <alex88> and it worked
[08:46] <ivoks> do you relay mail for others?
[08:47] <alex88> don't think he needs that...btw, community docs are better https://help.ubuntu.com/community/PostfixBasicSetupHowto
[08:48] <ivoks> courier?
[08:48] <ivoks> doh...
[08:48] <ivoks> stick with official docs :)
[09:01] <alex88> well, the start was about postfix... :)
[09:05] <alex88> yeah :)
[09:05] <alex88> someone knows how can i put ubuntu iso into /boot and boot via grub for restore?
[09:39] <eagles0513875> hey guys how can i find out what type of ram i have in my server with out taking it offline
[09:41] <henkjan> eagles0513875: use dmidecode or lshw
[10:42] <rapha> Oh. What a netsplit.
[10:45] <glick> should my CSR have a passphrase or no?
[10:49] <alex88> glick: csr?
[10:50] <glick> certificate signing request
[10:52] <alex88> well...you should have a pass for everything :)
[10:52] <alex88> for more security
[10:52] <twb> Adding passwords doesn't necessarily improve security
[10:52] <twb> e.g. if <user> has four passwords instead of one, they're more likely to write ALL FOUR on a postit note
[10:53] <alex88> well..that's an example
[10:53] <alex88> a windows logon without password has not more security
[10:54] <twb> I've actually argued that making root's password the empty string is MORE secure than giving it a fixed password that nobody bothers to change
[10:54] <twb> Since the null string can only be used from secure TTYs
[10:54] <alex88> right.
[10:55] <alex88> but if only one person remember a password is secure
[10:55] <twb> Any password can be brute-forced in enough time
[10:55] <alex88> right..but no one has years to brute-force a pass
[10:56] <alex88> if it isn't a 4-char pass...
[10:56] <alex88> that's not the case for most pass..
[10:57] <twb> There's a nonzero probability that the any password can be brute-forced in O(1) time.
[10:57] <twb> Since it could guess it right the very first try
[10:57] <twb> Do you want to be that an attacker is never going to get lucky?
[10:57] <twb> *to bet
[10:57] <rapha> I need help, I just received warning from my hosting provider that an attack had been executed from my server. They sent a log of portscanning some IP addresses on port 21. I've asked my users if they did something like that and also ran rkhunter and chkrootkit, all of which came up wihout result. And there's not even nmap installed on the server. The hosting provider expects me to "solve the problem" and "report what countermeasures were taken" ... 
[10:58] <alex88> twb: well.. i've never been so lucky.. :)
[10:58] <alex88> and also brute-force is the last way
[10:58] <maswan> twb: That's a rather silly argument, really. Any security protocol could be broken by a really lucky guess, most of the good ones make that sufficiently unlikely though.
[10:59] <alex88> rapha: O.o Lol
[10:59] <twb> maswan: I suppose that's true, when you consider that multi-factor authentication has to be digitized at some point, and the attacker could inject their brute-force guesses after that point
[10:59] <maswan> that said, I only allow ssh key logins instead of passwords to the servers I run
[11:00] <rapha> alex88: you find that funny?
[11:00] <maswan> because those are way harder to guess than a password someone can remember
[11:00] <twb> Right.
[11:00] <alex88> rapha: really not..
[11:00] <alex88> maswan: true
[11:01] <maswan> (and it has the bonus that you get two-factor auth to get root access with a password to sudo)
[11:01] <rapha> because i could really use a helping hand here ... I've no idea about how computer forensics work
[11:01] <alex88> rapha: check on user logins at that time
[11:01] <rapha> alex88: how? i only know how to check who's logged in right now...
[11:01] <twb> rapha: key-based auth is already two-factor -- the passphrase (something you know) and the private key (something you have).
[11:02] <rapha> twb: i'm sorry?
[11:02] <twb> Sorry, bad completion
[11:02] <rapha> oh k
[11:02] <alex88> ask on these 2 guys talking in the background :) btw i think /var/log has it
[11:02] <alex88> in some logs :)
[11:03] <rapha> there's auth.log
[11:03] <rapha> maybe that helps me
[11:03] <rapha> but why would www-data be opening an closing sessions?
[11:04] <twb> A good introduction to forensics is Venema's book
[11:04] <twb> http://www.porcupine.org/forensics/forensic-discovery/
[11:04] <alex88> www-data? maybe you've got hacked by web..
[11:04] <alex88> *been
[11:05] <rapha> hmmm
[11:05] <twb> EVERY attack I've seen in the last decade has been via an insecure web app
[11:05] <rapha> my own account and the "admin" account are opening and closing sessions all the time, too
[11:05] <rapha> even though I don't rly use my own account at all
[11:05] <twb> They might use a kernel vulnerability to escalate from www-data to root, but it's PHP they use to get their foot in the door.
[11:06] <rapha> there's just a cron job running in it checking the response time of a website every 5 minutes
[11:06] <alex88> that's yours?
[11:06] <rapha> alex88: mine is called "rapha"
[11:06] <alex88> the cron job..
[11:06] <rapha> yes
[11:07] <rapha> there's rly not much in /var/log/auth.log besides all the "opening session" and "closing session" chatter. not even failed login attempts.
[11:07] <alex88> the root passwords of the accounts are the same?
[11:07] <rapha> the root password is disabled; you can't log in as root - only through sudo.
