[00:05] <LyonJT> Heyyy
[00:05] <LyonJT> Does anyone know how to lock a user to there home directory so they can't get access to anywhere else in the filesystem?
[00:09] <aegis> LyonJT: This might help: http://ubuntuforums.org/showthread.php?t=1576385
[00:10] <LyonJT> aegis: thanks buddy
[00:14] <aegis> LyonJT: No problem... you might want to check out "chrootpath" under this as well: http://manpages.ubuntu.com/manpages/lucid/man5/rssh.conf.5.html
[00:24] <tarnfeld> Hey
[00:25] <tarnfeld> I'm running Ubuntu 10.04 Server and I wanted to lock a user to stop them reading/writing to anything outside of their user directory via SSH or FTP - Whats the best way to do this?
[00:48] <k5673> tarnfield:Do you tried using chroot jais?
[00:48] <k5673> http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html
[01:19] <qman__> suggest against following a redhat guide on ubuntu
[01:19] <qman__> especially if you're not familiar with the differences between them
[01:24] <garymc> Hi anyone know how to add php_pdf extension in ubuntu server?
[01:24] <garymc> my php programmer asked me to add this extension to my server
[01:33] <qman__> garymc, might you be looking for the package 'php-fpdf'?
[01:33] <garymc> I dont know?
[01:34] <garymc> he asked me to enable or install php_pdf extension
[01:34] <qman__> might be a php-pear extension, too
[02:10] <dku> How could I restrict access to a certain IP/port combination to only a certain user?
[02:25] <thedoble> Hi folks - im new to linux servers and am following the ubuntu server guide - my question is, if i set up a basic server with samba file sharing and postfix/dovecot email, is there any work needed when it comes to user management
[02:26] <thedoble> id I set up a user account on the server does that then automatically create an email account and a samba account?
[02:26] <thedoble> if *
[02:27] <qman__> thedoble, the default postfix+dovecot creates a mailbox for each system user
[02:27] <qman__> samba uses a combination of configured share permissions and the filesystem permissions
[02:28] <qman__> though you do need to run smbpasswd for each user
[02:28] <thedoble> I see, what if i wanted to add 20 users in bulk? is there a way of automating that process?
[02:29] <patdk-lap> there is a way to automate anything :)
[02:30] <mcarse> Can someone help me? Postgrey is seg faulting since I upgraded a server to 10.04.
[02:30] <mcarse> It happens as soon as I try to start postgrey
[02:31] <mcarse> Any help would be appriciated.
[02:59] <ScottK> If mcarse comes back, it's probably worth pointing out that postgrey is a Perl script so any segfaulting is probably something else and not postgrey directly.
[05:54] <git__> how do I create a private cloud ???
[05:54] <AlanMeta> Hi all, trying to start bind9, and its failing. How do I find out where its failing?
[05:57] <AlanMeta> this is on 9.04 server
[06:00] <ScottK> AlanMeta: Not specific to your question, but 9.04 is just about out of it's support window (a matter of days).  You should consider upgrading soon.
[06:01]  * Datz wonders when the first ubuntu-server version came out.
[06:01] <AlanMeta> yes I am upgrading it now, seeing if that will help
[06:03] <Datz> ah, 9.10 I see
[06:04] <Datz> er I mean 9.04
[06:06] <AlanMeta> was surprised that bind9 didn't say what the issue was, just that it failed
[06:09] <Datz> I wonder how many people are running 9.04
[06:10] <AlanMeta> when you ssh to do an upgrade, what port is the alternate ssh port it starts?
[06:18] <_Techie_> Datz, actually, server dates back to 6.06
[06:18] <_Techie_> and alot of people are still running 9.04
[06:19] <qman__> yes, server started with 6.06 and has been in every release since
[06:20] <AlanMeta> interesting... I managed to take out the server my vps is on
[06:21] <Datz> _Techie_: ah, ok.. I was just reading something about an 8.04 server version which confused me
[06:24] <Datz> this article started my confusion http://www.ubuntu.com/news/ubuntu-9.04-server
[06:24] <Datz> I thought it strange to not start a realse with an LTS
[06:26]  * Datz started using ubuntu with 7.10
[06:27] <qman__> I played with 5.04 a bit but didn't start using it seriously until 5.10
[06:28] <AlanMeta> is there a tool I can use on Ubuntu Desktop that will help make configuring Ubuntu Server easier?
[06:28] <qman__> in short, no
[06:28] <AlanMeta> so in long, its yes or maybe?
