[00:00] <sarnold> Midion_: wow. that's an amazing pile of errors. which of those have you fixed and which of those haven't you fixed?
[00:01] <Midion_> chown -R admin:www-data /home/admin/web/websitename.com/public_html maybe because i did this earlier.
[00:02] <Midion_> because everything root:root and the website would not upload pictures or anything at first.
[00:02] <sarnold> Midion_: it'd be a good idea to hit reload, see what gets added to the log, fix those problems, hit reload, fix, hit reload, etc. iterate until it's fixed. :)
[00:03] <Midion_> is there a command line for that im im in ssh.
[00:05] <sarnold> tail -f /var/log/whatever/file.log
[00:05] <sarnold> very handy :)
[00:05] <Midion_> ty
[00:09] <Midion_> restarted the vps and ran the command you just told me to and the site is back up.
[00:09] <Midion_> ty
[00:11] <Midion_> maybe its temporary i think there is an issue with the mail.
[00:12] <Midion_> i did notice i cannot send out from or recieve mail to the site.
[00:12] <Midion_> emails only come to the site internally
[00:12] <sarnold> yes, your mail software looks pretty busted..
[00:13] <Midion_> lol
[00:13] <Midion_> well atleast im learning
[00:14] <Midion_> guess reload the server and just install lamp with phpmyadmin. since now i finally figured out how to use sftp.
[00:16] <Midion_> i just thought everything would work installing vestacp.
[00:18] <Midion_> question if im running lamp. should my site be able to send out emails like forgotten passwords and such?
[00:18] <Midion_> or do i need to download something seperate for email functioning?
=== stgraber_ is now known as stgraber
[00:35] <sarnold> Midion_: sending emails is an incredible undertaking these days. email isn't what it used to be.
[00:43] <Midion_> I just want my website to be able to send out forgotten passwords if someone needs it.
[00:44] <teward> it's not *that* simple, as sarnold pointed out.
[00:44] <teward> you need something to send the mail with, and from an IP that isn't residential (so it's not blacklisted)
[00:44] <Midion_> I have 2 google apps free edition accounts. So I just use those for email.
[00:44] <sarnold> Midion_: getting your emails past gmail's fairly heavy-hitting antispam rules takes some effort. depending upon your ip address it just may not be possible.
[00:44] <Midion_> ah
[00:44] <teward> you also need to see that which sarnold just said
[00:45] <teward> having siad this, your backend application needs to support using external SMTP if you want to use google apps as your method for email
[00:45] <teward> and you have to restrict registrations/emails to a certain amoutn in a certain period
[00:45] <teward> otherwise your emails get rate-limited and then your emails cease
[00:46] <teward> good for low-traffic, low-email-volume stuff, not so much for 1000 emails a day and such
[00:46] <teward> and again, sarnold is right :)
[00:47] <sarnold> well, I figured he was hosting his own mail.. btdt, not much fun, and I'm sure it's gotten worse in the last decade
[00:47] <sarnold> teward: external smtp to google sounds better than a lot of options :) hehe
[00:50] <teward> sarnold: not all PHP (assumed!) apps will behave with SMTP
[00:50] <teward> and then you sometimes have to use... tricky workaround configurations... to make it behave with google smtp
[00:50] <teward> and it really DOES depend on the volume of the site
[00:51] <teward> if you're going to be having the system send a lot of emails, then google apps isn't a good choice for this
[00:51] <sarnold> teward: yeah, seems like the folks in here with the worst problems were trying to do mail from php. sounds miserable to me. :)
[00:51] <teward> (they WILL block you from sending emails for a week when you routinely explodify with email volume)
[00:52] <sarnold> aka: 'we can't insert advertising in email. go talk to sendgrid'  :)
[00:52] <teward> lol
[01:01] <Midion_> im usinf drupal and a invision powerboard forum. So I just want people to be able to use the forgot password functions.
=== markthomas is now known as markthomas_away
[01:19] <mgw> I'm having an issue getting dnsmasq and resolvconf to play nicely
[01:19] <mgw>  /etc/resolvconf/resolv.conf.d/base has my name servers in it
[01:19] <mgw> but they're not propagating to /var/run/dnsmasq/resolv.conf
[01:23] <mgw> I know I can add nameservers to /etc/network/interfaces, but isn't it possible to use the resolvconf base to bypass having to ifdown/up the interface to pick up the change?
