[00:49] <fluvvell> when I tcpdump on eth0, I get " listening on eth0, link-type EN10MB (Ethernet)"  is this telling me my port is only running on 10Mb/s  ? and not 100Mb/s  ?
[00:59] <qman__> fluvvell, no, I have a gigabit adapter, confirmed running at gigabit, which reports the same thing
[01:40] <fluvvell> qman__, thanks. Yeah a quick check on my local adapters confirmed the same earlier. I think i'm looking for some network analysis tools to find a bottleneck. Samba share, and a virtual guest on my server, cpu usage not telling the whole story.
[02:15] <Hint> HI+
[02:18] <Hint> nobody online?
[02:18] <twb> Hint: what is your REAL question?
[02:19] <Hint> I'm just a noobie and I'm probably going to use this channel
[04:36] <Alex_21> Hi All,
[04:37] <Alex_21> I'm looking for comppetition software that will aloow me to set up a website that will allow people to post their entries in pain text and then have the opportunity to vote for only one entry per user.
[04:38] <Alex_21> A Wordpress plugin that can do this is also an option.
[04:38] <Alex_21> .
[04:38] <Alex_21> Any iddeas?
[04:38] <Alex_21> I would appreciate any help.
[04:39] <tacosnstuff> hve you tried a content manger like drupal?
[04:39] <Alex_21> No.
[04:39] <Alex_21> I have not.
[04:39] <tacosnstuff> see if drupal.org helps
[04:39] <Alex_21> Okay.
[04:39] <Alex_21> Hmm.
[04:40] <Alex_21> I'm going to go look.
[04:40] <Alex_21> Is there a good single sign on product that works with Wordpress and Drupal?
[04:40] <tacosnstuff> im going to use it for some stuff myself tho I dunno if itll help you in your specific sitution
[04:42] <tacosnstuff> mibbie this? http://drupal.org/node/43178
[04:44] <Alex_21> Thanks.
[04:44] <Alex_21> I'm not trying to migrate to Droopal though.
[04:44] <tacosnstuff> hey peeps im new to hosting wondering how i can get strted. i just installed my lamp solution stack but being an overall noob not sure how to get the right ip, dns, gateway set up etc can someone help?
[04:45] <Alex_21> What I have is an existing.
[04:45] <tacosnstuff> sorry Alex_21 not sure. I'm not into wordpress
[04:45] <Alex_21> I would say that you should only allow ports through your gateway that are absolutely necessay and change ssh to be on another port.
[04:46] <tacosnstuff> er... k lost me Im very new to hosting my own site so Im wondering if there are good screenshot how tos
[04:46] <tacosnstuff> :)
[04:47] <Alex_21> Welll, continuing on, my blog will have users, but I want to set up a way for them to vote on their favourite post without needing to have a seperate user name and password. I also need a platform for voting on.
[04:47] <tacosnstuff> once i get over this static ip hump Im doing the drupal thing nd Im off to the races
[04:48] <Alex_21> There are many good ones on http://www.howtofordge.com/
[04:48] <Alex_21> Sorry, http://www.howtoforge.com/
[04:48] <Alex_21> .
[04:49] <tacosnstuff> tnx Alex_21!
[04:49] <tacosnstuff> sorry i wasnt able to help
[04:49] <Alex_21> I don't know about hte quality of the pictures though.
[04:49] <tacosnstuff> drupal is awesome but im not familliar with the wordpress thing
[04:49] <Alex_21> No problem.
[04:50] <Alex_21> I'm sure I'll find a solution though.
[05:17] <Alex_21> Thanks all.
[05:17] <Alex_21> God night.
[05:22] <Evet> how to upgrade to Enterprise Cloud without reinstalling?
[05:26] <Evet> solved: https://help.ubuntu.com/community/UEC/PackageInstall
[05:26] <Hint> Alex_21: maybe a good php script, search for that ;D
[07:08] <nagchampa> i'm trying to set up a mail gateway, which hsa two jobs, receive incoming mail, scan and forward it to the mailserver, and relay outgoing mail after scanning it
[07:09] <nagchampa> I was reading https://help.ubuntu.com/10.04/serverguide/C/mail-filtering.html which points to the postfix install guide, but that seems to set up postfix as a primary mail server
[07:09] <nagchampa> the gateway has no need for mailboxes, and i'm wondering if there's a simple way to set up postfix to act only as a relay
[07:13] <joschi> nagchampa: postfix is a full-featured mta. it can be configured to only work as a relay server
[07:14] <nagchampa> joschi: it seems the mail filtering guide for ubuntu is designed for what will be a primary mail server, not just a gateway
[07:15] <nagchampa> i'm trying to find the needle in the haystack that shows how to use the ocntents of that guide with postfix purely as a relay
[07:20] <nagchampa> hrm, i've found something i might be able to work with http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
[07:23] <_Techie_> would having an invalid xorg.conf prevent a TTY screen from showing?
[08:19] <Tribaal> Hi all
[08:19] <Tribaal> I'm having trouble installing Ubunut Entreprise Cloud on 10.04 - Does anybody have any experience using that?
[08:20] <Tribaal> Specifically, the controller doesn't seem to be serving the preseed file on port 8774 - so the node autoinstall fails...
[08:24] <jscinoz> Hi... I recently upgraded my server to 10.10, and it no longer boots correctly... the network connection comes up, but sshd and other services do not... When i use the out-of-band console (this is a virtual server) I see: mountall: Disconnected from plymouth, along with a message stating plymouth was killed by SIGABRT... I tried to uninstall plymouth, but it seems to be required... Why can't I remove it? A headless server has no ne
[08:31] <jscinoz> ok, awesome... I can see why people dissuaded me from using ubuntu as a server OS... too much desktop-oriented crap making the boot process over-complex... I'll probabaly just stick with gentoo and good, *RELIABLE* openrc
[08:32] <\sh> jscinoz: hmm?
[08:33] <jscinoz> why does mountall depend on plymouth
[08:33] <jscinoz> plymouth seems to be preventing my server from booting properly... and it' cant be removed because some idiot decided that every server wants some shiny bootsplash
[08:34] <jpds> jscinoz: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/556372/comments/2
[08:35] <\sh> jscinoz: tbh...I don't know what's up with your server, but I do really have some strange server setups, and all are working after fixing some network settings, which were changed WRT upstart..but I don't have problems...
