/srv/irclogs.ubuntu.com/2012/01/22/#ubuntu-server.txt

CueRoyK: Any thoughts?00:21
CueIt's definitely server-side00:21
=== Lcawte is now known as Lcawte|Away
Tyler_hi all, think anybody can help me with default umask on sftp connections on ubuntu server or is there a better channel for that?01:32
Tyler_I have my /etc/ssh/sshd_config setup for chrooting users to their home and uses internal-sftp, but no matter WHAT I try I cannot get the default umask on file uploads to work01:33
Tylersorry I got disconnected, where were we?01:44
=== sixstringsg|away is now known as sixstringsg
=== kermit1 is now known as kermit
=== sixstringsg is now known as sixstringsg|away
=== Hetep-AFK is now known as DarthCaeduces
MahnGood evening.  I have a server running 11.10 (x64) that is still delivering the webserver but is locking ssh04:55
MahnI have a feeling it's in safe mode, but several hard reboots does not fix the problem04:55
MahnI can access the server if i launch it via an online rescue kernel, but cannot seem to figure out why it returns to safe or refuses ssh connections04:56
MahnAny tips would be appreciated.04:56
Mahnsup Jack04:58
Mahnany help in here?05:08
Mahnany help in here?05:19
airtonixi have zfs running native on my 10.04.3 Zentyal Server, i'm looking to get /home migrated onto one of the filesystems i created in the zfs pool. first order of business is to move the /home tree (permissions preseved) into the pool, any ideas?06:41
Patrickdkrsync?06:41
airtonixi tried rsync, with what i believed to be switches that would preserve permissions and two things happend: cpu went 100% and server froze. resulting permissions were translated to everything owned by root06:43
Patrickdkthe only option you need to give rsync is -a06:44
Patrickdkor your using nfs406:44
airtonixso : sudo rsync -a /home /storage/Users/06:45
Patrickdknormally using -v also is nice06:45
Patrickdkso you can see what is going on06:45
airtonixno nfs involved here, all on the same system06:45
Patrickdksounds like your hitting fun zfs bugs06:45
airtonixhttps://github.com/zfsonlinux/zfs/issues/15406:50
=== Lcawte|Away is now known as Lcawte
Tylerhey anybody around that might be able to help me with file permissions/umask?08:48
=== RaHorachty is now known as DarthCaeduces
UnReasonHola gente11:51
goddardshould my boot partition be 175MB?12:28
chelzgoddard: that's an okay size. 15MB per kernel, including updates12:58
chelzgoddard: that would give you space for 10 kernel updates plus the original12:59
rassrunkI have a ubuntu server that runs samba on it, and i have recently put in a extra hard drive that i plan to use for samba. My question is how do i format the hard drive and how do i automatically mount it if i where do reboot my computer.13:47
pmatulisrassrunk: ideally you would be using LVM.  if not, just use fdisk to format and then edit /etc/fstab to have it mounted14:29
pmatulisupon boot14:29
uvirtbotNew bug: #920020 in asterisk (universe) "NOT FOUND answer on OPTIONS request" [Undecided,New] https://launchpad.net/bugs/92002015:25
uvirtbotNew bug: #920061 in bind9 (main) "package bind9 1:9.7.3.dfsg-1ubuntu4.1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/92006117:06
uvirtbotNew bug: #920092 in dbconfig-common (main) "package dbconfig-common 1.8.44ubuntu1 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/92009217:51
zastaphhow do I automount a HDD on boot? putting "sudo mount /dev/sdb1 /mnt/backup" in .bashrc probably wont work, since its a sudo command?18:41
Nafallozastaph: man fstab has good instructions.18:42
zastaphcan I just add /dev/sdb1 /mnt/backup to the end of it? without all those ext3 and other specs in the end18:44
Nafallono. you need some of them options, or it won't be valid.18:47
Nafalloalso, you might well want to find out the UUID of the filesystem.18:47
zastaphouch18:48