[06:28] <qman__> you can use things like gnome-terminal and gedit instead of a TTY and vim
[06:29] <qman__> but it still comes down to editing configuration files and running commands
[06:29] <AlanMeta> oh ok. I was thinking since Ubuntu makes the desktop version so "Windows-like" that they would have a tool to make configuring the server easy
[06:30] <qman__> Ubuntu is anything but "Windows-like"
[06:30] <qman__> it is easy to use
[06:30] <AlanMeta> the desktop installs very easily and configures itself
[06:30] <AlanMeta> for the most part
[06:30] <qman__> with premade packages and tools like tasksel, so does ubuntu server
[06:31] <AlanMeta> oh ok
[06:32] <qman__> they're just menus on a console instead of point and click
[06:32] <qman__> saves resources and reduces the attack surface
[06:32] <qman__> many tasks couldn't be easier
[06:32] <qman__> installing a web server is a single checkbox during setup
[06:33] <qman__> granted there's a long way to go with things like directory services
[06:33] <qman__> there's a reason ubuntu is my distribution of choice, it makes my life easy
[06:35] <qman__> but anybody who claims windows is "easier" than linux has never had to fix a corrupted active directory installation
[06:35] <AlanMeta> Yeah I was using CentOS, but even though cPanel made it easy in some ways, it kept getting in my way in other ways
[07:30] <osmosis> strange how the interfaces on a kvm guest disappear sometimes and dont exist in the stats counter.
[07:30] <extor> Is there any way I can enable aggressice write caching in linux, the same way one can now enable it in windows 7...what I want is for the kernel to only write flush once in a blue moon to minimize write lag
[07:30] <osmosis> for libvirt
[07:32] <AlanMeta> it seems my VPS doesn't like upgrading the Ubuntu :-(
[07:40] <qman__> extor, linux (and ubuntu) already do this by default
[07:41] <qman__> and have for years
[07:42] <extor> qman__, I want to increase the time the data is held then
[07:48] <qman__> extor, I suggest against it, but if you must, this should help explain  http://www.cyberciti.biz/faq/linux-kernel-tuning-virtual-memory-subsystem/
[07:48] <MTecknology> JEBUZ! $20/mo for a static IP!!!
[07:48] <extor> qman__, what about this? http://www.westnet.com/~gsmith/content/linux-pdflush.htm
[07:49] <qman__> that's a good explanation too
[08:36] <JKL_> Hi. I am trying to virtualize with kvmbuilder. Does this xml look correct: http://ubuntuforums.org/showpost.php?p=10018470&postcount=7 ?
[08:57] <AlanMeta> on Ubuntu 9.04 is it better to use webmin or eBox?
[09:22] <AlanMeta> anyone still here?
[10:09] <vraa> hi has anyone used munin?
[10:10] <KB1JWQ> !ask | vraa
[10:11] <vraa> oh i see - well i think i might've messed up somewhere, i setup munin.conf and munin-node.conf and i got the graphs and html generated, but the graphs all show nan, even after waiting 30 minutes for updates
[10:13] <KB1JWQ> vraa: You have a cron process or a daemon that fetches stats? :-)
[10:13] <vraa> i am not exactly sure - but i think it's a cron process that gets setup after "apt-get install munin munin-node"
[10:14] <KB1JWQ> vraa: Welp, is it there?
[10:14] <KB1JWQ> :-)
[10:14] <vraa> how do i double check? because i do see munin-node as a process running too
[11:31] <extor> Has this atime, relatime "patch" by Linus Torvalds improved disk i/o in busy linux servers much? Is this discussion and the points it raises still valid or should an admin just leave disk i/o on busy xen servers on autopilot? http://kerneltrap.org/node/14148
[11:44] <RoyK> extor: turning off atime or using relatime will probably help the best if the server handles a large amount of files
[11:44] <extor> atime and relatime dont affect raw pseudo block devices do they
[11:45] <extor> like LVM disk images for Xen VPSes
[11:45] <ikonia> extor: stop
[11:46] <RoyK> ikonia: ?
[11:47] <ikonia> RoyK: this guy is spamming every channel with this link
[11:47] <RoyK> ikonia: hehe
[11:48] <RoyK> ikonia: what link? I only see that pasted here
[11:48] <ikonia> it's in multiple channel
[11:49] <RoyK> k
[11:50] <extor> Anyone know what version of xen hypervisor and xen kernel ubuntu server comes with?
[11:52] <RoyK> ubuntu doesn't come with xen
[11:53] <ikonia> extor: the kernel version is the same as the desktop
[11:53] <extor> hrmm so is there any difference at all between ubuntu server and ubuntu desktop?
