halvorsHi! Anyone know how to setup and enable nagiosgrapher? I've installed it and enabled "process_performance_data=1" and "service_perfdata_file_processing_command=process-service-perfdata" in the nagios.conf :) But no hosts is showing up :(00:05
=== PixelCrumbs is now known as [PixelCrumbs]
=== [PixelCrumbs] is now known as ASDF___
=== ASDF___ is now known as PixelCrumbs
=== PixelCrumbs is now known as _-
=== _- is now known as PixelCrumbs
=== PixelCrumbs is now known as Pixel_Breaky
=== Pixel_Breaky is now known as PixelCrumbs
ruben231hi gusy how do i find huge file size on my ubunt server01:08
ruben231i ahve storage of 98 pecent but cant see whihc file are having this huge file size any idea..?01:08
RoyKfind  / -size +something01:09
RoyKman find01:09
RoyKbest place to start is /var/log01:09
RoyKor start with01:12
RoyKdu -sch /var /home01:12
ruben23182G     /var01:16
ruben23158G     /home01:16
ruben231140G    total01:16
RoyKso how large is the filesystem?01:17
RoyKI need  to sleep - talk tomorrow01:17
bobbyzruben231: You could always 'find / -type f -printf "%s %p\n" | sort -n01:56
bobbyzruben231: keep in mind sort uses space in /tmp though01:58
lamont 05:18
=== PixelCrumbs is now known as Sarcasm
=== Sarcasm is now known as PixelCrumbs
vedicWhich virtualization software do you recommend? I have an 8 core Intel server with 8gb RAM and 300GB HDD. Need to create a virtual machine which can run 24x7 without any need for maintainace or reboot.07:10
vedicLocally I have been using Virtualbox. But not sure if that is suitable for long running as a server07:10
geofftI wouldn't use Virtualbox on a server; that's not its intended use case, really.07:11
geofftkvm (possibly via virt-manager) and Xen are both quite fine07:11
vedicgeofft: I was thinking XEN but need second opinion. Is it easy to setup?07:12
geofftI haven't used it on recent Ubuntu versions, but in my experience, yes07:14
vedicgeofft: Which guest type is preferred ? PV or HVM ? My needs include mathematical application and a lot of number crunching. That may include clock timing requirements for random numbers etc.07:21
snowdropGreetings from Sweden all. Just installed ubuntu-server on a virtual server, and all works, but I haven't understood one basic thing: Which user is "logged" when the virtual server reboots? For example, which users crontab will be in effect after a reboot?07:24
geofftvedic: PV. Xen's HVM support is primarily for OSes that can't be run as PV07:42
=== PixelCrumbs is now known as OresomeBot_
=== OresomeBot_ is now known as PixelCrumbs
=== PixelCrumbs is now known as Pixel_Zzzzz
yousafhow I do list the current list of php processes?12:04
loostroi'm haveing a problem setting up a apache2 server on ubuntu, is this the right channel to ask?12:42
loostro(and i suspect this is not apache2 issue, but something wrong with my router/connection settings/port forwardning)12:43
=== loostro_ is now known as loostro
duckstepi just created a new raid5 volume with mdadm, got it configured and rebooted to confirm all settings were correct13:07
duckstepvolume wouldn't mount properly13:07
duckstepi try to mount it manually and find the device in /dev has changed from /dev/md0 to /dev/md127, but all of my data is still there13:08
duckstepany thoughts on what i might have done wrong?13:08
duckstephere is what i have in /etc/fstab13:08
duckstepUUID=f70b9a0f-cf0aa0a2-9e5cf3fd-c44046b8 /media/storage    ext4   defaults 0 013:08
Questhow can I restrict users to only use one command ("passwd") to just be able to change their password. and cannot do anything else in console? how is it possible?13:09
hallyngeofft: yeah, that ppa is years old, and yeah i saw tpm related patches flying by the list recently...  sorry i don't kno wof anyone working on tpm+qemu right now.13:09
QuestPici,  geofft  you there?13:33
Questhow can I restrict users to only use one command ("passwd") to just be able to change their password. and cannot do anything else in console? its for just giving them sftp acces. how is it possible? cant do it with rssh13:40
Questmay be RoyK  would  know13:43
RoyKif you use rssh, users can't login13:48
RoyKhow many users?13:48
RoyKand why so paranoid?13:49
=== rocket is now known as Guest38867
patdk-laponly sftp? without scp?13:58