[08:35] <jscinoz> Well network starts, i can ping the box fine
[08:36] <jscinoz> but sshd and other daemons don't appear to start
[08:36] <jpds> jscinoz: All the latest updates applied?
[08:36] <jscinoz> jpds, yes
[08:37] <\sh> jscinoz: add --debug to the kernel commandline and check the logfiles for upstart output..having a working network after boot, doesn't have to say that during boot you have a working network...and sshd relies on it AFAIK
[08:38] <binBASH> moin \sh
[08:38] <binBASH> :)
[08:38] <jscinoz> one moment sh
[08:38] <jscinoz> where does upstart log to?
[08:38] <\sh> hey binBASH
[08:39] <\sh> jscinoz: to the console and eventually to kernel.log or syslog whatever...you'll find the output very easily
[08:39] <jscinoz> hang on...
[08:42] <Tribaal> So folks, would anybody have an idea why apache would stop listening on port 8774 of a UEC controller after installing upgrades? :) Everything works fine if the system is not upgraded from a fresh 10.04 install...
[08:43] <Tribaal> but if I upgrade my UEC master node (with walrus, eucalyptus etc...), adding more nodes from the install CD fails (the node can't find the preseed file on port 8774 of the master)
[09:24] <_Techie_> does anyone in here know where i can get an HP 610N jet direct module from cheaply?
[12:12] <Tribaal> Are there known issues when installing Ubuntu Server 10.10 on a mac mini?
[12:13] <Tribaal> I know it's not the best scenario anyway but I don't really have a choice right now
[12:13] <jo-erlend> if you can install ubuntu desktop on it, then you should be able to install ubuntu server on it.
[12:14] <Tribaal> Alright
[12:15] <jo-erlend> also remember that anything you can do with ubuntu server can also be done with ubuntu desktop.
[12:17] <Tribaal> well I'm planning to use it at an UEC controller, so there is no real point in having a full desktop system
[12:17] <Tribaal> CLI is fine
[12:17] <jo-erlend> oh, ok.
[13:33] <MTecknology> !info php5-fpm
[13:42] <phretor> hello, what shold I prefer between start-stop-daemon and upstart? Since I need to keep my process running all the time I would go for upstart.
[13:50] <zul> &yawn*
[13:50] <zul> phretor: then go for upstart
[13:50] <phretor> zul: does it have something like start-stop-daemon's --user/--group?
[13:52] <zul> phretor: no but you can specify it when do the exec
[13:53] <phretor> zul: exec is part of bash right?
[13:53] <zul> phretor; yes
[14:04] <phretor> zul: looks like I have to use sudo/su to lower privileges; not a very good idea.
[14:16] <hallyn> kirkland: so i want to update lxc, kvm, seabios for natty - were you by chance planning on doing those?
[14:17] <hallyn> if not i'll give them a shot sometime this week
[14:45] <phretor> zul: http://paste.pocoo.org/show/276963/ - my first attempt.
[14:45] <zul> phretor: i would move the env after the stop/start chunk
[14:46] <jcastro> ttx: https://blueprints.edge.launchpad.net/sprints/uds-n/+settopics
[14:46] <jcastro> you need to start accepting/declining the cloud sessions asap please
[14:46] <jcastro> or they won't get scheduled
[14:47] <phretor> zul: I am getting a very idiotic error. Looks like exec doesn't allow root (or any other user) to launch that sudo -u ... -g ...
[14:47] <zul> phretor: you might want to try on #upstart
[14:49] <ttx> jcastro: on my way
[15:05] <smoser> ttx, ping
[15:28] <_ruben> bah! .. software raid over 2 2TB disks .. both grub2 and lilo fail to install into the mbr
[15:28] <jforman> anyone rsyslog-inclined folks around? trying to debug an issue where a ubuntu log server is writing out duplicate log messages from a remote syslog client
[15:29] <ttx> smoser: pong
[15:30] <smoser> tts, wanted to chat sometime today about natty specs
[15:32] <smoser> s/tts/ttx/
[15:32] <ttx> ok, joining mumble
[15:35] <_ruben> guess gpt is messing with me, guess i'll go have to see if we have some of those flash drives around to put (part of) the os on
[15:35] <jo-erlend> I'd like to allow only users from spesific machines to connect to the sshd on my machine and they should use passwords. How do I configure that?
[15:39] <zul> Daviey: mumble?
[15:40] <cemc> a have a 10.04 in a directory on a centos server. is there a way to to apt-get installs after chroot'ing to that directory?
[15:40] <Daviey> zul: Can do.. but that means i have to reach for my headset
[15:41] <zul> Daviey: yeah dont want to put you off ;)
[15:41] <ivoks> :(
[15:41] <ivoks> building, in which is my office, is on fire
[15:42] <zul> oh...crap...thats bad
[15:42] <ivoks> yep
[15:42] <Daviey> ivoks: I trust you aren't still in it?
[15:42] <ivoks> Daviey: i'm not, no :)
[15:43] <Daviey> ivoks: I hope you don't lose anything
[15:44] <ivoks> Daviey: me too; fire's not on my part of the building
[15:44] <ivoks> but still, smoke...
[15:45] <Daviey> ivoks: insured?
[15:45] <ivoks> of course
[15:45] <ivoks> Daviey: you have to be, by law
[15:45] <ivoks> as with cars
[15:45] <Daviey> ivoks: but for equipment... or just the building?
[15:47] <ivoks> i don't have much of equipment there, so i don't expect problems with that
[15:48] <ivoks> i just can't work there :/
[15:51] <Daviey> :(
[15:52] <ttx> SpamapS: ping
[15:52] <Daviey> hggdh: Are you around?
[15:53] <hggdh> Daviey: yes, at least physically (mentally, I am not sure)
[15:53] <Daviey> hggdh: heh
[15:56] <hggdh> Daviey: what can I do for you?
[15:56] <Daviey> hggdh: Great!  Fancy filing a UEC Testing / QA blueprint?
