[00:02] Ok thanks for your help guys [00:03] tonyyarusso i will be back in 10min and i will mp you to get that === slank is now known as slank_away [00:44] zul: Daviey jamespage http://people.canonical.com/~agandelman/folsom/glance/ + http://people.canonical.com/~agandelman/nova/ . need a +1 so we can get to staging and fast tracked out to -updates. both security updates [00:48] adam_g: do those correspond to: http://www.ubuntu.com/usn/usn-1710-1/ and http://www.ubuntu.com/usn/usn-1709-1/ ? [00:50] adam_g: well, I'm eod, but I did updates for those already [00:51] jdstrand: yes this are precise rebuilds of your updates for the ubuntu cloud archive [01:03] tonyarusso you still there ? [01:05] tonyyarusso you still there ? [01:06] he shows up as away [01:12] ok because he said that he got some config about the postfix [01:12] doesn't mean he's here though :p [01:22] TheLordOfTime can you help me with. [01:22] you seem to be very good with postfix [01:23] adam_g: looks good [01:24] Chriys: irc tends to work best if you ask specific questions rather than asking people if they will help you :) [01:25] .. afterall, there are ~360 others here, someone's liable ot be awake.. [01:27] ok thanks sarnold. basically i want to tell to my server to user my gmail account to send email. on web application hosted on my server [01:28] and i also want gmail to receive email from info@ahidjodesign.com [01:31] Chriys: you may wish to look at 'msmtp', I use it to have a /usr/bin/sendmail program that sends From my address [01:32] Chriys: setting up receiving is slightly differen,t you'll need to look into google services for domains or something.. [01:32] it will gona work if i use mail() on a php page on my server. [01:34] Chriys: it should, if the mail() routine uses /usr/sbin/sendmail. if it connects to smtp servers itself, no. (I seem to recall that both behaviors are available with various php modules..) [01:36] ok. so i use what will be the sender address in the email [01:37] your gmail address [01:40] and about redirecting info@mydomain.com to gmail.com [01:43] Chriys: http://www.google.com/enterprise/apps/business/pricing.html [01:45] i think it will be better to have my own fix ip address [01:45] thanks again for your help [01:46] Chriys: another option is to pick another smtp host, e.g. sendgrid [01:49] ok. sarnold do you think that if i use different port like 1234 it work ? [01:49] Chriys: probably; or you could set up a vpn between your host and your smtp host.. [01:49] sarnold what do you mean ? [01:51] Chriys: from what I vaguely recall of your problem, you've got a web host and you've got an smtp host, and your web host can't contact your smtp host, right? [01:51] because the most important for me is to being able to send email from my domain with web app on my server [01:59] sarnold if i send an email to info@mydomain.com it doesn't work. and if i send an email from my server it still doesn't work except if i send it to another user on my server. [02:01] i tried to use mail() on phpscript same issue. and i cant connect to the server using a mail client. but all of my website hosted on the server work [02:03] i tried telnet gmail 465 and telnet gmail.com 25 it says unable to connect to remote host: Network is unreacable [02:11] hallyn: yeah i need to understand whats going on first [02:27] adam_g: ah, I thought you were wanting to provide those updates for the archive :) [02:31] Can someone help me? "sudo apt-get update" -- every line returns 404 [02:31] Err http://archive.ubuntu.com maverick-updates/universe amd64 Packages 404 Not Found [IP: 91.189.92.200 80] [02:31] or [02:31] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/maverick-security/restricted/source/Sources.gz 404 Not Found [IP: 91.189.92.200 80] [02:31] well, what did you expect? [02:32] something besides 404? [02:32] support for maverick ended a long time ago [02:32] patdk-lap: i see [02:32] are you saying my distro version is no longer supported? :) [02:32] I'm saying your using something that is only supported for 18months [02:33] and it came out in 10.10 [02:33] well, october 