* patdk-lap goes paranoid though13:59
patdk-lapusers can change their password in webmail13:59
patdk-lapand on the sftp box, I unset all sticky user/group settings from all programs13:59
yousafTo start my application I need to run "start socialapi", but I can't find "start" anywhere14:15
QuestRoyK, 50-10014:20
QuestRoyK,  chroot might be better option?14:23
Quest what does %h means in http://www.fpaste.org/DQdA/14:23
Questand should the  ForceCommand internal-sftp    be   ForceCommand /usr/lib/openssh/sftp-server14:23
RoyKQuest: chroot means you'll need to link in libs an other binaries14:31
RoyKQuest: if the system is secure, like most are, allowing logins shouldn't be a problem14:32
RoyKQuest: at work, we use a homegrown webinterface for users to change their passwords across several systems. I guess there should be some around for just changing unix passwords14:35
RoyKQuest: as usual - please google first14:36
Questhow do you give web interfaces for changin password?14:36
QuestRoyK, ^14:36
QuestRoyK,  i just dont want even anyone the use ifconfig eth014:37
RoyKwhy not?14:37
RoyKit'll just show the ip address and mac address and so on14:37
Questno one should do anything that their dont need to14:37
Questfirst rule14:38
RoyKno, the first rule is "noone should be able to administer the system"14:38
Questno one should do anything that they* dont need to14:38
RoyKso what if they can run ifconfig?14:39
QuestRoyK,  thats not a rule. thats implicit14:39
QuestRoyK,  nothing... but why give info for a hacker that . look heres my ip config for all ehos.  ipconfig is just one example14:39
RoyKipconfig doesn't exist, btw14:40
RoyKthe problem with newbies, is that they are afraid of users14:40
Questsory ifconfig14:40
Questthats a good problem then14:41
Questhow do you give web interfaces for changin password?14:41
RoyKQuest: have you even tried googling that?14:42
* RoyK ignores Quest 14:42
Quest what does %h means in http://www.fpaste.org/DQdA/14:42
Questand should the  ForceCommand internal-sftp    be   ForceCommand /usr/lib/openssh/sftp-server14:42
QuestRoyK,  dont answer / chat with me if you do ignore on me one more time14:42
Questand use /ignore        not /me ignores Quest14:43
Questfor good14:43
Questgoogle that for its use14:43
RoyKQuest: I've helped you with a lot of things, but I ask you, kindly, again, to please bloody google things before spamming this channel14:43
Questfor that i am really thank full14:43
Questreally appriciate it14:43
Questbut saying ignoring is not friendly14:44
Questits like you are giving a peny to a begger and spiting on his hand as well. i dont need such penies14:44
RoyKQuest: well, ignoring my repetitive requests for you to try to google things before you ask here, and then, when you get an answer, repeat the question, is not very friendly either. it makes people like me who likes to help newbies want to ignore them all the way14:45
RoyKso please, jfgfi14:45
=== security is now known as fire
Questwhy theres a need to adduser to a group of its own name? why not add most users to one group only?15:10
shaunothat's an option, just not the default15:13
Questshauno,  adduser  userName      adds the userName to the groupd called userName by default (and makes /home/userName even -m is not supplied)15:14
maxbQuest: The practice of making a user's primary group one dedicated to that user is indeed a bit obscure15:23
maxbIt has to do with the concept of 'umask'15:23
maxbumask determines what the access privileges assigned to newly created files are15:23
Questmaxb,  so adding users to their own group name is neccesry?15:24
maxbIt's not necessary, but it is the de facto standard way to implement the ability to share write access to files using groups15:24
Questmaxb,  ok. whats the command to add a user and while adding, add the user to its own group (named as the user name) and to 2 more groups?15:25
maxbThe idea goes as follows: If you set up users with their own group, then you can set the default umask to one which allows the group write access bit for new files to be on, without actually giving access to other people15:25
maxbThen, when you want a directory tree where write access *is* shared between a group of users, you can chgrp that tree and set the directory setgid bit so that new files are also group-owned by that group15:26