zastaphconsidering making one big LVM of all my disks18:50
zastaphof course i want to mount it with the filesystem I already given it.. it should be able to check that if I dont specify it :)18:53
=== sixstringsg|away is now known as sixstringsg
Nafallozastaph: sudo blkid on a terminal should help you.18:54
zastaphok, then just gotta decide on what to put in Options :)18:55
zastaphok just wrote the same as the primary partition18:59
zastaphthat seemed to work19:01
Nafallodefaults is a good default :-)19:02
zastaphi omitted the explicit defaults, just wrote errors=remount-ro 0 119:03
NafalloI would change that to defaults 0 2 if I were you :-)19:11
zastaphwhy 219:14
zastaphgot it19:16
zastaphanother thing.. if I ssh into my box, and run something with X11Forwarding on my x11 server, it opens a windows.. but what happens if I exit (thus logout) the console I started the X app from?19:18
zastaphwill it continue running19:18
NafalloI don't think it'll let you logout until you've closed that window. but that's just speculation from my side.19:20
zastaphwell thats the odd thing.. the window remains functional.. I see "logout" on the console window, but the connection is not closed.. it only comes up with a conneciton is closed message if the X window is closed first19:24
zastaphbut if I write exit I have no interaction with the console anymore19:24
Nafallothat's kind of what I was trying to say, yes :-)19:25
zastaphso maybe my connection is still lingering somewhere19:26
zastapheven if I open an X window, and close that window, then exit, it does not close the connection19:27
zastaphso something remains active19:27
Nafalloit will remain active as long as you hae that x-window open, yes.19:28
Nafallowhen you close that, the logged out connection will finally disconnect.19:28
zastaphi properly quit the X window, and then exit the console, and it still doesnt close the connection as it would had I not opened an X window19:28
zastaphbut perhaps because I'm on windows, using X-ming and putty19:28
Nafallohrm. and yeah, in that case I guess something is still active, or waiting for you something.19:29
=== sixstringsg is now known as sixstringsg|away
=== sixstringsg|away is now known as sixstringsg
=== sixstringsg is now known as sixstringsg|away
Psi-JackHmmm. I'm trying to find a PPA for ubuntu 11.10 that has newer packages for Zabbix, because 1.8.5 is like ancient old.20:59
Psi-JackDoesn't even support includes or unsafe external params.20:59
JanCPsi-Jack: I wouldn't say something released in August 2011 is "ancient old"   :P21:22
Psi-JackIt is in the Zabbix world. ;)21:22
JanCi guess you could ask for a backport from the precise repositories21:23
JanCor you could try to backport it yourself21:23
JanCPsi-Jack: https://launchpad.net/ubuntu/+ppas?name_filter=zabbix --> seems like several people do build zabbix packages21:26
JanCof course, you want to make sure those particular PPAs are safe21:27
SockPantshi all21:36
SockPantsi've switched a server to a new vm host and the NICs changed. how can i redetect the network hardware?21:36
Patrickdkedit /etc/udev/rules.d/70-persistent-net.rules21:39
goddardi can figure out where my footer information is stored in the database21:56
nancy-- i have one website but many types of projects. eg. blog , webhosting services, software selling and development     .          i was thinking ,instead of 3 different sites, to make just one website and at sub domains for each. like  soft.mysite.com , blog.mysite.com  etc . good idea for  SEO and users , marketing , etc  any comments ?22:18
OnepamopaNeed to report something: kernel 3.0.0-15-server has some issues, causing a lot of interruptions (even freezes @ bash when no major processes running)22:21
Onepamopajust reverted to 3.0.0-14-server - everything is perfect.22:21