[11:54] <ikonia> yes,
[11:54] <ikonia> it's configuration is aimed at enterprise hardware, that sort of thing, not desktop functionality, such as nvidia kernel modules
[11:55] <lieuwe> hey, i'm trying to get samba to work on my server, but when i try to acces it using windows it keeps rejecting my pw, any idea whats wrong?
[11:56] <RoyK> ikonia: and ubuntu server doesn't come with X by default
[11:56] <RoyK> lieuwe: lots of things can be wrong :)
[11:56] <lieuwe> RoyK: :P
[11:56] <RoyK> lieuwe: using local users or a domain?
[11:56] <ikonia> RoyK: thats nothing to do with the kernel though
[11:56] <extor> I might want to install some X functionality to remotely run tools like virt-manager over ssh
[11:56] <lieuwe> RoyK: wut? following http://ubuntuforums.org/showthread.php?t=202605
[11:56] <RoyK> ikonia: you tell me...
[11:57] <ikonia> its' not
[11:57]  * RoyK shrugs
[11:57] <RoyK> X in kernel - that would be nice :D
[11:57] <RoyK> add gnome there too
[11:57] <RoyK> whee
[11:58] <RoyK> lieuwe: then no domain
[11:58] <lieuwe> RoyK: hm
[11:59] <lieuwe> RoyK: any idea what part i messed up?
[11:59] <RoyK> lieuwe: from the commandline, run pastebinit /etc/samba/smb.conf
[12:00] <lieuwe> RoyK: need to apt-get pastebinit first, hold on
[12:01] <lieuwe> RoyK: http://pastebin.com/gMF6pCdB
[12:02] <RoyK> the 'force' thing shouldn't be needed
[12:02] <lieuwe> RoyK: okay, lemme remove that
[12:03] <RoyK> also, if you just want to do peer-to-peer sharing, you possibly want to disable all of authentication
[12:03] <lieuwe> RoyK: yeah
[12:03] <lieuwe> RoyK: that would be nice :P
[12:03] <RoyK> security = share
[12:04] <lieuwe> RoyK: where?
[12:04] <lieuwe> RoyK: done
[12:04] <RoyK> you have security = user in your config
[12:04] <lieuwe> RoyK: yeah
[12:04] <RoyK> ok, restart samba
[12:04] <RoyK> try again
[12:04] <lieuwe> RoyK: how? the tut mentions some commands for that, but they fail
[12:05] <RoyK> /etc/init.d/smbd restart
[12:06] <lieuwe> RoyK: it asks for a password, leave empty?
[12:06] <RoyK> it shouldn't
[12:06] <lieuwe> RoyK: it does
[12:07] <RoyK> set guest ok = yes
[12:07] <RoyK> in the share
[12:07] <lieuwe> RoyK: in the [files] section?
[12:07] <RoyK> yes
[12:07] <RoyK> note - that's the name of the share
[12:08] <RoyK> btw, what have you stored under /media/samba? a disk mounted there or something?
[12:08] <lieuwe> RoyK: media/samba? wheres that? that should be /home/samba
[12:08] <RoyK> I'm just reading from your config :)
[12:09] <lieuwe> RoyK: its working!
[12:09] <RoyK> :)
[12:09] <lieuwe> RoyK: thanks :P
[12:09] <RoyK> np
[12:10] <lieuwe> RoyK: now, is it possible to have another folder shared like that?
[12:10] <RoyK> sure
[12:10] <RoyK> add [new_share]
[12:10] <RoyK> like [files]
[12:11] <lieuwe> RoyK: okay, thanks
[12:11] <lieuwe> oh, fck
[12:12] <lieuwe> RoyK: any idea where the www folder is by default? :P
[12:30] <RoyK> lionel: /var/www
[12:33] <lieuwe> is it possible to set up an automated download service on my server? e.g. for overnight downloads?
[12:33] <lieuwe> i'm already running lamp and samba on it
[12:34] <RoyK> that shouldn't be a problem
[12:34] <lieuwe> the problem is how?
[12:35] <RoyK> well, depends what you want to download, what protocol, ftp? http? torrent?
[12:35] <lieuwe> RoyK: at least torrent, prefferably http and ftp too
[12:35] <RoyK> well, it's a simple matter of scripting :)
[12:35] <lieuwe> "simple"
[12:36] <lieuwe> isn't there some prebuilt program for this?
[12:36] <RoyK> for torrent, there are several web-based ones you can install on the server
[12:36] <lieuwe> won't that have a conflict with lamp?
