/srv/irclogs.ubuntu.com/2014/11/13/#ubuntu-server.txt

=== markthomas is now known as markthomas|away
=== edwardly_ is now known as edwardly
=== jrgifford__ is now known as jrgifford
=== superspring_ is now known as superspring
=== robher_ is now known as robher
=== tgm4883_ is now known as tgm4883
=== Jikai is now known as Jikan
codemagicianWhen I use apt-get upgrade to run PHP with Ubuntu Server 12.04.5 LTS precise I get PHP Version 5.3.10-1ubuntu3.15  The PHP community show that PHP 5.4.34 is the next latest stable version up, followed by 5.5.18 and 5.6.2  Will there likely be an update that takes the PHP version upwards?  If not, what's the best practice for keeping on a stable PHP release with this OS?06:56
=== zz_DenBeiren is now known as DenBeiren
DenBeirenanyone around to help troubleshoot a samba issue?07:24
=== BlackDex_ is now known as BlackDex
=== Lcawte|Away is now known as Lcawte
lordievaderGood morning08:36
DenBeirengood morning08:40
lordievaderHey DenBeiren, how are you?08:41
DenBeirengd gd08:41
DenBeirenstruggeling with samba :-)08:41
lordievaderUgh, samba ;)08:41
DenBeirenhttp://pastie.org/971604408:42
DenBeirendoes this seem correct to you?08:42
lordievaderLine wrap?08:44
DenBeiren?08:47
DenBeireni don't un-derstand08:49
lordievader"ever$08:51
DenBeirenah08:51
lordievaderIf it is actually like the paste it's broken ;)08:51
DenBeirenhttp://pastie.org/971615608:54
DenBeirenbetter?08:54
DenBeirenthe problem is that users who make a file can save it and see it,.. other users can't open the file08:54
lordievaderThat make sense. Check the file permissions, they are likely $USER:$USER.08:56
DenBeirenshould be user:group correct08:56
lordievaderI.e. the 770 is useless.08:57
lordievaderDenBeiren: Yes but I suppose you want it to be some shared group, but more likely it is just the user's group.08:57
DenBeireni got two groups08:57
DenBeirengebruikers and directie08:57
DenBeirengebruikers should only access the share gebruikers08:58
DenBeirendirectie should access directie and gebruikers08:58
lordievaderI understand what you are trying to do, I'm trying to explain what is happening.08:58
DenBeirenuhu08:58
* DenBeiren puts his listeningcap on08:58
DenBeirenso comment the four 770 lines?09:00
lordievaderDenBeiren: That's not what I am saying... Read the backlog.09:02
DenBeirenuwnership is root:gebruikers and root:directie09:02
lordievaderAlso for files created by users?09:03
DenBeirenhttp://pastie.org/971617309:04
DenBeirenno files in there so it seems09:04
lordievaderSo create them as some user...09:05
DenBeireni'm afraid i have never done that trough terminal :s09:05
lordievaderDenBeiren: I need to leave soon, but this will likely be usefull: https://wiki.archlinux.org/index.php/Access_Control_Lists09:05
lordievaderDenBeiren: That wasn't the objective. Open the smb share through some host, copy/create a file and check with what permissions it is created.09:06
lordievader13-09:54 < DenBeiren> the problem is that users who make a file can save it and see it,.. other users can't open the file09:06
DenBeirenok will do09:06
DenBeirenso they "should" be user:group correct09:06
lordievaderErr, yes. The reason that I used $USER:$USER earliere is that $USER is also a group for just the user $USER.09:08
DenBeirenlordievader: when files are created they are under username:username10:07
DenBeirennot username:groupname10:07
neurotusDenBeiren: not, UID:GID10:08
neurotusDenBeiren: by default there is a group created with the same name as the UID has10:11
DenBeirenhmm,.. not guite sure where to go from here i'm afraid10:12
DenBeirenneurotus: any hints?10:14
neurotusDenBeiren: man stat ?10:14
neurotusDenBeiren: man umask ?10:15
neurotuswith sgid u can make the system BSD'ish so u have a "true-group" and not the default linux style uid:gid with the same "names"10:16
neurotusinfo coreutils is also usefull10:16
neurotusDenBeiren: http://en.wikipedia.org/wiki/File_system_permissions10:22
DenBeirenlots to read :-)10:23
neurotusDenBeiren: dont know what filesystem u are using if there is username:username created file :)10:23
neurotusliterally taken10:23
neurotusUID:UID file10:23
DenBeirenit's a std install of ubuntu server10:24
neurotusDenBeiren: :D10:24
neurotushttp://en.wikipedia.org/wiki/Umask10:24
neurotusDenBeiren: ^^ there is a policy in linux to create a group with the same name as the UID10:25
neurotusthe GID has the same name as the UID10:25
neurotusso user:group is correct, not user:user10:25
neurotusthe GID is NOT UID10:26
DenBeirenuhu10:26
DenBeirenso what could be the problem that user a can't access a file that user b created?10:27
DenBeireni'm sorry,.. not that much of a linux expert :(10:27
neurotusnp10:27
neurotusman umask is great place to start10:27