maxbIt is a fairly obscure use case15:26
Questi see15:26
Quest whats the command to add a user and while adding, add the user to its own group (named as the user name) and to 2 more groups?15:26
maxbBut it is the only concrete reason I've ever come across for the pattern of defaulting to creating these 'usergroups' as they are typically known15:27
maxbAre you using 'adduser' the Debian/Ubuntu friendly helper, or 'useradd' the lower level tool?15:27
maxbThat was an either/or question, yes is not a valid answer :-)15:28
Questi stated adduser15:28
maxbIt looks like you need to create the user and then add the additional group memberships in a second command15:29
Questwhats the commands?15:29
maxb1) adduser [options] username15:30
maxb2) adduser username groupname15:30
maxbadduser does different things depending on whether you give it one or two names15:30
maxbWhich is a little obscure at first15:30
Questmy /etc/groups stats testing:x:1005: but groups testing says groups: testing: No such user15:34
Questwhats wrong15:35
maxbHuh, weird. Somehow I've managed to go a decade plus of using Linux without coming across the groups command :-)15:37
maxbBut 'man groups' tells me that groups takes a username, and you appear to be misunderstanding it as taking a groupname15:38
Questi just $ sudo service ssh restart  . it did restarted and iam on that shell (i didnt disconnected) but now i cannot ssh to that computer by any account. it says connection refused. whats wrong?15:46
QuestI just installed fail2ban with no config editing. i restarted sshd with sudo service ssh restart. now i cant login by ssh by any ip. nmap says port 22 is closed. what can by wrong?16:09
geoffthallyn: OK, thanks. (Was looking for something easy to learn with, since my laptop doesn't have a TPM)16:13
geoffthallyn: may I ITP libtpms in Debian based on your packaging? (I'll also check with the Debian qemu team)16:14
maxbQuest: Sounds like sshd failed to start to me.16:15
Questmaxb,  but why ssh 22 is closed and so are other ports?16:15
maxbclosed just means nothing has it open...16:16
Questmaxb, this config http://pastebin.ca/2352079 in the /etc/ssh/sshd_config  is not letting the openssh server to startup. whats wrong in it?16:54
Questthis config http://pastebin.ca/2352079 in the /etc/ssh/sshd_config  is not letting the openssh server to startup. whats wrong in it? i commented the out to make it work. now ssh server is runing.  the only logs i get is ssh status stop/waiting and Invalid user plant from
Questmore elaboration : this config http://pastebin.ca/2352079 in the /etc/ssh/sshd_config  is not letting the openssh server to startup. whats wrong in it? i commented the out to make it work. now ssh server is runing.  the only logs i get is ssh status stop/waiting and Invalid user plant from  . if i follow this http://www.serverubuntu.it/SFTP-chroot it says this http://pastebin.ca/235210917:39
QuestPici, ?17:40
maxbMy guess would be that the way sshd is being managed by upstart is unhelpfully causing the interesting error messages to be lost.17:42
maxbTherefore I would try starting a second sshd running on an alternate port manually in a terminal, so I could observe whatever it's complaining about17:43
Questmaxb,  now iam on local host17:46
Questsame problem17:46
ShogootHi good people. I jsut made my ubuntu server to have static ip. I dont know if it is a consecuense of this that i cannot ping any ip that is not  - Anyone that can help me find out whats wrong?18:29
ShogootI did the two ip are the two that i added as dns-nameservers in my etc/network/interfaces18:31
patdk-lapno idea18:31
=== RoyK^ is now known as RoyK
vedicI have created upstart script to start/stop a python script (its a tcp/ip server). There are two servers that I need to start (order is not a matter). When I start the first server using upstart script, it is starting well and works fine. But while first is running, if I start second server which is using prefork to spawn about 10 processes, it is not able to start.18:45
=== rocket is now known as Guest1797