[12:36] <RoyK> it'll integrate into lamp
[12:36] <lieuwe> ah
[12:36] <lieuwe> hmm
[12:37] <lieuwe> but then i'd need to have a different system for http/ftp
[12:37] <JKL_> is there any possibility to be invited to #ubuntu-virt? I have had tried to create virtual machine with vmbuilder now over month without success.
[12:38] <RoyK> lieuwe: yes, or you can simply start a download manually with wget
[12:38] <lieuwe> RoyK: :P i know that, but i'm not the only one which is going to use it
[12:38] <RoyK> JKL_: virt-manager?
[12:38] <lieuwe> RoyK: in total four people need to work with it, one doesnt know linux, two barely know windows :P
[12:39] <RoyK> I'm sure someone has created that :P
[12:39] <RoyK> JKL_: virt-manager simplifies things a bit
[12:40] <JKL_> i would like to not install ui
[12:40] <JKL_> gui
[12:40] <RoyK> JKL_: just use remote X
[12:41] <JKL_> do i have to if i use virt-manager?
[12:41] <RoyK> or run virt-manager from your pc
[12:41] <JKL_> i dont have to install x to the server at all?
[12:41] <RoyK> JKL_: it'll only install the x libs
[12:41] <JKL_> ok thx
[12:41] <JKL_> maybe that is what i have to do :)
[12:42] <RoyK> JKL_: or - if you have a pc running linux, you can run it from there
[12:42] <JKL_> ssh -X should work?
[12:42] <JKL_> you mean that i can install virt-manager to another machine than my server?
[12:43] <RoyK> yes
[12:44] <RoyK> but I have never set that up - I don't know how it works with authentication etc
[12:44] <RoyK> I just use remote X
[12:44] <RoyK> and -X should be on by default
[12:44] <RoyK> try to ssh into the box and run something like xeyes
[12:45] <RoyK> lieuwe: rtgui might be worth a try
[12:45] <lieuwe> RoyK: kay,
[12:45] <lieuwe> RoyK: hmeh
[12:46] <JKL_> thanks RoyK for your time. i start to get familiar with virt-manager :)
[14:19] <RoyK> ehlo
[14:53] <JKL_> cannot parse QEMU version number in ''
[14:53] <JKL_> argh :)
[15:01] <RoyK> perhaps you have messed up the config?
[15:01] <RoyK> virt-manager should work well from the standard config
[15:04]  * SasaGloc_afk is away: Gone away for now
[15:04] <JKL_> RoyK: but I have a strong feeling that I have not changed anything
[15:05] <JKL_> I also have doubts that might it need a hardware graphic card for some reason. that is something that my server does not have
[15:06] <RoyK> why would you need that?
[15:08] <RoyK> JKL_: you do _not_ need a graphics card to run remote X
[15:11] <JKL_> i just wondered if libvirt have some weird dependencies for a graphic card
[15:12] <RoyK> JKL_: it doesn't
[15:12] <RoyK> JKL_: on my primary (private) server, I have a few VMs running, and managing them with virt-manager
[15:12] <JKL_> maybe i purge all packages and try again?
[15:12] <RoyK> yeah, try that
[15:12] <JKL_> what might be the "parent" package?
[15:13] <RoyK> make sure to remove the config files after the purge - even --purge may leave some stuff
[15:13] <RoyK> parent of what?
[15:13] <JKL_> all virtualization
[15:13] <JKL_> i dont know exactly what packages i have to purge
[15:13] <RoyK> kvm, i guess
[15:14] <JKL_> sounds a good guess
[15:14] <RoyK> unless you're trying to use xen, which is _not_ a good idea on current ubuntu
[15:14] <JKL_> kvm is what i try to use
[15:14] <JKL_> removing kvm didnt remove anything else
[15:14] <RoyK> perhaps qemu too
[15:15] <RoyK> kvm uses that
[15:15] <RoyK> or qemu uses kvm
[15:15] <JKL_> no i have only removed kvm and qemu
[15:16] <RoyK> remove libvirt as well
[15:16] <RoyK> apt-get remove --purge
[15:18] <JKL_> yeah libvirt0 removed loads of stuff
[15:19] <JKL_> no I install virt-manager again
[15:20] <JKL_> didnt help
[15:24] <RoyK> JKL_: can you possibly reinstall the box?
[15:24] <RoyK> sometimes that saves time
[15:25] <RoyK> but then - if you have a truckload of other services on it, maybe not
[15:33] <JKL_> installing a box is one option. it just rips my heart when i have to move my only graphic card around :)
[15:36] <RoyK> don't you have a null modem cable?
[15:38] <JKL_> RoyK: what would I do with null modem cable?
