=== erichammond1 is now known as erichammond [00:20] How do I sett up a cron command, to run chmod -R 777 /path/ [00:30] eriksson25: why do you need to do that continually? [00:32] have a folder that that my admin user creates folders in, and need to have 777 permissons on those folders to be able to change them with a other user over samba. [00:34] in the crontab, shuld the actual comand be, or shuld it link to a other .cron that contains the comand? [01:06] Hey guys, can anyone help me with a problem? [01:06] If theres anybody paying attention [01:07] Wow, the ubuntu channel is sprawling with people and yet nobody says a word on here [01:13] cygnus, as per the rules of irc, only solve questions, not questions about questions [01:13] but he is gone anyways [01:16] New bug: #689472 in quagga (main) "package quagga 0.99.15-1ubuntu0.1 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/689472 [01:58] Patrickdk, they never seem to stick around long [02:08] wtf [02:09] ya, 2min is defently not long enough on irc [02:09] I installed the ntp package and setup so my local network can sync off my ntp daemon but its not working [02:09] exactly how did you setup? [02:09] trying to telnet on port 123 gives connection refused [02:09] ntp doesn't use tcp, won't work :) [02:09] oops [02:09] yeah, forgot udp [02:10] ntp.conf needs many changes also [02:10] i used this parameter in ntp.conf [02:10] restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap [02:10] that should work fine [02:10] and broadcast 192.168.1.255 [02:10] use ntpdate on another machine to check it [02:10] forgot broadcast nothing really uses it at all [02:10] windows machines? [02:10] i try and it says no suitable server found [02:10] 12 Dec 21:06:35 ntpdate[8788]: no server suitable for synchronization found [02:11] well, ntp has too be running for awhile, (5-15min atleast) before it stabilizes, and will serve time [02:11] otherwise it will reject requests [02:11] oh [02:11] wow [02:11] I didn't know that, thanks. [02:11] unless it knows it has good time, it won't give out time :) [02:11] patdk-lap: just when you said that, it worked [02:11] hehe [02:12] patdk-lap: can I have ntpd serve time to people outside my lan too? [02:12] or is that a bad idea [02:12] yep [02:12] I do it [02:12] what do I need to change for that [02:12] ntp.patrickdk.com I think [02:12] I chane the defaults to: [02:12] restrict -4 default notrap nomodify nopeer [02:12] restrict -6 default notrap nomodify nopeer [02:13] Not NN.pool.ntp.org [02:13] ? [02:13] twb, it's in pool also [02:13] but using my own domain, I have my own servers setup to use it, besides just the pool [02:13] my ntp servers are in the pool, but the clusters of servers behind and with them, just use mine [02:13] My DHCP server tells DHCP clients to use my local NTP server, but AFAICT Ubuntu ignores them (except d-i). [02:13] patdk-lap: can you test if getting time from stiv2k.info works [02:14] server 72.188.7.219, stratum 2, offset 0.039795, delay 0.06297 [02:14] 12 Dec 21:14:22 ntpdate[6344]: adjust time server 72.188.7.219 offset 0.039795 sec [02:14] hmm so it already works then [02:15] you have a firewall on that machine? [02:15] yes [02:15] i already had the port forwarded [02:15] from before [02:15] if you put it in the ntp pool. be careful [02:15] it will easily overflow conntrack [02:15] why [02:15] oh [02:15] i'll get thousands of requests? [02:15] yep [02:15] even with a large pool? [02:16] if you use some of the slower connection speeds, you won't *often* get a flood [02:16] but I normally only use the highest speed setting [02:17] actually, since that guy started redirecting all turkey dns traffic to a dummy server, it's been a lot better [02:17] what do you mean speed setting [02:17] on the ntp pool website [02:24] another issue i'm having is that my cups keeps pausing the printer with a backend error after every print job [02:25] http://paste.neoturbine.net/98229 [02:25] that is the cups error log [02:28] any ideas? [02:58] how to fix the following security vulnerablity [02:59] http://marc.info/?l=full-disclosure&m=129175358621826&w=2 [02:59] about econet issue? [03:03] <_Techie_> is there any way to install windows inside a ext partition? === Psi-Jack_ is now known as Psi-Jack [03:05] _Techie_: ##windows [03:05] There is a way, but only under virtualization where Windows itself thinks it's a primary partition, or rather, a full raw hard drive, but I'm sure that's not what you were thinking. [03:06] <_Techie_> if it just emulated the HDD then im happy [03:06] <_Techie_> i just dont want it to emulate the CPU and everything else [03:06] AFAIK neither Windows' bootloader nor kernel contains drivers for ext, thus AT BEST you will only be able to store data (i.e. D:) on ext. [03:07] I'm not aware of any virtualization technology that can present a virtual HDD *to Windows* without emulating an entire system. [03:08] Obviously LXC/OpenVZ can approximate that for Linux clients, but that's because both host and guest share a kernel. [03:08] <_Techie_> okay, is there any way to safely resize the ubuntu-server partition and install windows side by side without screwing up everything [03:08] _Techie_: I don't know; I haven't used Windows for about ten years. [03:09] _Techie_: normal procedure is to install Windows *first*, because Ubuntu understands Windows partitions, but not vice-versa. [03:09] <_Techie_> yeah [03:10] <_Techie_> i would have done that, but only recently has the idea of doing windows stuff on this machine arised [03:10] I suspect you can simply shrink your ext partition, install windows, then boot a live medium and reinstall the bootloader. [03:10] <_Techie_> i can do that, but i dont trust gparrted that much === squishy is now known as SquishyNotHere === Belgrano_29_H is now known as mterron [04:36] HELP~ one of my linux servers has been overcome with about 50 processes running a command called dtmss! [04:37] they are connecting from various random ip addresses, I can killall the processes, but I don't know where they came from! [04:39] they are running under the www-data user [04:43] ok, stop killing them all [04:43] the www-data user, what does it look like in /etc/passwd? [04:43] cat /etc/passwd | grep -i www-data [04:43] and lsof | grep dtmss [04:43] don't paste a huge thing from lsof in here, find a pastebot [04:44] fluvvell: all of this is pointed at you [04:49] The_Tick, Hi, ok just looking up www-data now [04:50] The_Tick, just one entry www-data:x:33:33:www-data:/var/www:/bin/sh [04:50] Wait, why should www-data have a shell? [04:50] set that to not have a shell [04:50] starting off [04:50] you're getting hacked [04:51] you