[00:21] <Cue> RoyK: Any thoughts?
[00:21] <Cue> It's definitely server-side
[01:32] <Tyler_> hi all, think anybody can help me with default umask on sftp connections on ubuntu server or is there a better channel for that?
[01:33] <Tyler_> I have my /etc/ssh/sshd_config setup for chrooting users to their home and uses internal-sftp, but no matter WHAT I try I cannot get the default umask on file uploads to work
[01:44] <Tyler> sorry I got disconnected, where were we?
[04:55] <Mahn> Good evening.  I have a server running 11.10 (x64) that is still delivering the webserver but is locking ssh
[04:55] <Mahn> I have a feeling it's in safe mode, but several hard reboots does not fix the problem
[04:56] <Mahn> I can access the server if i launch it via an online rescue kernel, but cannot seem to figure out why it returns to safe or refuses ssh connections
[04:56] <Mahn> Any tips would be appreciated.
[04:58] <Mahn> sup Jack
[05:08] <Mahn> any help in here?
[05:19] <Mahn> any help in here?
[06:41] <airtonix> i have zfs running native on my 10.04.3 Zentyal Server, i'm looking to get /home migrated onto one of the filesystems i created in the zfs pool. first order of business is to move the /home tree (permissions preseved) into the pool, any ideas?
[06:41] <Patrickdk> rsync?
[06:43] <airtonix> i tried rsync, with what i believed to be switches that would preserve permissions and two things happend: cpu went 100% and server froze. resulting permissions were translated to everything owned by root
[06:44] <Patrickdk> the only option you need to give rsync is -a
[06:44] <Patrickdk> or your using nfs4
[06:45] <airtonix> so : sudo rsync -a /home /storage/Users/
[06:45] <Patrickdk> normally using -v also is nice
[06:45] <Patrickdk> so you can see what is going on
[06:45] <airtonix> no nfs involved here, all on the same system
[06:45] <Patrickdk> sounds like your hitting fun zfs bugs
[06:50] <airtonix> https://github.com/zfsonlinux/zfs/issues/154
[08:48] <Tyler> hey anybody around that might be able to help me with file permissions/umask?
[11:51] <UnReason> Hola gente
[12:28] <goddard> should my boot partition be 175MB?
[12:58] <chelz> goddard: that's an okay size. 15MB per kernel, including updates
[12:59] <chelz> goddard: that would give you space for 10 kernel updates plus the original
[13:47] <rassrunk> I have a ubuntu server that runs samba on it, and i have recently put in a extra hard drive that i plan to use for samba. My question is how do i format the hard drive and how do i automatically mount it if i where do reboot my computer.
[14:29] <pmatulis> rassrunk: ideally you would be using LVM.  if not, just use fdisk to format and then edit /etc/fstab to have it mounted
[14:29] <pmatulis> upon boot
[18:41] <zastaph> how do I automount a HDD on boot? putting "sudo mount /dev/sdb1 /mnt/backup" in .bashrc probably wont work, since its a sudo command?
[18:42] <Nafallo> zastaph: man fstab has good instructions.
[18:44] <zastaph> can I just add /dev/sdb1 /mnt/backup to the end of it? without all those ext3 and other specs in the end
[18:47] <Nafallo> no. you need some of them options, or it won't be valid.
[18:47] <Nafallo> also, you might well want to find out the UUID of the filesystem.
[18:48] <zastaph> ouch
[18:50] <zastaph> considering making one big LVM of all my disks
[18:53] <zastaph> of course i want to mount it with the filesystem I already given it.. it should be able to check that if I dont specify it :)
[18:54] <Nafallo> zastaph: sudo blkid on a terminal should help you.
[18:55] <zastaph> ok, then just gotta decide on what to put in Options :)
[18:59] <zastaph> ok just wrote the same as the primary partition
[19:01] <zastaph> that seemed to work
[19:02] <Nafallo> defaults is a good default :-)
[19:03] <zastaph> i omitted the explicit defaults, just wrote errors=remount-ro 0 1
[19:11] <Nafallo> I would change that to defaults 0 2 if I were you :-)
[19:14] <zastaph> why 2
[19:16] <zastaph> got it
[19:18] <zastaph> another thing.. if I ssh into my box, and run something with X11Forwarding on my x11 server, it opens a windows.. but what happens if I exit (thus logout) the console I started the X app from?