2010 [02:33] switch to using the old repo's archive [02:34] dragoonis: probably best to run a do-release-upgrade to upgrade to a supported distribution [02:38] sarnold: thanks for the suggestion. this is a production box so I can't do anything drastic right now [02:38] is there a workaround to let me run apt-get update against my distro version ? [02:44] dragoonis: use old-releases.ubuntu.com [02:45] dragoonis: but, really, you need to upgrade to a LTS - maverick isn't supported anymore [02:45] bradm: i understand i actually just need to use apt-get to install "tcl8.5" package [02:46] dragoonis: right [02:46] it's stopping my redis-server's "make test" from being successful [02:46] dragoonis: well, its been answered twice now [02:49] ok thanks. [02:50] bradm: did you mean to update my apt-get sources.list file with "old-releases.ubuntu.com" [02:50] you'll have to remove the security deb lines too [02:50] dragoonis: yes [02:52] bradm: it seems to be doing something :) [02:52] yay \o/ [02:53] excellent [02:53] 'make test' on redis passed. [03:00] sarnold i'm going to reinstall postfix what config do i need to send email throught my isp smtp server [03:08] I have a binary at "/home/paul/redis-stable/src/redis-cli" [03:08] i'd like this to just execute by running 'redis-cli' [03:08] i tried the 'alias' command, but when i run my shell script it says 'command not found' [03:10] dragoonis: mkdir /home/paul/bin ; ln -s /home/paul/redis-stable/src/redis-cli /home/paul/bin/redis-cli [03:10] i'm going to reinstall postfix what config do i need to send email throught my isp smtp server [03:10] dragoonis: when you have a ~/bin , it will be added to the path (you have to logout and back in, or re-source your bashrc) [03:11] Chriys: postfix will ask you for those settings on installation [03:11] Chriys: or just 'dpkg-reconfigure postfix' [03:11] oh good thanks :p [03:13] SpamapS: i didn't know ~/bin was magic [03:13] SpamapS: apache is going to execute this shell script so that might be problematic [03:13] hi all.. [03:13] dragoonis: indeed it will be problematic [03:14] dragoonis: why don't you install it in a system location like /usr/local/bin ? [03:14] do you guys know how i can identify the processes that are eating up my memory? [03:14] ps axl [03:14] smem? [03:14] SpamapS: that sounds better [03:14] usr/local/bin/redis-cli ? [03:14] i allocated 1GB to a virtual machine and installed spamd+postfix+courier+mysql and have gitlab running [03:15] well, spamd is going eat 100-500megs [03:15] I use 'ps auxw O r' to see the biggest process at the bottom [03:15] so it ended up eating almost all of that 1GB. So I thought this is not very good and decided to allocate an additional 1GB [03:15] smem is nicer cause it takes shared ram into account [03:15] azbyin, how do you define, EATING RAM? [03:15] everything was peachy for a while, now everything has been eaten up again.. 17BM free memory [03:16] ah, so you have no idea [03:16] total used free shared buffers cached [03:16] Mem: 2041028 2022876 18152 0 58896 1010272 [03:16] and the next line? [03:16] -/+ buffers/cache: 953708 1087320 [03:16] 1087MB free [03:16] nice [03:16] how did you figure 17MB? [03:17] first line.. col 3 (free) [03:17] ya, that is how much WASTED RAM you have [03:17] it is only use for interrupt processing and stuff in the kernel [03:18] that is not how much FREE PROGRAM ram you have [03:18] please read the free program manual next time [03:19] SpamapS, ps auxw O r shows gitlab 3180 0.1 6.3 2959144 129304 ? ... right at the bottom [03:19] is this VSZ being reported in KB ? [03:19] vsz is how much the program asked for, not how much it's using [03:19] SpamapS: that helped a lot :) [03:20] good night [03:20] it's actually only using 129MB [03:20] but it actually asked for 2GB ? [03:20] 3GB [03:20] that is normal [03:20] lots of programs do that [03:20] ok [03:21] happens a lot with memmap files [04:43] I am trying to optimize the performance of a magento installation on an ubuntu server. can anyone suggest a good link for me to read? [04:43] there's tons of stuff online, but