need to figure out where that dtmss lives on the box [04:51] or [04:51] it's a torrenting app [04:51] a find command ? [04:51] fluvvell: sounds like you're running a PHP app [04:51] find / -name 'dtmss' [04:51] twb: sounds like torrents to me [04:52] The_Tick: yes, but the reason he got owned was he ran a PHP ap [04:52] twb, my web server has php [04:52] I have a locally written content manager in php [04:53] twb: hehe [04:53] fluvvell: you have a poorly written one most likely [04:53] The_Tick, twb, I have found the dtmss in /tmp [04:53] yeah, [04:53] fluvvell: don't rm it yet [04:53] investigate that fil [04:53] * fluvvell flogging my programmer [04:53] file [04:53] see who owns it [04:54] www-data [04:54] its binary [04:54] well there you go [04:54] ya, heh [04:54] anything else in /tmp? [04:54] see if www-data has a history of commands [04:54] barbut [04:55] if it were me [04:55] I'd reimage the box [04:55] uh, but they don't have a home directory? [04:55] and restore from backup [04:55] I think re-imaging might be a good idea [04:55] and then harden the box [04:56] then put it back on the net [04:56] in other words [04:56] Owch, re-writing the website under a new content manager?? [04:56] Reimaging the box won't help if he doesn't also fix the shitty code [04:56] twb, lol [04:56] fix your shitty code [04:56] why do you have a custom built local thing when there's 30 oss packages which are maintained normally? [04:57] but you're right. Its written by shitty@code.com. I'll just send him an email. [04:57] rewrite it in python ;) [04:57] The_Tick: because the 30 oss packages are also full of security holes :P [04:58] The_Tick, I might have to get an off the shelf cms, got any recommendations? [04:58] twb: hehe [04:58] cough wordpress cough phpbb [04:58] doh, asked the stupid question. [04:58] fluvvell: depends on what you need [04:58] Isn't w**dpress written in php twb ??? LOL [04:58] fluvvell: yes, which is a contributing factor in its poor security history [04:59] twb, from what I've read, they've made a bit of progress in that area [04:59] IME CMSs are designed for stupid people, by stupid people. I don't think I've seen one that I'd recommend, except maybe to an enemy. [04:59] fluvvell: what exactly do you need to do? [04:59] do either of you want a copy of the hackers code to look at? [04:59] don't say "cms" [04:59] nope [04:59] he he [05:00] http://en.wikipedia.org/wiki/Functional_requirements [05:00] Just a clients website, it wasn't too complicated. I think I could implement it in wordpress. [05:00] no no [05:00] what does the website need? [05:01] before I answer, should I kill off the shells that my hacker still has open? [05:01] umm yes [05:01] rm the binary [05:01] then kill them all [05:02] change the shell [05:02] check for anything in /etc/rc* [05:02] for restarting their shittiness [05:02] fluvvell: http://www.porcupine.org/forensics/ [05:03] have heard about the coroners toolkit before [05:03] I was mainly pointing to the textbook (first link) [05:04] Interesting [05:06] Well I've shut down the web server, but of course that puts their website offline :( So being 3 days from my summer holiday of 3 weeks, anybody got a quick suggestion that will keep my mental health intact? [05:06] reimage, restore from backup, lock down [05:06] * fluvvell kicks self, hunts for instant magic solution, fully aware it does not exist [05:06] yes, reimage [05:06] Reinstall the machine, but leave the website turned off [05:07] only a nights work I guess [05:07] figure out how they got in [05:07] then force the user to fix it [05:07] before it goes online [05:07] use virtual machines [05:07] The_Tick: since it was owned by www-data, it's a safe assumption is was something within the www-data group that was exposed [05:08] Using a VM won't stop the abitrary-execution-with-user-privileges hole in his CMS [05:08] Users are all samba users, plus my programmer who has left to run kids camps, and only programs part time now. [05:08] twb: agreed [05:08] Yes, I'd say most definately it was a php vulnerability [05:08] twb: it'll make it easier to revert the vm since I have a feeling he'll run into this again [05:08] The_Tick: true [05:12] I'd probably best get someone to convert the4 website to wordpress [05:12] fluvvell: again [05:12] what does the user actually need [05:12] you may not need a cms [05:13] The_Tick, okay, I see your point. They havn't done a lot of content update themselves. [05:19] The_Tick, checking it out, they have changed details here and there, contact names etc, added some text to their product line descriptions. It used to be about 5 pages with links etc, not much changed there. [05:31] nope, all the /etc/rc* directories look standard, and rc.local is untouched from standard [05:32] so twb, you'd be more keen on Django ? Being a python based content manager? [05:36] Look, the bottom line is that anyone can write an insecure web app [05:37] twb, its true [05:37] PHP targets newbies, and newbies make more mistakes [05:37] So as a rule of thumb, I'd prefer python over php -- but that doesn't mean it won't be full of holes [05:37] And hey, python is targeted at newbies, too [05:38] twb, yes [05:39] twb, The_Tick, many thanks for the help. I've got to go collecting for the food bank, but I'll schedule in a reimage on the server for tomorrow night. warm regards to you both. [05:39] Whatever [05:40] shut the box down now [05:40] until you can work on it [05:45] Hear hear [08:01] Hey, for years I was a Windows-Admin now switching to Linux. I used Exchange behind a VPN. User can`t use IMAP and SMTP without VPN connection. Is it reasonable to do the same with my Ubuntu-Postfix-Cyrus installation? [08:03] I have OpenVPN. If it is reasonable how do I configure Cyrus and Postfix to accept connections only from local networks. [08:11] Frenk: don't run them on the bastion? [08:13] twb, sorry but i dont know what you mean =/ my english isnt as good [08:13] Frenk: the "bastion" is the host that sits between your network and other networks, and routes traffic between them [08:14] If cyrus runs on any other host, and the bastion firewalls it, then it will inherently be inaccessible from other networks [08:14] oh ok i got it [08:15] http://de.wikipedia.org/wiki/Bastion_Host [08:16] thx for german version hehe [08:19] is my idea right? = i set up a bastion host for vpn, the cyrus is on another host and is blocking all connections except from the bastions ip [08:19] because both hosts are servers pointed directly to the internet (root hosting) [08:20] If both hosts are directly on the internet, you do not HAVE a network [08:22] If it's just a VPS on the internet somewhere, you