[11:08] <rapha> and only user "admin" is allowed to do so.
[11:08] <alex88> and you never go into it?
[11:08] <rapha> oh yes, i mostly use the "admin" account, and also use "sudo" quite regularly, e.g. to install updates
[11:08] <jussi> Hei all. Ive  a small issue, I have a mail server that is not in use anymore, except for archival purposes. on the same machine is bugzilla. now bugzilla's mail is being sent with the mail server on that machine, not the external one I need it to. how do I fix thsi?
[11:09] <rapha> twb: thx for the book ... i need some quick way though to find out who or what did those portscans yesterday evening, or the hosting provider will shut down the machine :(
[11:09] <alex88> rapha: check the apache log for hack attempts
[11:10] <rapha> alex88: not running apache but lighttpd ... let me check the logs anyway
[11:10] <alex88> same thing
[11:10] <alex88> search for some system commands like cd, ls, /tmp
[11:11] <twb> If a machine is compromised, you should offline it anyway
[11:11] <alex88> make a backup of logs, save on your pc and investigate there
[11:11] <rapha> twb: i'm not sure it is compromised. both rootkit scanners came up empty.
[11:11] <rapha> the backup is prolly a good idea tho.
[11:12] <rapha> going to backup /etc and /home as well in case it needs setting up again
[11:14] <alex88> rapha: also /var/lock/
[11:14] <alex88> */var/log
[11:15] <rapha> alex88: already backed that up when you first suggested it :)
[11:15] <alex88> :) if you want give me apache logs and i make a qucik search
[11:16] <rapha> for the time being maybe it would be a good idea to install a firewall that blocks everything from the inside to the outside except for the services that need to run
[11:16] <alex88> *quick
[11:16] <alex88> rapha: csf is a very good choise for me
[11:16] <rapha> it's no prob, i can do the work if somebody tells me what to do :)
[11:16] <rapha> why not ufw alex88? any specific reason?
[11:16] <alex88> also has a intrusion detector..
[11:17] <alex88> rapha: more advanced features, also checks for suspicious process and send mail warnings
[11:17] <rapha> k
[11:17]  * rapha 'll check it out
[11:18] <rapha> hmmm backup of the home dirs will naturally take some time ... couple hundred gigs
[11:22] <alex88> rapha: which web apps do you have on?
[11:23] <alex88> rapha: http://www.sans.org/reading_room/whitepapers/logging/detecting-attacks-web-applications-log-files_2074
[11:23] <sherr> jussi: Check the bugzilla "administration" pages (log in as a user with "admin" rights). There's an "email" page, with a setting for "smtpserver".
[11:24] <jussi> sherr: thanks a lot, Ill go look there.
[11:24] <rapha> alex88: one custom-built site that is in the process of being replaced by a Contao based one. One Joomla-based site, that will also switch to Contao in the near future. Loads of Redaxo sites. Postfix-Admin. RoundCubeMail. Those should be about it.
[11:25] <alex88> well...custom-built maybe
[11:25] <alex88> can you give me address?
[11:25] <rapha> alex88: yeah its pretty badly made thats why we're replacing it
[11:26] <alex88> i'll take as a no :)
[11:27] <rapha> oh ofc sry missed that .., www.overcross.de
[11:28] <alex88> uh..nice site :)
[11:28] <rapha> well, yeah, the design. the rest - not so much.
[11:28] <kaushal> hi
[11:29] <kaushal> if i provide access to a server and there if i want to block access to the internal lan machines ?
[11:30] <kaushal> how can it be done using ufw ?
[11:30] <kaushal> I mean block the user to access all the hosts in the internal LAN
[11:31] <alex88> rapha: it's sql vulnerable
[11:36] <glen1> hey
[11:36] <alex88> hi
[11:36] <glick> what do i set the host name of the postfix, when its on the same machine as the webserver?
[11:37] <glick> set it to anything?
[11:37] <glick> or the actual hostname?
[11:38] <alex88> it's better to a fqdn
[11:38] <qman__> you set it to what you want to receive mail for
[11:38] <rapha> alex88: i was afraid so :-( ... can you /msg me where?
[11:38] <glick> soo....made_up_name.fqdn
[11:39] <glick> even if the phsyical host its on is named 43o5u7
[11:55] <qman__> UFW isn't ideal for servers like that
[11:55] <qman__> it's a great easy-setup tool for desktops and low profile servers, but you're really missing a lot of things by using it
[11:55] <qman__> for example, the outgoing port scans could have been prevented entirely by a well-written firewall
[12:16] <glick> root@localhost:/etc/postgresql/8.4/main# service restart postgresql-8.4
[12:16] <glick> restart: unrecognized service
[12:17] <glick> isnt that correct name for postgresql?
[12:23] <alvin> glick: It is, but the command is # service postgresql-8.4 restart
[12:24] <glick> riiiiight
[12:24] <glick> im an idio
[12:33] <alex88> rapha: check pm
[13:21] <glick> hmm it says i cant put aliases into httpd.conf
[13:21] <glick> where should i put them then?
[13:23] <tschundeee> hey anyone knows if there is a way to install ubuntu on a pgpdesktop encrypted harddrive?
[13:27] <Ose>  so I just installed 10.04.1 server edition and googled a way to add a gui ( sudo aptitude install x-window-system-core gnome + sudo aptitude install gdm). However, the instructions there as to actually running the gui won't work. Help?