[15:39] <RoyK> IIRC ubuntu can be installed using a serial console
[15:40] <RoyK> thus, no need for a display adapter
[15:40]  * SpamapS is seated in LAX next to somebody wearing a maverick t-shirt.. but I don't want to interrupt his tiny movie on his giant sprint evo phone
[15:44] <JKL_> RoyK: so i could connect with telnet to it. kewl
[15:45] <RoyK> minicom would be better
[15:45] <RoyK> telnet isn't made for serial communication
[15:46] <RoyK> JKL_: the serial console was used on most boxes from early seventies to recent times, but even though it's old, it's still useful
[15:48] <JKL_> maybe I should get myself that cable
[15:48] <osmosis> everything I saw on the web about swappiness says lower value means minimal swapping. So I changed my swappiness from 60 to 10. And now I can see on the graphs that a huge swap_cache and way more swap file is in use. I was trying to turn off swapping because whenever linux starts doing random unimportant stuff with the swap file, it messes up my IO throughput. Helpful suggestions appreciated!
[15:48] <RoyK> JKL_: I guess you can get such a cable anywhere, or solder it yourself if you can't find it
[15:49] <RoyK> JKL_: just make sure you have an RS/232 port on both boxes
[15:49] <JKL_> server has one
[15:50] <JKL_> how about my laptop. i think i dont eaven bother to use this windows machine
[15:52] <JKL_> none of my laptops have it and probably virtual machine inside windows does not work... but ofc I can use livecd ^^
[15:54] <patdk-lap> osmosis, adjusting swappiness doesn't do anything about what it already did
[15:55] <patdk-lap> and large swap_cache is from reading in stuff from swap (I believe stuff that hasn't changed, so if needed, it can just be dropped, instead of getting swapped out again)
[15:55] <RoyK> osmosis: I just updated http://en.wikipedia.org/wiki/Swappiness
[15:55] <RoyK> osmosis: set it to 100 - it helps
[16:03]  * RoyK grins and looks forward to getting his 110TB boxes tomorrow ... 11x7-2TB drive RAIDz2
[16:54] <AlanMeta> Hi all, if I have another server manage the DNS for my Ubuntu server, what (if anything) would I need to configure on the server itself?
[16:55] <_ruben> most likely nothing
[16:55] <_ruben> depends on what you want to achieve tho
[16:56] <AlanMeta> well, basically I want the ubuntu server to handle one subdomain, which will have a web component, so I know I'll need to configure httpd.conf for that, but would bind need to know anything?
[16:57] <_ruben> just add the appropriate DNS records to the DNS server, nothing needed for that on the ubuntu (web)server for that
[17:00] <AlanMeta> ok cool, thanks
[17:25] <k5673> Hello Yo! Somebody with a running strongswan server configured for roadwarriors? Like Hamachi?
[17:52] <AlanMeta> is gcc version 4.3.3 still acceptable?
[18:11] <k5673> AlanMeta:There's anything bad about gcc 4.3.3
[18:11]  * SasaGloc_afk is away: Gone away for now
[18:12]  * SasaGloc is back.
[18:12] <AlanMeta> k5673 what?
[18:12] <k5673> If you have a program, and needs to be compiled with gcc 4.3.3, go ahead
[18:12] <k5673> You said (01:52:57 PM) AlanMeta: is gcc version 4.3.3 still acceptable?
[18:13] <AlanMeta> ok the reason I asked is I tried to compile git with it, and it generated errors, so I was curious if I needed to install something else first
[18:16] <k5673> AlanMeta: http://www.barregren.se/blog/how-install-git-source-ubuntu
[18:16] <k5673> https://help.ubuntu.com/community/Git
[18:16] <k5673> Hope this helps.
[18:17] <AlanMeta> thanks
[18:54] <lennart_> I just upgraded to 10.10 from 10.04 now I can't access my mediawiki, only get to initial setup page for the wiki, any idea of how to solve this?
[18:58] <lennart_> Lot of activity in here :)
[18:59] <k5673> lennart_:Do you se the initial configuration page in the url of your mediawiki?
[19:03] <lennart_> k5673: yes
[19:09] <AlanMeta> to verify in httpd.conf is still where you put all the instructions on what URLs and file locations to host is right?
[19:11] <k5673> Mmm...
[19:12] <k5673> Have you done a backup of your mediawiki folder and the mysql database....
[19:12] <k5673> ?
[19:14] <AlanMeta> huh?
