=== Aww is now known as AWW === AWW is now known as Aww [03:04] guys, i have a problem trying to switch passphrase to keyfile authorization for root partition, while it works flawlessly for others on 13.04, however, the end-goal scheme used to work fine on 12.04 https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone? [03:04] Launchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,New] [04:02] are there any vps guides? [04:02] like a frist-step guide on what to do after getting into the server [04:03] i.e. setting up ssh etc. [04:45] does apt-get have a user friendly package management [04:46] it is user friendly. [04:46] if you're running gnome 'software center' -- if you're on kde, 'package manager' [04:47] or aptitude from the command line. [04:47] I meant like aptitude [04:47] but most people just use apt-get install package [04:47] or apt-cache search text | grep some nicer filter [04:48] apt-cache? [04:48] so as i expected i end up with unbootable system dropped into initramfs environment [04:49] failmaster: oooo, i wish i could help you. but when it comes to that stuff, im clueless. [04:49] post a little more info, what's up? [04:49] anepanaliptos, attention to the subject in more than i could expect [04:50] i have a problem trying to switch passphrase to keyfile authorization for root partition, while it works flawlessly for others on 13.04, however, the end-goal scheme used to work fine on 12.04 https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 [04:50] Launchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,New] [04:50] i suspect this issue is the same one [04:51] pretty much similar setup with the only difference that in filed case he had a key on root fs and was mounting another non-root drive [04:53] but i see connection between things especially after i've read answers of maintainers https://answers.launchpad.net/ubuntu/+source/cryptsetup/+question/37176 [04:55] most probably i'm wrong, but it's a bug, definitely, besides this debian wheezy and 13.04 server have a common issue not including usb drivers necessary to provide usb keyboard working at the stage when i'm craving for it in order to enter luks passphrase after first reboot =) [04:56] but that's an old story [04:56] no options but 12.04 actually [04:57] the most smooth setup of such configuration atm [05:22] hi [05:23] i am installed kvm lvm based virtualmachine with dhcp, how can i get that virtual machine console [05:44] i installed kvm lvm based virtualmachine with dhcp, how can i get that virtual machine console [05:48] i keep getting a message of "E: Internal Error, No file name for libssl1.0.0" when i attempt to apt-get -f install [05:48] what kernel does 13.10 run? === smb` is now known as smb [06:48] sarnold: Just to follow up on last night, my plan worked! [06:49] sarnold: Renumbered new server from a 10.0.4.x/255.255.252.0 address to a 10.3.0.x/255.255.255.0 address, reconfigured the switch port and updated DNS, and it magically eliminated that ten-second connect delay [06:49] sarnold: I hate DNS :/ [06:49] should I disable the root userr? [06:53] freze: Well, you definitely want to have the root user in one capacity or another, but it might be worth disabling root logins, at least remote ones. [06:54] andol by remote you mean ssh ones? [06:54] freze: That would be the most common yes, unless you have set something additional up. [06:57] andol: got it. sudo login root doesn't work by default right? [06:58] freze: Not sure I follow... [06:59] as in "$sudo login root" [07:00] Not sure, have never tried using the login command that way. Still, if you have full sudo right you can always do something like "sudo -i", and get a full root shell [07:01] that works [07:01] ty [07:12] I did: sudo apt-get --purge remove apache2 [07:12] then I checked ps -A and apache2 is still running? How's possible if I uninstalled it. [07:13] freze: I assume you still have a package apache2-mpm-something? [07:14] freze: I'd say the easiet way to delete all apache2-related packages would be removing the apache2.2-common package. Just double that apt then don't also removes more than you want it to. [07:14] hmm not sure. This ubuntu image game with apache2 preinstalled [07:15] freze: dpkg --list | grep -i apache [07:15] andol: that helps I see a ton of apache packages [07:15] I'll uninstall them [07:17] freze: By the way, familiar with the | thingy? (Usually refered to as a pipe) [07:17] yep [07:17] I's this a good idea sudo apt-get remove apache2* [07:51] how to install systemtap on ubuntu precise1 kernel ? [08:04] hi, anyone can help please. I have trouble with permissions on files i upload over FTP, i'm in group www-data, but when I upload filss over FTP they have have permissions 600, instead of 644 or 755. any advice? [08:10] hello all. working on an upstart job for ubuntu 12.04 LTS and am using the setuid directive within the job. I need to make sure certain directories exist, and can use the pre-start section, but the user being set may not have privileges to create the directories. [08:11] is the normal pattern to have another upstart task that creates directories and have that run as root? [08:17] lotia: yes [08:18] jodh: thanks [08:23] can I safely delete usr/games [08:48] jamespage, yolanda: are you aware of squid3's dep-wait on libecap2-dev in saucy-proposed? [08:48] rbasak, no, first notice [08:49] rbasak, no, sorry, yes, i forgot it [08:49] i filed a MIR for it [08:50] https://bugs.launchpad.net/ubuntu/+source/libecap/+bug/1200173 [08:50] Launchpad bug 1200173 in libecap "[MIR] libecap" [Undecided,New] [08:51] thanks yolanda! [08:51] mdeslaur: ^^ === zz_DenBeiren is now known as DenBeiren [10:36] Hello, Has anyone got experience with HP DL360p and Ubuntu 12.04 with bonding? [10:40] !anyone | Rapid2214 [10:40] Rapid2214: A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll. [10:44] Ok thanks, When setting up a bond on this hardware, it does not come up, whereas on a G7, the bond is initialises correctly [11:08] Rapid2214, its possible that the G8 hardware works better with a newer kernel version that 3.2 as in 12.04 [11:09] Rapid2214, see https://wiki.ubuntu.com/Kernel/LTSEnablementStack on how to install later kernels on 12.04 in a supported manner [11:09] Rapid2214: you should also run the latest hp fimrware update dvd/usb on the hardware [11:09] firmware* [11:10] mardraum, I have updated all the firmware from HP - just did a test running: ifenslave bond0 eth0 - and it forces it in, normal ifup or boot doesn't seem to be adding the device - I will look at the kernels [11:12] jamespage, intended for use on x86 hardware at this time :/ [11:16] Thinking the resolution to this bug will fix it, will let you know https://bugs.launchpad.net/ubuntu/+source/linux/+bug/996369 [11:16] Launchpad bug 996369 in linux "bond slave interface sometimes does not come up on boot" [Medium,Confirmed] === DenBeiren is now known as zz_DenBeiren [11:26] rbasak: thanks === zz_DenBeiren is now known as DenBeiren [12:31] hello [12:31] someone alive? need bit help [12:36] Hi all [12:36] I would like apport / whoopsie to send me an email when a program has core dumped [12:36] is it possible ? if so , how ? [12:36] !ask | pimpf [12:36] pimpf: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience [12:55] is there a known working tut to enable bonding in 12.04? [12:57] jamespage: hey half the sqlalchemy patch that we are carrying i pushed upstream [13:01] hallyn, around ? [13:02] DenBeiren, I've been spending all morning on that - What do you need? [13:04] hallyn, http://paste.ubuntu.com/5962517/ is my rework of lxc-ubuntu-cloud to support clone [13:04] but i dont think clone is calling my lxc.clone.hook [13:08] stgraber, maybe ? [13:09] xerxas, I don't know if apport has that sort of feature, but you could write your own script which uses inotify to watch apport's log directory and sends you