I don't knwo whats good advice and what isn't [05:01] red82, the important question to ask is, why? [05:02] are you experiencing slowness? are you hitting a hardware bottleneck, or is the software not utilizing your hardware to keep up with requests? [05:02] oh, I see [05:03] I am hosting with a vert. on media temple, and was running out of memory with just a couple of test users. this seemed bad [05:03] if you used built in packages, it's already set up for the way most people will use it [05:03] ok [05:03] http://mediatemple.net/webhosting/ve/pricing.php <- the lowest priced one there. seems to me that 1GB should be fine [05:04] I upgraded to the 2GB one, and that helped my memory problems (at various points I couldn't even ssh into the box because it couldn't get mem ) [05:04] red82: There are magento specific hosting places. [05:04] They earn their money. :-) [05:04] red82, while I'm not experienced with magento, from what I'm reading, it's a resource heavy application, and that doesn't surprise me [05:04] red82: It's worth mentioning that Mediatemple runs Virtuozzo, which is a chroot on steroids; it tends not to play well with Magento. [05:05] Corey: thats very interesting [05:05] do you have a recommended host for future reference ? [05:06] qman__: it does seem heavy and slow, but you'd think it could handle one user. [05:06] red82, from one article, it's recommended that in order to run magento, PHP's maximum memory per-process should be adjusted to 512MB [05:07] common defaults are 8MB or 16MB [05:07] just to give you an idea [05:07] thats astounding [05:08] not that it will use that much on every process, but because of that, it doesn't surprise me that 1GB was not enough for more than a couple users [05:10] that seems crazy high [05:11] there's probably a big initial investment, with better scaling [05:11] as in, 4GB would serve a lot more than 4 users, probably more like 50 [05:12] that's just a guess though [05:37] hi, is there an alternative to 'ctrl-middle click' to select the 'Operate Controller now' option on a fader or button, to select midi control? [08:14] I want network monitoring tool like PRTG but should be free of charge and full version === smb` is now known as smb [09:04] linocisco: you are certainly welcome to build one. [09:19] hi, i'm receiving that error trying to boot a nova instance: ProcessExecutionError_Remote [09:19] any idea? [09:36] greppy, what do you mean to build one? [09:41] linocisco: have you tried munin? [09:42] there are several monitoring tools around, and some are highly configurable, or you can script up something yourself with rrdtool or similar === yofel_ is now known as yofel [09:51] RoyK, not yet [09:52] RoyK, is it good? [10:04] linocisco: http://munin.karlsbakk.net/munin/ [10:09] linocisco: I mean that someone built/wrote PRTG, you are welcome to build/write your own. [10:19] I created a user on Ubuntu Server 12.10, and added that user to the sudoers file as username ALL=(ALL) NOPASSWD: ALL [10:20] I'm still prompted for a password when I sudo with the username, in addition to I can't run apt-get upgrade, as it says I dont have permission. [10:20] JonEdney: perhaps that user is part of a group with sudo access, parsed before the line you added [10:21] greppy, if I knew programming, I would not ask here and started writing code [10:23] RoyK, thanks for the tip, still learning the ropes. [10:23] linocisco: did you check out munin? [10:24] RoyK, still checking === matsubara-afk is now known as matsubara === th0mz_ is now known as th0mz === railsraider_ is now known as railsraider [12:47] hi, i'm trying to install ubuntu 12.10 server on a pre-existing hardware [12:47] it has several md raid sets, 12 disks in total, I only want to recreate the OS partitions on the first 2 disks [12:47] I can see it on the cli, but since that has no fdisk/cfdisk/gdisk/parted I can't do much there either [12:47] The problem is, it doesn't show sda in the partition toolie [12:47] any ideas? [12:48] advanced partitioning -> activate raid volumes should tell you which md devices you have made up of which