ShogootHi good people. I jsut made my ubuntu server to have static ip. I dont know if it is a consecuense of this that i cannot ping any ip that is not  - These two ip are the two only ips i added as  dns-nameservers in my etc/network/interfaces. Can anyone help me find out why i cannot ping other ip's?18:57
Quest i just deleted /var/log/auth.log and i dont see it recreated. i recrated it with sudo. blank file but even after a reboot. its no being populated. stil blank19:02
guntbertShogoot: dns-nameservers have nothing to do with the ability to ping a host by IP-address, thats more a problem of routing-tables19:16
Shogootcan you help me find ouot what i need to do?19:17
Shogootig ot a netgear WNDR3700  router19:18
patdk-lapdid you define a gateway?19:24
Shogootpatdk-lap, this is my interface file http://pastebin.com/ZKeq0n6j19:27
Shogootquick snser: yes19:27
Shogootquick answer: yes*19:27
Shogootim looing into if it is my router...19:29
Shogootit does have a static routers config thing....19:29
Shogootiamge: http://imageshack.us/photo/my-images/708/staticipk.jpg/19:31
maxbYou really shouldn't be defining static routes on a home wifi router unless you're REALLY sure you need to do so19:32
maxbIn this case it looks a lot like you've told the router it needs to route to your network via itself19:33
Shogooti want to access it from outside19:33
maxbWhich could well be breaking stuff19:33
maxbStatic routes have very little to do with external access19:34
Shogootwhat i thought to... but im going nowwhere with this19:34
maxbDelete all static routes on the router and see if your routing problem is fixed19:39
Shogooti had no static routes to begin whit. so that not the issue19:40
shaunoyou had no static routes when you could ping the outside world.  you now have them and can't. so it makes sense to backtrack to a working config before you go forward19:42
Shogootand i found the problem19:43
Shogootin interfaces i use 3 dns-servernames, and only 2 are allowed...19:43
Shogooti got rid of the last and now i got it up and running :)19:44
Shogootmaxb, thanks for your time19:44
Questi have seen rssh docs, used chroot with sftp and openssh server . i want to accomplish is. give users sftp access, make a jail and they cant go outside their home, but can login to console and only use those commands that i have allowed. . how can it be done?19:45
patdk-lapheh? you can't19:49
patdk-lapchroot breaks all of that stuff19:49
QuestI encrypted /homes while installing ubuntu. how come i can browse other peoples /homes. ?20:26
RoyKif those are encrypted, you can't20:30
IdleOneprobably because you are switching to that user account20:30
Questno iam not20:31
IdleOneMore detail will be needed to diagnose20:32
Questthere is .ecryptfs20:32
Quest in /home20:32
Questbut i can cd to others /home20:32
IdleOneas root or as a user20:35
IdleOneHow many times do we need to tell you not to cross post your questions in multiple Ubuntu channels, it is rude, and it divides the support.20:36
shaunoDo you actually see anything in their homes?20:36
QuestIdleOne,  user20:38
QuestI encrypted /homes while installing ubuntu. how come i can browse other peoples /homes. ? so if had user1 setup at install time and choosed encrypt /home folder . who can go into other user accounts and who cannot?20:40
ashley_wi used vmbuilder and now have a qemu qcow image. how can i boot this using libvirt?20:42
shaunowho can chdir to that folder is permissions, not encryption.  as you were were trying to put users all in the same group earlier, rather than having a group created per-user, you're probably not seeing the default behaviour there anymore20:42
shaunowhat you find inside those homedirs should be the result of encryption/lack of20:42
Questcoplete info . I encrypted /homes while installing ubuntu. how come i can browse other peoples /homes. ? so if had user1 setup at install time and choosed encrypt /home folder . who can go into other user accounts and who cannot?21:14
Fieldyit's based on permissions of that users home directory. 700  means only they can see it. 750 will let users in the same group in to read (but not write), 770 also write. 755 those in the same group, and everyone else, read. 777, everyone read/write (bad idea)21:28
Quest if a theif gets the HD , boots from live cd, replaces /etc/shodow file with his own. boots up. logs as sudoer, changes all users password , can he get into the encryped /homes of users?21:29