=== markthomas_away is now known as markthomas
=== markthomas is now known as markthomas_away
[02:04] <ice9> when I run clamscan  after couple of seconds it prints 'killed' and exists
[02:04] <sarnold> ice9: check dmesg | tail, see if it hit a segv..
[02:06] <ice9> sarnold: no
[02:07] <sarnold> ice9: hrm, might be time to break out strace, try "strace -o /tmp/clam.out clamscan" -- check ou the /tmp/clam.out file and see if there's anything interesting there
[02:10] <ice9> sarnold: +++ killed by SIGKILL +++
=== jim is now known as Guest71791
[02:16] <ice9> sarnold: how can I know which process killed it?
[02:56] <rostam> HI I  have  two disk on my system. I like to install two instances of Ubuntu (one on each disk) on this system. Is there a utility who could help me on this task please? thx
=== NCommander is now known as Guest44669
=== Guest44669 is now known as NCommander
=== markthomas_away is now known as markthomas
=== markthomas is now known as markthomas_away
[07:16] <Midion_> What is the difference between using this command: sudo apt-get  install lamp-server^ phpmyadmin and Taskel to install lamp?
[07:28] <arrith> Midion_: i'm not sure lamp is an option in tasksel
[07:28] <arrith> tasksel --list-tasks
[07:28] <arrith> tasksel --task-packages web-server (List the packages that would be installed by that task)
[07:29] <arrith> oh so it is
[08:47] <Midion_> Ok so I setup my server using lamp. I made a new user and gave it sudo permissions. I logged in via sftp and attampted to upload my backup files to /var/www
[08:47] <Midion_> I got the following. /var/www/backup_3_8_2014.zip: open for write: permission denied
[08:48] <Midion_> I ran sudo visudo again to check and i do have all the same permissions as root.
[09:26] <arrith> Midion_: folder permissions issue perhaps
[10:03] <lordievader> Good morning.
[10:07] <Alina-malina>  hmmmm how maximum entry processes i can set up on VPS with nginx usually for example if it is VPS can i put like 40?
[10:13] <hxm> hi, can I change the partition without restart?
[10:13] <lordievader> hxm: What partition? If it is the root partition, no.
[10:18] <hxm> right now /var is in / and I have /home in a different partition, I wanted to split /home and use it for /var
[10:26] <hxm> is that possible with mess everything?
[10:26] <cfhowlett> hxm, y?!
[10:26] <hxm> ?
[10:27] <hxm> in /var I have /www and it is getting big
[10:27] <hxm> and the home partition is a 1Tb at 1% used
[10:31] <dnano91> hi, i'm running an ubuntu server and have trouble updating. i tried aptitude upgrade, but it got stuck on maria-db server, and now i can't use apt anymore, because it wants to finish the previous update, but it can never seem to stop maria-db.
[10:31] <lordievader> hxm: LVM would in this case be very usefull. Anyhow what you could do is resize /home, create a new partition with that free space. Mount the newly created partition somewhere copy /var/ over to it. Rename /var/ to /var.old and create a new folder /var mount the new parition to it. And ajust /etc/fstab.
[10:31] <hxm> chances are to lose data?
[10:34] <lordievader> hxm: That's why you move the folder, so you have a backup. But yes, with resizing partitions there are risks involved. Be sure to back up critical data.
[10:34] <lordievader> Or non-recoverable data.
[10:34] <Midion_> you try rebooting dnano91?
[10:34] <hxm> lordievader: thanks for the help
[10:35] <Midion_> Any reason why i would keep getting this in my error log? [Thu Mar 13 06:30:48 2014] [error] [client 75.143.147.134] File does not exist: /var/www/findomli/webmail, referer: http://xxx.xxx.xxx.xxxx/webmail/?_task=mail&_mbox=INBOX&_refresh=1
[10:35] <lordievader> hxm: No problem.
[10:36] <Midion_> i have no mail and i only setup lamp with phpmyadmin.