[15:58] <Daviey> hggdh: you know the naming convention, right?
[15:59] <hggdh> which one of them? They seem to change continuously...
[15:59] <Daviey> heh
[15:59] <hggdh> np
[15:59] <Daviey> hggdh: "cloud-XXXXXXXXXXXXXXX" is the part that really matters.... but we have been doing cloud-server-n-XXXXXXXXX
[16:00] <Daviey> i can't see a problem if you wanted to do cloud-qa-n-XXXXXXX  that is technically viable... but best check with ttx
[16:00] <hggdh> I will keep on what has been done, at least for the sake of consistency
[16:00] <ttx> cloud-qa is fine by me
[16:02] <ttx> JamesPage: about the java-housekeeping spec, you changed it to from other to appselection ?
[16:03] <ttx> Daviey: what happens if you rename an accepted and scheduled spec from one track to another ?
[16:03] <phretor> sorry for repeatedly asking the same thing over and over but I really see no explaination to this. Why does "# exec sudo -u worker -g worker /usr/bin/Xvfb :99" says "Sorry, user root is not allowed to execute '/usr/bin/Xvfb :99' as worker:worker"?
[16:04] <JamesPage> ttx: not sure I ever raised it under 'other' - its called packageselection-server-n-java-library-housekeeping now
[16:04] <ttx> ok
[16:04] <JamesPage> ttx: want me to rename?
[16:04] <ttx> Daviey: same track is autoscheduled in the same room in a row, is it a feature ?
[16:06] <Daviey> ttx: Registered participants clash?
[16:07] <ttx> JamesPage: no...
[16:07] <Daviey> (people need to use that feature lots more)
[16:07] <ttx> Daviey: Registered participants clash???
[16:08] <lau> is there any AUTHPRIV SyslogFacility with the openssh-server ubuntu package ?
[16:08] <lau> default comes with AUTH but I don't see the difference with AUTHRPIV
[16:19] <eagles0513875> hey ikonia are you around? i tried what you said re db i cant gain access still :( even tried reparing the user table
[16:19] <eagles0513875> dunno what else i coudl try
[16:21] <hggdh> Daviey, ttx: https://blueprints.edge.launchpad.net/ubuntu/+spec/cloud-server-n-qa
[16:21] <Daviey> hggdh: hmm... Do you want this to be a general server/cloud QA session, or targeted towards EC2?
[16:21] <ttx> hggdh: acked for uds-n
[16:21] <Daviey>  / UEC
[16:22] <ttx> mathiaz_: o/
[16:22] <hggdh> Daviey: I figure it should be targeted to UEC
[16:22] <mathiaz_> ttx: o////
[16:22] <Daviey> hggdh: agreed, sounds good
[16:23] <ttx> mathiaz_: I was wondering if I shouldn't move the "hadoop" session to the "cloud" track. I think it's still cloud-relevant
[16:23] <hggdh> Daviey: it's in the description (OK, one single 'UEC', but still ;-)
[16:23] <ttx> and also a better link with the other install-service specs
[16:23] <mathiaz> ttx: sure - seems ilke a good plan
[16:23] <ttx> mathiaz: ok, will do
[16:23] <ttx> mathiaz: also there is a possibility to book a two-hour session
[16:23] <mathiaz> ttx: great!
[16:24] <ttx> mathiaz: so maybe we should lump architecture and implementation into one
[16:24] <mathiaz> ttx: so a two hour session on monday for the installation service would be usefull
[16:24] <ttx> ok, I'll supersede one with the other and make it 2-hour
[16:33] <ttx> kim0: ping
[16:34] <kim0> ttx: pong
[16:34] <ttx> kim0: looks like your ubuntutheproject-community-n-buildingservercontributors duplicates ubuntutheproject-server-n-community
[16:34] <eagles0513875> hey guys any mysql db users here
[16:35] <kim0> ttx: ok I guess I can remove it
[16:35] <ttx> kim0: that last one is already approved and prioritized
[16:35] <kim0> sure
[16:35] <ttx> so we should lump one into the other :)
[16:35] <ttx> We can make it a community spec if you want
[16:35] <ttx> (I can name it  ubuntutheproject-community-n-server )
[16:35] <kim0> ttx: that makes sense
[16:36] <ttx> ok, will fix it
[16:36] <kim0> ttx: do I delete the dup ?
[16:36] <ttx> I'll mark it superseded
[16:36] <cemc> does ubuntu server have the possibility to remote connect with vnc for installation?
[16:36] <kim0> ttx: great
[16:37] <cemc> like 'linux vnc' on centos ?
[16:39] <mathiaz> JamesPage: hi!
[16:39] <mathiaz> JamesPage: thanks for testing bug 658227
[16:39] <mathiaz> JamesPage: and the good work you put in preparing the fix
[16:39] <JamesPage> ttx: no problem - think I covered all the bases!
[16:39] <JamesPage> mathiaz: sorry mean't you!
[16:40] <JamesPage> mathiaz: thats what you get for a context switch from java dependency analysis
[16:40] <mathiaz> JamesPage: how is that going?
[16:41] <JamesPage> mathiaz: OK - to hard by hand so putting something together that does a high level 'hits/misses' score for a given application stack
[16:41] <JamesPage> mathiaz: fairly rudimentary but gives an idea of scale of packaging.
[16:41] <mathiaz> JamesPage: yeah
[16:41] <mathiaz> JamesPage: being able to automate would be great
[16:41] <mathiaz> JamesPage: even if it's just to get an idea
[16:42] <JamesPage> mathiaz: looking at alot of 'not found' messages at the moment!
[16:44] <JamesPage> mathiaz: can we grab some time to discuss the application packaging and distribution spec for UDS-N?
[16:45] <mathiaz> JamesPage: sure - what are the name of the BP you've filed?
[16:46] <JamesPage> mathiaz: all linked against me from https://wiki.ubuntu.com/ServerTeam/NattyIdeaPool
[16:46] <mathiaz> JamesPage: great!
[16:46] <ttx> SpamapS: around ?