would put everything on one box, and configure the firewall to only allow connections to postfix/cyrus from the VPN's subnet. [08:22] oh ok [08:23] You could ALSO tell postfix and cyrus to only bind to that interface, but that requires you to use static IPs, and to bring up the network before starting postfix/cyrus. [08:23] If the VPN is only there to control access to IMAP and SMTP, I would instead just use SSL. [08:23] I'd also use dovecot instead of cyrus. [08:24] I use imapS only. but i thought that double authentification (vpn + cyrus) is good [08:24] I don't see why [08:25] Because people will need keys to access the network and then their passwords to access the mailbox [08:25] To prevent hacking of the mailboxes [08:25] or is it useless? [08:26] So you want it for multi-factor authentication? [08:26] i.e. so you need both a key and a password? [08:26] yes [08:26] right [08:26] I *think* you can do that with SSL, by configuring two-way SSL handshaking [08:26] ok ill google it [08:26] and why dovecot over cyrus? [08:26] i.e. each client machine also has an SSL keypair and an SSL cert [08:27] its all in all for 15 people so i think individual ssl key isnt a problem [08:28] Mainly because dovecot seems to be more active, and (I think) it's Ubuntu's preferred implementation [08:29] Yeah, cyrus is in universe, dovecot is in main. [08:30] https://help.ubuntu.com/10.04/serverguide/C/dovecot-server.html [08:30] Since i am new to *nix i use artica (postfix-cyrus-webinterface-amavid and many more features) for email with snort with snorby as ids [08:30] Do not trust just any article you find [08:31] In particular, check when it was written, and for which version of Ubuntu [08:31] ok [08:31] One of my coworkers keeps using really old articles and I have to hit him with a stick... :-/ [08:31] hehe [08:32] aand artica is using cyrus as default - thats why im using cyrus =D [08:32] okay ill search for ssl handshake, thx a lot! === doko_ is now known as doko === Psi-Jack_ is now known as Psi-Jack [10:08] hi guys [10:09] i have i question, how do i create such system if server is down, i give user a static styled html msg with temp down info [10:10] i know its possible i just dont know how [10:11] <_ruben> udens: you'll need to put a reverse proxy in front of that server which would give you that functionality [10:12] so this reverse proxy would chek if site is down and then display static html? [10:12] <_ruben> basically,l yes [10:12] is it possible to show different html for different domain? [10:12] <_ruben> most reverse proxies offer that as a feature, yes [10:12] thanks _ruben [10:12] Of course, then your reverse proxy would be a SPOF [10:13] thanks guys im just new to this :) [10:13] google didnt help this time [10:13] <_ruben> twb: that probably isn't an issue, as without it, it already is an spof on its own ;) [10:14] <_ruben> just add one more spof ;) [10:14] two spofs is worse than one [10:15] <_ruben> twb: true, but if one wouldn't matter, why would two ? ;) [10:15] Bah [10:15] Enough of your "logic" [10:15] <_ruben> if one cares about spofs, the "backend" would be HA as well ;) [10:17] <_ruben> heh === Fookin_Prawn is now known as fookin === fookin is now known as Fookin_Prawn === hackeron_ is now known as hackeron === Psi-Jack_ is now known as Psi-Jack [13:38] hey guys i need some help with smtp. i have it setup to use startttls on my smtp server yet now its having problems sending out going emails :( [13:38] any one able to help me [13:43] <_ruben> eagles0513875: you'll need to be much more specific & elaborate .. good starting point would be to pastebin the config and relevant logs [13:44] _ruben: what port does starttls use [13:46] !postfix | eagles0513875 [13:46] eagles0513875, please see my private message [13:48] basically _ruben starttls isnt able to establish a connection to my server :( [13:51] _ruben: this is the error message im getting as im trying to send this email [13:51] Sending of message failed. [13:51] An error occurred sending mail: Unable to establish a secure link with SMTP server eagleeyet.net using STARTTLS since it doesn't advertise that feature. Switch off STARTTLS for that server or contact your service provider. [13:54] starttls isn't a what or an it [13:54] thats odd [13:54] O_o [13:54] Hi, I can use some advice as i'm setting up my first dedicated server and i'm not sure as to do i need to install a mail server like Postfix for PHP scripts to be able to send email using the mail() function or is there a better and more efficient method? [13:54] patdk-wk: i think i have isolated this issue to thunder bird [13:55] so you selected the, require encryption option, and didn't turn on encryption support on your server? [13:55] its been working up until this afternoon patdk-wk [13:55] what doesnt make sense [13:56] is that i can send an outgoign email from squirrelmail but not thunderbird mail client [13:56] well, when it installs, it installs a dummy certificate, did that dummy cert expire? [13:57] fixed it [13:57] hmm, dummy cert made for 10years here [14:01] patdk-wk: O_o it might have but i think its a port issue [14:01] patdk-wk: what file do i need to look at for the port smtp is using [14:03] master.cf [14:04] and maybe /etc/services [14:07] patdk-wk: where exactly would it tell me what port im using === ubax is now known as uba [14:08] netstat -atnp [14:09] tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN <-- that good like that [14:09] instead of that smiley its supposed to be :* [14:09] : * [14:09] heh? what smiley? [14:09] you need a proper irc client [14:10] im using kvirc [14:10] does that look right to u though [14:11] it's ok, but you shouldn't be using that for thunderbird or stuff [14:11] im not [14:11] im accessing my mail server with it as my client [14:12] heh [14:12] you should never talk to a mail server using port 25 :) [14:12] it's unreliable [14:13] O_o [14:13] what other port can i use starttls with [14:13] 587? [14:13] firefox is defaulting to 587 should i use that instead [14:14] thunderbird i mean [14:14] patdk-wk: when it searches for the settings automatically it keeps setting the port to 587 for out going [14:14] for some reason [14:16] patdk-wk: i really need to get this back up :( [14:24] Hi, any ubuntu server dev here? [14:29] :( [14:39] :( [14:42] patdk-wk: what i find odd is i can use squirrelmail to send emails just fine [14:42] Is squirrelmail running on mail server? [14:42] 15:12 < patdk-wk> you should never talk to a mail server using port 25 :) [14:42] Uh? :) [14:43] jeeves, way too many isp's, hotels, wifi hotspots, ... blocking or redirecting it [14:44] port 587 was always made