Onepamopafreezes @ bash = Im executing a random command and the console lags for ~1-2 seconds, no idea how else to explain it.22:22
JanCnancy--: as a user I tend to like subdomains, and it's also easier to configure in many cases22:29
nancy--JanC,  i had that thought because any customer coming for one purpose. eg say hosting . will also see the other 2 things. software and blog. ill make the main page (mysite.com) as a choice to go to any of the three.22:31
nancy--nice idea?22:31
JanCit also depends on the size of your business, I guess, and how important name recognition for the distinct services is22:32
Onepamopaseems like noone's interested in kernel problem ;)22:32
nancy--JanC,   i have 3. blog , sof, hosting22:33
nancy--i only got the name as my-site.com            not as   mysite.com           have to make a hyphen in it..        thats not a good idea i think ?22:33
JanCOnepamopa: it's Sunday night over here, and Sunday evening in the US, so most people might not be around  ;)22:33
OnepamopaJanC seems that way =)22:33
Onepamopaanyway, I just thought I'd inform someone, save them the trouble of wondering "what the f?ck is going on"22:33
Onepamopa;)22:33
JanCOnepamopa: you might want to file a bug22:34
OnepamopaJanC no idea how to explain exactly what happens ....22:34
JanCand/or try to find what is wrong with it  ☺22:34
Onepamopafresh restart, stop all applications like apache, mysql etc, drop the primary net interface and just start to do something like executing ls 10 000 times22:34
Onepamopa50% of execution lags console for 1-2-3 seconds22:35
nancy--JanC,   or my-site.com/soft        and my-site.com/bloging         is better.      whats your comments?22:35
nancy--JanC,   or soft.my-site.com        and bloging.my-site.com        is better.      whats your comments?22:35
Onepamopanancy-- depend, I think / is better for googlebot indexing & etc22:36
nancy--Onepamopa,  hmm. ok22:37
JanCit's also easier to set up in many cases22:37
Onepamopathat's what I heard from some blackseo gurus22:37
JanCas many webapps assume / if not told otherwise ;)22:37
Onepamopatrue22:38
nancy--hm..22:38
JanCand it allows you to move one of them elsewhere easily later22:38
JanCelsewhere = to another server22:38
nancy--well finally guys.  . . give a name to the site.            it has       software dev , webhosting, and bloging.22:38
ikonianancy--: that is not for this channel as you've been told22:39
Psi-JackHeh22:40
ikonianancy--: #ubuntu = ubuntu support #ubuntu-server = Ubuntu server support, #ubuntu-offtopic (where you are already discussing this) is the only place22:40
Psi-Jackikonia: How's things, man?22:40
nancy--oops. i forgot ikonia   . going back to ubuntu-offtopic . sory22:40
Onepamopanancy-- something else, as far as I know, you cannot assign different A record to /subdomain22:40
ikonianancy--: please don't lie, you didn't "forget" as you've been told this and you're still discussing it, stop trying to push this22:40
nancy--ok ikonia22:41
Onepamopaikonia is a bad-ass =)22:41
nancy--well not talking technicall stuff...            a /subdomain cant have A record. but  a   subdomain. domain .com  can have ?22:42
nancy--now* talkin..22:42
OnepamopaYes, and stop asking such questions in server-related channel22:42
ikonianancy--: if you ask again, I will remove you from the channel22:43
ikonianancy--: clear ? yes/no22:43
nancy--yyup22:43
nancy--crystal22:43
nancy--like someone just kicked you from #ubuntu ?22:43
Onepamopamore like banned22:43
nancy--onia has kicked sennin from #ubuntu (you lost)22:44
ikoniano-one has kicked me from #ubuntu, stop disucssing it, if you need help with ubuntu server, this channel is perfect, anything else, stop22:44
nancy--... no coments22:44
ikonianancy--: correct,22:44
nancy--oh. its was you who is in the kicking mood today22:44