[17:05] <SpamapS> ttx: I am now sorry
[17:14] <ScottK> JamesPage: I do have a couple of thoughts for you on that spec when you have a moment ...
[17:21] <SpamapS> ScottK: which one? The server app delivery spec?
[17:21] <ScottK> SpamapS: Yes.
[17:22] <SpamapS> ScottK: I just yesterday discovered your (fairly old now) spec to fix backports to not install all backports.
[17:22] <ScottK> SpamapS: Yep.  Still trying to get that one done.
[17:22] <ScottK> It's on the agenda (again).
[17:22] <SpamapS> ScottK: which would, in effect, do the same thing we're wanting to do with PPA's.. but with less isolation.
[17:22] <ScottK> And without messing with trust boundaries.
[17:23] <SpamapS> yeah, its the exact same thing as the post release apps.
[17:23] <ScottK> Post-release apps is a bit of a different problem.
[17:23] <SpamapS> The web-dev world can do this now with their own PPA's.. its not like end-user apps where they need software center to hold hteir hand.
[17:24] <ScottK> Yes, but there is a tension between people who just want stable in a release and crackheads who must have the latest at all times.
[17:24] <SpamapS> The real focus of this is to make it easier to build a little wart of instability on top of the incredibly stable core of Ubuntu.
[17:25] <ScottK> Right, but I don't think that's an alternative to having those packages in the release.
[17:25] <ScottK> I think it's a layer on top.
[17:26] <ScottK> You can get a stable/consistent version of X from $RELEASE or enable (whatever it ends up being) and have the latest at all times.
[17:26] <SpamapS> stable no, consistent yes. The versions of libmemcached and mongodb that we have in lucid, for instance, are extremely broken compared to the ones available now.
[17:27] <ScottK> Broken or incomplete?
[17:27] <SpamapS> I think one problem is we rush a bit to get stuff into the release when its not done. ;)
[17:27] <ScottK> If they are broken, they should get fixed via SRU.
[17:27] <ScottK> Sure.
[17:28] <SpamapS> they are somewhat broken at their cores.. SRU's would be pointless as the entire community that is built around them does not use the version we have, they use the newest one.
[17:29] <SpamapS> The SRU process is far too long for a web shop to wait.
[17:29] <ScottK> I agree with that.
[17:29] <ScottK> But I also think "It's broken" is an SRU reason.
[17:29] <SpamapS> Agreed
[17:30] <SpamapS> the reason you don't see it getting fixed is *nobody* is using those versions to report the bugs. Occasionally somebody does.. and we fix it.
[17:30] <ScottK> Also not all web developments are based on crack of the day.
[17:30] <SpamapS> Only crazy people using mongodb right now. ;)
[17:31] <SpamapS> Agreed, a good web shop will only accept the risk of one of these crazy web scale type techs if they have to.. most of the time they want that LTS level of stasis where they can focus on their issues for 3 years before even thinking about upgrading.
[17:31] <ScottK> I think this spec could be interesting as an "In addition to" including packages in the distro and not "instead of" and it would be really cool if we could deliver via backports.
[17:32] <ScottK> We'd need tech board permission to push stuff straight to backports and not through the development release when the development release is late cycle and ~frozen, but that's doable.
[17:32] <SpamapS> I want them in backports too. I think the only reason we're thinking PPA's is the isolation, but if backports can achieve that then we don't have to care so much.
[17:33] <ScottK> Also if it's in backports, it can be described as "in" Ubuntu, not "on" Ubuntu.
[17:33] <SpamapS> The ony nice thing about PPA's is that we can delegate trust to upstreams similar to the single package uploader rights. When they have single package uploader rights, does that extend to backports?
[17:33] <ScottK> No, but getting a backport approved is relatively trivial.
[17:34] <ScottK> Ideally it's a no change backport, they file a bug that says the new version builds, installs, and runs on $RELEASE, a backports acks it, and an archive admin runs a script.
[17:34] <ScottK> We don't require the bug filing/testing be done by developers.
[17:34] <ScottK> And if someone says that they've tested it, we don't go around looking for reasons not to believe them.
[17:39] <ScottK> Also any MOTU can join ubuntu-backporters, so getting a server team person to be able to deal with these directly is not a problem.
[17:52] <corecode> hey
[17:53] <corecode> somehow my dovecot doesn't use ~/.dbox after an upgrade
[17:53] <corecode> any idea why that could be?
[17:53] <JamesPage> ScottK: sorry I missed you earlier; want to catchup now? - have 10 before a meeting
[17:54] <ScottK> JamesPage: See my discussion in the backscroll with SpamapS.  Then we can discuss further if you want.
[17:56] <ttx> Daviey: http://summit.ubuntu.com/uds-n/track/cloud/ is done
[17:56] <ttx> down
[17:56] <mathiaz> SpamapS: https://subtrac.sara.nl/oss/sali
[18:10] <chiapagringo> Has anyone ran into this error message why attempting to mount exported NFS shares?  ¨mount.nfs: access denied by server while mounting¨
[18:11] <chiapagringo> and if so, any ideas on what is causing the issue?
[18:42] <latenite> Hi folks, Is there a way to give a user rootrights BY DEFAULT? I have script with commands like fdisk and dont want to change it wirh PREFIXING sudo all over the place.
[18:43] <cwillu_at_work> latenite, run the script with sudo
[18:44] <latenite> cant do that it more complex with many ssh calls and stuff
[18:44] <Byron> hello all. I just upgraded from 10.04 to 10.10 and do not have access to the Internet. I have an IP address, but no access to the web.
[18:44] <latenite> it s like : ssh user@box "fdisk /dev/sdc"
[18:45] <cwillu_at_work> ssh root@box?
[18:45] <EvilPhoenix> cwillu_at_work:  i think he's asking how he can give any user the power of root user
[18:45] <EvilPhoenix> which i don't think is possible at all
[18:46] <EvilPhoenix> without using sudo
[18:46] <EvilPhoenix> and adding everyone to sudoers
[18:46] <cwillu_at_work> EvilPhoenix, and I'm deliberately not saying how to do it, because it's insane
[18:46] <cwillu_at_work> yes, it can be done, no, I won't tell you how.