an email when a new file is created [13:10] qman__: right, thanks. I think apport or whoopsie (don't know which one) , should have this sort a feature ... ;) [13:16] is it possible to get a more server-like interface?, somewhat a server console where i can control and configure common server software? [13:18] hplc, a command line, what do you have at the moment? [13:18] smoser: sorry, i'm here [13:18] Rapid2214: a base ubuntu server install with gnome running on top of it [13:19] hplc, just open terminal or use SSHD to connect to a terminal session remotely [13:19] <3 CLI [13:19] but kinda want the "classical" gui interface, where ftp cifs rsync and such is gatheresd [13:19] hallyn, you see that ? [13:19] it just doesn't seem to invoke me on clone [13:19] looking [13:20] well CLI console would do too for that matter [13:20] smoser: I think it'd be better to just ship a standard clone hook in /usr/share/lxc/hooks [13:20] rather than have the template write it out [13:21] hplc, not sure what you mean about a classic gui, terminal is the best imo [13:21] ok. i didn't know of /usr/share/lxc/hooks. [13:21] i'm ok with that. [13:21] but its not getting called anyway :) [13:21] :) [13:21] still looking [13:21] smoser: which lxc version are you running? [13:22] hallyn: not sure if you saw sarnold's comment on the MIR bug, anyway, I'll take care of getting LXC to build with the right hardening flags (not sure why it's not already the case ...) [13:22] stgraber: I did see it. I won't be ENTIRELY surprised if something breaks with those flags [13:22] (i.e. some clone bits) [13:22] but hopefully it just works [13:24] Hello> [13:24] * hallyn wishes add-apt-repository were installed byd efault in containers [13:24] sick of guessing the source package based on release :) [13:25] hallyn, ppa from yesterday [13:26] lxc 0.9.0.0~staging~20130726-2106-0ubuntu1~ppa1~saucy1 [13:26] thanks, setting that up [13:29] hmm CLI it is then, what ftp server to go for? its on the inside, wont ever get in touch with external net, just need to be fast to setup [13:30] smoser: hm, ubuntu-cloud requires uuidgen, guess we should add that to Depends [13:33] have a question on how to install varnish on ubuntu [13:34] i follow a tutorial and in this he write up "Create the file http://repo.varnish-cache.org/ubuntu/ precise varnish-3.0 and put the following in it:" [13:34] what means this? and who i have to upload the "file" ??? [13:35] pimpf: that is a repo definition. It should be put in a file in /etc/apt/sources.list.d [13:35] should be named something like varnish.list [13:36] smoser: it runs for me. at least at lxc-clone -o c1 -n c2. [13:36] i cut-pasted your hookfile contents to /usr/share/lxc/hooks/cloud, and added lxc.hook.clone = /usr/share/lxc/hooks/cloud to c1's config [13:37] now you're also wanting to run the hook at lxc-create. that's a semantic stretch that i don't really like... [13:37] thx lotia [13:38] smoser: doh! you have 'lxc.hook.mount' , not 'lxc.hook.clone' [13:41] zul: http://www.theregister.co.uk/2013/08/08/google_backs_mariadb/ - how's the mysql alternatives blueprint going? [13:42] rbasak: waiting for debian [13:42] SpamapS: ^^^ [13:42] Rapid2214: it's been a while since i last played with bonding,.. i remember that i didn't get it to work :-) [13:42] i'd like the two nice to work together to double the throughput [13:43] isnt it carp thats supposed to handle nic fallback/failover? [13:43] zul, SpamapS: do you think we'll have it done for Saucy? Assuming that Oracle don't address the pain points we summarised at the UDS, I don't want to see the door closed for switching to mariadb in main for T. [13:44] rbasak: totally [13:45] rbasak: im not sure done though since mysql mailing lists on debian are filled with spam === medberry_ is now known as med_ [14:00] zul, https://code.launchpad.net/~james-page/heat/redux/+merge/179197 [14:04] Quick question, if I have installed a package using dpkg -i