disks [12:49] as well as to [dis]assemble them. [12:51] hmm can I see what /dev/sda is? [12:51] booted ubuntu from cd mounted through impi (like drac/ilo), there's no less on the console :( [12:53] nvm it has more there's a virtual disk presented by the ipmi, besides a cdrom, dunno why it does that [12:55] can the installer use/recognize gpt? It says sdc has no partitions, but it has 4 - all 4 part of md sets which it did start (well kernel auto detect probably did (.9 superblock)) [12:55] freakynl: unplug all non-root drives :P [12:55] freakynl: that's pretty safe [12:56] sdc is a root drive [12:56] and it has partitions ... the partitioning tool however says it wants to create a new one (now I only care about the last partition not dying :)) [12:57] freakynl: with 12.04 (which I would *really* recommend for servers, since it's the latest LTS), the installer screen turns up in b&w if gpt is detected [12:57] oddly enough it seems to recognize the partitions made by windows on one of the raid sets just fine (which are gpt (8TB vol)) [12:57] freakynl: if you want that thing stable over time, use lts [12:57] if it's a toy, well, do as you please ;) [12:58] RoyK: It'll only do iSCSI and LIO with 3.5 is much much MUCH better than 3.2 with iet ever will be :) [12:58] ah [12:58] ic [12:58] can I partition myself on the cli, mount them somewhere and continue with the installer? [12:59] you can partition manually from the installer [13:00] the installer doesn't recognize the current partitions on sdc [13:00] can you nuke it? [13:01] no the last partition needs to be safe only want to repartition cuz ubuntu hogs /boot like crazy and doesn't clean it up [13:01] oh, why? don't you have a raid for your data? [13:01] my gentoo install has a 50M /boot with 12 kernels on it, and free space, this install has a 66M /boot partition with 2 kernels and craps out on regenerating initramfs every time [13:02] RoyK: Yea I do, since they're 2 TB disks however and the OS is quite small the majority of the disk is still exported through iscsi [13:02] in ubuntu's defense btw - I don't use initramfs on gentoo so that saves quite a bit [13:03] I just want to make /boot and / 1 partition now and save me the hassle of having to clean up /boot all the time :) [13:03] * RoyK usually uses a 1GB /boot [13:05] I'll see if I can create the partitions / raid with parted magic and see if the installer picks those up - it sees the existing raid sets just fine (which is funny since several of them use partitions from sdc which it doesn't see but are part of the raid) [13:07] it's a replacement disk too - probably just used sfdisk -d /dev/sda | sfdisk /dev/sdb [13:08] freakynl: have you read ubuntu server - advanced installation - raid setup documentation? [13:09] https://help.ubuntu.com/12.04/serverguide/advanced-installation.html#software-raid [13:11] Nope, don't quite see how that'll make the installer recognize the partitions either :) [13:18] whilst on the subject of raid, would you recommend swap on raid 1 or just add 2 swap partitions? [13:19] The latter is often advised, but they don't seem to take into consideration if 1 disk dies, so does 1 swap part (and thus potentially you loose a piece of memory and that's pretty bad) [13:19] then again, usually it doesn't use swap :D [13:36] Which is the ubuntu equivalent for perl-Net-SSLeay.i686 perl-IO-Socket-SSL pkgs? [13:37] Which is the ubuntu equivalent for perl-Net-SSLeay.i686 perl-IO-Socket-SSL pkgs? [13:38] those should be perl SSL auth modules... i guess it's possible to use cpan, but i don't know which modules to install [13:51] xiaoy, libnet-ssleay-perl and libio-socket-ssl-perl [13:51] xnox: gparted complains on the disk too - kernel sees the partitions fine, fdisk lists them (but claims there's gpt on it - normally it doesn't list anything then) [13:51] xiaoy: you can probably see a pattern :-) [13:51] gparted says a fake msdos partition doesn't exist, but there's no backup gpt header either [13:52] now the big q will be, is that gpt partition it thinks it sees data from one of the raid sets? :D [13:53] jamespage, tahnk