[18:46] <EvilPhoenix> indeed
[18:46] <EvilPhoenix> i think it falls into the "Not Supported Procedures" rules
[18:48] <latenite> thats what I am asking for. the ubunutsystem that will be "currupted" is just a pendrive used to install anoterh system. Imagine my "main.sh" http://pastie.org/1230431 .
[18:48] <EvilPhoenix> latenite:  we cant help you with giving root to everyone
[18:48] <EvilPhoenix> afaik, its against chat policies
[18:48] <latenite> If I call that script with "sudo main.sh" I am STILL in trouble
[18:49] <latenite> since there is a variable $user...who ssh into the ubunut bos..but here will not be albe to to all the commands..since he has no roights
[18:49] <latenite> and I dint want to change the script.
[18:50] <latenite> cwillu_at_work, EvilPhoenix see my problem? I could use ANY distribution on the pendrive and make $user='root'
[18:51] <EvilPhoenix> i wonder if ubottu is here
[18:51] <latenite> But I d realy like to use ubuntu....but therefor I need a user with root powers
[18:52] <EvilPhoenix> i belive...
[18:52] <EvilPhoenix> believe*
[18:52] <EvilPhoenix> that it is against the chat policies to help you with this
[18:52] <EvilPhoenix> cwillu_at_work:  amirite?
[18:52] <latenite> EvilPhoenix, what poilitcs?
[18:52]  * EvilPhoenix checks the access list
[18:53] <latenite> EvilPhoenix, I just want to tune my system...to my needs
[18:53] <cwillu_at_work> latenite, this has nothing to do with ubuntu, it's how the kernel handles permissions
[18:54] <cwillu_at_work> if you need to do things that only root can do, you need to become root, one way or another
[18:54] <EvilPhoenix> either with sudo or logging in as the root user
[18:54] <EvilPhoenix> depending on the setup
[18:54] <cwillu_at_work> or some other setuid executable, or hacking up the kernel, or whatever
[18:54] <latenite> thats the problem in the first place. the script was written with the assumption that "root" ssh's into the box
[18:55] <cwillu_at_work> latenite, eh?
[18:55] <latenite> since that can t be done with ubunut
[18:55] <EvilPhoenix> cwillu_at_work:  can I PM you?
[18:55] <latenite> I changed root to $user
[18:55] <cwillu_at_work> the assumption is that that you ssh into the box as root, it has nothing to do with the user you come from
[18:55] <cwillu_at_work> EvilPhoenix, sure
[18:55] <cwillu_at_work> latenite, you can ssh into ubuntu as root, just not with a password unless you enable that
[18:56] <cwillu_at_work> (typically you would use an ssh key instead)
[18:57] <latenite> cwillu_at_work, but when I do ssh root@box it fails.
[18:57] <latenite> how would I set root passwd?
[18:57] <cwillu_at_work> latenite, you don't.
[18:57] <cwillu_at_work> you use an ssh key
[18:57] <pmatulis> latenite: you need to allow root to log in via SSH and use a key with a blank passphrase
[18:57] <cwillu_at_work> I mean, you can, but it's just dumb
[18:58] <EvilPhoenix> IN ANY CASE.  we arent allowed to help with getting someone to use root
[18:58] <EvilPhoenix> or enabling it
[18:58] <cwillu_at_work> EvilPhoenix, um?
[18:58] <EvilPhoenix> i just checked with the ubuntu ops channel
[18:58] <EvilPhoenix> cwillu_at_work:  enabling root to ssh
[18:58] <EvilPhoenix> would also require enabling that account
[18:58] <cwillu_at_work> EvilPhoenix,  hardly
[18:58] <EvilPhoenix> no?
[18:58] <cwillu_at_work> EvilPhoenix, you just dump a key in /root/.ssh/authorized_keys
[18:58] <cwillu_at_work> er, a pubkey
[18:58] <EvilPhoenix> with sudo
[18:58] <cwillu_at_work> of course,
[18:58] <EvilPhoenix> which assumes you have sudo
[18:59] <EvilPhoenix> in which case if you don't you're stuck at square one again where you dont have permissions
[18:59] <latenite> cwillu_at_work, i dont want to use keys...since thats an installscript.....there will be no keys in that env
[18:59] <cwillu_at_work> latenite, then you'll have to use passwords and sudo
[18:59]  * Pici is confused.
[18:59] <cwillu_at_work> there's no other way to do it
[18:59] <EvilPhoenix> Pici:  i am too :/ :\
[18:59] <EvilPhoenix> Pici:  but isnt everyone at some point in time? x]
[19:00] <latenite> ok. so can I do "ssh root@box"? on ubuntu anyhow?
[19:00] <EvilPhoenix> latenite:  if you have the sshd configured to let root login yes
[19:01] <cwillu_at_work> latenite, not without doing configuration on the ubuntu box, and if you're going to do that, then you should use an ssh key rather than enabling root's password
[19:01] <EvilPhoenix> ^^^  what he said
[19:01] <cwillu_at_work> EvilPhoenix, key-based logins are allowed by default for root
[19:01] <EvilPhoenix> cwillu_at_work:  *shrugs* i'm assuming the sshd is configured to not allow Root to login even with ssh keys
[19:01] <EvilPhoenix> then again
[19:01] <cwillu_at_work> EvilPhoenix, it's not
[19:02] <EvilPhoenix> i havent had coffee yet today so i'm tired x]
[19:02] <EvilPhoenix> *away for said coffee*
[19:02] <cwillu_at_work> EvilPhoenix, such a restriction is unnecessary anyway, as there's no default keys in authorized_keys
[19:02] <cwillu_at_work> i.e., it's still secure by default
[19:05] <latenite> cwillu_at_work, it sias yes on permit root login http://pastie.org/1230475 but http://pastie.org/1230482 root hast no password set here
[19:05] <latenite> how would I set root pwd?
[19:05] <cwillu_at_work> latenite, you don't
[19:05] <_Techie_> ffs
[19:05] <_Techie_> !root
[19:06] <latenite> cwillu_at_work, just did http://pastie.org/1230487
[19:06] <latenite> whats so bad about that?