package.deb, will aptitude upgrade it when it has an update? I am guessing so? (Needed to install some networking packages from virtual iLO floppy) [14:04] zul, we probably want to push a snapshot asap-ish so we can drop quantumclient in full [14:04] Rapid2214, yes [14:05] jamespage: reading [14:06] jamespage: +1 you have restored my faith in humanity and my sanity [14:07] Thanks James [14:17] jamespage: if you want to upload a snapshot for heat that would be cool with me just make sure you do python setup.py sdist [14:18] zul, yeah - just done one [14:18] will upload shortly [14:18] ok [14:18] and then i can stop cursing [14:20] alex88, hola [14:21] koolhead17: oh hi man :) [14:21] wassup? [14:21] am gud you tell me? [14:21] yeah I'm fine man, tons of work due some near milestones :D [14:21] have to be fast :D [14:31] zul, uploaded [14:31] jamespage: cool dont forget about the CA [14:31] zul, yeah - I'll let it pass the autopkgtests first tho! [14:34] jamespage: ack [14:39] hallyn, ok. so that was me being wrong there. [14:39] but it exposed and issue i think [14:40] the clone hook is specified in the config as /var/lib/lxc/precise-amd64-source/config [14:40] zul, blimey - tests failed [14:40] * jamespage sighs [14:40] zul, I'll limit the concurrency and try again [14:40] jamespage: im not really surprised [14:40] but when 'clone' happens, the replace of 'old-root' to 'new-root' has already occurred, so it says [14:40] sh: 1: /var/lib/lxc/ephem2/ubuntu-cloud-clone-hook: not found [14:40] zul, I've seen similar issues with other projects [14:40] high levels of concurrency seem to bork things up [14:40] jamespage: ah yes [14:41] rbasak: ping [14:41] hallyn, i think its reasonable for a hook to be in the directory for the container, and that seems impossible here. [14:44] whats the best linux administrator book? [14:45] smoser: I put the hook in /var/lib/lxc/c1/ and called it from there, still works [14:46] smoser: does /var/lib/lxc/ephem2/ubuntu-cloud-clone-hook in fact exist? [15:00] hallyn, http://paste.ubuntu.com/5962884/ [15:01] will look in a bit, lemme finish this other thing [15:11] hallyn, other thing... [15:11] name=ephem1 section=lxc hooktype=clone rootfs_mount=/usr/lib/x86_64-linux-gnu/lxc rootfs_path=overlayfs:/var/lib/lxc/precise-amd64-source/rootfs:/var/lib/lxc/ephem1/delta0 [15:11] those are the args i get passed to my clone hook [15:11] err... args and environment variables [15:11] i dont find 'rootfs_mount' or 'rootfs_path' terribly useful in that state. [15:12] i can surely fiture out how to parse 'overlafs:....:' (which actually breaks if there is a ':' anywhere in the persons path), but it seems silly for me to do that. [15:15] smoser: oh, copying the hook is not done by default, you have to say '-H'. [15:15] maybe that's silly [15:15] but it doesn't try to guess based on pathanme what you wanted, [15:15] (which would get very complicated and fragile), [15:16] so if you're using /usr/share/lxc/hooks/cloud-clone, and you said lxc-cloen -H, then it would copy cloud-clone into your container dir [15:16] zul, OK - heat passed the dep8 tests now [15:16] hallyn, i'm saying i can copy it. [15:16] but it should'nt lie to me and change it. [15:16] ? [15:17] the config i said to clone said that the hook was '/var/lib/lxc/precise-amd64-source/ubuntu-cloud-clone-hook' [15:17] but lxc decided it should run a completely different program [15:17] /var/lib/lxc/ephem1/ubuntu-cloud-clone-hook: [15:17] that seems arbitrary. [15:17] i thought i just got rid of that yesterday actually [15:18] jamespage: just got the email [15:18] jamespage: \o/ [15:18] * jamespage dances around a bit [15:18] hallyn, ok. so for rootfs_path=overlayfs:/var/lib/lxc/precise-amd64-source/rootfs:/var/lib/lxc/ephem1/delta0 [15:18] could you give me something more useful as the 'LXC_ROOTFS_PATH' [15:19] and what is LXC_ROOTFS_MOUNT [15:19] smoser: i do. use rootfs-mount [15:19] no [15:19] rootfs-mount is where