ikonianancy--: please stop trying to push me, this is your final warning22:45
Onepamopaikonia ... just do it22:45
nancy--ooh.. i step back from the great lord or irc ! ikonia22:45
* Psi-Jack shakes his head and gives the thumbs down.22:45
Psi-Jacknancy--: Troll elsewhere.22:45
nancy--he has sooo much power..   he can Kick !!             aaa...         what else can you do ?22:45
Onepamopanancy-- stop acting like stupid22:45
* nancy-- stops22:46
Onepamopaits not funny22:46
Psi-JackHehe, anyway. ;)22:49
uvirtbotNew bug: #920202 in bind9 (main) "bind9 fails to install on precise" [Undecided,Confirmed] https://launchpad.net/bugs/92020223:01
Psi-Jackikonia: So, I actually took the time this weekend to totally rebuild my entire home-based server infrastructure. ;)23:03
ikoniaPsi-Jack: bravo23:03
Psi-JackSwitched out openSUSE 11.4 firewall (active/failover), to Ubuntu 11.10, which will be moved up to 12.04 about a month or two after it's release.23:03
JanChm, anybody know what the best fingerd for Ubuntu/Debian is?  (I'm mostly interested in security, but also configurability)23:04
Psi-JackSwitched Debian 6.0.3 to Ubuntu 11.10 for my LVS directors.23:04
Psi-JackReplaced my Debian 5 Zimbra mail server to Ubuntu 10.04 LTS.23:04
JanC(security with default packages)23:04
Psi-JackAnd my Debian 6 web cluster to Ubuntu 10.04 LTS as well. ;)23:04
ikoniaJanC: as in "the finger daemon"23:04
JanCikonia: yes23:05
ikoniaJanC: the default one (can't remember the package) is probably your best option,23:05
ikoniaI take it you're not putting finger on the web ?23:05
JanCikonia: there is no default one that I can see23:05
Psi-JackI'm curious about one thing though. Ubuntu 12.04 is just around the corner, in a couple months. Does anyone know yet if it will keep PHP 5.3 support, and does it plan to also keep PHP 5.2 support?23:06
JanCand I don't wee what the web has to do with finger  ;)23:06
ikoniaJanC: hang on, let me see if I can find it, there isn't one installed by default (probably for security)23:06
JanCdon't see23:06
ikoniaJanC: sorry, I meant I assume you're not going to open up "finger" to the public internet23:06
JanCI intended to put it on the public internet, yes23:06
ikoniacfingered23:06
ikoniaoh wow, you actually want people to finger your machine on the web23:07
JanC*if* it can be done securely23:07
ikoniathat's a tall order, finger attacks always used to be an easy target23:07
JanCwell, I don't see exactly why finger should be an easier target than SMTP or HTTP servers...23:08
Psi-JackYeah. used to be..23:08
Psi-Jacklinux.org's been running a fingerd for eons/.23:08
Psi-JackCustom, of course.23:08
Psi-JackErr, kernel.org, sorry.23:08
Davieywow, people still use finger? :)23:08
Psi-JackYeppers.23:09
ikoniathere is a daemon that can rate limit the fingerd daemon, but I don't see it in cfingered23:09
JanCcfingerd was one of the implementations I looked at earlier, but they didn't publish new versions since 2003 or so?  ;)23:09
ikoniano point putting out an update if thre is nothing to update23:09
JanCOTOH, seems like that's true for most23:09
ikoniafingers pretty dead in general23:10
ikoniaas Daviey not really a massivly in use tool any more23:10
ikonia"as Daviey said"23:10
JanCikonia: duno, it seems like it can be very useful really  ☺23:10
Psi-JackI use finger in like 600 servers I manage. ;)23:10
Psi-JackCause I want to see if a user has access to a specific box, by not having to ssh into it and just finger for it, I can see right off the bat if they do or don't.23:11
ikoniaJanC: certainly has some uses23:11
DavieyPsi-Jack: I hope you don't use it as part of an auth chain?23:11
Psi-JackHeck no. ;)23:11
Psi-JackIt's internal use only.23:12
Psi-JackI use efingerd in most cases, so I can actually query what groups a user is in on a particular box.23:12