[19:24] <lennart_> Solved it, the problem was that LocalSettings.php had disappeared after the upgrade so I copied over my backed up copy of that file
[19:25] <lennart_> fucking unstable to upgrade between versions
[19:25] <lennart_> wonder what else is not working
[19:26] <AlanMeta> can someone give me a url to see a sample of what a site configuration should look like for apache2.conf?
[19:27] <lennart_> ohh next issue, the left side page in nagios have disappeard?
[19:32] <lennart_> anyone have any idea of how to fix nagios?
[19:58] <k5673> lennart_: Save your configs in other place ( backup ), and do an apt-get remove --purge nagios3. Then apt-get intall nagios3 an copy your customized files.
[19:58] <k5673> install
[20:10] <AlanMeta> for Jaunty, is there a packaged php 5.3.3?
[20:15] <k5673> AlanMeta: take a look into http://packages.ubuntu.com
[20:41] <MTecknology> How hard would it be to run nginx and php inside of a chroot?
[20:42] <pmatulis> AlanMeta: no, not by standard means.  you will have to force something
[20:42] <qman__> AlanMeta, site configurations go in /etc/apache2/sites-available/, not apache2.conf nor httpd.conf
[20:43] <k5673> MTecknology: you can do a debootstrap, then chroot in and apt-get install nginx php5
[20:44] <MTecknology> k5673: yup.. but then how do I make it start from inside of there when I boot up my system?
[20:45] <MTecknology> k5673: I'm going to have a pretty funky setup when I'm done so in effort to keep it clean, I'm trying to understand everything before going into anything
[20:45] <k5673> Ah! Pretty complex thing...!
[20:45] <k5673> So..
[20:46] <khussein> Guys, I have a question that is gonna sound simple, but no I am not asking about chmod, groups, or any of that. How do I give another account on my system access to a specific file in my home folder?
[20:47] <k5673> MTecknology: You can do a bash script like chroot /mychrootednginx && /etc/init.d/nginx start
[20:47] <khussein> The obvious solution is to create a group, add myself and the other user to it, then give permission to this group.
[20:47] <k5673> khussein: Tried to modify the permissions of the file with chown
[20:48] <MTecknology> k5673: .... it would be that simple!?
[20:48] <k5673> khussein: Yes.
[20:48] <MTecknology> I'm guessing the yes was for me :P
[20:48] <k5673> MTecknology: Yes
[20:48] <MTecknology> That just seems way to simple
[20:48] <k5673> That's your yes
[20:49] <khussein> This doesn't scale tho. It doesn't make sense to create lots of groups for every file that I wanna share with a different user.
[20:49] <k5673> MTecknology: You will not lose anything trying it
[20:50] <MTecknology> k5673: I'll be ready to try in about 10 min - I need to try out this kernel
[20:51] <k5673> khussein: add the user who wants to see the file to the group of the owner
[20:51] <k5673> khussein: You do not have to create groups. They're already there.
[20:52] <qman__> unless you want to give that user access to all your files, you do
[20:52] <khussein> k5673: I own files X and Y. what if I want user A to access file X only. Then user B to access file Y?
[20:52] <qman__> you're right that it doesn't scale very well under those specific conditions
[20:52] <qman__> but that's a pretty rare requirement
[20:52] <khussein> You'll need two groups for this case, right?
[20:53] <qman__> there is one trick you could use
[20:53] <qman__> change the group owner of file X to that user A's group
[20:53] <qman__> and likewise file X's group owner to user B's group
[20:53] <k5673> Apply the chown to the file to share
[20:54] <k5673> khussein
[20:54] <qman__> you remain the file owner, and achieve what you wanted
[20:54] <MTecknology> ok... I tried to live without aptitude for a while... but I can't do it
[20:55] <khussein> qman__: Yeah, this would work better I guess. But then again, can't user A add user B to A's group, and get easy access?
[20:55] <qman__> khussein, that gives easy access to all of user A's files
[20:55] <khussein> qman__: I understand that it may sound like a rare requirement, but I promise you it is real :).
[20:55] <qman__> if you want least permission, that's not going to work
[20:55] <khussein> Right.
[20:56] <khussein> hmm .. maybe filesystem with acls
[20:56] <qman__> but by default each user has his own group
[20:56] <qman__> so changing the group to the one user you want to share with works
[20:56] <qman__> if you want to share with more than one though, you need to create a new one
[20:57] <qman__> filesystem acls are very tedious to configure and use
[20:57] <khussein> It is .. which is why I started asking the question here and I was hoping that I am missing something.
[20:57] <qman__> rather than manually configure just the files you want to share, you have to manually configure all your files
[20:58] <khussein> Oh really? I didn't think so. But maybe you are right, I haven't done a lot of work on them yet.