[13:28] <g0rd0n> gui? on a server?
[13:28] <Ose> just a little home server experiment
[13:29] <g0rd0n> Ose: have you tried via tasksel?
[13:29] <g0rd0n> run tasksel and select "Ubuntu desktop"
[13:29] <g0rd0n> it should install everything you need and get the gui going
[13:30] <hj> i've got a question about ubuntu server, sometimes it doesn't respond for a minute or so.. i can't find anything about it in the log files. what should I check next?
[13:30] <Ose> Actually it worked after a revoot
[13:31] <Ose> Reboot*
[13:31] <alex88> g0rd0n: and after having desktop? remote connect to desktop?
[13:31] <wastl> hj: faulty network driver?
[13:32] <wastl> did you try adifferent network adaptor?
[13:32] <hj> i've got a question about ubuntu server, sometimes it doesn't respond for a minute or so.. i can't find anything about it in the log files. what should I check next?
[13:32] <jpds> Graps.
[13:32] <jpds> Graphs*
[13:32] <wastl> hj: try a diffferent network adaptor?
[13:33] <hj> do you mean replacing the NIC?
[13:35] <g0rd0n> alex88: i never tried remote connecting to a desktop, i just use headless servers :P
[13:36] <g0rd0n> hj: could be an hd issue as well, although you should see errors about that
[13:37] <hj> no, it's a virtual machine, and the ubuntu host server doesn't give any errors either
[13:38] <hj> the 'downtime' is very random, so it's hard to test something.
[13:41] <hj> downtime is like a minute max, at the moment i don't know if other VM's aren't reachable too
[13:42] <noname> gi there
[13:42] <xampart> gi
[13:45] <alex88> g0rd0n: me too...but i've just asked what you can do then
[13:52] <g0rd0n> alex88: well via rdp or similar you surely can take complete control over the gui remotely
[13:52] <g0rd0n> btw i seem to be having some problems respawning the console to my ttyS0 via upstart, the login prompt doesn't show up in the serial console
[13:52] <alex88> right.. but i prefer command line :)
[13:52] <g0rd0n> yeh me too
[13:53] <alex88> btw, have you heard that on semptember will be released lots of 0day? i think it's gonna be a hot september :)
[13:53] <g0rd0n> in my /etc/event.d/tty file i have respawn exec /sbin/getty 57600 ttyS0
[13:53] <g0rd0n> alex88: oh well, will just bit a little bit of aptitude commands then :)
[13:55] <alex88> update every 3 hours? :) btw, i've seen they release microsoft, apple, adobe stuff..
[13:56] <alex88> excel, ie, microsoft codecs and cpan will be exploited..
[13:58] <wastl> argh
[13:58] <wastl> so may evil words on one pile insid a linux channel
[13:58] <wastl> shame on you
[13:58] <wastl> *g*
[13:59] <alex88> sorry :)
[14:00] <g0rd0n> :P
[14:00] <g0rd0n> i hate apple, adobe and oracle way more than microsoft nowadays
[14:01] <alex88> me too..maybe adobe is safe..but apple...bleah..
[14:01]  * wastl recently banned his Mac from his office desk...now there is only a linux box left
[14:02]  * alex88 likes wastl office
[14:08] <jdstrand> ufw supports egress filtering btw
[14:09] <wastl> now there is just one winsucks pc in out office and the rest is linux
[14:09] <jdstrand> not to mention, you can add any rules you want with the ufw framework, so if you are iptables aware, just edit /etc/ufw/*rules
[14:10] <wastl> unfortunately we  need that one for rdesktopping  to it to use some business related apps that won't run in wine :/
[14:10] <jdstrand> qman__: ^ if there are issues running ufw in production environments for bastion hosts, please file bugs
[14:15] <joe-mac1> if i put a new upstart job in /etc/event.d on hardy, how do i make initctl recognize it?
[14:15] <joe-mac1> initctl list does not show it
[14:19] <joe-mac1> anybody, at all?
[14:37]  * zul shakes his fist at mysql and upstart
[14:41] <Egonis> I need to use a static IP for my ppp0 interface, and can't seem to find any howto's. I'm using Ubuntu Server 10.04
[14:44] <joe-mac1> anybody else think replacing init in -server was a stupid idea?
[14:45] <alvin> To be honest, I do
[14:48] <Egonis> Does anyone have any pointers on using a static ip with ppp0 using pppoeconf?
[14:49] <g0rd0n> joe-mac1: replacing init?
[14:49] <joe-mac1> g0rd0n: yes, with upstart
[14:49] <g0rd0n> oh you mean this upstart thing
[14:49] <joe-mac1> for my sub ten secfond boot times on servers i reboot once a quarter
[14:49] <joe-mac1> real awesome
[14:49] <g0rd0n> heh i am having trouble getting my freakin serial console to work with upstart
[14:49] <joe-mac1> duide
[14:49] <joe-mac1> same here
[14:49] <joe-mac1> in 10.04 i can
[14:49] <joe-mac1> in 8.04, having no luck
[14:49] <joe-mac1> i need this to work for the VPS on HP boxes
[14:50] <g0rd0n> uh? i am running 10.04 with upstart and the respawn on ttyS0 just doesnt work
[14:50] <g0rd0n> i cannot login via serial console
[14:50] <joe-mac1> i ddi initctl reload-configuration on 10.04 and it started working fine
[14:51] <g0rd0n> does not help here
[14:51] <g0rd0n> also, if i type 'initctl start ttyS0'
[14:51] <g0rd0n> i get 'initctl: Unknown job: ttyS0'
[14:52] <g0rd0n> it's a fujitsu server with iRMC S2... only thing that works are the kernel messages... but not even grub does show up for some reason
[14:53] <sherr> g0rd0n: "Unknown job" is just a missing /etc/init/ttyS0.conf isn't it?