for user access [14:44] Jeeves_: I think what patdk-wk is trying to say is that if you can, you should provide yourself with port other than 25 where you can connect to your smtp server, as port 25 is often blocked by ISP's. [14:44] It was simply rather poorly phrased. [14:44] I love how the iphone uses port 25 by default, and at&t blocks it in most places [14:45] You're supposed to use AT&T's SMTP server, aren't you? [14:45] soren: Indeed, you are. [14:46] interesting how can i reconfigure postfix to use 587 instead patdk-wk [14:46] patdk-wk: 587 never made it for normal use [14:46] oh ya, like at&t's smtp server is safe for sfp or dkim [14:46] eagles0513875, postfix uses port 587 by default :) [14:46] Did I say it was? [14:46] as if spf or dkim help :) [14:46] * soren scrolls up [14:46] Nope. [14:46] O_O patdk-lap then what is port 25 used for [14:46] server to server [14:46] patdk-wk: Stop talking nonsense [14:47] You're talking RFC's, not use. [14:47] port 25 is used for delivering email from server to server, as well as from client to server. [14:47] heh? it's been that way on my servers for >10years [14:47] no user can use port 25 [14:47] Jeeves_: well im having an issue though [14:47] patdk-wk: Than you're quite special :) [14:47] I don't allow use logins to port 25 and reject relay [14:47] its probably a thunderbird bug [14:47] user [14:48] thing is with squirrelmail things work fine with port 25 [14:48] That's just silly. [14:49] squirrelmail is on the postfix box though isn't it? and thunderbird isn't? [14:49] patdk-wk: ya thats right [14:49] thign is im on the same network as the postfix box [14:49] ya, so completely unrelated [14:49] eagles0513875: If i see the message above, thunderbird is not going to use tls because the server isn't saying it supports is [14:49] same subnet and everything [14:49] Jeeves_: ? [14:49] Jeeves_: whats funny is it was working just fine earlier this afternoon [14:49] let me try again on my mac [14:49] 14:51 < eagles0513875> An error occurred sending mail: Unable to establish a secure link with SMTP server eagleeyet.net using STARTTLS since it doesn't advertise that feature. Switch off STARTTLS for that server or contact your service provider. [14:50] That's where you client is connecting to port 25 (or 587 for that matter) and checking if postfix responds to EHLO with STARTTLS [14:50] It seems like postfix isn't doing that [14:51] so try and pastebin this: [14:51] Jeeves_: mac laptop is working fine :( [14:51] open a terminal [14:51] bah i swear this desktop is starting to frustrate me [14:51] let me test one other thing [14:51] type 'telnet 25' [14:51] type EHLO . [14:51] type quit [14:52] and pastebin the output [14:52] Jeeves_: i have isolated the problem to this pc [14:52] eagles0513875: Ok, nevermind than. Have fun [14:53] Jeeves_: ha thats what i get for trying to run windows lol [14:53] i thought it was a problem with the email server at first [14:54] anti-virus doing a smtp redirect? killing ssl support :) [14:54] patdk-wk: nope [14:54] Hi everyone, I'd like to report a problem with either ubuntu-server 10.04 installer or documentation regarding option "Minimal virtual system". [14:55] someone from the dev team is around? [14:58] mterron: just post your problem and someone will answer if they know the answer [14:59] I know eagles051387, I've already fixed it, but i'd like to report it to someone on the dev team [15:02] mterron: report any bugs on http://launchpad.net [15:02] ok, thanks a lot eagles0513875 [15:03] no problemo m8 :) === SquishyNotHere is now known as squishy [15:21] soren: looking at lp:vmbuilder - do i understand right that you just take the bzr tree, drop in the debian/ dir, and call that the package? Or is there some other process to it? [15:23] hallyn_: Honestly, I don't remember. There may be a packaging branch somewhere. [15:23] hallyn_: Let me look real quick. [15:25] soren: I do see lp:ubuntu/natty/vm-builder as well [15:28] hallyn_: That happens automatically. [15:28] hallyn_: All packages have that. [15:28] i see [15:28] Except the few that fail to get imported, but generally they are there for all packages. [15:28] hallyn_: mvo has been working a bit on vmbuilder recently. [15:28] hallyn_: He also did an upload. You could ask him? [15:29] soren: will do, thanks [15:29] Sure. [15:33] Hello all [15:34] What happens when u create a new key if one is already in place? Will it replace the current key? [15:37] Anyone? Lol... [15:47] New bug: #689715 in dhcp3 (universe) "package dhcp3-server 3.1.3-2ubuntu3 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/689715 [15:48] :( [15:57] Goooood morning all [16:04] Daviey: ping === Mr_mist is now known as mrmist [16:22] SpamapS: ping lemme know when you are around === Mr_mist is now known as mrmist [16:26] zul: pingalingadingdong [16:26] SpamapS: i started to look at the cobbler packaging stuff where is your cobbler packaging branch so I dont duplicate effort [16:31] zul: all of our branches are linked to https://blueprints.launchpad.net/ubuntu/+spec/cloud-server-n-install-service [16:31] https://code.launchpad.net/~clint-fewbar/+junk/cobbler-packaging-enhancements [16:31] there's mine [16:31] SpamapS: whoops yeah [16:31] actually I think I need to push some to that [16:47] What could cause a mail server to flood my network... I have to restart it in order to regain internet... [16:51] Any recommendations on a CRM/ERP that would support trouble ticketing and possibly something like accounting/fixed asset management (or know of anything close)....? [16:51] request tracker [16:54] Cdubya try spicworks 5.0 it has an awesome helpdesk for tickets and inventory and purchases === squishy is now known as SquishyNotHere [16:58] Hey, I have torubles with Postix =( mail postfix/smtp[9438]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter but I have smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password in my conf [16:59] Does anyone here use pen for load balancing between servers in production? I'd like to know your experiences with it. [17:07] New bug: #689747 in clamav (main) "package clamav-base 0.96.3+dfsg-2ubuntu1.0.10.04.2 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück" [Undecided,New] https://launchpad.net/bugs/689747 [17:10] hggdh: o/ [17:10] Daviey: do we still need a test on the Maverick for Euca? [17:12] Can anyone help with an issue with my mail server? I have to keep restarting because the internet keeps going down... [17:12] i have sun fire x4150.. before I install ubuntu i like to find out if it will recognize all the devices.. can alternate iso do that without installing ? in otherwords can I use alternate iso as