[10:39] <Midion_> is someone trying to attack my server or something?
[10:40] <cfhowlett> Midion_, more likely you're misconfigured something
[10:43] <arrith> Midion_: do you recognize that ip?
[10:43] <dnano91> any idea how i can fix aptitude?
[10:44] <rbasak> jamespage: looking at the python-jujuclient MIR now.
[10:49] <Midion_> no i do not reconixe that ip.
[10:49] <Midion_> recognize
[10:51] <Midion_> its like every second
[10:52] <lordievader> Midion_: Fail2ban can also do http things, though it might be more related to http authentication. To be honest haven't really looked into fail2ban+http.
[10:58] <dnano91> isn't there anyone who could help me with my aptitude problem?
[11:00] <jamespage> rbasak: excellent
[11:00]  * jamespage goes back to fixing openstack bugs
[11:21] <Midion_> Do you think CSF + LFD would fix it?
[11:22] <Midion_> I found a tutorial here https://www.digitalocean.com/community/articles/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu?refcode=7ee052965ae9
[11:35] <smb> hallyn, Could you review/sponsor my libvirt fixes for S and T (potentially accepting the nominations, too) for which
[11:36] <smb> hallyn, I added debdiffs in the bug report (bug 1248025)
[12:01] <jamespage> smb, its annoying our bot has disappeared
[12:10] <raj__> Could I tell rsnapshot to keep the initial (ie., the very first backup) backup forever, incase I may need it anytime (like for /etc directory ) ?
[12:52] <Kully> can someone give me a hand? I've got two nic's on the same network I need one's nic to keep the default gate of the lan (10.0.0.1) and the other to take the default gate of the VPN lan 192.168.0.1, when I run route add default gate 192.168.0.1 eth0 I lose connection to the host unless I'm on the VPN... how can I accomplish this?
[12:53] <pmatulis3> Kully: so don't do that.  you can only have one default gateway
[12:54] <pmatulis3> Kully: the 192 will be a specific route
[12:55] <Kully> how do I configure a specific route?
[13:11] <dnano91> i can't update anymore cause aptitude tries to finish it's last update, but i can't restart maria-db for some reason, any idea why? and how i can solve this?
[13:12] <dnano91> *aptitude can't restart maria-db
[13:33] <pmatulis3> dnano91: pastebin output to 'sudo apt-get update; sudo apt-get dist-upgrade'
[13:34] <alexmoldovan> hi pmatulis3   :)
[13:55] <pmatulis3> alexmoldovan: morning
[13:55] <alexmoldovan> how come you need up the 3rd?
[13:56] <pmatulis3> alexmoldovan: dunno, something just "did it" to me
[13:58] <dnano91> pmatulis3: is there a way to direct output to a file while still getting it to console? 1>log.txt and i can't see anything
[14:00] <pmatulis3> dnano91: sure
[14:00] <pmatulis3> dnano91: echo blah | tee file
[14:00] <dnano91> thanks :)
[14:04] <dnano91> pmatulis3:  http://sprunge.us/RXiB this is how far it goes. then nothing happens
[14:07] <pmatulis3> dnano91: my 1st guess is that the packages in the mirror is screwing things up
[14:07] <pmatulis3> http://tweedo.com/mirror/mariadb/repo/10.0/ubuntu/
[14:08] <dnano91> pmatulis3: i'll try changing mirror then
[14:09] <Daviey> jamespage / roaksoax: python-seamicroclient FTBFS, given back as it seemed an odd error.
[14:09] <jamespage> Daviey, ack
[14:09] <jamespage> I'll take a look if it does it again
[14:10] <pmatulis3> dnano91: well, you'll prolly need to first remove the existing package.  is that feasible?
[14:10] <pmatulis3> dnano91: that mirror provides 'out-of-archive' packages
[14:11] <hallyn> smb: will do
[14:11] <dnano91> pmatulis3: you mean uninstall maria db?
[14:12] <smb> hallyn, Great, thanks. Note that this also needs to go to some cloud archive which I am not sure about the procedure. Or would that be automatic?
[14:12] <pmatulis3> dnano91: yeah.  why are you using those packages anyway?