[14:53] <joe-mac1> g0rd0n: well you need to make the job
[14:53] <joe-mac1> did you make the job?
[14:53] <joe-mac1> my problem is it doesn't see the job after i make it on 8.04
[14:54] <joe-mac1> i get unknown job, even though it's clearly there
[14:54] <g0rd0n> sherr: ehm yeh i dont have that file... *embarassed*
[14:54] <g0rd0n> my debian 5.0 server doesnt have that either... will need to google then
[14:55] <joe-mac1> it's just like the tty1 file
[14:56] <joe-mac1> but you use your com port instead
[14:56] <joe-mac1> not rocket science, point is, in 8.04 apparentlt upstart is something like a beta
[14:57] <g0rd0n> joe-mac1: oh so why is there /etc/init/tty1.conf AND /etc/events.d/tty1?
[14:57] <joe-mac1> g0rd0n: you did an in place upgrade from 8.04 to 10.04
[14:57] <g0rd0n> yes :(
[14:57] <joe-mac1> and the upgrade script didn't remove events.d
[14:57] <joe-mac1> which is now obselete
[14:57] <g0rd0n> really
[14:57] <g0rd0n> oh for fucks sake
[14:57] <joe-mac1> yes /etc/init is the place
[14:57] <g0rd0n> lol
[14:58] <joe-mac1> i have this working fien on 10.04, can somebody tell me how on 8.04 to get upstart to recognize new jobvs wiuthout rebooting?
[15:00] <g0rd0n> sorry cant help you on that
[15:00] <g0rd0n> yay, respawn works now :)
[15:00] <g0rd0n> i wonder why upgrade didnt migrate my events.d/ttyS0 file but whatever
[15:01] <joe-mac1> g0rd0n: so you had this owrking on 8.04?
[15:01] <joe-mac1> did you have to reboot to gegt it to work?
[15:01] <g0rd0n> joe-mac1: tbh i am not so so sure if it worked, but i suppose it did since 8.04 minimal came with the server
[15:02] <sherr> g0rd0n: Debian doesn't use upstart. Ubuntu 10.04 does - it is replacing sys-V init scripts. See : http://upstart.ubuntu.com/getting-started.html
[15:02] <sherr> + man init
[15:02] <g0rd0n> joe-mac1: want me to paste my old /etc/event.d/ttyS0 file?
[15:02] <g0rd0n> s/paste/pastebin
[15:02] <g0rd0n> or pm
[15:04] <g0rd0n> btw i have these two lines in /boot/grub/menu.lst (still using grub1) which are 'serial --unit=0 --speed=57600' and 'terminal serial' however i still don't see grub in the serial console... any ideas as to why?
[15:06] <g0rd0n> btw i have a real problem with the video redirection, i suppose it has to do something with the framebuffer... while booting i see text normally, but at a certain point something changes and i just see garbage. i tried putting vga=normal kernel parameter, but it didnt help. any clues on this one?
[15:07] <g0rd0n> didnt have this problem on 8.04, seems to be new to 10.04
[15:07] <g0rd0n> is also the reason why i couldn't freshly install 10.04 with remote media, cause the screen becomes broken...
[15:09] <_ruben> i guess plymouth is to blame for that
[15:09] <_ruben> and/or kms
[15:10] <g0rd0n> i seem to have plymouth... can i safelly uninstall it?
[15:10] <_ruben> dunno, havent really looked into it
[15:13] <g0rd0n> looks like i cannot... oh well... not so important now, as long as i get grub to display on serial i am happy
[15:13] <alvin> g0rd0n: You can't. It's tightly bound to upstart
[15:13] <joe-mac1> ubuntu 8.04 also uses upstart
[15:13] <joe-mac1> the very beginnings of it actually
[15:13] <joe-mac1> inittab is gone
[15:13] <joe-mac1> absolutely infuriating
[15:13] <alvin> yes, but in compatibility mode
[15:14] <g0rd0n> it sucks i cant clean install 10.04
[15:14] <joe-mac1> alvin: do you know an 8.04/10.04 agnostic way to reload upstart jobs?
[15:14] <joe-mac1> the docs are wrong
[15:14] <joe-mac1> sending SIGHUP to init doesn't do it
[15:14] <joe-mac1> on 10.04 it seems initctl reload-configuration works
[15:15] <alvin> It seems to change every release and is different for different services. There's $ sudo reload/restart <service> and $ sudo <service> reload/restart
[15:16] <g0rd0n> heh
[15:16] <g0rd0n> i noticed that on a clean isntalled 10.04 the /etc/motd file contains some useful info... how can i get that on my upgraded 10.04 system?