[19:06] <_Techie_> latenite, read that link from ubottu, it shows you how to enable a root password in there
[19:07] <_Techie_> now stop beating around the bloody bush
[19:09] <latenite> ok thanks :)
[19:09] <_Techie_> and cwillu_at_work, dont rage at me for pointing him in the right direction to give the potential for screw ups, its his server so its his choice
[19:10] <cwillu_at_work> _Techie_, you can stop raging now
[19:12] <cwillu_at_work> latenite, do you understand what I mean by using an ssh key to log in?
[19:12] <_Techie_> cwillu_at_work, also, when did the ubuntu gods stop people knowing how to access root when they want to
[19:13] <_Techie_> people used to do it all the time
[19:13] <cwillu_at_work> _Techie_, why are you talking to me?
[19:13] <latenite> cwillu_at_work, sure but the installscript I deal with can be used on any bos....I dont want to create keys....
[19:14] <_Techie_> cwillu_at_work, oh, sorry mistook evil for you
[19:14] <cwillu_at_work> latenite, the installscript is pretty much irrelevant though
[19:15] <latenite> _Techie_, thats how I feel to. I know that a regual user can have all the rights to do waht he want...I root grants them the right..........What I dont know is: why thsi is NOT allowd to be told on chat???
[19:15] <cwillu_at_work> I would like a cookie for not losing it on you _Techie_ :p
[19:15] <cwillu_at_work> latenite, your terminology is... wrong
[19:15] <latenite> cwillu_at_work, in what way?
[19:16] <_Techie_> latenite, im gonna ask around
[19:16] <latenite> _Techie_, cool :)
[19:16] <cwillu_at_work> latenite, "regular user" typically refers to the account, not the actual person
[19:16] <_Techie_> and cwillu_at_work, i really am sorry i should have gone off with you as my target, you didnt deserve it and probably never will
[19:16] <_Techie_> sholdnt*
[19:16] <cwillu_at_work> that said, there are very good reasons to not enable to root account
[19:17] <cwillu_at_work> for one, you don't need to enable the password to get a root prompt
[19:17] <_Techie_> i just get extremely frustrated when i see people enforcing their own rules upon other people so abusively
[19:17] <cwillu_at_work> _Techie_, well, point of interest, it _is_ policy :p
[19:17] <latenite> _Techie_, :)
[19:17] <_Techie_> anyway, gonna start asking around as to when it became so bad
[19:17] <cwillu_at_work> if you have to ask, you almost certainly don't know enough to keep from severely breaking things
[19:18] <latenite> who makes these rules? its a free world! and my box!...If I was to burn it...I could just do it!
[19:18] <cwillu_at_work> latenite, the two other biggies is that root passwords on internet accessible machines need to be monitored _very_ carefully for intrusions
[19:18] <Pici> You can do whatever you want, but don't expect us to support it here.
[19:19] <cwillu_at_work> and finally, logging on to a graphical session as root gives _far_ too much power to any application running in the session.  Any trivial security flaw in firefox now becomes a remote root exploit.  Many applications don't even work correctly with elevated privileges
[19:19] <latenite> cwillu_at_work, it a "freakin' pendrive used to boot a box so I can ssh into it...while insalling....teh user that loging in MUST have root rights BUT MAY NOT have to prepend sudo all th etime
[19:20] <latenite> what is so bad about all that?
[19:20] <cwillu_at_work> latenite, it's a free world, and my mouth!  You don't have the right to demand information from me :p
[19:20] <latenite> cwillu_at_work, :) no wars :) Just asked some stuff.
[19:21] <cwillu_at_work> latenite, (a) you don't need a password on root to get a root prompt.  (b) say you browse some documentation from that pendrive, with firefox running as root...
[19:21] <latenite> so ?
[19:22] <cwillu_at_work> latenite, any minor vulnerability in firefox (or plugins) now becomes a remote exploit
[19:22] <cwillu_at_work> there's a sizeable percentage of rootkit'd unix boxes on the web
[19:22] <latenite> I know...
[19:23] <latenite> this box and the pendirve are not on the net....
[19:24] <pmatulis> latenite: not enabling root is a ubuntu thing; so naturally ubuntu folk support that policy.  i've used many other linux distros as well as freebsd and openbsd so i'm less vehement about it.  so it depends who you talk to
[19:25] <latenite> pmatulis, thanks ... that feel that way to. To me it s just a specific ubunut feature...that I must be allowed to change
[19:25] <latenite> ...so I still dont get why there are policie not to tell
[19:26] <latenite> that sound s so "non GNU"
[19:26] <Pici> The policy is to educate.
[19:26] <cwillu_at_work> latenite, because if you have to _ask_, you have more to learn first
[19:27] <cwillu_at_work> it's a trivial operation
[19:27] <latenite> cwillu_at_work, that s why I am asking......to learn! so what? you re telling me to learn more?
[19:27] <latenite> in other words you would HINT me into the right direction?
[19:27] <latenite> ...i d be fine with that.
[19:27] <_Techie_> cwillu_at_work, a user may not necessarily know exactly how root is locked, for all they know ubuntu re wipes the password at each boot
[19:27] <cwillu_at_work> latenite, you managed to ignore every approach I gave you before :p
[19:28] <latenite> cwillu_at_work, anyone of them required me to change my script....which I will not do.
[19:28] <latenite> so I just made root acount aktive
[19:28] <cwillu_at_work> so you're not interested in learning.  Gotcha :p
[19:28] <latenite> that works for now but is not what I wanted in the first palce
[19:29] <latenite> sure I am...I want to learn how to grant a user all rights to the box
[19:29] <cwillu_at_work> latenite, you can't
[19:29] <latenite> I d be happy to learn the steps
[19:29] <cwillu_at_work> that operation is basically meaningless
[19:29] <cwillu_at_work> there are ways to make it kinda look like you did that, but they're pretty much useless
[19:30] <cwillu_at_work> latenite, you know, I bet you're thinking there's an administrator group :p
[19:30] <cwillu_at_work> linux has no such concept
[19:30] <latenite> I told you what I want to achieve.....so!
[19:30] <latenite> is there a way?