DenBeirenstill learning on a everydat base :-)10:28
neurotusso there are permissions for user:group:others for every file10:28
neurotuscreated...10:28
DenBeirenthat would be the 770 that i think i need10:28
neurotusu want execute flag ?10:29
neurotus666 :)10:29
neurotuseveryone has then access to read and write that file but not execute10:29
DenBeirenit's basically a fileserver10:29
neurotusokay, so 44410:30
DenBeirento store pdf, word etc10:30
DenBeirenopen them, change them and save them10:30
DenBeirenso 444 it is?10:31
neurotusokay, then 660 so that not *everyone* can change the files but authorized users only, use a general $fileserverusers-group if u trust them10:32
DenBeirenwe have two groups,.. gebruikers and directie10:33
neurotusadd them to the group and set the sticky bit10:33
DenBeirenwould you like me to paste the smb.conf?10:33
neurotushavent worked with samba-servers10:34
neurotushttp://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/10:35
neurotuslots to read10:35
neurotusdont have the time10:36
DenBeirenagain,.. more & more to read :-)10:36
neurotushttps://help.ubuntu.com/12.04/serverguide/samba-fileserver.html10:36
neurotusthere's a quick one10:36
neurotusDenBeiren: i'm going for a cig10:37
neurotusDenBeiren: but u can paste the smb.conf in pastebin10:37
DenBeirensame here,..10:37
DenBeirenAND a coffee,.. seems like i'll need it10:37
neurotusi like to study10:37
=== schrodinger_ is now known as schrodinger
DenBeirenneurotus: http://pastie.org/971615610:46
neurotushttps://www.liberiangeek.net/2014/07/ubuntu-tips-create-samba-file-server-ubuntu-14-04/11:04
neurotusin the end there is a quick guide to create a secure share11:05
=== daker__ is now known as daker
neurotusDenBeiren: maybe apparmor would do the task if not a generic group is not enough11:14
neurotushttps://help.ubuntu.com/12.04/serverguide/samba-fileprint-security.html11:14
neurotusDenBeiren: dont know what have happened with win8 and win7 clients and samba thou11:15
neurotusif u use a workgroup11:15
neurotusif just a a share then the liberiantgeek.net guide is enough. not sure thou11:16
neurotusDenBeiren: u have added the users with smbpasswd ?11:20
neurotusand created that group ?11:20
neurotussecurity = user: requires clients to supply a username and password to connect to shares. Samba user accounts are separate from system accounts, but the libpam-smbpass package will sync system users and passwords with the Samba user database.11:20
neurotusSecurity = User11:21
neurotusThis section will reconfigure the Samba file and print server, from Samba File Server and Samba Print Server, to require authentication.11:21
neurotusFirst, install the libpam-smbpass package which will sync the system users to the Samba user database:11:21
neurotussudo apt-get install libpam-smbpass11:21
DenBeireni think i did,.. but will run over it again to be sure11:21
neurotushttp://pastebin.com/k8bZEj5L11:22
neurotusi would do it according to that guide11:22
neurotusdont have any knowledge on this subject in practice11:23
neurotusand remember to use the smb.conf syntax check11:24
neurotusfor any errors in config11:24
lordievaderDenBeiren: As I figured ;)11:24
=== exixt is now known as exixt_
=== bilde2910|away is now known as bilde2910
=== caribou_ is now known as caribou
=== TDog_ is now known as TDog
mdeslaurhallyn: ok, qemu pushed to vivid, I'm done with qemu and libvirt for now15:12
hallynok, thanks.  probably won't have time to do srus today, but will do qemu srus next week15:13
tych0hi rbasak, when i try to symlink /var/lib/uvtool to some other partition (my root partition isn't that big), when i start a vm i get: http://paste.ubuntu.com/8988707/15:21
rbasaktych0: I've noticed some issues around symlinking like that. Definitely a bug, but I need to investigate in more detail15:22
tych0rbasak: ok, cool15:22
tych0as long as its on your radar :)15:22
rbasaktych0: bug 1289784 is what I have. Yours sounds a little different.15:23
uvirtbotLaunchpad bug 1289784 in uvtool "uvt-simplestreams-libvirt crashes if /var/lib/uvtool is a symlink" [Medium,New] https://launchpad.net/bugs/128978415:23
tych0rbasak: yeah, i've found in past releases it was best to start with an empty pool as a symlink15:24
tych0rbasak: i had stuff like that in the past15:24
tych0rbasak: i was running with a symlink successfuly on trusty, though15:24
rbasaktych0: I haven't really looked at uvtool in a cycle now :-/15:25
tych0ah15:25
tych0any ideas what this might be? i tried chmodding things to various perms and got nowhere15:25
tych0i suspect it probably isn't a permissions error, but something else entirely15:25
rbasakCheck with virsh that it's not a libvirt issue.15:26
rbasakThe domain XML and volume definitions should be sane.15:26