[15:16] <alvin> No, I meant sudo service <service> reload/restart
[15:18] <joe-mac1> no i added a new job
[15:18] <joe-mac1> to start serial console on ttyS0 and ttyS1
[15:18] <joe-mac1> says unrecognized job on 8.04
[15:23] <joe-mac1> OMFG
[15:23] <joe-mac1> you've gotta be kidding me
[15:23] <joe-mac1> the jobs for some reason in 8.04 can't be arbitrarily-named
[15:23] <joe-mac1> mine wasn amed serial-consoles
[15:24] <joe-mac1> changed it to ttyS0 and it worked
[15:32] <g0rd0n> joe-mac1: haha!
[15:39] <smoser> RoAkSoAx, ping
[15:39] <smoser> http://uec-images.ubuntu.com/.manifest-daily and http://uec-images.ubuntu.com/.manifest are available.
[15:53] <RoAkSoAx> smoser: pong
[15:53] <RoAkSoAx> smoser: awesome
[15:54] <smoser> so, our goal is to have this in and functional by next thursday.
[15:55] <smoser> as i said, i was expecting to do this myself(ish), so if you are planning on doing it, then please let me knwo what i can do to help.
[15:55] <joe-mac1> thank god i have puppe to handle this across all 80 or so boxes
[15:55] <joe-mac1> anyways, see ya, upstart sucks
[15:55] <smoser> not trying to add pressure at all, but rather to say, if you can't do it, just say so and I will, RoAkSoAx
[15:56] <RoAkSoAx> smoser: well I'm planning to do the initial integration so that everything is showed in the UIs. Once that';s done, syncing will be easy. What would require more tweaking would be preparing the image and running in with kvm
[15:57] <RoAkSoAx> smoser: btw... is this something that you are looking for to have in testdrive-gtk or in testdrive-cli
[15:58] <smoser> well, ideally both.
[15:58] <smoser> i was expecting only -cli at the beginning.
[15:59] <smoser> i would have thought that having support in cli was a precursor to having support in -gtk
[15:59] <RoAkSoAx> smoser: that's what we can do. First work on the cli, and then I'll work on getting it on the GTK
[16:01] <smoser> RoAkSoAx, ok... so i'm not perfectly clear, sorry for being dense. what do you / will you need from me ?
[16:04] <RoAkSoAx> smoser: for now just how to prepare the .tar.gz to be able to launch it with kvm. And off course everything necessary to be to KVM to launch it (or if it's just a single 'kvm etc etc' command, an example one)
[16:04] <b0gatyr> Greetings
[16:04] <RoAkSoAx> s/be to/prepare
[16:30] <smoser> RoAkSoAx, see the final comment in https://bugs.launchpad.net/ubuntu/+source/testdrive/+bug/619974
[16:30] <smoser> and let me know if that isn't enough
[16:39] <RoAkSoAx> smoser: that's enough. If I have something else I'll let you know
[16:47] <iulian> soren: Hi.  I'm currently looking at bug#620367.
[16:48] <iulian> You're talking about http://swift.openstack.org/, right?
[16:49] <iulian> A short description about this package would have been nice to see in the bug report.
[16:49] <iulian> soren: Can you find an archive admin to process it?
[16:50] <Kaelten> how can I tell what apt-key I need for a given package?
[16:57] <Egonis> I'm trying to assign a static IP on my PPPoE connection using Ubuntu Server 10.04 -- how would I go about doing this? I can see in /etc/ppp/peers/dsl-provider that there is a setting called 'noipdefault', which tells me I can do this somehow. I cannot find any useful HOWTO's anywhere, unfortunately
[17:03] <aljosa> what do you use for timezone when you setup an image for amazon or when you don't know timezone that will be used? UTC or something else?
[17:10] <Pupeno> Unnatended upgrades on my ubuntu server are just not happening, any ideas what might be the issue?
[17:13] <sherr> Pupeno: Check the logs? e.g. /var/log/apt ? How's it supposed to work - cron job? Check jobs?
[17:15] <Pupeno> sherr: It's using unnatended upgrades: https://help.ubuntu.com/10.04/serverguide/C/automatic-updates.html
[17:17] <Pupeno> sherr: I don't see anything on /var/log/apt/* that is relevant... I might be missing something though.
[17:25] <sherr> So, nothing logged in /var/log/unattended-upgrades ?
[18:12] <daniele9821> salve a tutti
[18:13] <guntbert> !it
[18:13] <daniele9821> sorry, hello all
[18:13] <guntbert> !hi | daniele9821
[18:16] <daniele9821> i search a bit of information according to SNMP. I've an HP MSA2324sa Cluster and i've seen in configuration there's SNMP where i can set the ip address. I want now configure a server to receive the snmp trap sent by HP ( i don't want sent trap to hp but i want only receive), it's possible??
[18:23] <jetsaredim> anyone know what the current state of xen support is?
[18:51] <qwe> Can anyone give me proper details about using SpamAssasin??
[18:52] <qwe> Can anyone give me proper details about using SpamAssasin??
[18:54] <guntbert> there are people without any patience ...
[19:07] <SpamapS> guntbert: he was very patient.. he waited *2* minutes.
[19:09] <guntbert> SpamapS: and didn't ask every 30 seconds ... you are right :)
[19:11] <SpamapS> guntbert: maybe if he had asked 3 or 4 more times in his 2 minutes, he'd have gotten a response.. but.. we can't cater to lazy people who only ask once per minute.