[19:18] <zastaph> will it continue running
[19:20] <Nafallo> I don't think it'll let you logout until you've closed that window. but that's just speculation from my side.
[19:24] <zastaph> well thats the odd thing.. the window remains functional.. I see "logout" on the console window, but the connection is not closed.. it only comes up with a conneciton is closed message if the X window is closed first
[19:24] <zastaph> but if I write exit I have no interaction with the console anymore
[19:25] <Nafallo> that's kind of what I was trying to say, yes :-)
[19:26] <zastaph> so maybe my connection is still lingering somewhere
[19:27] <zastaph> even if I open an X window, and close that window, then exit, it does not close the connection
[19:27] <zastaph> so something remains active
[19:28] <Nafallo> it will remain active as long as you hae that x-window open, yes.
[19:28] <Nafallo> when you close that, the logged out connection will finally disconnect.
[19:28] <zastaph> i properly quit the X window, and then exit the console, and it still doesnt close the connection as it would had I not opened an X window
[19:28] <zastaph> but perhaps because I'm on windows, using X-ming and putty
[19:29] <Nafallo> hrm. and yeah, in that case I guess something is still active, or waiting for you something.
[20:59] <Psi-Jack> Hmmm. I'm trying to find a PPA for ubuntu 11.10 that has newer packages for Zabbix, because 1.8.5 is like ancient old.
[20:59] <Psi-Jack> Doesn't even support includes or unsafe external params.
[21:22] <JanC> Psi-Jack: I wouldn't say something released in August 2011 is "ancient old"   :P
[21:22] <Psi-Jack> It is in the Zabbix world. ;)
[21:23] <JanC> i guess you could ask for a backport from the precise repositories
[21:23] <JanC> or you could try to backport it yourself
[21:26] <JanC> Psi-Jack: https://launchpad.net/ubuntu/+ppas?name_filter=zabbix --> seems like several people do build zabbix packages
[21:27] <JanC> of course, you want to make sure those particular PPAs are safe
[21:36] <SockPants> hi all
[21:36] <SockPants> i've switched a server to a new vm host and the NICs changed. how can i redetect the network hardware?
[21:39] <Patrickdk> edit /etc/udev/rules.d/70-persistent-net.rules
[21:56] <goddard> i can figure out where my footer information is stored in the database
[22:18] <nancy-->  i have one website but many types of projects. eg. blog , webhosting services, software selling and development     .          i was thinking ,instead of 3 different sites, to make just one website and at sub domains for each. like  soft.mysite.com , blog.mysite.com  etc . good idea for  SEO and users , marketing , etc  any comments ?
[22:21] <Onepamopa> Need to report something: kernel 3.0.0-15-server has some issues, causing a lot of interruptions (even freezes @ bash when no major processes running)
[22:21] <Onepamopa> just reverted to 3.0.0-14-server - everything is perfect.
[22:22] <Onepamopa> freezes @ bash = Im executing a random command and the console lags for ~1-2 seconds, no idea how else to explain it.
[22:29] <JanC> nancy--: as a user I tend to like subdomains, and it's also easier to configure in many cases
[22:31] <nancy--> JanC,  i had that thought because any customer coming for one purpose. eg say hosting . will also see the other 2 things. software and blog. ill make the main page (mysite.com) as a choice to go to any of the three.
[22:31] <nancy--> nice idea?
[22:32] <JanC> it also depends on the size of your business, I guess, and how important name recognition for the distinct services is
[22:32] <Onepamopa> seems like noone's interested in kernel problem ;)
[22:33] <nancy--> JanC,   i have 3. blog , sof, hosting
[22:33] <nancy--> i only got the name as my-site.com            not as   mysite.com           have to make a hyphen in it..        thats not a good idea i think ?