live cd ? [17:13] And inorder to get internet connection I have to rebooot [17:13] As soon as the server is down my internet connection returns... [17:14] i am planning to install ubuntu 10.04.1 LTS [17:17] I'd like to install VMs directly to an LVM logical volume, but I see this: https://help.ubuntu.com/community/KVM/CreateGuests#Install%20on%20a%20raw%20block%20device [17:18] I'm hoping there's a way that doesn't involve doing a dumpxml, sed, etc. [17:18] maybe somebody has already written a script to migrate VMs from a file to an LV? [17:18] hggdh: Ideally.... i have some i386 packages here if that is suitable? [17:19] Daviey: suitable... IDK ;-) but yes, I will run them [17:20] Hey, I have torubles with Postix =( mail postfix/smtp[9438]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter but I have smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password in my conf [17:26] hggdh: hold fire... [17:26] Daviey: weapons safe [17:27] * SpamapS chooses now to ATTACK === Psi-Jack_ is now known as Psi-Jack [17:33] what do others use to install VMs such that their disk is a logical volume? [17:36] coxn, for that I used to use debootstrap [17:36] still do for xen [17:36] but not so useful for building vmware, I just use the iso [17:37] hggdh: Just trying to get packages built elsewhere... [17:37] waiting on another team for them. [17:37] patdk-wk: xen. noted. Thanks. :) [17:37] Daviey: no prob [17:37] anybody doing something with kvm? [17:38] hmm, debootstrap does kvm also, I'm pretty sure :) === marrusl is now known as marrusl_afk [18:00] zul: bug 684304 has been updated with the lcpci, boot log, and lsmod. [18:00] Launchpad bug 684304 in linux "cciss module does not identify resources" [High,New] https://launchpad.net/bugs/684304 [18:00] hggdh: cool...thanks i saw :) [18:06] kirkland: i been doing some cobbler packaging my work is at lp:~zulcss/+junk/cobbler === gnoob is now known as lapsusbrutus === marrusl is now known as marrusl_afk [18:12] New bug: #689783 in bind9 (main) "package bind9 1:9.7.1.dfsg.P2-2ubuntu0.1 failed to install/upgrade: ErrorMessage: el subproceso script post-installation instalado devolvió el código de salida de error 1" [Undecided,New] https://launchpad.net/bugs/689783 [18:26] zul: oh cool [18:26] zul: let's get your work and SpamapS' work merged ... [18:26] kirkland: sure im still working on some things though [18:28] zul: cool, on the front end, or the actual deployment? [18:28] kirkland: packaging for now [18:29] zul: ah [18:30] zul: oh, cool, you have SpamapS changes in there already [18:30] kirkland: yep [18:30] zul: could you push to lp:~ubuntu-virt/+junk/cobbler ? [18:31] zul: so that we're all basically working off of the same branch? [18:31] right [19:02] Hi, i need redirect 2 IP's public to private [19:02] iptables -t nat -A PREROUTING -p tcp -i eth2 -d IP_Public --dport 3389 -j DNAT --to-destination IP_Private ... is correct this? [19:08] hi [19:09] for some reason I can't connect to deluge... [19:09] you know? Nevermind, I'll just uninstall and reinstall [19:15] Is there some known issue which would cause disk designations to keep rotating every boot? eg: boot1- sda=80G, sdb=160G#1,sdc=160G#2 then boot2- sda=160G#2,sdb=80G,sdc=160G#1 boot3- sda=160G#1,sdb=160G#2,sdc=80G ..and so on [19:18] ( because this makes the raid1 of the 160G drives to be screwed 2 out of 3 boots for me, etc) [19:32] should I use the Adaptec SAS Host Bus Adapter on X4150 or just use the disk and create software raid ? [19:34] Need help. Have a lvm spanning over two Raids. I just extanded one of the raids with two more disk and the array grew. But how do I expand the lvm to use this space. [19:36] Need help: Deluge is being a bitch [19:37] eriksson25: I think this explains it http://www.randombugs.com/linux/howto-extend-lvm-partition-online.html [19:38] Thx, also found it on https://raid.wiki.kernel.org/index.php/Growing [19:42] JamesPage: I have a LTP-lite running under KVM on Hudson [19:43] Hey, I have a question. I have a mail server and many (10 people) are using it from different countries [19:43] and one person in Monaco always gets Client host rejected: Access denied [19:44] I searched everywhere, added the ip to all whitelists i could think off [19:44] but no success [19:46] Any ideas anyone? Russia, Germany, Hungary are fine - Monaco = Troubles [19:46] Frenk: maybe pastebin the exact error message [19:53] An error occurred sending mail: The mail server sent an incorrect greeting: 5.7.1 <87.91.209.88.dynamic.monaco.mc[88.209.91.87]>: Client host rejected: Access denied. [19:53] I tested it with portable version of thunderbird - outlook shows same error [19:55] * genii-around ponders EHLO vs HELO signalling [19:55] postfix says: mail postfix/smtpd[19149]: NOQUEUE: reject: CONNECT from 87.91.209.88.dynamic.monaco.mc[88.209.91.87]: 554 5.7.1 <87.91.209.88.dynamic.monaco.mc[88.209.91.87]>: Client host rejected: Access denied; proto=SMTP [19:56] is this valid? GRUB_TERMINAL="--timeout=5 serial console" [19:58] axisys - do you ask me? sorry my english is pretty bad [19:59] Frenk: to all really.. but i will anyone's answer.. [20:04] pmatulis any idea? [20:05] or anyone else ... damn i just do not get it [20:05] Frenk: the client hostname is no good [20:05] why is the hostname no good? and how do i disable hostname check? [20:05] Frenk: it should be 'CONNECT from some_name[some_ip]' [20:06] Frenk: there's an ip address in the name and postfix doesn't like it [20:06] New bug: #595877 in mysql-dfsg-5.1 (main) "impossible to use Ports on mySQL - Upstart/Config Problem" [Undecided,Incomplete] https://launchpad.net/bugs/595877 [20:07] Pmatulis: okay, I got the problem. But how can I fix it? I cant change the clients hostname. But what can I do about it on the server? [20:09] Frenk: in main.cf tell postfix to be more lenient [20:10] Pmatulis: since i am new to postfix and unix in general, can you tell me how to manage that? [20:11] Frenk: maybe pastebin (really pastebin this time, do not paste in this channel) the output to 'postconf -n' [20:16] hurm. Anyone in here use ubuntu-vm-builder regularly? https://gist.github.com/739529 [20:16] http://pastebin.com/pX83LRtB [20:20] Pmatulis: thats the output: http://pastebin.com/pX83LRtB of postconf -n [20:20] Frenk: pastebin the contents of file /etc/postfix/postfix_allowed_connections === AndyGraybeal_ is now known as andygraybeal [20:22] Pmatulis: http://pastebin.com/Tp881HGu === andygraybeal is now known as AndyGraybeal [20:23] but he has a dynamic ip - so i need a solution which works for dynamic ips =/ [20:23] Hm. Whitespace starts second line of that paste [20:25] already changed it [20:27] but any other