[14:15] <dnano91> pmatulis3: i wanted to switch from mysql to maria db. later tried to switch back but it's not that easy
[14:18] <dnano91> pmatulis3: i should probably have switched to maria 5 instead of 10
[14:18] <hallyn> smb: yeah afaik that's automatic.  whether by a robot, or by jamespage (another robot)
[14:18] <smb> hallyn, :D
[14:18] <jamespage> smb, libvirt?
[14:19] <smb> jamespage, yep
[14:19] <jamespage> smb, hallyn: I've still not figured out the failing test yet so libvirt -> CA is currently blocked
[14:20] <smb> jamespage, Is that both Saucy and Trusty or just T?
[14:21] <jamespage> smb, its a manual merge into the ca for both unfortunately
[14:21] <smb> jamespage, Oh ok cloud archive and not California... :)
[14:21] <jamespage> smb, but I'm just blocked on T libvirt
[14:25] <smb> jamespage, Ok, but  just to make sure, that should not keep us from updating the package(s) for the normal archive. Just migration to the cloud archive will be delayed.
[14:25] <jamespage> yes
[14:26] <smb> ok cool
[14:27] <Daviey> jamespage / roaksoax: bug 1292029 (failed twice)
[14:30] <jamespage> tsimpson, hey - please could we get our bot up and running again?
[14:32] <Daviey> jamespage: Don't know if it still the case, but the bot here was ran by Soren?
[14:32] <Daviey> soren ^^
[14:33] <jamespage> was it? I was just reading the bots page
[14:33] <hallyn> jamespage: i assume you've tried and succeeded building libvirt in a *trusty* schroot?
[14:33] <jamespage> hallyn, yes
[14:34] <hallyn> jamespage: what's the policy on the archive then - how bout just disable that test for that archive?
[14:34] <jamespage> hallyn, the only difference I could see was that symbolic-functions was used on 12.04 but I don't think it is on 14.04
[14:34] <jamespage> afaict
[14:34] <hallyn> oh
[14:34] <hallyn> i was undesrtanding that backwards yesterday
[14:34] <hallyn> but as i say, it built for me in a precise container
[14:35] <jamespage> hallyn, http://www.redhat.com/archives/libvir-list/2013-October/msg00950.html
[14:36] <jamespage> hallyn, how did you build? would that have enabled all of the hardening flags?
[14:37] <hallyn> jamepage: i first did install that cloud archive;  maybe that added something
[14:37] <hallyn> smb: about your patch,
[14:37] <hallyn> does it do the right thing if /proc/xen/capabiltiies does not exist?
[14:37] <hallyn> oh yeah, i guess so.
[14:38] <smb> hallyn, I think it should and did as virFileReadAll returns an error in that case
[14:38] <hallyn> can that file be empty?
[14:38] <hallyn> and if so what does that mean?
[14:39] <smb> hallyn, Yes, that means you did mount xenfs to /proc/xen on a normal Xen guest
[14:40] <smb> hallyn, The file is empty then and on a dom0 it returns control_d
[14:40] <hallyn> and if control_d is there, you want to say no xen caps detected?
[14:41] <hallyn> oh no.  phew.  the reuse of status is confusing there :)
[14:41] <smb> hallyn, No ther way raund but yeah, it might be a tad to "efficient"
[14:45] <smb> hallyn, By now that is the version accepted upstream so we gonna have to live with that evil programming style. :)
[14:45] <hallyn> smb: yup, pushed the pkg, thanks.
[14:46] <hallyn> jamespage: oh, so i built using debian/rules build && fakeroot debian/rules binary.  not sure if that enables *all* the flags, i would ahve thought so
[14:46] <smb> hallyn, Great, thanks. That is at least one down...
[14:48] <hallyn> smb: the saucy one will have to wait as 8.6 is in proposed.
[14:49] <hallyn> smb: can you put it in your own tickler file or whatever to check in 2 weeks if saucy-proposed has been cleared?
[14:49] <smb> hallyn, Ah ok.
[14:49] <hallyn> smb: thanks
[14:49] <smb> Trying to make a knot into my towel...