[19:11] <guntbert> you convinced me - I'll keep that in mind for dealing with my next problem
[19:25] <qman__> I'm having a problem with zoneminder on ubuntu 9.10, tried posting on their forum but got no response
[19:25] <qman__> the problem is that the ajax video control buttons aren't working
[19:25] <qman__> it records just fine, and playback works
[19:26] <qman__> but you can't skip around, fast forward, or rewind
[19:27] <erichammond> qman__: Ubuntu 10.04 has a newer version of zoneminder.  Don't know if it might fix your issues.
[19:28] <qman__> thanks, but I'm not sure if I want to open that can of worms just yet
[19:28] <qman__> I don't have local access
[19:29] <erichammond> qman__: I just upgraded my zoneminder server from 9.10 to 10.04 remotely last night with no problems.
[19:29] <soren> iulian: I'm sure I can once I get around to uploading it.
[19:29] <erichammond> qman__: Also, I've found that the zoneminder web UI only works for me on Firefox, and not Chromium.
[19:29] <qman__> well, the local firefox doesn't work either, but I haven't tried firefox on windows
[19:30] <qman__> don't have firefox installed on this desktop
[19:31] <qman__> yeah, it's doing the same thing, firefox on windows
[19:33] <qman__> alright then, I guess I'll try upgrading
[19:33] <qman__> but I'll need to go make a backup first
[19:33] <qman__> not risking it
[19:33] <qman__> thanks for the tip
[19:38] <alex88> if i have created a deb file, and want to upload to ppa for the first time..what should i do?
[19:38] <alex88> i've created ppa etc
[19:45] <Friar> anyone here at all familiar with openvpn? I'm having some trouble getting my vpn connection going.
[19:48] <alex88> Friar: tell me
[19:50] <Friar> here is my log...I have no idea what it means: http://paste.ubuntu.com/480568/
[19:51] <Friar> I have a server running and I downloaded the 2 certificate files, a key file, and a config file from the server as per the instructions. I've loaded them into kvpnc, but for some reason it isn't connecting.
[19:53] <alex88> O.o what are you running? openvpn? ubuntu?
[19:53] <alex88> look at the server guide
[19:53] <Friar> alex88, the disconnect request was something that I did.
[19:53] <Friar> I'm running ubuntu on the client.
[19:53] <alex88> and on the server?
[19:54] <Friar> my server is running clearOS. another linux distro...
[19:54] <Friar> so this might be the wrong place, but I need some openvpn schooling...
[19:54] <alex88> well..i've followed the server guide and it works fine..try to look at it and configure fine the server..because the oepnvpn software is the same
[19:55] <Friar> I see....is the server guide on ubuntuforums?
[19:55] <alex88> w8 a sec
[19:56] <alex88> https://help.ubuntu.com/10.04/serverguide/C/openvpn.html
[19:57] <Friar> haha, i just found it right as you sent the link.
[19:57] <Friar> I'm going to read and learn!!!
[20:00] <guntbert> Friar: and if you forget/loose the link just ask ubottu: !serverguide
[20:00] <Friar> thanks guntbert
[20:01] <guntbert> Friar: no problem :) have fun!
[20:02] <pmatulis> SpamapS: re old-style partition nomenclature, it's to avoid having to deal with uuid conflicts on a restored system (from non-image backup)
[20:03] <pmatulis> SpamapS: of course we have bug #499483
[20:06] <alex88> guntbert: is there a command list for ubottu?
[20:06] <guntbert> !brain | alex88
[20:06] <hggdh> kirkland: interesting: I am running a long term on r1232, and I am not seeing that many errors, in fact, pretty good -- so far --, 470 instances started, 21 failures
[20:06] <guntbert> alex88: yes :)
[20:08] <alex88> thank you :)
[20:08] <qman__> Friar, yeah, that's pretty badly misconfigured somewhere, if you still need help, pastebin your server and client side config files
[20:08] <Friar> qman_, I'll do that...I just need to find them.
[20:11] <Friar> qman_, I have two files in /etc/openvpn on my client. one is .conf, and the other is .ovpn
[20:13] <qman__> I think the linux client uses the .conf one
[20:13] <qman__> windows clients use the .ovpn one
[20:13] <Patrickdk> I thought the linux one uses both
[20:13] <Patrickdk> the windows gui will only use .ovpn though
[20:13] <qman__> the linux client might use both, but there should only be one configuration file for the client
[20:13] <alex88> linux uses which one you select.. :)
[20:14] <Patrickdk> if you use the *full* name :)
[20:14] <Friar> Well, I told it the .ovpn one....it is called server.neezer.poweredbyclear.com.ovpn
[20:14] <Patrickdk> init.d script only uses .conf
[20:15] <SpamapS> pmatulis: but.. preseed.. ?
[20:15] <Friar> here is the paste bin of the client .ovpn file  http://paste.ubuntu.com/480580/
[20:16] <pmatulis> SpamapS: sorry?
[20:16] <SpamapS> pmatulis: for grub yeah, I can see where you need to be able to distinguish for booting purposes... but once you're booted.. tune2fs /dev/X -U random works. ;)
[20:17] <SpamapS> pmatulis: the UUID vs. device location question
[20:17] <SpamapS> pmatulis: your original context was preseed
[20:19] <pmatulis> SpamapS: yes, preseed creates fstab essentially, and that file will conflict on a restored system
[20:19] <pmatulis> SpamapS: so the point is not to have to use tune2fs and edit fstab
[20:21] <pmatulis> SpamapS: actually, just discovering the new uuids and editing fstab, why you say to create new uuids with tune2fs?