FieldyQuest: no, because /home (i'm assuming) is encrypted as a partition. they would need the password and/or key of the encrypted partition21:30
geofftI'm pretty sure the context is that directories in /home are encrypted with eCryptFS.21:30
Fieldyi'm not sure what that is, all i know of is luks21:31
Fieldyand i'm assuming /home was encrypted in such a way21:31
patdk-lapencryptfs is far away from luks21:31
Fieldyokay, well whatever it is, if it's /home that is its own partition, and encrypted, the concept still applies21:31
geofftFieldy: Quest has said before that ecryptfs is what's being used.21:31
geofftFieldy: It's not partition-level encryption.21:32
Fieldyright. but i don't know what that is. so i'm reverting to conceptual stuff21:32
patdk-lapfieldy, the concept does not21:32
Fieldyokay, i am ill-informed on this subject then, sorry21:32
patdk-lapif you don't know what it is, you don't know the concept, please to confuse people21:32
Fieldyshort answer from me: with luks, an attacker won't get the user data as described. with this other thing, I have no idea.21:32
geofftI'm really worried about what Quest is doing, since they're clearly doing something security-sensitive21:33
geofftand are asking random folks on an IRC channel for advice21:33
geofftand that's a great way to get yourself totally misconfigured by mistake and screwed over.21:33
geofftIf I say "no, you're fine, there's no security risk", why should you possibly trust me?21:34
geofftEven if I'm competent, I may have misunderstood you.21:34
geofftOr you may have failed to describe something else about the system that's relevant.21:34
geofftSo I strongly, strongly advise folks here to point Quest at thorough documentation instead of guessing at particular questions.21:35
geofftOr at consulting resources. I hear you can pay Canonical to run this for you.21:35
geofftHere's some ecryptfs documentation:21:35
geofftI think this all gets installed somewhere in /usr/share/doc21:35
geofftI'm usually happy to answer questions, but the amount that these questions are security-sensitive21:37
geofftand the way that they're being asked21:37
geofftworries me a _lot_21:37
geofftIf you're doing this for fun, for learning, for personal use, great. It gets hacked, whatever.21:37
geofftbut it sounds like you have a deadline, which means someone is paying you to get this right21:37
geofftso you should be appropriately conscientious about getting this right.21:38
QuestFieldy,  geofft  user3@server1:/home$ sudo ls user1/21:41
QuestDesktop  Documents  Downloads  Music  nxclient_3.5.0-7_amd64.deb  Pictures  Public  Templates  Videos  wget-log21:41
* Fieldy is confused21:41
Questuser1 home is supposed to be encrypted21:41
Fieldyyou're running the command as root. you will be able to see any file anywhere21:42
Fieldyi don't really understand the encryption you're using though, i only understand luks. so i can't say if an attacker would be able to see that information or not21:42
patdk-lapthis is how *it works*21:42
patdk-lapfieldy, please read the docs before commenting about21:43
geofftFieldy: This isn't LUKS, please stop talking about LUKS.21:43
patdk-lapbut I don't see the private folder21:43
patdk-lapso that use likely was not created using encrypted home21:43
geofftQuest: Yes, the encrypted directory is mounted by eCryptfs because that user has unlocked and mounted it.21:43
geofftpatdk-lap: I _think_ this is what you get if you encrypt your whole homedir and not just Private21:44
geofftbut I might be wrong there21:44
geofftQuest: You should figure out how mounts work and what PAM is and how pam_ecryptfs fits in here.21:44
patdk-lapmaybe, I don't use encryptfs personally, just messed with it some21:44
geofftQuest: I can't give you a proper explanation of all that in an IRC channel. I've given 2-hour lectures on that stuff before.21:45
patdk-lapbut I do what fieldy doesn, luks on all my drives21:45
Questgeofft,  so if one user logs in, he has decrypted all the users /homes?21:45
geofftQuest: That's not what I said.21:45
geofftQuest: You should figure out how mounts work and what PAM is and how pam_ecryptfs fits in here.21:45