[14:49] <hallyn> ah what the hell i'm putting it on my own for the 24th
=== cmagina is now known as cmagina-away
=== cmagina-away is now known as cmagina
[15:20] <jamescarr> who maintains this??? http://cloud-images.ubuntu.com/locator/ec2/releasesTable#
[15:42] <jamespage> Daviey, seamicroclient build fixed
[15:42] <jamespage> * d/control: Add missing BD on openstack-pkg-tools (LP: #1292029).
[15:42]  * jamespage sighs
[15:42] <jamespage> the folly of not using upstream release tarballs....
[16:00] <Daviey> jamespage: Yeah.. wonder why it worked in Debian? One of it's BD depending on it already?
[16:01] <jamespage> Daviey, I wonder :-)
[16:01] <jamespage> its not like it might have built somewhere un-official
[16:02] <Daviey> jamespage: Oh *sigh*, that hadn't even crossed my mind.
[16:23] <jamescarr> here you go... how to pull the latest EC2 Ubuntu AMI https://gist.github.com/jamescarr/9531577
[16:23] <jamescarr> wish there was a better way!
[16:23] <rbasak> jamescarr: are you aware of sstream-query?
[16:24] <jamescarr> sstream-query?
[16:24] <jamescarr> string json?
[16:24] <jamescarr> *streaming
[16:24] <jamescarr> first result from google https://bugs.launchpad.net/simplestreams/+bug/1290744
[16:25] <rbasak> One moment, I'll knock up a sample invocation for you. Can you give me an example query in English?
[16:25] <rbasak> (eg. what region, arch, etc?)
[16:26] <jamescarr> Give me the AMI for raring for amd64 arch  in us-east-1
[16:26] <rbasak> $ ubuntu-cloudimg-query amd64 us-east-1
[16:26] <rbasak> ami-0b9c9f62
[16:26] <rbasak> I'm not sure if that uses simplestreams or not.
[16:26] <jamescarr> srsly???
[16:26] <rbasak> sstream-query allows you to query the metadata more directly, but it's longer to invoke.
[16:26] <jamescarr> I asked that question a lot and no now answered
[16:27] <rbasak> Yes srsly :)
[16:27] <jamescarr> *no one
[16:27] <rbasak> I did :-P
[16:27] <jamescarr> I asked on stack overflow, twitter, irc chans ;)
[16:27] <rbasak> Oh, I didn't say raring
[16:27] <rbasak> $ ubuntu-cloudimg-query amd64 us-east-1 raring
[16:27] <rbasak> ami-951524fc
[16:27] <rbasak> I presume it defaults to something sensible
[16:27] <jamescarr> that's it
[16:27] <jamescarr> dammit
[16:27] <jamescarr> oh well, it was a fun way to spend 20 minutes
[16:29] <rbasak> jamescarr: sorry this stuff is not better documented.
[16:29] <rbasak> smoser has an outstanding task to do some of it. It should be in the server guide really.
[16:29] <jamescarr> no problem ;)
[16:30] <jamescarr> just replaced 15 lines of code with one ;)
[16:30] <jamescarr> so there's that
[16:30] <jamescarr> magnificient
[16:31] <jamescarr> also saves me from adding a silly dependency to my build scripts
[16:31] <rbasak> We support many more providers than just EC2 now, so I think this command might be deprecated eventually, and replaced with a more generic query tool.
[16:31] <rbasak> The tools and metadata are already in place. sstream-query queries it, but perhaps ubuntu-cloudimg-query needs to be written to source simplestreams and default to EC2 for compatibility.
[16:32] <jamescarr> what if I wanted instance store?
[16:32] <jamescarr> the ami returned is for ebs
[16:33] <rbasak> $ ubuntu-cloudimg-query amd64 us-east-1 raring instance
[16:33] <rbasak> ami-1d132274
[16:33] <rbasak> There doesn't appear to be a manpage, but "ubuntu-cloudimg-query -h" has some information.
[16:34] <jamescarr> ty
[16:59] <cocoa117> does this syslog-ng things are program that running after kernel and library ready, so it can handle the log files? the program such as sendmail will still need to be configured to use syslog-ng to handle its log?
[17:02] <pmatulis3> cocoa117: why you remove rsyslog?
[17:03] <cocoa117> pmatulis3, i been told "we" are using syslog-ng at here...