[20:21] <alex88> does the gpg key stored in home dir?
[20:23] <iulian> soren: Alrighty.
[20:25] <Friar> I'm having a real hard time finding my server config file as it is not an ubuntu machine. does it have to be in etc/openvpn/?
[20:26] <soren> iulian: Why do you ask, btw?
[20:27] <alex88> Friar: in ubuntu..yes...
[20:27] <Friar> haha thanks alex88. I'll keep looking. does there look like anything is wrong with my client config? or can you not tell unless you see the server config as well.
[20:28] <alex88> there are no particular errors there.. :)
[20:28] <iulian> soren: Hm, ask what?
[20:31] <Friar> on my server i have a clients.conf file in /etc/openvpn....could that be in?
[20:31] <Friar> *it?
[20:32] <iulian> soren: You mean the last question I addressed to you?
[20:32] <alex88> it's clients.conf not server.. :)
[20:33] <alex88> if you look in man openvpn maybe there's the default config file
[20:33] <Friar> ah...ok. so clients.conf is the config file for the server?
[20:33] <iulian> soren: If that is what you meant, it is because as far as I know the archive admins don't really have the necessary time to review new packages once we are in FF.
[20:35] <Friar> here is my clients.conf from my server in /etc/openvpn: http://paste.ubuntu.com/480591/
[20:36] <yonahw> I want to add a new user to my server with admin rights to use instead of root. I don't have an admin group though. Is this normal? What should I be doing instead? Links to documentation would suffice.
[20:39] <soren> iulian: ah, right, ok.
[20:39] <soren> iulian: Yeah, don't worry about it. I'll pull a few strings.
[20:40] <iulian> soren: Awesome. :)
[20:40] <guntbert> yonahw: what system do you have?
[20:41] <yonahw> guntbert: ubuntu-server 10.04
[20:44] <MTecknology> Any of you set up mailman with nginx?
[20:44] <guntbert> yonahw: usually there  is an admin and an adm group, any administrative user should be member of those two to be able to use sudo, but you can go the "old linux way" too
[20:45] <yonahw> guntbert: I have an adm group but not an admin group. would it suffice to add to the adm group? what would the "old linux way" be?
[20:46] <MTecknology> I have everything working except the nginx part - had it on apache but I'm pretty sick of Microsoft (err.. I mean Apache)..
[20:48] <guntbert> yonahw: old way: use sudo visudo to add a line to /etc/sudoers, like:  admuser    ALL=(ALL) ALL
[20:49] <yonahw> guntbert: would admuser in this case by my new user's login?
[20:50] <qman__> yonahw, you can add the "adm" group to sudoers in the same way, or create an "admin" or other group and add it
[20:50] <qman__> or add individual users
[20:50] <guntbert> yonahw: yes, thats what I meant
[20:52] <yonahw> guntbert: thanks for your help
[20:52] <guntbert> yonahw: you're welcome :-)
[21:20] <worldsayshi> I've previously set up lamp on my home server and now I try to get my head around php. But I have some trouble understanding the thought behind the default ownership settings. The var/www folder is set to be owned by root. Is that really right? Shouldn't the web content be owned by the same process that is running the lamp server? Hmm... That would allow the web server to edit the web content though. That might not be how it is int
[21:22] <ewook> worldsayshi: well, check what user apache is running under and you'll see.
[21:26] <worldsayshi> wow, seems I have 8 apache processes running :S
[21:26] <shauno> I believe /var/www defaults to root:root, and apache as www-data.  It seems like a safe/sane default, but not sure what best practice on changing it is
[21:28] <worldsayshi> I guess that if I'm going to run an sql server the apache server needs write permissions to the data base. But maybe it only needs it for the database itself
[21:28] <worldsayshi> My web server is run by www-data
[21:29] <shauno> that'll depend what database you're using.  SQL for example, handles authentication when a process connects to it, rather than thru filesystem permissions
[21:30] <qman__> exactly, the directory is root-owned so that the web server can't modify it by default
[21:30] <qman__> if you want to allow it to edit certain files or directories, you must change the permissions on them
[21:30] <worldsayshi> Guess thats a good idea?
[21:31] <worldsayshi> seems sensical
[21:34] <worldsayshi> shauno: But I assume the process connecting to the database must still have write access to it
[21:34] <worldsayshi> ...If it wants to modify
[21:34] <qman__> database access is handled by the database
[21:34] <qman__> see mysql authentication
[21:35] <worldsayshi> aha, so the database is run as a separate process?
[21:35] <qman__> it's handled over either local unix sockets or IP
[21:35] <qman__> yes, the database server is separate
[21:35] <worldsayshi> okok. Thanks!