[20:58] <k5673> MTecknology: do not resist to the unstoppable power of apt! Mwahahahaha!
[20:58] <qman__> well, it may have sensible defaults
[20:58] <qman__> but any time you need to change something, it's a lot more complicated
[20:58] <MTecknology> k5673: I love aptitude... but apt-get is just horrible
[20:58] <qman__> and if you want it actually locked down, it's a lot more work
[20:59] <qman__> a quote I heard and very much agree with
[20:59] <qman__> if the unix permission scheme can't achieve what you want, your system is too complex and should be redesigned
[20:59] <khussein> qman__: :) I don't know if I buy this one. How old is it?
[21:00] <khussein> It used to work perfectly .. but now with resource delegation and all that kinda stuff. I can certainly see the case for it.
[21:00] <qman__> about as old as the argument for acls on linux
[21:00] <khussein> But again, you are right acls are just too complicated and hard to get it right.
[21:01] <qman__> you have to be a bit clever sometimes, but the unix permission scheme is actually very flexible
[21:01] <khussein> It almost sounds like something new needs to come out to solve this situation in a much simpler way.
[21:02] <khussein> unix permission is very simple and hence flexible, but you may end up creating a lot of groups to really achieve what you are trying to do.
[21:02] <khussein> And even then, it isn't secure, and allows other users to give themselves access to your file.
[21:03] <qman__> that's not true
[21:03] <qman__> it's very secure
[21:03] <khussein> Well, I didn't mean it that way :). So, I take it back.
[21:03] <qman__> it's only insecure when not configured correctly
[21:04] <MTecknology> 139 packages instealed on my server :P
[21:04] <pmatulis> i wouldn't say that 'simple' implies 'flexible', i would almost say the reverse
[21:05] <khussein> pmatulis: It is simple on how to implement it, right?
[21:05] <k5673> MTecknology: but apt is your monochrome vt100-style friend who resolves the dependencies and install software for you!
[21:05] <k5673> Joke
[21:06] <MTecknology> k5673: aptitude does this - and does it well :)
[21:06] <khussein> qman__: thank you. I really appreciate your help.
[21:06] <MTecknology> k5673: it even yells at me when I choose to remove all of python and most of perl from my system :P
[21:06] <AlanMeta> if you do a apt-get upgrade, and it replies back with packages that will not be upgraded, but those are the ones I want to upgrade. How do I tell it to upgrade those?
[21:06] <pmatulis> the fact that in unix you can't have a group can give you a pretty broken setup in certain situations
[21:06] <khussein> I'll catch you guys later. thanks :)
[21:06] <pmatulis> "group within a group"
[21:06] <k5673> MTecknology: apt have feelings too.
[21:07] <khussein> pmatulis: what?
[21:07] <pmatulis> khussein: see above
[21:09] <khussein> "group within a group" is this something you are suggesting?
[21:09] <qman__> he's just saying that feature is absent in the unix permissions scheme
[21:09] <qman__> it would be useful in some situations
[21:10] <khussein> Ah yes. I completely agree.
[21:10] <khussein> It may sound even more complicated, but I was brainstorming about using LDAP.
[21:11] <qman__> I never said it was perfect, just that acls don't really improve things
[21:11] <qman__> you go from the possibly too simple, to the definitely too complex
[21:11] <khussein> The concept of hierarchal organization of users and groups is definitely missing.
[21:11] <AlanMeta> if I tell apt-get to remove several packages, and then tell it to install them again, will it get the "official" build if another repo has a newer build?
[21:11] <MTecknology> k5673: :S... It seems I can initiate nginx from inside of the chroot but not manipulate it from there :P
[21:12] <khussein> qman__: You are right, which is why I was thinking maybe there needs to be something in the middle. Not that simple, but isn't too complicated to achieve a simple task.
[21:12] <MTecknology> k5673: I can't run top inside - but I can run top outside ... must be mount points
[21:13] <MTecknology> k5673: this is kinda cool... it's like the system running in the chroot will run as if it's running on the host, but be locked to that environment
[21:14] <MTecknology> k5673: btw.. that command you gave me doesn't work...
[21:14] <MTecknology> k5673: it waits until you exit the chroot
[21:14] <k5673> MTecknology: Of course. And is like a sandbox. You can do anything (almost) without destroying your real environment.
[21:14] <AlanMeta> anyone?
[21:15] <qman__> AlanMeta, that's what upgrade is for
[21:15] <qman__> but yes
[21:15] <k5673> AlanMeta: Always the official
[21:15] <AlanMeta> how can I over ride that?