you. I'm tring to use my gmail account with sendEmail... but gives me some errors [13:54] xiaoy, np [13:55] auth with gmail smtp srv it's a bit tricky :) === slank_away is now known as slank [14:25] jamespage/yolanda: https://code.launchpad.net/~zulcss/cinder/cinder-failed-tests/+merge/145614 [14:25] adam_g: +1 [14:26] let me take a look === slank is now known as slank_away [14:33] good morning all. i've got a rosewill SATA card with a Silicon Image chip model of Sil3114CTU. the 64bit server installer sees it and all the drives on it, but the 32 bit installer does not. any ideas? [14:33] the system is a 32 bit machine, otherwise i'd just roll with 64. [14:38] Linuks83, why bother with 32bit installs? [14:38] good morning everyone [14:38] I have a few questions if anyone has time [14:39] patdk-wk, the machine i have on hand is a 32 bit machine. further, why would the 64 bit install detect the card and not the 32 bit install of the same release?? [14:40] well, the driver might not be pae compatable, and since the non-pae kernel was dropped [14:40] only thing I can think of [14:41] I have Ubuntu server 12.04 /w kubuntu desktop installed onit, what I want to know is how to create a user and give him only access to 3 folders on the server , his home folder nad 2 folders in www? [14:43] I have sufed the firums but I can only find help on giving user full control of server and that wont work in this case [14:43] patdk-wk, when was the non-pae kernel dropped, becuase it doesnt get detected with either of the 12.04.1 disks either [14:43] 11.10 I believe, maybe 11.04 [14:44] patdk-wk, ok. going out on a limb here... do you know if it is still supported by Debian proper? [14:44] actually, I don't think that should make a difference [14:44] the sill3114 should be using the normal AHCI driver [14:45] not a special driver, and that is supported fine [14:45] so is there a boot string i can add to the 32 bit installer to get it detected? [14:46] it's already added if 64bit sees it [14:46] i checked the ubuntuforums, but dont see anything on this particular issue. [14:46] the boot string should be the same between the 32 and 64 right? [14:49] can anyone assist me with giving user only access to specified folders on the server ? [14:50] dragonious: the specified folders being? [14:50] lunuks, it's suppost to use the sata_sil module [14:50] frakyni: his Home, and 2 folders in www [14:51] freakyni: sorry his home and 2 folders in www [14:51] I can not type today im sorry [14:51] dragonious: hmm that's scattered over the file system... I don't use ubuntu much, but you might want to look into mounting (-o bind) the folders on his home folder and chroot'ing it [14:51] dragonious: fr if you have a descent client :) [14:52] freakynl: Im very new to ubuntu still getting used to the commands [14:52] patdk-wk, is there a way i can specify to load that at boot to be sure? [14:53] modprobe [14:53] dragonious: I'm not used to the ubuntu 'way' of things. Root jail is probably the easiest (chroot) in combination with mount -o bind [14:53] freakynl: do you know of any walkthroughs available for this procedure [14:54] freakynl: thanks for the tab tip ;0 [14:54] mount -o bind being for the www folders. Don't know what your permissions are though, you might need extended acl's (beyond user/group/other) [14:54] dragonious: https://help.ubuntu.com/community/BasicChroot [14:54] freakynl: ty very much [14:55] np [14:55] freakynl: im going to check that out on my pc thanks again, I may be back ;) [14:58] jamespage/yolanda: one more https://code.launchpad.net/~zulcss/nova/nova-fixes/+merge/145624 [15:05] zul, i'll take a look [15:07] I get a blank screen after grub, editing (e) in grub and adding nomodeset doesn't help [15:07] patdk-wk, how do you pass modprobe to text mode the installer? [15:07] it doesn't have the splash nor quiet options, any ideas? [15:08] run it in the shell [15:11] i understand running it from the shell 'modprobe sata_sil' but how do i get shell during the actual installation. i'm trying to use a drive which is on that controller to install