suggestions? [20:28] hey, is there anyway to get apt-get to just dump the list of URLs it wants to download, so I can download them on a faster connection on a different server, then copy across? [20:31] Frenk: did you set up postfix like this? [20:31] yes [20:31] this is my postfix config [20:32] pmatulis: is working with everyone - but not with monaco and bad hosts [20:32] pmatulis: or is this config that bad? [20:35] ahh --print-uris :) [20:37] Frenk: did you update the map since editing that file? [20:38] Pmatulis: you mean postmap /etc/postfix/virtual? [20:39] Frenk: no [20:39] Frenk: 'postmap /etc/postfix/access' [20:39] Frenk: sorry [20:39] Frenk: 'postmap /etc/postfix/postfix_allowed_connections' [20:40] just did [20:40] pmatulis: no effect [20:40] Frenk: how are you testing the monaco address so quickly? is that where you are? [20:41] teamviewer [20:41] Frenk: fair enough [20:41] sending the message and waiting for error [20:41] Frenk: maybe try a complete restart, not just reloading [20:41] restart of the server? [20:42] Frenk: no, of postfix [20:42] Frenk: 'sudo service postfix restart'? [20:44] pmatulis: nothing [20:45] Frenk: is the postfix server the final destination of the email? [20:45] yes [20:45] its a server with postfix and cyrus [20:46] pmatulis: and the only client this server is rejecting is the monaco client [20:46] SpamapS: yo [20:46] SpamapS: are you around today? [20:47] Frenk: you have 'my_domain'=$myhostname [20:47] where can i check that? [20:48] kirkland: yeah wassup? [20:48] * SpamapS has buried himself in Upstart stuff today [20:49] Frenk: your destination email is blah@bp-legal.com ? [20:49] yes [20:49] SpamapS: two things ... i added you to ~ubuntu-virt [20:49] Frenk: so edit main.cf so that mydomain=bp-legal.com [20:49] SpamapS: and i pushed your my changes + yours + zul's + mine to lp:~ubuntu-virt/cobbler/ubuntu [20:49] kirkland: can never have enough team badges on LP ;) [20:49] SpamapS: and sent a build to ~ubuntu-virt ppa [20:49] kirkland: cool [20:50] SpamapS: hopefully you + me + zul can get cobbler installing and deploying natty this week (?) [20:50] Frenk: this is not why the check_client_access is not working but it's probably why the client is being rejected by the reject_unknown_sender_domain restriction [20:50] Frenk: (you can also remove that restriction to test) [20:51] kirkland: it still needs a lot of work [20:51] zul: no doubt [20:51] kirkland: yeah we need to divide up the work a bit [20:51] SpamapS: yeah; will you be working on it this week? [20:51] zul: what about you? [20:52] kirkland: off and on [20:52] kirkland: indeed, I was hoping we could chat about what needs to get done tomorrow post-meeting [20:52] SpamapS: k [20:56] pmatulis: deleted that rule - restarted postfix - [20:56] no [20:57] doenst work =( [20:57] but i didnt change domain name yet [20:57] Hi I am running JeOS. How do I find if DMA is enabled or not in jeos? [20:59] I used hdparm command, but no such command exists in jeos [21:02] Balli: install away [21:03] Greetings. I have a Dell R310 server, Quad Core , 4GB of memory BUT the PERC H200A RAID controller. An application we need ONLY runs on UBUNTU 9.10 but that version is not recognising the RAID card :( 10.04 LTS sees it fine but not 9.10. I've checked the dell site. I see drivers for redhat and suse but not Ubuntu? Are they compatible? any other ways to get 9.10 to see the raid card? [21:04] pmatulis: Yes I was dumb, I installed it and its working. Thanks!!! [21:04] hi all [21:05] is there a way to copy the 10.04 LTS drivers to be used by 9.10? [21:05] is there anyone here that can help me? I am trying to get the backport ver of bind9 installed but can not fig it out [21:05] I need bind9.7.2 [21:05] Noobster: this channel is much quieter, so pose your question and prepare for patience please [21:05] ok thanx [21:05] pmatulis: doenst work =( [21:05] :) [21:08] Noobster: on what ubuntu version are you? (I was not aware that there are backports already for 10.10) [21:08] 10.04 [21:09] x64 [21:13] Noobster: have a look at https://launchpad.net/~hauke/+archive/bind9?field.series_filter=lucid [21:14] Noobster: but be warned: ppa are not "official" [21:15] SpamapS: im double booked for the meeting tomorrow and i think it is my turn to run the meeting can you run the meeting for me? [21:16] I installed ifenslave, the document in /usr/share/doc/ifenslave-2.6 is different from the examples, and I don't know how to setup ethernet bonding. Right now it's load balancing between the two connections, I want it to keep the second connection has a hot spare. Using ubuntu 10.04 [21:16] Frenk: remove 'check_client_access hash:/etc/postfix/postfix_allowed_connections,' [21:17] or it might be smosers turn [21:18] SpamapS: nm [21:18] http://pastebin.com/L0qN42cs [21:19] pmatulis: deleted that entry - restarted postfix [21:19] and nothing [21:20] argh =(((((((( [21:21] david506: http://pastebin.com/23g3tjCL [21:21] Frenk: pastebin 'postconf -n' again [21:23] CyVan: That controller apparently uses the driver called mpt2sas , which http://packages.ubuntu.com/search?searchon=contents&keywords=mpt2sas&mode=filename&suite=karmic&arch=any shows is available in the kernel images of 9.10 . You may need to build it into your initramfs [21:23] http://pastebin.com/hsHafxqa [21:23] pmatulis: http://pastebin.com/hsHafxqa heres the update. i havent changed mydomain [21:24] That's almost good, but I believe it is missing two lines, I am posting to pastebin.com now [21:24] genii-around: Thanks! Are there any instructions on how to do that? [21:24] Frenk: please change domain, restart postfix, and pastebin [21:24] genii-around: doing a google search now [21:25] This seems to work for me, thanks patdk-wk for the corrections : http://pastebin.com/41h7ia5D [21:25] CyVan: Basically, edit the file: /etc/initramfs-tools/modules adding the module name then do: sudo update-initramfs -u [21:25] I added auto eth3, iface eth3 inet manual, this prevents "Ignoring unknown interface eth3=eth3" [21:25] david, heh? I don't have eth2/eth3 at all in my config [21:26] I don't see the slaves line, you removed it? [21:26] where do you see, ignoring unknown interface, I don't get that [21:27] How do I calculate how many blocks (lvm) 16TB is? [21:28] guntbert, that got 9.7.2p3 installed easy!! you saved me hours of work doing it by source!! Thank You [21:28] Noobster: glad it worked - have fun :-) [21:31] genii-around: ahh but that sounds like u would have to have it installed on the box already. It refuses to install and the box has no other HD's. Can this be done on another box to prepare a new install CD? [21:32] eriksson25: block size is