[19:31]  * cwillu_at_work repeats himself
 that operation is basically meaningless
 there are ways to make it kinda look like you did that, but they're pretty much useless
[19:31] <cwillu_at_work> * ivoks has quit (Ping timeout: 252 seconds)
 latenite, you know, I bet you're thinking there's an administrator group :p
 linux has no such concept
[19:31] <cwillu_at_work> ivoks, sorry for the ping :p
[19:31] <_Techie_> cwillu_at_work, hehe, there is no administrator group, however there is an admin group =P
[19:32] <cwillu_at_work> _Techie_, ... which only has meaning because sudo looks for a group by that name before determining whether to switch to the root user :p
[19:32] <cwillu_at_work> it has no power in itself
[19:32] <_Techie_> which is also very odd
[19:32] <cwillu_at_work> _Techie_, it's the only way it could possibly work
[19:32] <_Techie_> because by default sudo looks for the sudo group in other distro's
[19:33] <cwillu_at_work> _Techie_, generally, but not universally
[19:33] <_Techie_> and only in ubuntu is it set to %admin
[19:33] <_Techie_> well, the only one ive come across
[19:33] <cwillu_at_work> admin tends to have more meaning to a non-technical user than "sudo"
[19:34] <_Techie_> anyway, i have to go or ill be late for class, ill try get back on later
[19:34] <cemc> how do I update an ltsp chroot without (re)starting any services which might be activated ?
[19:34] <latenite> I my user was in group admin...could he just do "fdisk /dev/sda/ without the use of sudo?
[19:34] <_Techie_> latenite, no he would have to sudo
[19:34] <cwillu_at_work> latenite, you'll learn a lot more if you read what people say
[19:34] <latenite> damn that :) laughs....
[19:34] <latenite> _Techie_, have fun at class :) thanks so far
[19:34] <cwillu_at_work> given that I just explained what the admin group did 8 lines up :p
[19:35] <latenite> cwillu_at_work, I m ut...thanks anyway :)
[19:35] <cwillu_at_work> ut?
[19:35] <latenite> *out
[19:38] <cemc> or better yet, can I apt-get without automatically restarting any services ?
[19:51] <pmatulis> cemc: you don't have any services running in the chroot
[19:52] <pmatulis> cemc: are you saying how to prevent any from starting?
[19:52] <cemc> pmatulis: right. but I have them running outside of the chroot. what if I have a cupsd running outside, and cupsd gets updated inside the chroot?
[19:53] <pmatulis> cemc: the point is that you need to prevent any services from starting in the first place
[19:53] <pmatulis> cemc: this is documented
[19:54] <pmatulis> https://help.ubuntu.com/community/UbuntuLTSP
[19:55] <cemc> pmatulis: right, I saw that after I asked the first question. actually I thought it would be similar to a normal chroot (no LTSP), but I guess that's LTSP-specific then?
[19:55] <pmatulis> cemc: i think so, yes
[19:56] <cemc> mhm
[19:56] <pmatulis> cemc: anyway, you're looking for variable LTSP_HANDLE_DAEMONS=false
[19:56] <pmatulis> cemc: also, see IRC channel #ltsp
[19:57] <cemc> pmatulis: thanks
[19:57] <pmatulis> cemc: i happen to be upgrading my ltsp server to lucid right now
[19:59] <cemc> ;)
[20:39] <attention_chaud> hello, ok... I'm not sure if I am on crack or not but I can't remember how to list folders with owners and groups from root.... and I can't seem to find it on the web except for ls which only lists the files. Anybody able to help me? I feel mentally challenged at the moment.
[20:40] <Pici> ls -l
[20:40] <Pici> Or are you looking for something else?
[20:40] <Pici> like lsattr
[20:40] <Pici> !enter > Pici
[20:43] <attention_chaud> no no ls -l!!! thanks Pici. I'm having a brain fart day
[20:44] <icek> Could the fact that I am running ubuntu desktop, rather than ubuntu server cause problems with dhcpd failing?
[20:44] <guntbert> icek: nothing speaks against the default dhcpd - I suspect its webmin...
[20:45] <icek> oh
[20:45] <guntbert> icek: what was the error?
[20:45] <icek> but when i vim into the dhcpd conf file it looks the same as the webmin one
[20:45] <icek> no subnet declaration for eth1 not configured to listen on any interfaces
[20:45] <icek> which implies that the dhcpd conf file is confgiured right
[20:47] <guntbert> icek: if it is not configured to listen on any interface - why should it start anyway?
[20:47] <icek> but i configured it!
[20:48] <guntbert> icek: my point: webmin did something wrong - so use vi (and your brain :-)) to configure it correctly
[20:49] <_Techie_> or nano =)
[20:50] <guntbert> _Techie_: only experts here - experts use vi ;-))
[20:52] <_Techie_> guntbert, i find that very insulting, i love my nano
[20:54] <guntbert> _Techie_: keep it - use it - be good with it :-)  (and don't be easily insulted :-))
[21:29] <latenite> Hi folks, I am new to raid1 and want to know what to do fist: mdadm --create on both entire discs and THEN partioen my md device? OR create (say 5) same partitions on each disk and THEN do mdadm --create .. /dev/sda1 /dev/sdb1 and mdadm --create .. /dev/sda2 /dev/sdb2
[21:35] <fluvvell> latenite, need to partition first. Assuming your drive is blank
[21:36] <fluvvell> drives * are
[21:43] <dominicdinada> ugh if I was running pentesting on my web application and obviousally it found a hole and broke the phpmyadmin setup, it is forced an error and says check the logs. Would removing and reinstalling phpmyadmin correct the problem?
[21:44] <dominicdinada> I mean i also use mysql workbench on my Doze machines and that is able to connect, and all the tables i checked seem to be fine it is just the phpmyadmin tables that are causing problems
[21:49] <latenite> fluvvell, why not make md0p1, md0p2 , md0p3 ? what makes the difference between partionin fist or last?
[21:55] <fluvvell> latenite, you need the partitions before you can assemble a mirrored raid array.