to. [15:18] patdk-wk, i understand running it from the shell 'modprobe sata_sil' but how do i get shell during the actual installation. i'm trying to use a drive which is on that controller to install to. [15:19] select shell from the install menu [15:19] patdk-wk, oh! ok, so when i use the 'go back' option and am presented with the menu, it will be there? gotcha. [15:19] ya [15:20] patdk-wk, thanks!! i will try that! [15:20] Hmm oddly enough ubuntu desktop boots just fine (also 12.10) from live cd (parted magic cd's have same issues - nomodeset doesn't help there either) [15:30] hallyn: pinger [15:34] zul: hey [15:34] sorry had rackspace host issues last night, got disconnected :) [15:35] hallyn: just getting libvirt 1.0.2 ready...still need to look at the qemu stuff fyi [15:35] (didn't feel like xferring to local) [15:35] which qemu stuff? [15:35] the qemu-nbd stuff i am having problems with [15:35] oh right [15:35] (thought you menat something related to libvirt version) [15:36] hallyn: nope :) [15:37] zul: cool. do note i pushed a libvirt to raring yesterday, trivial but please don't lose that debdiff :) [15:38] zul: shall i try to reproduce the nbd bug? [15:38] i've got to change locales, but will try when i'm settled [15:39] hallyn: not yet i think openstack might something stupid so ill let you know when i get stuck [15:39] ok [15:39] i've gotta follow up on some tests about /dev/kvm+udev [15:40] but, if you want me to run a qa-regression-test today lemme know. (i'll be out tomorrow) [15:40] biab [15:44] hallyn: ack [15:51] so i'm relocating my root filesystem to a new drive. I've already got the copy in place, but each time i reboot it goes to the old one. I've manually updated /etc/fstab and /boot/grub/grub.cfg, and the grub menu at boot uses root=new so... where am i missing the reference to the old? [15:55] Just installed ubuntu 12.10 server. The installer is fine, 12.10 desktop live (running from cd is fine), the just installed 12.10 server however goes black after grub [15:56] adding nomodeset in grub doesn't make a difference, it's a matrox vga card. Any ideas? [16:10] hmm it's initramfs [16:15] adam_g, nova and glance copied to proposed for the folsom CA [16:15] adam_g, do you want todo a test run prior to -updates? === matsubara is now known as matsubara-lunch === megha is now known as firewall === sauce_ is now known as sauce [16:38] ok guys I was in here earlier and I think I was asking the wrong questions [16:40] I want to host websites from my ubuntu server but I want to make sure that as I add users that they can not get into root or modify other usres data. How would I go about doing that is there an app or software that would do this ? I also have Kubuntu desktop installed . thank you in advance for any assistance [16:40] dragonious, there are a lot of different ways to do this [16:41] qhartman: Im looking for the eisiest way to do this as I am very new to linux/ubuntu [16:41] qhartman: although im not afraid to learn ;) [16:41] dragonious, one of the simplest ways is to set the user's home directory to be the webroot of their site, and then make it so that all the user's home directories are set so only the user has access [16:42] dragonious, something like mode 0700 on them would do the trick [16:42] qhartman: could you explain further pls [16:42] dragonious, what web server are you using? [16:43] qhartman: ubuntu server 12.04 ls [16:43] qhartman: I have Kubuntu desktop installed as well [16:43] dragonious, That's the distro on the server itself, but what web server program? Apache2? nginx? [16:44] qhartman: sorry it is a Lamp environment [16:44] dragonious, ok, then you are using apache2 [16:44] That's the "a" in lamp [16:44] qhartman: I will be using ssh to give users sftp access [16:44] good [16:45] I don't have time to give you more direct help right now, but googling around for "multi user apache web hosting config" and similar things will probably get you what you need. [16:45] qhartman: I think you may have helpped me more then you realize thank you ! :) [16:46] sure thing, I was hoping I could just point