a filesystem parameter [21:32] will this create a raid10 of 6 disks ? [21:32] mdadm --create /dev/md10 --level=10 --raid-devices=6 /dev/sdc /dev/sdd /dev/sde /dev/sdf /dev/sdg /dev/sdh [21:33] Hi could some one please, let me know when exactly a DMA write happens. [21:33] I found my hardisk is dma enabled [21:34] Balli: dma is enabled by default if your disk supports it [21:34] I believe when I download a package using apt-get, DMA write should happen. Am I correct? [21:34] balli heh, not really [21:35] CyVan: Conceivably with remastersys or so, although i have not done this in a long time, myself [21:35] when ever you read or write ANYTHING to the drive, DMA will happen [21:35] highvoltage: Yes its enabled. I just checked it since I use a virtual hardisk [21:35] pmatulis: I added 4TB to my 14TB lvm. And then ofc I couldent extand the file system since resize2fs dont suport >16TB system. I havent extended my ext4 but want to do it to 16TB manualy setting the perimiter. But dont know how to find the right one. [21:35] Anyone know if this would be a good way to get the python-profiler on my Ubuntu 10.04 server? http://www.peterbe.com/plog/upgrading-ubuntu-lucid-lynx-downgrading-python2.4-python2.5 [21:36] patdk-wk: oh could you please gimme a test case where DMA write would take place [21:36] balli, turning on your computer? syslog logging anything, EVERYTHING to the harddrive uses dma [21:36] why doesn dma matter so much to you? [21:37] Patdk-wk - I am debugging a qemu code running jeos for my work [21:38] well, as your doing a virtual disk, and a virtual machine, nothing about it is going be real dma [21:38] so who knows :) [21:38] probably the qemu people [21:38] patdk-wk: Yes when I turn on the computer DMA write takes place. [21:39] patdk-wk: But the function which writes to the memory is invoked only once, I xpected it to be called many times. [21:39] heh? [21:39] what function that writes to what memory? [21:39] the memory location will change, every time [21:40] patdk-wk: Its a c function is qemu code named 'cpu_physical_memory_rw'. [21:41] well, I dunno qemu, only dma [21:41] I am using wireshark to monitor my traffic to my mail server and I noticed there is a nearly constant DNS quesry to our DNS server asking for ircserver.jmchd.com [21:41] patdk-wk: Ya I wanted to know only about dma not qemu. I will figure out what qemu does :) [21:42] it comes back no such name but then the mail server asks again... [21:42] patdk-wk: Could you please enlighten me why a network packet doesnt use DMA write? [21:42] The doc was wrong, so I am opening a ticket priority minor [21:42] balli, too slow :) [21:43] small packets? [21:44] well, interrupts tend to slow down network interfaces, so generally it's switched to polling mode [21:44] eriksson25: ouch, sorry to hear about not being able to resize to the maximum [21:44] I think the network card also has it's memory mapped right into memory space, so it can be accessed directly, no dma needed to copy stuff over [21:45] when memory is mapped, I think dma would take place internally. [21:45] why? [21:46] the cpu can physically see the memory on the card [21:46] dma is the other way around, having the card directly see the memory in the computer [21:48] But cpu seeing the memory on card, happens because DMA writes a network card info into the physical memory [21:49] patdk-wk: One basic question. [21:50] DMA write means, a device writes its data into physical memory and DMA read is vice versa right? [21:52] guntbert, I am having a homebrew to selabrate how awesome you are! I will make a tutorial when I have SAmba4 PDC for WIN7. You will find a thanx in there from me. http://www.bryanpopham.com/tutorials [21:52] *celebrate [21:52] I am using wireshark to monitor my traffic to my mail server and I noticed there is a nearly constant DNS quesry to our DNS server asking for ircserver.jmchd.com [21:53] Noobster: :-) [21:53] patdk-wk, I removed the extra lines I added, rebooted and it works well. [21:53] heh [21:54] balli, no idea, I haven't done dma programming since the 90's [21:54] I am opening a ticket now. [21:55] patdk-wk: Its okay :) Im jus starting now. [21:56] SpamapS: hey [21:56] patdk-wk: One question related to a test case. Could you please give me an example of when a DMA write takes place, so I could debug my code. [21:57] SpamapS: did you get auth working with cobbler? [21:57] SpamapS: if so, what module did you use? [21:57] patdk-wk: I tried "cat " and I found that no DMA write takes place :( [21:57] SpamapS: i'm trying: # authn_testing -- username/password is always testing/testing (debug) [21:57] SpamapS: not work for me though [21:58] patdk-wk: No DMA write, because of small file size? [21:58] ballie did you wait for linux kernel to actually write it? [21:58] is it normal for a mail server to join an IGMP group? [21:58] patdk-wk: Yes I have set a breakpoint to debug the kernel code using gdb [21:59] patdk-wk: I basically wanted to do some modifications to the content before a DMA write takes place [22:00] patdk-wk: But its wierd for me since DMA write happens only once during system bootup afterwards there is no DMA write at all. [22:04] Total newb here any help would be awesome... :) [22:05] my mail server is constantly asking my dns server where ircserver.jmchd.com is [22:05] its streaming across my screen in wireshark [22:06] toast018, it's been hacked? [22:06] I dont know... [22:06] I have no idea how to find out. [22:06] well, something on it is requesting it [22:06] see if there is anything running that you don't know what it does [22:07] I have had to restart the server multiple times because it continually brings my internet connection down [22:07] I guess if your using apache mod_* (php/perl/...) you can't really see what they are running though :( [22:07] genii-around: Thanks.. I'll look at remastersys. So there's no chance that the redhat or suse drivers could work? hmm maybe no t.. might be diff kernel versions :( [22:07] apache will also give me an out of memory error every few days [22:09] toast018, one of your websites was hacked [22:09] its a mail server only [22:09] then why is apache running? [22:09] genii-around: The thing is the 9.10 installer gave me a list of drivers to try and I saw mpt2sas but when I tried to load it it didn't work. Is it possible the ones that come with 9.10 aren't worknig properly but were fixed in 10.04? Is there a way to copy the 10.04 drivers instead? [22:09] only apache related item is the webmail [22:09] squirrelmail [22:09] webmail == website == hacked :) [22:10] what are my options? [22:10] I don't know, I know nothing about squirrelmail [22:10] but I should shutdown