Psi-JackAnd thus, what they're capable of, on said server. :)23:12
DavieyWait, you manage user groups per box?23:12
Davieyon *600* servers?23:13
Psi-JackCurrently, yes.23:13
JanCikonia: part of why I want to use it is e.g. to provide some address info to people on IRC channels that are logged, hoping spambots don't have intelligent finger support  ;)23:13
ikoniainteresting idea23:13
DavieyPsi-Jack: I'm really quite suprised that with 600 servers, it's not managed centrally.23:13
Psi-JackDaviey: My company got merged into another company which is a bunch of Windows ignorants, they want to tool it up to their LDAP server, but I'm hesitant until they can provide a full plan of action that will actually not suck.23:14
DavieyPsi-Jack: ah23:14
Psi-JackDaviey: And that was the baseline infrastructure BEFORE I got there, so. I kinda came in to bad design, hence, why I was hired in the first place, to fix their bad practices.23:14
JanCPsi-Jack: why do you use efingerd instead of e.g. cfingerd ?23:15
Psi-JackNow these guys are talking about making a linux server as a "jump host", before even being able to get into the actual servers within the DC, I'm like. Why? "PCI compliance." You don't need that for PCI compliance if your segmentation is properly done.23:15
Psi-JackJanC: efingerd can run stuff.23:15
Davieyah, right.  Incidently, my employer has home directories on servers for former employees.  That feels odd.. The accounts are gone, but thier traces remain.23:16
JanCso can cfingerd, if I understood23:16
Psi-Jackefingerd is a finger daemon, which executes programs and displays their output. This gives you complete control over what to display and to who, and an extreme configurability23:16
DavieyHah, actually, their account still exists.. just locked.23:16
ikoniaDaviey: a lot of places I work with do that23:17
ikoniasome places I can see value, others I can see risk/waste23:17
DavieyPsi-Jack: How do you do config management.. i trust you don't use expect or something to remove users on each machibe?23:18
Psi-JackDaviey: Heh, I wrote a script that I maintain with every new installation that ssh's into each server through ssh-key to root, and locks a user.23:19
SpamapSBeen there.. done that. :)23:19
Psi-Jackbut, for the most part.23:19
Psi-JackAll access is locked out as soon as they're taken out of the VPN access.23:19
Psi-Jackbecause you can't get into any server without VPN from outside the internal network.23:20
JanCPsi-Jack: you don't use a VPN on the internal network?  ☺23:22
Psi-JackWe do actually.23:22
Psi-JackOur delocated offices VPN to each other.23:22
Psi-JackBut, again, that's still within the internal network infrastructure. :)23:23
Psi-JackHmmm23:25
Psi-JackI really need to get into IPv6 sometime. :x23:25
Psi-JackAnyone here familiar with how I'd go about setting up 6to4?23:26
Psi-JackSo that I could, if I understand this right, actually connect to IPv6 addresses, via IPv4?23:28
JanCPsi-Jack: at home I use miredo (teredo) currently, which is mostly install & use right away23:28
Psi-JackHmmm. Interesting.23:28
Psi-Jackan IPv6 tunneling server, with NATs?23:28
JanCyou can use it behind a NAT, yes23:29
Psi-JackI currently have my own local reseveration for fs21:2cd0:6f99::/48, so I'm kinda hoping to make use of that with proper planning.23:30
Psi-JackI don't want completely random local IPv6 addresses. :)23:31
JanCI guess that's not what teredo was designed for23:31
Psi-Jackor even based on my MAC. :)23:31
JanCbut it's a great solution for "instant IPv6 access"23:31
Psi-JackHence, why I was considering 6to4, because I could use my existing IPv4 gateway with it, to my understanding.23:31
=== Lcawte is now known as Lcawte|Away
Psi-JackHoly crap.23:49
Psi-JackMy IPv6 /is/ working, at least from one of my firewall-routers. ;)23:49

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!