patdk-lapif a user logs in, that users home is decrypted for all to see, assuming permissions21:46
Questyou mean. if the system is runing, its mounted. ofcourse, so decrypted21:46
patdk-lapwe are talking to a wall21:46
Questpatdk-lap,  in my case, the user1 was not logged in but user 3 saw his home21:46
patdk-lapdefault permissions set on home folders don't allow that, encrypted or not21:48
Questdrwx------ 19 user1 user1  4096 Apr  7 22:15 user121:49
Questthe install was by user1 and choosed to encrypt home21:50
Questser3@server1:/home$ sudo ls user1/21:50
QuestDesktop  Documents  Downloads  Music  nxclient_3.5.0-7_amd64.deb  Pictures  Public  Templates  Videos  wget-log21:50
Questpatdk-lap,  geofft  any commentd ^21:50
patdk-lapcomment about what?21:53
patdk-lapyou just ran ls as root, what did you expect?21:53
Questi thought even roots cant go in ecrypted homes21:53
patdk-lapif they aren't mounted21:53
Questi see. so if they are mounted. roots can go in those?21:54
patdk-lapanyone can21:54
patdk-lapas I said above21:54
Questnow i understand what geofft  said21:54
Questpatdk-lap,  thanks21:54
patdk-lapfor a server, it's generally pointless, as I see it for encrypted homes21:55
patdk-lapunless you want to use it for some semi-private storage space, that does not need tobe used by normal server operations21:55
patdk-lapcause anything in it, won't be accessable to normal server stuff, unless the user is logged in21:56
patdk-lapor you auto-mount it21:56
QuestFieldy,  you said no. well if shaddow is replaced. so are password. so they have the password and can bot system.21:59
Questif a theif gets the HD , boots from live cd, replaces /etc/shodow file with his own. boots up. logs as sudoer, changes all users password , can he get into the encryped /homes of users?21:59
Questpatdk-lap, ok22:01
geofftQuest: Why not try it?22:01
geofftBackup /etc/shadow, make a new one, see what happens.22:01
Questgeofft,  are you saying it because you are unsure?22:02
geofftNo, I know the answer. I just want you to figure it out. :)22:03
geofftI know the answer because I know _how_ /etc/shadow interacts with ecryptfs.22:03
Questplease tell it22:03
geofftAnd so I can figure out the answer from that base knowledge.22:03
geofftNo, dude, you're not paying me.22:03
Questok. tell me yes/no. ill find out how22:04
geofftI'm here to help you figure out how to answer questions on your own.22:04
geofftIf you're going to be demanding of volunteers, I'm not helping you.22:04
geofftThis is a development channel, not a paid contractor. If you want a paid contractor find one.22:05
geofftDoing experiments like this is exactly how I learned the answer to every question you have asked fso far in the past two days.22:06
geofftI am happy to help you learn, but I'm not doing your homework for you.22:06
geofftAnd honestly, if I told you "no", why should you possibly believe me?22:07
geofftAre you willing to risk your job on the chance that some guy you've never met before understands ecryptfs?22:07
Questi trust people here. thats why22:07
Questlike you, Pici  and RoyK22:07
geofftI don't even trust _myself_ to answer that question.22:07
geofftI have my guess, but if I had to do so on a reaal production system I'd do the experiment before guaranteeing the answer.22:08
geofftSo why don't you do that experiment and cut the middleman?22:08
Questi did and couldnt get into. maybe i did it wronge22:09
Questthats why asking22:09
geofftWhy did it fail? Did you get any error message?22:09
Questand i couldnt find on google. on how .22:09
Questno error message22:09
Questgeofft,  slienced?22:12
geofftDude, I'm doing three other things behind a bad internet connection22:12
geofftWhat happens if you try to ecryptfs-mount the homedir?22:13
Questiam away from that system now. and i attached the HD again. re repleced shadow22:15
Questgeofft,  can you tell me what might be wronge?22:15
=== LargePrime is now known as Guest43684
^MikeHow can I list which repositories have a given package available?22:51
geofft^Mike: apt-cache policy $package, or packages.ubuntu.com/$package22:52
uvirtbotgeofft: Error: "Mike:" is not a valid command.22:52
geofftI'm just going to call you "Carrot Mike" from now on.22:53
^Mikecool, thanks22:55

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!