apache [22:10] and see if all goes back to normal :) [22:11] if it does, they probably didn't get root, and just squieerelmail was hacked [22:11] but not sure if I would count on that [22:12] whats the fastest way to change any passwords that would keep them out? or is there any? [22:13] heh? [22:13] they probably didn't use any passwords to get in [22:13] :( [22:13] what version of squerrilmail? [22:13] I so can't type that word [22:13] I noticed a gam_server running I killed it [22:14] "/usr/lib/gamin/gam_server" [22:15] trivial-rewrite -n rewrite -t unix -u -c [22:16] that is postfix [22:16] guess you really dunno what normally runs on your server [22:16] gam_server is postfix? [22:16] I didnt set it up a former employee did.,,, [22:17] it's a service that is normally used to check for file modifications [22:17] they fired him and now Im over it. [22:18] what version of ubuntu? [22:18] I wished they would get someone else... I honestly have no idea whats going on... [22:18] 8.04 [22:18] is it currently up to date? [22:19] I just seen this come across wireshark. v2 membership report / join group 239.255.255.253 [22:19] yes it is up to date [22:19] heh, I would probably just do a: chmod a-x /etc/init.d/apache* [22:20] and reboot [22:20] then start looking for odd stuff in wireshark [22:20] what would that do? [22:20] disable apache/webmail/squirrelmail [22:20] and reboot, to clean out all odd running programs [22:20] unless they added stuff into cron/at/... [22:21] is that IGMP join group something that I should not see? [22:21] dunno, if it's only email, probably not [22:21] but if it's doing something else, pacemaker, heartbeat, ...., it would be fine [22:22] chmod is to change ownership how will that disable apache? [22:23] chmod DOES NOT change ownership [22:23] hello, I have this script http://pastebin.ca/2018851 in my rc.local file, and unfortunately the second script hylafax doesn't launch, any idea? [22:23] if I remove the sleep function it will launch, but it doesn't give enough time for the first script [22:25] command ran... [22:26] so to make something run on run level 2 , runlevel2 can run things as root? [22:26] basically im trying to make a script that runs ntpdate as root [22:27] are 755 permissions fine on this? [22:29] hi guys [22:30] need help with xrdp / kde on ubuntu server [22:30] hello, I have this script http://pastebin.ca/2018851 in my rc.local file, and unfortunately the second script hylafax doesn't launch, any idea? [22:30] if I remove the sleep function it will launch, but it doesn't give enough time for the first script [22:30] KCMinit ... Segmentation fault [22:31] zamarax, sleep (10) == invalid syntax [22:31] should be sleep 10 right? that's what I thought but when I use that it doesn't sleep for 10 seconds [22:32] they execute back to back [22:39] no idea [22:39] maybe string them together like etc/asdf/asdf start && sleep 10 && /etc/qwerty start [22:40] that way they don't execute without prior executing [22:40] thank you I will try that [22:41] caveat you may need parentheses [22:41] On 10.10, i'm trying to do a PXE boot for a virtual machine install (kvm) using virt-install... i've specified --pxe on the virt-install command line, but i'm not seeing any DHCP requests on the network and there is no output on the virtual console [22:41] anyone have a clue on how to even start debugging that? :) [22:43] Fookin_Prawn - thanks that worked perfectly [22:43] appreciated :D [22:44] zamarax: good to hear :-) if you're interested in more things like that, check out bash scripting [22:45] thanks [22:46] econnell: do you have dhcp declared in your rc.conf? [22:47] rc.conf? [22:48] Fookin_Prawn: on the host system you mean? [22:48] econnell: sorry, I haven't used ubuntu in a while. in one of ubuntu's startup scripts it should specify things like modules to load, interfaces, daemons, etc. can't remember which script has it, but dhcpd must be declared in it. it's probably named rc.* something [22:48] this is a virtual machine install.... [22:48] PXE boot on the host machine works fine [22:49] econnell: ah I see. so you're trying to start a virtualization with a -pxe command? [22:49] yes [22:50] and this virtualization is an installation? [22:51] i'm trying to run this: virt-install -n web1 -m 54:52:00:00:00:01 -r 256 -f /virtualdisk/web1.img --nographics -s 30 --pxe --accelerate --connect=qemu:///system [22:51] the VM starts and i can connect to the console, but nothing ever happens on the console and there's no network I/O from the VM [22:56] I am having an issue that might be caused by apparmor. I chown /var/run/bind to root:bind, but when I reboot it is changed back to root:root? [22:56] Maybe I should ask this here... trying (failing) to compile pcntl.so for php5. dpkg-buildpackage: error: debian/rules build gave error exit status 2 [22:56] of course I get an error on reboot in /var/lod/daemon.log [22:59] econnell: i'm stumped, but virt-tools has an irc channel http://virt-tools.org/contact/ [22:59] Fookin_Prawn: thanks [22:59] in the meantime, if anyone else can figure it out, let me know [23:00] or at least where to start debugging [23:00] heh? [23:26] Noobster: apparmor would not change the permissions on the directory [23:27] Noobster: /var/run is a tmpfs and /var/run/bind is recreated on each boot [23:52] Hey, people told me to do the following on ubuntu: [23:52] $(postconf -n | awk -F= '{ print $1 }'); do echo -n 'default: '; postconf -d ${parameter} ; echo -n 'current: '; postconf ${parameter} ; echo '--'; done | less [23:52] but i dont know how to start - if i put it in console i got an error [23:54] i mean for parameter in $(postconf -n | awk -F= '{ print $1 }'); do echo -n 'default: '; postconf -d ${parameter} ; echo -n 'current: '; postconf ${parameter} ; echo '--'; done | less [23:55] oh i give up... pxe boot in a xen vm worked fine on centos5... no clue why it's not working on ubuntu... i'm just going to on-demand nfs mount the ISO on the hosts... talk about a hack :) [23:55] What that is supposed to do is iterate over each postfix option, and print both its default and current values (side by side). [23:55] Frenk_: it works for me in 10.04. [23:55] i left for parameter in out -.- stupid me [23:57] for x in $(postconf -n|cut -d= -f1); do printf 'default: %s\ncurrent: %s\n\n' "$(postconf -d "$x")" "$(postconf "$x")"; done [23:59] twb and what does: modified_parameters=$(postconf -n | awk -F\= '{ print $1 }'); for parameter in ${modified_parameters}; do default_value=$(postconf -dh ${parameter} ); current_value=$(postconf -h ${parameter} ); test ${default_value} '=' ${current_value} && echo ${parameter} ; done [23:59] ?