[17:04] <pmatulis3> cocoa117: strange
[17:04] <cocoa117> pmatulis3, i am learning, so just take what has been throw at me
[17:14] <cocoa117> so am i right to assume the syslog-ng or rsyslog or syslogd is the program that is designed to handle logs, so it can be redistributed or managed. The individual program such as bind, sendmail, httpd will need to be configured to use those syslog program in order for administrator to handle the logs properly?
[17:28] <pmatulis3> cocoa117: apps will log.  usually to /var/log/syslog.  but you can customize where stuff goes and what gets logged
[17:29] <pmatulis3> cocoa117: then again, i've never used syslog-ng, but it should work
[17:31] <cocoa117> pmatulis3, you mean when program is designed to use syslog() library will auto send its message to /var/log/syslog? i assume your /etc/syslog.conf will allow you to configure what goes where?
[17:32] <pmatulis3> cocoa117: yes, for the first part of your question.  dunno about second part since rsyslog uses different configuration files from syslog-ng
[17:32] <cocoa117> pmatulis3, that's fine. i was trying to understand the concept here
[17:40] <pmatulis3> woot. rsyslog on Trusty will have native support for log file encryption and log anonymization
[17:43] <pmatulis3> (ip addresses anyway)
=== markthomas_away is now known as markthomas
[18:01] <sarnold> stgraber: hey, are you the right person to look at https://bugs.launchpad.net/ubuntu/+bug/1292019  ? :)
[18:03] <sarnold> stgraber: (another user was in here within the last few days complaining about too-frequent dhcp packets, but he got tired of looking into it before filing a bug. sigh.)
[18:06] <stgraber> sarnold: seems to be a netcfg bug, triaged
[18:07] <sarnold> stgraber: thanks! :)
[18:11] <mgw1> given an ubuntu 12.04 system with resolvconf and dnsmasq, and static ip assignment, is there a way to update nameservers without editing /etc/network/interfaces and bouncing the interface?
[18:11] <mgw1> in particular the bouncing part
[18:14] <stgraber> sarnold: any progress on the cgmanager MIR?
[18:17] <sarnold> stgraber: hehe, thanks for the poke :) not yet, sorry.
[18:33] <ice9> clamav get killed after couple of seconds from running it
[18:34] <ice9> clamsac!
[18:34] <ice9> clamscan
[18:36] <mgw1> stgraber: I see you wrote a blog post on resolvconf/dnsmasq some time ago. Do you have any suggestions on my issue?
[18:37] <stgraber> mgw1: so if you have dnsmasq installed, resolvconf will only set 127.0.0.1 as your DNS server and ignore any other setting you may have, so just update dnsmasq's config and restart it
[18:38] <mgw1> right, but how can I get dnsmasq to make a dns change?
[18:38] <ice9> clamscan get killed after couple of seconds from running it
[18:38] <mgw1> stgraber: ^
[18:39] <stgraber> mgw1: no idea, I don't know dnsmasq, though I suspect it'd involve changing its config and sending it SIGHUP or something
[18:39] <mgw1> strgraber: ok, thanks
[18:39] <mgw1> *stgraber
[19:55] <vedic> Hey guys, I just now setup nginx on my remote server. From linux virtual machine if I access the site, I get the msg: "The connection to the server was reset while the page was loading." but when I access it from IE or FF from Windows, site works gr8. What could be the reason?
[19:57] <ice9> vedic: then your virtual machine is not working properly with the outside world, check your iptables and how the virtual machine is connecting to the internet
[19:57] <rbasak> vedic: that message means that the TCP connection is getting broken. It sounds likely to me that the issue is with the virtual machine's networking with the host machine.
[20:00] <vedic> ice9, rbasak: Guest is on bridge mode
[20:00] <rbasak> vedic: try tcpdump/wireshark on the host, guest and your server to see what is killing the TCP connection.
[20:00] <rbasak> AIUI, wireshark is available on Windows too, if you have a Windows host.
[20:01] <rbasak> You need to have at least a rudimentary to understand the results though
[20:01] <rbasak> rudimentary understanding of TCP that is.