tych0yeah, they looked reasonable15:26
rbasakThere's a little bit of an issue with the "key" of a volume in libvirt and its interaction with uvtool.15:26
tych0i don't have them now, i had to resize my / because i need to get work done :(15:27
rbasakA workaround might be to change libvirt's volume pool definition to point to the destination of the symlink.15:27
tych0rbasak: yeah, i tried that too, and got other errors15:27
tych0rbasak: a bandaid woudl be a --pool argument to uvtool15:27
tych0so that we could tell it to use alternate pools15:27
tych0not sure if that's easier than debugging what's there or not15:28
rbasakAFAIK, uvtool doesn't hardcode /var/lib/uvtool/libvirt/images anywhere. Only metadata/ which should be unaffected.15:28
rbasakSo if the volume pool as libvirt knows it is somewhere else, I think it should be fine.15:28
rbasak(in theory - obviously it isn't)15:28
rbasakThere's also AppArmor to consider. Any denials logged?15:28
tych0rbasak: IMAGE_DIR = '/var/lib/uvtool/libvirt/images/' # must end in '/'; see use15:29
rbasakOh.15:29
rbasakMaybe not.15:29
tych0in uvt.simplestreams.libvirt15:29
tych0er15:29
tych0uvt.libvirt.simplestreams15:29
tych0but that should be ok, i think?15:29
tych0all that does is sync the simplestreams stuff15:29
tych0i haven't looked very close, though15:29
tych0rbasak: my /var/log/apparmor is empty15:30
tych0rbasak: is there somewhere better to look?15:30
rbasakdmeseg maybe15:30
tych0bingo,15:30
tych0[1537128.652964] audit: type=1400 audit(1415891484.649:322): apparmor="DENIED" operation="open" profile="libvirt-bcd89ed7-59dd-4cef-8d83-a7742af50457" name="/dl/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZDpzZXJ2ZXI6MTQuMTA6YW1kNjQgMjAxNDEwMjIuMw==" pid=30056 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=124 ouid=12415:30
rbasakAh. IMAGE_DIR happened because I couldn't find a suitable API function.15:30
rbasakI think that needs to reflect how libvirt sees it and returns volume keys15:31
tych0rbasak: any thoughts on what the right fix is? :)15:31
rbasaktych0: edit /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper15:32
tych0ah ha15:32
* tych0 goes off to try15:33
rbasakI can't remember how you reload an AppArmor profile, but you'll need to do that.15:33
rbasakapparmor_parser <something>15:33
rbasakapparmor_parser -r < /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper  # maybe15:34
tych0rbasak: ok, cool thanks15:34
jpdsrbasak: Without the <.15:34
rbasakjpds: my manpage says it takes stdin by default?15:35
tych0rbasak: \15:38
tych0o/15:38
tych0it works15:38
tych0thanks!15:38
tych0(and it is without the <, or at least, that's what i did)15:38
=== DenBeiren is now known as zz_DenBeiren
=== TheBurgerKing_ is now known as TheBurgerKing
=== Lcawte|Away is now known as Lcawte
The_Tickwhat is dns-clean? is it really just to clean up dns entries for a dialup connection?16:52
=== markthomas|away is now known as markthomas
=== rcj` is now known as rcj
=== bilde2910 is now known as bilde2910|away
=== markthomas is now known as markthomas|away
=== Adri2000_ is now known as Adri2000
=== markthomas|away is now known as markthomas
pot8toHi i need some help with netatalk on my raspberry pi. I have a 3TB seagate USB drive connected but i cannot seem to get it mounted so i can access it remotely23:19
sarnoldwhere's the problem? getting the drive mounted? or getting netatalk to share something so huge? or getting netatalk to share something at all?23:20
pot8toI guess all of the above23:21
pot8tohttp://pastebin.com/JieuQp6b23:25
sarnoldpot8to: yikes, 3tb as vfat??23:28
sarnoldpot8to: (a) does that work (b) does that actually work? (c) I can't believe that works :) hehe23:28
sarnoldpot8to: can you actually manipulate files in /mnt and have some proof that they are on the drive you think they're on? that just seems so .. unlikely.23:29
shaunoit should work, with 32kb clusters fat32 maxes at ~8TB.  It doesn't sound like a particularly good idea though.  (especially on a machine like a pi, which is very prone to hard shutdowns, I'd prefer a journalled fs)23:31
sarnoldI haven't had any success with any FAT-based filesystem beyond two gigabytes.23:32
ogra_yeah, 3TB isnt a prob technically ...23:32
=== Lcawte is now known as Lcawte|Away
ogra_but fat cant manage files greater than 4G ... so forget about these HD movies you wanted to serve ;)23:36
pot8toI forgot to mention that it is formatted as Mac OS Journaled23:36
pot8toim trying to use it as a file server and time machine for my mac23:36
sarnoldare you sure about that? mount thinks it's vfat.23:37
pot8toYes because I was using it as a time machine backup disk and file storage about 1 hr ago23:38

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!