[22:33] <JanC> Onepamopa: it's Sunday night over here, and Sunday evening in the US, so most people might not be around  ;)
[22:33] <Onepamopa> JanC seems that way =)
[22:33] <Onepamopa> anyway, I just thought I'd inform someone, save them the trouble of wondering "what the f?ck is going on"
[22:33] <Onepamopa> ;)
[22:34] <JanC> Onepamopa: you might want to file a bug
[22:34] <Onepamopa> JanC no idea how to explain exactly what happens ....
[22:34] <JanC> and/or try to find what is wrong with it  ☺
[22:34] <Onepamopa> fresh restart, stop all applications like apache, mysql etc, drop the primary net interface and just start to do something like executing ls 10 000 times
[22:35] <Onepamopa> 50% of execution lags console for 1-2-3 seconds
[22:35] <nancy--> JanC,   or my-site.com/soft        and my-site.com/bloging         is better.      whats your comments?
[22:35] <nancy--> JanC,   or soft.my-site.com        and bloging.my-site.com        is better.      whats your comments?
[22:36] <Onepamopa> nancy-- depend, I think / is better for googlebot indexing & etc
[22:37] <nancy--> Onepamopa,  hmm. ok
[22:37] <JanC> it's also easier to set up in many cases
[22:37] <Onepamopa> that's what I heard from some blackseo gurus
[22:37] <JanC> as many webapps assume / if not told otherwise ;)
[22:38] <Onepamopa> true
[22:38] <nancy--> hm..
[22:38] <JanC> and it allows you to move one of them elsewhere easily later
[22:38] <JanC> elsewhere = to another server
[22:38] <nancy--> well finally guys.  . . give a name to the site.            it has       software dev , webhosting, and bloging.
[22:39] <ikonia> nancy--: that is not for this channel as you've been told
[22:40] <Psi-Jack> Heh
[22:40] <ikonia> nancy--: #ubuntu = ubuntu support #ubuntu-server = Ubuntu server support, #ubuntu-offtopic (where you are already discussing this) is the only place
[22:40] <Psi-Jack> ikonia: How's things, man?
[22:40] <nancy--> oops. i forgot ikonia   . going back to ubuntu-offtopic . sory
[22:40] <Onepamopa> nancy-- something else, as far as I know, you cannot assign different A record to /subdomain
[22:40] <ikonia> nancy--: please don't lie, you didn't "forget" as you've been told this and you're still discussing it, stop trying to push this
[22:41] <nancy--> ok ikonia
[22:41] <Onepamopa> ikonia is a bad-ass =)
[22:42] <nancy--> well not talking technicall stuff...            a /subdomain cant have A record. but  a   subdomain. domain .com  can have ?
[22:42] <nancy--> now* talkin..
[22:42] <Onepamopa> Yes, and stop asking such questions in server-related channel
[22:43] <ikonia> nancy--: if you ask again, I will remove you from the channel
[22:43] <ikonia> nancy--: clear ? yes/no
[22:43] <nancy--> yyup
[22:43] <nancy--> crystal
[22:43] <nancy--> like someone just kicked you from #ubuntu ?
[22:43] <Onepamopa> more like banned
[22:44] <nancy--> onia has kicked sennin from #ubuntu (you lost)
[22:44] <ikonia> no-one has kicked me from #ubuntu, stop disucssing it, if you need help with ubuntu server, this channel is perfect, anything else, stop
[22:44] <nancy--> ... no coments
[22:44] <ikonia> nancy--: correct,
[22:44] <nancy--> oh. its was you who is in the kicking mood today
[22:45] <ikonia> nancy--: please stop trying to push me, this is your final warning
[22:45] <Onepamopa> ikonia ... just do it
[22:45] <nancy--> ooh.. i step back from the great lord or irc ! ikonia
[22:45]  * Psi-Jack shakes his head and gives the thumbs down.
[22:45] <Psi-Jack> nancy--: Troll elsewhere.
[22:45] <nancy--> he has sooo much power..   he can Kick !!             aaa...         what else can you do ?