you down the right road [16:46] also, this will be useful: http://httpd.apache.org/docs/2.2/howto/public_html.html [16:48] qhartman: thanks again will look that stuff up. Might be back :) [16:48] You may end up not wanting to use that setup, but it's a good starting point, and it will be conceptually important to understand what's going on there for what you are doing. [17:16] qhartman: didn't read the whole thing, but 700 on your web directory will make apache unable to access it, unless you run mod_ruid2 or mpm-itk so the vhost runs as the user (or some really fancy reverse proxy thing with a shitload of of webservers on different ports (at least 1 for every vhost) [17:19] freakynl, true [17:19] * qhartman didn't account for that === matsubara_ is now known as matsubara [18:14] so i've got a system with encrypted lvm for root, and an unencrypted /boot. i've run update-grub2 and update-initramfs and now booting just hangs [18:15] wow, it appears my crypttab is not in the initramfs (i'm at busybox) [18:15] wtf. [18:30] hello masters! [18:30] i have a warning message in my log > snmpd: error on subcontainer 'ia_addr' insert (-1) [18:30] what does it mean? [18:30] thanks! [18:35] paco1 give more info on your system [18:37] ubuntu-server 12.04 | 3.2.0-35-generic | 8Go ram | it's the host for VM by kvm [18:46] paco1: i'm not expert on KVM but this what i found on google hope it might http://www.novell.com/support/kb/doc.php?id=7005030 help http://sourceforge.net/p/net-snmp/bugs/1807/ [18:47] chriys: ok, thanks. The second one already i read. But the first one not yet. [18:48] your are welcone :) [18:48] welcome* === matsubara is now known as matsubara-afk [19:11] how to verify opened port on my network and the one that my ISP blocked ? [19:12] so after running update-initramfs i am no longer prompted for password (cryptsetup), and manually setting up raid, crypto, then lvm, it stays hung when i exit busybox. [19:12] Hi guys, long time centos user here. Pondering migration to ubuntu server. Can anyone advise on 12.04 vs 12.10? [19:12] The primary use will be as a virtd host on amd abu dhabi procs [19:19] sweettea: i'm running 12.10, I also run 12.04 LTS on a server that needs that stability. What are you looking for? [19:22] mysteriousdarren: I really want to do live archive of running virtd guests [19:22] dont know if thats even possible [19:23] 12.10 is unstable? I was leaning towards using it [19:23] sweettea: i think he means the long term patchign support [19:23] ah [19:24] yes I mean that, thanks Demosthenex [19:26] I feel like I am picking blind, and would like to educate myself more :) [19:26] chriys: https://www.grc.com/x/ne.dll?bh0bkyd2 [19:26] ive used ubuntu on my laptop for years but never really administered much on it [19:27] just install webmin or something similar and it will work well. Or without a gui works too [19:30] mysteriousdarren: i didn't well understood [19:30] so the initramfs isn't even trying to decrypt. i've unpacked the initramfs cpio archive and crypttab isn't even copied onto it, though several of the crypt scripts are [19:33] CTCP: mysteriousdarren: you lost me [19:33] chriys: were you not trying to test a port? [19:34] i was try to [19:35] mysteriousdarren: but i didn't understood the link you provided me, i just need little explanation [19:37] ok guys I could use a lil input here [19:37] oh shields up scans ports and does other things on checking for security [19:37] dragonious: with what? explain your problem please [19:38] I have added a user via kuser, I then set his home directory to his main sie folder inside /var/www/"hisfolder" [19:38] ok thanks mysteriousdarren [19:38] but when I log in through sftp to see if he can get at any other folders it apears as if the whole server is open to him ? [19:39] the new user is only a member of his group which was created upon creating the user [19:40] I want to "lock" him into his own site folder so he can not get at any other folders [19:40] dragonious: if your directory permissions are world read and execute, he can traverse them. [19:41] but can he "break" my