the path gets mounted [15:19] that is less useful [15:20] /usr/lib/x86_64-linux-gnu/lxc [15:20] it's where you can update your rootfs [15:20] unlikely [15:20] ? [15:20] have the hook do an ls of that. it certainly should be. [15:21] gets mounted at lxccontainer.c:1813 [15:24] jamespage/roaksoax: https://code.launchpad.net/~zulcss/nova/nova-tests-refresh/+merge/179215 [15:24] hallyn, [15:24] ❭ sudo lxc-clone -B overlayfs -o precise-amd64-source -s -n ephem1 [15:24] LXC_CONFIG_FILE='/var/lib/lxc/ephem1/config' [15:24] LXC_NAME='ephem1' [15:24] LXC_ROOTFS_MOUNT='/usr/lib/x86_64-linux-gnu/lxc' [15:24] LXC_ROOTFS_PATH='overlayfs:/var/lib/lxc/precise-amd64-source/rootfs:/var/lib/lxc/ephem1/delta0' [15:24] LXC_SRC_NAME='precise-amd64-source' [15:25] you're telling me that /usr/lib/x86_64-linux-gnu/lxc is my root directory ? [15:25] zul, I'm going to have to backport python-boto as well to support heat in the CA [15:25] hallyn: I fixed the lxc packaging branch (again) :) [15:25] smoser: whiel you're running the clone hook, yes [15:25] stgraber: ? [15:25] hallyn: ubuntu:lxc was 6 uploads behind the archive [15:25] how? noone's been updating it by hand have they (we/me)? [15:25] jamespage: ack [15:25] wasnt it already thre? [15:26] hallyn, ok. you were right. [15:26] is that racy ? or am i in some alternative namespace [15:27] zul: http://people.canonical.com/~jamespage/ca/havana/ [15:27] zul, no - I was slightly surprised as well! [15:28] jamespage: +1 [15:29] jamespage: we should be ok for autopkgtests for openstack now should we? no surprises right [15:29] smoser: does that suffice then? [15:29] hallyn, it would seem to, but is that racy ? [15:29] sounds like i'll need to update the lxc.conf manpage [15:29] no [15:29] or am i in an alternative namespace [15:29] yes [15:29] (and yes, those variable names are wierd too) [15:29] yo'ure in a separate namespace so that the mount will get cleaned up [15:30] i didn't come up with them :) [15:30] since 'rootfs_path' is not the "root filesystem path" [15:30] it's the root filesystem src i suppose [15:30] can be a directory, blockdev, or now more complicated blobs [15:31] i'm not sure we can safely change that now without impacting existing users [15:31] 'lxc.rootfs' has menat what it means since 2007 or so [15:31] i dont care. but at least you shooud update the man page to explain them better it hink [15:31] exmamples would help also [15:31] agreed [15:33] yolanda, not sure I understand your question re emails+MIR? [15:34] jamespage: solved.. ~ubuntu-server needed to be added as a bug subscriber for a MIR package [15:34] Daviey, ack [15:35] does that mean squid3 is now unblocked? [15:35] jamespage: almost.. [15:36] smoser: marked todo [15:39] hallyn: sure enough, turning on the hardening flags makes LXC ftbfs :) [15:39] shucks [15:39] hallyn: warning: the use of `mktemp' is dangerous, better use `mkstemp' or `mkdtemp' [15:40] stgraber: can you pb a list of all the warnings and i can address them this afternoon? [15:41] hallyn: well, actually that one warning is a false positive as we use mktemp to get a random name and not to get filename we'd then open [15:41] hallyn: so I need to figure out how to override this one :) [15:43] excellent then i can whip up the unprivileged nic use for lxc program instead! [15:43] though i really need to go through the coverity warnings at some point [15:43] some of the new ones were valid [15:44] hallyn: gah, there's apparently no way to override a linker warning? ... [15:45] kees: ^ what burnt offerings to we throw the linker's way to appease it? [15:46] iow we don't want mkstemp or mkdtemp bc we dont' want a file/dir created [16:02] hallyn: I think I'll just cheat and copy the gettemp function from bionic and use that instead of mktemp ;) [16:02] security misfire [16:02] well, I'l also drop anything that deals with files in there as we clearly don't care about that === Ursinha-afk is now known as Ursinha [16:27] stgraber: heh, thanks for silencing that mktemp warning, too. :) [16:31] sarnold: well, it looks like it's causing a FTBFS so I don't really have a choice ;) though it actually seems odd for that warning to be the cause of the ftbfs. [16:31] sarnold: https://launchpadlibrarian.net/147098836/buildlog_ubuntu-saucy-amd64.lxc_0.9.0-0ubuntu19~ppa1~saucy1_FAILEDTOBUILD.txt.gz thoughts? [16:32] rbasak, did you notice that there is a mysql-5.5 update stuck in proposed? [16:33] stgraber: ow! that seems needlessly draconian. :) [16:34] stgraber: granted, this may be the one safe use of mktemp() left :) but .. ouch. [16:37] so I'll take a look at this tomorrow (EOD here and got to leave), I think the right way to fix that is to create a mkifname function which essentially does the same as mktemp but for interface names, so takes a template, replaces X by a random char, then check that /sys/class/net/ doesn't exist [16:37] Daviey: if you have the chance, could you review 'dlm' from the new queue? It is an entirely new package that I need in the archive. Debian doesn't have it yet cause I need to forward the packaging [16:37] it's going to be racy but there's no way around that and it's already going to be much better than our current mktemp (and won't trigger the warning) [16:37] and till it hits the debian archives can take foreever [16:38] stgraber: have a good night :) [16:45] roaksoax: not right now.. but tomorrow i can. [16:45] Daviey: works for me :). Thanks! [16:52] jamespage: no [16:52] * rbasak looks [16:53] jamespage: I'm not sure what's going on there. I can't find the Jenkins failure log. [16:54] rbasak, I can even start mysql from proposed right now [16:54] jamespage: http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html [16:54] jamespage: it says one Jenkins job failed and another is running [16:59] jamespage: I'll look at it tomorrow if nobody else does by then. [16:59] rbasak, thanks much appreicated [17:26] would a 500 internal server error be from going through bandwidth? [17:26] unlikely [17:27] a 500 error is *very specific* [17:27] no responce from cgi [17:28] ah okay [17:28] server overload? [17:29] could it possibly be a server overload, not enough memory or CPU ? [17:41] i tried this rm -R folder[1-10] intending to delete folders folder1 ... folder 10, it says cannot remove folder[1-10] [17:43] SpinningWheels: the shell won't turn [1-10] into 1, 2, 3, ... [17:43] hum. bug 1160490 seems to be interesting [17:43] Launchpad bug 1160490 in ifupdown "race condition updating statefile" [Undecided,Confirmed] https://launchpad.net/bugs/1160490 [17:43] http://www.codecoffee.com/tipsforlinux/articles/26-1.html ? [17:44] SpinningWheels: you could either run: for i in `seq 1 10` ; do rm -R folder${i} ; done or you could run: rm -R folder10 folder[123456789] -- at least I think that second one would work === p0wp0w is now known as p0wp0w|AWAY === p0wp0w|AWAY is now known as p0wp0w === p0wp0w is now known as p0wp0w|AWAY === p0wp0w|AWAY is now known as p0wp0w [17:51] you could also do rm -R folder[1-9] folder10 [17:52] lol. my range isnt actually 1-10, that was for example. the for i in seq works fine :) [17:52] the point is, the regex you selected is a character match, not a counter [17:52] yeah i see what i did now. [17:52] so it only applies to one digit at a time [18:22] my root device is /dev/md5. it's defined in fstab as /dev/md5. I'm receiving a warning when I run update-intiramfs "cryptsetup: WARNING: failed to detect canonical device of /dev/md5" should I be referencing the uuid for md5 instead of the device itself? I.E. $ blkid /dev/md5 /dev/md5: UUID="5d79c9fb-b720-4895-b48a-4404b1ec9358" TYPE="ext4" [18:22] hallyn, [18:22] https://github.com/smoser/lxc/tree/uc-clone-hook [18:22] tell me what you think of that. [18:22] i've not actually tested all the way though yet. [18:47] rbasak, zul: Don't wait for _ME_ to do anything for MariaDB. Join the debian packaging