[21:15] <k5673> MTecknology: the command for running nginx?
[21:15] <qman__> by holding/pinning a package
[21:16] <MTecknology> k5673: that command would work great if I could make it launch inside of the chroot
[21:16] <k5673> MTecknology: Do a bash script
[21:16] <MTecknology> k5673: OH!
[21:16] <MTecknology> k5673: no &&
[21:17] <MTecknology> k5673: chroot /opt/websites-basic /etc/init.d/nginx start
[21:17] <k5673> MTecknology: chroot /opt/websites-basic /etc/init.d/nginx start &
[21:18] <MTecknology> k5673: except that it seems trying to stop it the same way doesn't work :P
[21:18] <talcite> hey guys. I'm having trouble copying files to my OCFS2 array. Can someone help me debug? It was working in the past, but possibly an update broke it?
[21:18] <k5673> MTecknology: The ampersand at the end will send the command to background
[21:18] <k5673> MTecknology: &
[21:18] <MTecknology> k5673: it doesn't need to go to the background though
[21:18] <MTecknology> k5673: chroot /opt/websites-basic /etc/init.d/nginx start  <--- starts nginx
[21:19] <MTecknology> k5673: chroot /opt/websites-basic /etc/init.d/nginx stop  <--- does not stop nginx
[21:19] <AlanMeta> http://pastebin.com/QAd7Wcxj << this is what I'm getting, the newer files are on an alternate repo. Any suggestions to tell it to install it?
[21:21] <MTecknology> k5673: :S... I can't kill anything inside of the chroot without killing the pid :S....
[21:21] <k5673> Mmm
[21:25] <k5673> MTecknology: You can try this http://pastebin.com/KEQ7efU4
[21:26] <MTecknology> k5673: GOT IT!
[21:26] <MTecknology> I didn't mount proc correctly
[21:26] <MTecknology> it couldn't figure out what the pid was
[21:28] <k5673> MTecknology: some filesystems aren't available in a chrooted environment
[21:28] <MTecknology> k5673: mount -o bind /{dev,proc} /opt/websites-basic/{dev,proc} :D
[21:29] <k5673> MTecknology: i'll save that string.
[21:29] <MTecknology> k5673: obviously not exactly what I ran.. it was two commands ;)
[21:29] <k5673> Yeah
[21:29] <k5673> Right
[21:32] <MTecknology> I think I found a bug...
[21:33] <k5673> MTecknology: What bug?
[21:34] <MTecknology> k5673: when installing php5-fpm.. the default config assumes /var/www exists but doesn't verify.. so before installing it you need to 'mkdir /var/www' or it will fail to install because it will fail to start because the config is broken
[21:35] <AlanMeta> can anyone help me?
[21:35] <qman__> AlanMeta, using debian repositories on ubuntu is a bad idea
[21:37] <AlanMeta> qman__ ah ok, I was following the directions here: http://kevin.vanzonneveld.net/techblog/article/prepare_for_php_53/
[21:39] <guntbert> AlanMeta: php 5.3 is in the repos, no need for jumping through hoops
[21:39] <AlanMeta> its not for jaunty which is the only thing I can run on my vps :-(
[21:41] <guntbert> I see, thats 5.2
[21:41] <AlanMeta> yeah and running something that requires 5.3
[21:41] <guntbert> AlanMeta: did you look into backports?
[21:42] <AlanMeta> backports?
[21:42] <k5673> AlanMeta: http://packages.ubuntu.com
[21:44] <AlanMeta> php is not in the backports :-(
[21:44] <guntbert> AlanMeta: did you see http://zippykid.com/blog/2009/08/building-php-5-3-packages-on-ubuntu-9-04-jaunty-for-apache-2/ ?
[21:46] <AlanMeta> lol, my apt-get can't find checkinstall, I have downloaded the code already but not sure how to configure it, what came with it, doesn't have the configure section in phpinfo()
[23:57] <nagchampa> the ubuntu server guide is extremely vague on postfix setup
[23:57] <nagchampa> sorry
[23:58] <nagchampa> i mean, in regards to settup up an email gateway
[23:58] <patdk-lap> heh? what is an email gateway?
[23:58] <nagchampa> https://help.ubuntu.com/10.04/serverguide/C/mail-filtering.html
[23:58] <nagchampa> sorry, now i'm beign vague :p
[23:59]  * patdk-lap wonders what mail filtering has to do with email gateway (whatever that is) at all?
[23:59] <patdk-lap> setting up an incoming email server is pretty simple
[23:59] <patdk-lap> just have it receive email, and do whatever you want with it, but don't bounce it