[22:45] <Onepamopa> nancy-- stop acting like stupid
[22:46]  * nancy-- stops
[22:46] <Onepamopa> its not funny
[22:49] <Psi-Jack> Hehe, anyway. ;)
[23:03] <Psi-Jack> ikonia: So, I actually took the time this weekend to totally rebuild my entire home-based server infrastructure. ;)
[23:03] <ikonia> Psi-Jack: bravo
[23:03] <Psi-Jack> Switched out openSUSE 11.4 firewall (active/failover), to Ubuntu 11.10, which will be moved up to 12.04 about a month or two after it's release.
[23:04] <JanC> hm, anybody know what the best fingerd for Ubuntu/Debian is?  (I'm mostly interested in security, but also configurability)
[23:04] <Psi-Jack> Switched Debian 6.0.3 to Ubuntu 11.10 for my LVS directors.
[23:04] <Psi-Jack> Replaced my Debian 5 Zimbra mail server to Ubuntu 10.04 LTS.
[23:04] <JanC> (security with default packages)
[23:04] <Psi-Jack> And my Debian 6 web cluster to Ubuntu 10.04 LTS as well. ;)
[23:04] <ikonia> JanC: as in "the finger daemon"
[23:05] <JanC> ikonia: yes
[23:05] <ikonia> JanC: the default one (can't remember the package) is probably your best option,
[23:05] <ikonia> I take it you're not putting finger on the web ?
[23:05] <JanC> ikonia: there is no default one that I can see
[23:06] <Psi-Jack> I'm curious about one thing though. Ubuntu 12.04 is just around the corner, in a couple months. Does anyone know yet if it will keep PHP 5.3 support, and does it plan to also keep PHP 5.2 support?
[23:06] <JanC> and I don't wee what the web has to do with finger  ;)
[23:06] <ikonia> JanC: hang on, let me see if I can find it, there isn't one installed by default (probably for security)
[23:06] <JanC> don't see
[23:06] <ikonia> JanC: sorry, I meant I assume you're not going to open up "finger" to the public internet
[23:06] <JanC> I intended to put it on the public internet, yes
[23:06] <ikonia> cfingered
[23:07] <ikonia> oh wow, you actually want people to finger your machine on the web
[23:07] <JanC> *if* it can be done securely
[23:07] <ikonia> that's a tall order, finger attacks always used to be an easy target
[23:08] <JanC> well, I don't see exactly why finger should be an easier target than SMTP or HTTP servers...
[23:08] <Psi-Jack> Yeah. used to be..
[23:08] <Psi-Jack> linux.org's been running a fingerd for eons/.
[23:08] <Psi-Jack> Custom, of course.
[23:08] <Psi-Jack> Err, kernel.org, sorry.
[23:08] <Daviey> wow, people still use finger? :)
[23:09] <Psi-Jack> Yeppers.
[23:09] <ikonia> there is a daemon that can rate limit the fingerd daemon, but I don't see it in cfingered
[23:09] <JanC> cfingerd was one of the implementations I looked at earlier, but they didn't publish new versions since 2003 or so?  ;)
[23:09] <ikonia> no point putting out an update if thre is nothing to update
[23:09] <JanC> OTOH, seems like that's true for most
[23:10] <ikonia> fingers pretty dead in general
[23:10] <ikonia> as Daviey not really a massivly in use tool any more
[23:10] <ikonia> "as Daviey said"
[23:10] <JanC> ikonia: duno, it seems like it can be very useful really  ☺
[23:10] <Psi-Jack> I use finger in like 600 servers I manage. ;)
[23:11] <Psi-Jack> Cause I want to see if a user has access to a specific box, by not having to ssh into it and just finger for it, I can see right off the bat if they do or don't.
[23:11] <ikonia> JanC: certainly has some uses
[23:11] <Daviey> Psi-Jack: I hope you don't use it as part of an auth chain?
[23:11] <Psi-Jack> Heck no. ;)
[23:12] <Psi-Jack> It's internal use only.
[23:12] <Psi-Jack> I use efingerd in most cases, so I can actually query what groups a user is in on a particular box.
[23:12] <Psi-Jack> And thus, what they're capable of, on said server. :)
[23:12] <Daviey> Wait, you manage user groups per box?
[23:13] <Daviey> on *600* servers?