[22:03] <qman__> latenite, you have to create partitions of type linux raid autodetect on all the disks you want to use, then you create the md device
[22:03] <qman__> md devices don't have partitions on them, if you want to divy them up, you need to use LVM
[22:06] <qman__> on my file server, I simply have disks with only one, full-size partition on them, which form md0, and an ext3 filesystem directly on md0
[22:31] <dominicdinada> how do i delete all my archived logs obviously rm -r *.gz deletes them in each folder i run it in but from /var/log/ how do i recursively delete all the archives without going to each folder
[22:38] <KillMeNow> domincdinada:  you can use the find command with +mtime=X and pipe it to use the rm command
[22:40] <KillMeNow> something like:  find *.gz +mtime +20 | rm -rf
[22:40] <KillMeNow> the mtime command will look at how old the last modification was to that file
[22:40] <draik> I upgraded my Ubuntu server from 10.04 to 10.10, but now I don't have Internet access. I have an IP from my router, but no outside access. Has anyone come across this issue and found a resolution?
[22:41] <dominicdinada> KillMeNow: ok thank you
[22:41] <KillMeNow> make sure you test it out and DON"T do it from root
[22:41] <KillMeNow> you can bork lots of things up if you're not careful
[22:42] <KillMeNow> draik:  sounds like you're getting an IP dynamically
[22:43] <KillMeNow> have you tried setting it statically to something outside the DHCP range?
[22:43] <KillMeNow> i'm done for the day folks, see you tomorrow
[22:43] <draik> KillMeNow: I have the IP set and is not shared.
[22:44] <KillMeNow> can you ping?
[22:44] <draik> I tried "google.com", but it gives "Unknown host"
[22:44] <KillMeNow> try pinging your gateway
[22:44] <KillMeNow> via IP
[22:44] <KillMeNow> if you can ping your gateway, it's not the network
[22:45] <KillMeNow> you'll likely need to set your resolver in /etc/resolv.conf
[22:45] <draik> Yup, I can ping the gateway.
[22:45] <KillMeNow> type this in:  cat /etc/resolv.conf
[22:45] <KillMeNow> is there a nameserver listed?
[22:46] <draik> No. It is the domain that I gave it.
[22:46] <KillMeNow> ok, there should be two lines in resolv.conf
[22:46] <KillMeNow> nameserver xxx.xxx.xxx.xxx
[22:46] <KillMeNow> and if it's on a domain:  search somedomain.com
[22:47] <draik> Yes, I have the "search domain.com" entry.
[22:47] <KillMeNow> the nameserver line should have the IP address of your DNS server
[22:47] <draik> I'll update the necessary fields with that of my desktop.
[22:47] <draik> Thank you, KillMeNow. BTW, is a reboot required, or just restart the networking service?
[22:47] <KillMeNow> you might need to restart the networking service, i don't think you need to reboot
[22:47] <KillMeNow> rarely do you need to reboot a service on linux
[22:48] <KillMeNow> yea you probably will need to restart the network service
[22:48] <draik> WOOHOO. I'm online again. Thank you, KillMeNow.
[22:49] <KillMeNow> welcome
[22:58] <bluefrog> in 10.10 how do I restart the network, pls? I added eth1 in /etc/network/interfaces and I would like to bring it up with tha parmeters I inserted.
[23:00] <bluefrog> ok got it. needed to use the old /etc/init.d/networking restart as service networking restart dos not work properly apparently
[23:05] <nomadgis> Is there anyone here that could answer questions about Bind9 configuration?
[23:26] <SpamapS> nomadgis: you should just ask your question, and somebody will pipe up if they have an answer
[23:32] <nomadgis> I am the owner of a hosted domain, but when browsers are pointed to my domain I want them to be directed to a directory on my local machine. Does this mean that I what I want is to host my domain myself? Or, do I need to configure BIND to direct traffic from the host to my IP?
[23:33] <SpamapS> nomadgis: that has almost nothing to do with bind 9 configuration.
[23:34] <SpamapS> nomadgis: IMO, you should let your DNS registrar host your DNS unless you have a very good reason to host it yourself (which may be as simple as "I want to learn how to do that."
[23:34] <SpamapS> )
[23:42] <nomadgis> If I allow them to continue hosting the domain, how do you then integrate a LAMP system with it?
[23:42] <qman__> nomadgis, the only way would be to configure a subdomain that points to your IP
[23:42] <qman__> and whether or not/how you do that depends on who hosts your domain
[23:43] <nomadgis> how so?
[23:43] <qman__> whoever is hosting your domain name for you, the person answering DNS queries for your name
[23:43] <qman__> how to configure that depends on how their system works
[23:44] <qman__> whether they have a web interface, email requests, trouble tickets, or whether they support doing that at all
[23:45] <nomadgis> the domain is at GoDaddy and I believe they have a fairly robust system for doing this kind of thing. I just don't know where to start looking. Forwarding addresses, subdomains, and TCP/IP traffic in general are all fresh topics for me...
[23:45] <qman__> you can host it yourself, but that requires significant work and configuration at your registrar
[23:45] <qman__> well, what you want is a subdomain pointing to your IP
[23:46] <qman__> you could do a redirect but the content hosted on your local server would still be referred to by IP once forwarded
[23:46] <qman__> to have full name functionality, a subdomain is the way
[23:47] <nomadgis> sounds likely. and how does this work?
[23:47] <qman__> you set it up with your DNS provider
[23:47] <qman__> then, the main domain points to your hosted site, and the subdomain points to your local server
[23:48] <qman__> there is no technical reason you can't do this, but your provider might have limitations
[23:48] <nealmcb> nomadgis: it might help to review why you want to serve from your local machine (which will probably be less available etc).  Would it work to mirror that local directory to the machine at your hosting provider?
[23:51] <nomadgis> I think that would also work. basically I have some fairly sophisticated things happening on my machine related to web mapping. tons of geographic layer being served and accessible to my via localhost...but I want this same access via mydomain.com
[23:53] <nomadgis> for example a postgresql db runs by default on localhost:5432, but I want to access the same data stored locally on my machine from mydomain.com:5432
[23:53] <nomadgis> from www
[23:55] <nealmcb> nomadgis: hmmm - could be risky to expose your home machine to the internet like that - and is postgresql really set up to be securely used over the internet?