server by doing so ? [19:41] dragonious: if you want to further confine your user, you'll need to use a tool such as apparmor [19:41] sarnold: can you elaborate for me? [19:41] dragonious: depends; if you've granted more read access than you should have, he might read secrets that allow him to do more dangerous things. if you've granted write accesses more than you should have, he might be able to do things more directly... [19:42] the standard unix permissions are a bit difficult to have widely-different levels of trusted usrs on a machine... [19:42] sarnold: Im very new to this server , and ubuntu so bear with me please [19:43] dragonious: apparmor allows you to apply permissions on a per-program basis. you could either give this user a unique login shell and confine that shell, or you could use the full-blown apparmor PAM support: http://wiki.apparmor.net/index.php/Pam_apparmor_example [19:44] sarnold: I want the user to be able to work in just one folder, so say hes building a joomla site it works but he can get out side of the folder I assign him to , also I gave the user no shell abilities [19:46] sarnold: apparmor sounds like it will lock down the progams he will need for say Joomla! builds === guampa_ is now known as guampa === Amoz_ is now known as Amoz [19:48] dragonious: you can either allow those to execute unconfined (alright, if you trust this guy), confine them themselves (good if you don't trust the joomla programs to execute "sanely" in the face of adversity), or allow him to run them while still confined ("inherit" his permissions -- probably the best fit for what it sounds like you want) [19:50] mysteriousdarren: the port 993 doesn't even appear in the test but the 143 is closed even if i opened it on my router [19:51] and what does mean stealth in the result test from grc.com [19:53] http://serverfault.com/questions/18324/stealthed-vs-closed-port [19:54] sarnold: sorry I step away for a sec inherit sounds like what I want [19:55] sarnold: I know the guy ,and know him to be a tinkerer, he will get into it and break it lol :) [19:55] hehe [19:56] dragonious: you can just use the chroot feature in sshd_config [19:57] sarnold: also as this is a "server" tower and not just a old bow runing a server os I may try to offer small scale hosting to some of my cutomers if I can figure out how to keep them out of things they dont need to see ;) [19:59] jrib: I printed out some info on chroot, but didnt fully understand it, not realy good with all the sytax as I am a newb to ubuntu server [19:59] dragonious: indeed :) one apparmor contributor has a few thousand customers, with their separation enforced by apparmor :) [20:00] sarnold: is apparmor used via a gui or through shell [20:00] dragonious: shell [20:01] sarnold: terminal may be the right word sorry my newbness is shining through [20:02] dragonious: you just specify the directory with ChrootDirectory and you can restrict the line to affect only one user [20:02] dragonious: hehe :) there's not much point quibbling over the little bits like shell vs terminal in this case -- the tools aren't gui. :) (SUSE ships a GUI front-end to the tools, but I'm not confident (a) that it works :) (b) that it actually improves the tools. :( ) [20:03] jrib: so if the directory is /var/www/dr I would use what string of text chroot it correctly? [20:04] dragonious: something like: Match user USERNAME_HERE; ChrootDirectory /var/www/dr (where USERNAME_HERE is replaced by the actual username and ';' denotes a newline) [20:05] dragonious: you can add ForceCommand internal-ftp too. [20:06] jrib: ty I will try that and get back to you in a sec [20:06] jrib: im using sftp through ssh [20:06] dragonious: yeah, it should read "internal-sftp"; this keyboard sucks [20:07] dragonious, sftp chroot is easy. see the minstrel.org isntructions [20:07] dragonious, http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CDUQFjAA&url=http%3A%2F%2Fwww.minstrel.org.uk%2Fpapers%2Fsftp%2F&ei=fH0JUeK-FuqDyAHyhYDADg&usg=AFQjCNHxH7TmMoSAcc0RUb5kb0PBfK9pVw&sig2=aOpCLO9NLKFjG-8SVu_wOQ&bvm=bv.41642243,d.aWc [20:07]