[23:13] <Psi-Jack> Currently, yes.
[23:13] <JanC> ikonia: part of why I want to use it is e.g. to provide some address info to people on IRC channels that are logged, hoping spambots don't have intelligent finger support  ;)
[23:13] <ikonia> interesting idea
[23:13] <Daviey> Psi-Jack: I'm really quite suprised that with 600 servers, it's not managed centrally.
[23:14] <Psi-Jack> Daviey: My company got merged into another company which is a bunch of Windows ignorants, they want to tool it up to their LDAP server, but I'm hesitant until they can provide a full plan of action that will actually not suck.
[23:14] <Daviey> Psi-Jack: ah
[23:14] <Psi-Jack> Daviey: And that was the baseline infrastructure BEFORE I got there, so. I kinda came in to bad design, hence, why I was hired in the first place, to fix their bad practices.
[23:15] <JanC> Psi-Jack: why do you use efingerd instead of e.g. cfingerd ?
[23:15] <Psi-Jack> Now these guys are talking about making a linux server as a "jump host", before even being able to get into the actual servers within the DC, I'm like. Why? "PCI compliance." You don't need that for PCI compliance if your segmentation is properly done.
[23:15] <Psi-Jack> JanC: efingerd can run stuff.
[23:16] <Daviey> ah, right.  Incidently, my employer has home directories on servers for former employees.  That feels odd.. The accounts are gone, but thier traces remain.
[23:16] <JanC> so can cfingerd, if I understood
[23:16] <Psi-Jack> efingerd is a finger daemon, which executes programs and displays their output. This gives you complete control over what to display and to who, and an extreme configurability
[23:16] <Daviey> Hah, actually, their account still exists.. just locked.
[23:17] <ikonia> Daviey: a lot of places I work with do that
[23:17] <ikonia> some places I can see value, others I can see risk/waste
[23:18] <Daviey> Psi-Jack: How do you do config management.. i trust you don't use expect or something to remove users on each machibe?
[23:19] <Psi-Jack> Daviey: Heh, I wrote a script that I maintain with every new installation that ssh's into each server through ssh-key to root, and locks a user.
[23:19] <SpamapS> Been there.. done that. :)
[23:19] <Psi-Jack> but, for the most part.
[23:19] <Psi-Jack> All access is locked out as soon as they're taken out of the VPN access.
[23:20] <Psi-Jack> because you can't get into any server without VPN from outside the internal network.
[23:22] <JanC> Psi-Jack: you don't use a VPN on the internal network?  ☺
[23:22] <Psi-Jack> We do actually.
[23:22] <Psi-Jack> Our delocated offices VPN to each other.
[23:23] <Psi-Jack> But, again, that's still within the internal network infrastructure. :)
[23:25] <Psi-Jack> Hmmm
[23:25] <Psi-Jack> I really need to get into IPv6 sometime. :x
[23:26] <Psi-Jack> Anyone here familiar with how I'd go about setting up 6to4?
[23:28] <Psi-Jack> So that I could, if I understand this right, actually connect to IPv6 addresses, via IPv4?
[23:28] <JanC> Psi-Jack: at home I use miredo (teredo) currently, which is mostly install & use right away
[23:28] <Psi-Jack> Hmmm. Interesting.
[23:28] <Psi-Jack> an IPv6 tunneling server, with NATs?
[23:29] <JanC> you can use it behind a NAT, yes
[23:30] <Psi-Jack> I currently have my own local reseveration for fs21:2cd0:6f99::/48, so I'm kinda hoping to make use of that with proper planning.
[23:31] <Psi-Jack> I don't want completely random local IPv6 addresses. :)
[23:31] <JanC> I guess that's not what teredo was designed for
[23:31] <Psi-Jack> or even based on my MAC. :)
[23:31] <JanC> but it's a great solution for "instant IPv6 access"
[23:31] <Psi-Jack> Hence, why I was considering 6to4, because I could use my existing IPv4 gateway with it, to my understanding.
[23:49] <Psi-Jack> Holy crap.
[23:49] <Psi-Jack> My IPv6 /is/ working, at least from one of my firewall-routers. ;)