team and review the packages Otto K has already produced and help us get them uploaded. [18:47] rbasak, zul: I barely have time to upload security fixes. [18:54] jefgy, yes, you should use UUIDs for all drives in fstab, as the device names change depending on order of disk detection and other conditions in udev [18:54] you can't count on the device nodes being the same between boots [19:11] qman__: another option is filesystem labels [19:11] which gives you a way to move root filesystems without changing /etc/fstab [19:49] smoser: sorry, looking [19:54] hallyn, great. [19:54] i will try to build a ubuntu package and instlal and see how it goes. [20:08] smoser: you have 'return 1' from clone()... that 1 doesn't actually do anything right? [20:37] hi all [20:37] I have an ssh user i want to give sudo to [20:37] what do i need to know [20:55] * hallyn going out for a walk, intend to be on a lot tonight - \o [20:56] see ya [20:56] o / [21:01] ok was using visudo and lost connection [21:01] now visudo is busy [21:01] how do i kill it [21:04] killall [21:07] so "killall visudo" ? [21:08] Rapid2214: how do i know the process name [21:09] LargePrime, lsof | grep /etc/sudoers [21:09] unless it names it something else [21:12] that works but you can also kill the editor process [21:13] visudo copies /etc/sudoers to a sudoers.tmp file, and then opens that with editor (a symlink to your default editor) [21:13] once that editor process ends, it determines what to do [21:13] if you save and the file validates, it copies over sudoers [21:13] if not, it just deletes the tmp file [21:16] Thanks qman__ and Rapid2214 [21:16] I am doing this [21:16] to enable sudo over ssh with keys [21:16] http://siliconexus.com/blog/2012/11/sudo-authentication-via-ssh-agent/ [21:17] but it is not workig [21:17] thoughts? [21:36] seems a little too complicated, what's your use case? [21:37] for example, I use backuppc to back up my systems, and it needs an unprivileged user with sudo access over SSH to cooy all files, so I add a line to sudoers that allows it to use the one specific command it needs without a password [21:43] god helps if someone gets qman's backuppc user account :) [21:43] in my case, I do the oppisite [21:43] user logs and sudo both require 2factor [21:44] publickey is ok to login, but not for sudo [21:45] that's true, but that's why it has no password and a key [21:46] I trust that key to be pretty strong and well guarded [21:48] I don't [21:48] I trust it is as well guarded as their password [21:48] not at all [21:50] a backup key is different than a human-controlled key [21:51] how does your bacula connect to other hosts? :) [21:52] sarnold, depends on how well the server that has the backup key is controlled [21:52] open access to the internet? or via proxy [21:53] just have habbits, and those habbits go as wide as possible, with rare exceptions [22:01] where can I find ubuntu cloud images in QCOW2 format> [22:02] blkperl: qemu-img convert may be able to help you [22:02] the ubunto cloud image website is really good at redirecting to itself :S [22:03] qman__: I just need to give a ssh user sudo [22:03] And i have passwords disabled [22:03] and I am a total noob [22:03] Do i just need to give him the sudo password [22:04] or can i have him auth vs his key [22:04] or perhaps i should ask, WTF should i be doing? [22:04] hehe :) [22:05] LargePrime: sudo normally uses their user password, from /etc/shadow. you can configure sshd to require publickey for login and not allow passwords (no point to the brute-force ssh login attempts..) [22:05] LargePrime: but the user can still have a password that is used for sudo [22:05] that is what i have. no pass auth [22:05] and how do i set that password for sudo [22:06] by giving the user a password [22:06] as long as password auth is disabled they won't be able to use to login [22:06] ok then [22:06] if the user does not yet has a password, "sudo passwd " [22:06]