[20:02] <vedic> rbasak: Firewall rule is default on guest. Deny incoming and allow outgoing
[20:35] <coreycb> JJj
[20:45] <Midion_> What would be the best way to edit sshd_config from a server standpoint? To change roo login to no? To deny root? To allow only certain users? Or to allow only certain groups?
[20:48] <thurstylark> What do you guys think about Ajenti for a Webmin replacement for a couple of home servers? I'm tired of webmin at this point...
[20:50] <rbasak> Midion_: I usually add AllowUsers to restrict to a set of named users. Easier to audit then.
[20:50] <rbasak> (eg. each one has an ssh key and a disabled password)
[20:50] <rbasak> I also enable 2 factor auth
[20:50] <rbasak> I blogged how to do 2 factor here: http://www.justgohome.co.uk/blog/2013/07/better-two-factor-ssh-authentication-on-ubuntu.html
[20:51] <rbasak> Or at least force key login
[20:54] <Midion_> ty rbasak i'll read your blog now.
[20:55] <Midion_> Is the best way to setup lamp just to run: sudo apt-get  install lamp-server^ phpmyadmin
[21:01] <Midion_> Sadly my phone kicked the bucket. So I don't know if I can use this method.
[21:31] <thumper> smoser: ping
=== mrpink is now known as misterpink
[23:06] <rbasak> teward: nice blog, and thank you for your hard work!
[23:11] <Midion_> Question..... So I setup my new user and gave him sudo permissions. I also added the name to the www-data group. I ran the chown command on /var/www  as www-data/www-data but I cannot transfer files to it over sftp still.
[23:12] <Midion_> What am I doing wrong?
[23:13] <Midion_> I also added umask 007 to /etc/apache2/envvars.
[23:13] <sarnold> Midion_: did you sftp www-data@servername ?
[23:13] <pmatulis3> jamespage: hi, is this completely baked? -- https://code.launchpad.net/~openstack-charmers/charms/precise/keystone/ssl-everywhere
[23:14] <pmatulis3> jamespage: and if so, how do users eventually get that charm?
[23:15] <Midion_> no i did sftp username@servername
[23:15] <Midion_> I previously added the user to the www-data group.
[23:15] <Midion_> so its better to sftp using www-data instead of the user?
[23:15] <sarnold> does /var/www/ and child directories have group write permission turned on?
[23:15] <sarnold> it's better to not have your data owned by www-data at all (despite the stupid name)
[23:18] <Midion_> I think write permission is turned on. would that be when I had to add Add umask 007 to /etc/apache2/envvars?
[23:18] <Midion_> The only thing I ran on /var/www was chown -R www-data:www-data /var/www
[23:19] <sarnold> Midion_: ls -ld /var/www
[23:19] <sarnold> Midion_: the apache umask setting will affect of course only files that apache creates. I hope it is not many :)
[23:25] <Midion_> ok I ran ls -ld /var/www then sudo service restart apache and disconnected from sftp and reconnected to sftp and it still says write permission failed.
[23:26] <Midion_> Thank you I didn't know umask was only for files apache creates.
[23:28] <sarnold> did your ls -ld show group write privileges?
[23:29] <Midion_> when i run ls -l /var/www I get back -rw-r--r-- 1 www-data www-data
[23:30] <sarnold> ah there you go, you don't have group write privileges set on the directory
[23:30] <mardraum> you also don't have execute, wtf are you attempting to do
[23:30] <sarnold> mardraum: i assumed that meant he forgot the -d and was instead showing the output of a file :) heh
[23:31] <Midion_> I setting up a server i ran sudo apt-get  install lamp-server^ phpmyadmin and now im trying to put my site backup zip in /var/www
[23:31] <Midion_> im*
[23:41] <adam_g> jamespage, https://review.openstack.org/#/c/70750/ is this going to destroy you if it lands in havana?
=== justizin_ is now known as justizin
=== TheBurgerKing_ is now known as TheBurgerKing
[23:46] <midion_> Ty everything is working now after running sudo chmod -vR g+w /var/www/
[23:47] <sarnold> woo :)
[23:50] <midion_> now to read a tutorial on making my mysql datbases using cli. just incase i run into a situation where i cannot user phpmyadmin.