[21:36] <qman__> PHP does not modify files directly to write to the database
[21:36] <worldsayshi> I see
[21:37] <RoyK> worldsayshi: create a database user with something like "GRANT ALL on thisdb.thistable TO thisuser IDENTIFIED BY "thispassword"
[21:38] <RoyK> or even
[21:38] <RoyK> worldsayshi: create a database user with something like "GRANT ALL on thisdb.thistable TO thisuser@localhost IDENTIFIED BY "thispassword"
[21:38] <RoyK> then connect to the db with that user and password
[21:42] <veenenen> worldsayshi: As for the ownership stuff for /var/www. I'd advise keeping it as root. That way the default is for www-data not to have write access to any folders that are visible to the outside world. However, when you want to allow php to write files to /var/www you can change the ownership of individual folders. Just make sure you're not writing the file to the server with execute permissions. If you need a place to write temporary files, there's a
[21:44] <shauno> it's a sensible default for a reason.  I believe forums being able to write to the same files they're executing is the leading cause of buggy forums turning into system vulnerabilities
[21:45] <JasonMSP> i need help configuring VSFTPD  I have multiple sites with multiple users.  I want multiple users to be constrained to their /srv/www/theirwebsite folder.
[21:45] <JasonMSP> (with ftp access)
[21:46] <JasonMSP> users won't have shell access.  only ftp so no need for home directories or any other access other than their webfolder.
[21:50] <shauno> JasonMSP: if that's the only access they require, I'd be tempted to set that as their home directory.  then chroot_local_user=YES in vsftpd.conf is all that's needed
[21:57] <JasonMSP> shauno:  Maybe there is a better solution out there then VSFTPD for me but I haven't seen anything.  i've created a group ftpusers.  They don't have shell access and I've tuyrned on chroot_local_users and list_enable
[22:03] <qman__> there is a better solution, SFTP
[22:04] <JasonMSP> shauno: i set their local directories as such, but they are able to cd .. up.  Ie they are not locked into their home folde, thats just where they start out
[22:05] <qman__> with match blocks and chrootdirectory, you could simply add new users to the group and be done with it
[22:05] <qman__> and eliminate usage of the outdated, insecure, and cumbersome FTP, two birds with one stone
[22:06] <JasonMSP> qman: can you point me to a good setup page?
[22:07] <qman__> http://www.debian-administration.org/articles/590
[22:07] <qman__> though I would skip the part where he sets their home directory to "/"
[22:07] <qman__> switch "/home/%u" with "/srv/www/%u"
[22:08] <penllawen> hey channel
[22:08] <penllawen> I have a problem with Screen permissions on a freshly build 10.04 machine, if anyone could help?
[22:10] <JasonMSP> qman:  switching to www/%u though would only allow one user and their name would have to be the same as the webfolder wouldn't it?
[22:10] <qman__> JamesHarrison, it would, I think there's an equivalent variable for $HOME if you want to use that instaed
[22:10] <qman__> instead*
[22:11] <qman__> probably %h but I need to look it up
[22:11] <qman__> yep, %h is their complete home directory
[22:12] <JasonMSP> thanks..
[22:12] <qman__> so you could just do "ChrootDirectory %h" and then set their home to their folder
[22:13] <qman__> the new built in features make this FAR easier than it used to be
[22:15] <JasonMSP> qman: so for every client that needs to upload files to their site, I would only need to create them with adduser and set their homedirectory correctly.  I'd like to make sure they are locked out of the rest of the server as well.  With VSFTPD I had created a ftpuser group and only those users could ftp in.  Is there a way to do this with SFTP?
[22:16] <qman__> JasonMSP, yes, it works the same way
[22:16] <qman__> the "Match group sftponly" part is for that purpose
[22:16] <qman__> add the user to that group, and then they are only allowed to sftp, and only to their home directory
[22:16] <qman__> if you want, just change "sftponly" to your existing group, "ftpuser"
[22:23] <JasonMSP> qman:  thanks!  I need to head out.  Im sure ill have more questions later.
[22:39] <hggdh> kirkland: can you please have a look at bug 619843? I am not sure this is an Eucalyptus issue anymore
[23:03] <Andre_Gondim> does any one knows how to solve this problem? http://paste.ubuntu.com/480650/
[23:05] <qman__> Andre_Gondim, update-grub is missing
[23:05] <qman__> you can either download it manually from the package, or create an empty script to make it happy
[23:06] <qman__> if you do the latter, I suggest reinstalling grub and everything related, though
[23:07] <qman__> or copy it from another system running the same version
[23:14] <Andre_Gondim> thanks qman__
[23:16] <Andre_Gondim> qman__, if I reboot my system, the system will crash?
[23:18] <qman__> Andre_Gondim, only if grub is currently in a broken state
[23:19] <qman__> update-grub being missing means that it can't update it with new information
[23:19] <Andre_Gondim> how I could check this?
[23:19] <qman__> the easiest way is by rebooting and finding out
[23:19] <qman__> but don't do that unless you have a live CD handy
[23:20] <Andre_Gondim> so complicated to me, my server is in other location and if I reboot with CD don't have wireless and ssh automaticaly
[23:21] <qman__> while it's not a guarantee, check to make sure that /boot/grub/menu.lst (grub1) or /etc/default/grub (grub2) has sane settings, and that /boot/grub exists
[23:21] <qman__> and that there are kernels and initramfs files in /boot
[23:22] <Andre_Gondim> qman__, yes, there is kernels and /etc/default/gub
[23:37] <worldsayshi> what is the name of the process that is the svn server?
[23:38] <worldsayshi> trying to figure out what permissions my svn server has
[23:40] <worldsayshi> and what user is running it
[23:45] <SpamapS> soren: I seem to recall you had some experience with glusterfs... any chance you're around?