[06:56] <codemagician> When I use apt-get upgrade to run PHP with Ubuntu Server 12.04.5 LTS precise I get PHP Version 5.3.10-1ubuntu3.15  The PHP community show that PHP 5.4.34 is the next latest stable version up, followed by 5.5.18 and 5.6.2  Will there likely be an update that takes the PHP version upwards?  If not, what's the best practice for keeping on a stable PHP release with this OS?
[07:24] <DenBeiren> anyone around to help troubleshoot a samba issue?
[08:36] <lordievader> Good morning
[08:40] <DenBeiren> good morning
[08:41] <lordievader> Hey DenBeiren, how are you?
[08:41] <DenBeiren> gd gd
[08:41] <DenBeiren> struggeling with samba :-)
[08:41] <lordievader> Ugh, samba ;)
[08:42] <DenBeiren> http://pastie.org/9716044
[08:42] <DenBeiren> does this seem correct to you?
[08:44] <lordievader> Line wrap?
[08:47] <DenBeiren> ?
[08:49] <DenBeiren> i don't un-derstand
[08:51] <lordievader> "ever$
[08:51] <DenBeiren> ah
[08:51] <lordievader> If it is actually like the paste it's broken ;)
[08:54] <DenBeiren> http://pastie.org/9716156
[08:54] <DenBeiren> better?
[08:54] <DenBeiren> the problem is that users who make a file can save it and see it,.. other users can't open the file
[08:56] <lordievader> That make sense. Check the file permissions, they are likely $USER:$USER.
[08:56] <DenBeiren> should be user:group correct
[08:57] <lordievader> I.e. the 770 is useless.
[08:57] <lordievader> DenBeiren: Yes but I suppose you want it to be some shared group, but more likely it is just the user's group.
[08:57] <DenBeiren> i got two groups
[08:57] <DenBeiren> gebruikers and directie
[08:58] <DenBeiren> gebruikers should only access the share gebruikers
[08:58] <DenBeiren> directie should access directie and gebruikers
[08:58] <lordievader> I understand what you are trying to do, I'm trying to explain what is happening.
[08:58] <DenBeiren> uhu
[08:58]  * DenBeiren puts his listeningcap on
[09:00] <DenBeiren> so comment the four 770 lines?
[09:02] <lordievader> DenBeiren: That's not what I am saying... Read the backlog.
[09:02] <DenBeiren> uwnership is root:gebruikers and root:directie
[09:03] <lordievader> Also for files created by users?
[09:04] <DenBeiren> http://pastie.org/9716173
[09:04] <DenBeiren> no files in there so it seems
[09:05] <lordievader> So create them as some user...
[09:05] <DenBeiren> i'm afraid i have never done that trough terminal :s
[09:05] <lordievader> DenBeiren: I need to leave soon, but this will likely be usefull: https://wiki.archlinux.org/index.php/Access_Control_Lists
[09:06] <lordievader> DenBeiren: That wasn't the objective. Open the smb share through some host, copy/create a file and check with what permissions it is created.
[09:06] <lordievader> 13-09:54 < DenBeiren> the problem is that users who make a file can save it and see it,.. other users can't open the file
[09:06] <DenBeiren> ok will do
[09:06] <DenBeiren> so they "should" be user:group correct
[09:08] <lordievader> Err, yes. The reason that I used $USER:$USER earliere is that $USER is also a group for just the user $USER.
[10:07] <DenBeiren> lordievader: when files are created they are under username:username
[10:07] <DenBeiren> not username:groupname
[10:08] <neurotus> DenBeiren: not, UID:GID
[10:11] <neurotus> DenBeiren: by default there is a group created with the same name as the UID has
[10:12] <DenBeiren> hmm,.. not guite sure where to go from here i'm afraid
[10:14] <DenBeiren> neurotus: any hints?
[10:14] <neurotus> DenBeiren: man stat ?
[10:15] <neurotus> DenBeiren: man umask ?
[10:16] <neurotus> with sgid u can make the system BSD'ish so u have a "true-group" and not the default linux style uid:gid with the same "names"
[10:16] <neurotus> info coreutils is also usefull
[10:22] <neurotus> DenBeiren: http://en.wikipedia.org/wiki/File_system_permissions
[10:23] <DenBeiren> lots to read :-)
[10:23] <neurotus> DenBeiren: dont know what filesystem u are using if there is username:username created file :)
[10:23] <neurotus> literally taken
[10:23] <neurotus> UID:UID file
[10:24] <DenBeiren> it's a std install of ubuntu server
[10:24] <neurotus> DenBeiren: :D
[10:24] <neurotus> http://en.wikipedia.org/wiki/Umask
[10:25] <neurotus> DenBeiren: ^^ there is a policy in linux to create a group with the same name as the UID
[10:25] <neurotus> the GID has the same name as the UID
[10:25] <neurotus> so user:group is correct, not user:user
[10:26] <neurotus> the GID is NOT UID
[10:26] <DenBeiren> uhu
[10:27] <DenBeiren> so what could be the problem that user a can't access a file that user b created?
[10:27] <DenBeiren> i'm sorry,.. not that much of a linux expert :(
[10:27] <neurotus> np
[10:27] <neurotus> man umask is great place to start
[10:28] <DenBeiren> still learning on a everydat base :-)
[10:28] <neurotus> so there are permissions for user:group:others for every file
[10:28] <neurotus> created...
[10:28] <DenBeiren> that would be the 770 that i think i need
[10:29] <neurotus> u want execute flag ?
[10:29] <neurotus> 666 :)
[10:29] <neurotus> everyone has then access to read and write that file but not execute
[10:29] <DenBeiren> it's basically a fileserver
[10:30] <neurotus> okay, so 444
[10:30] <DenBeiren> to store pdf, word etc
[10:30] <DenBeiren> open them, change them and save them
[10:31] <DenBeiren> so 444 it is?
[10:32] <neurotus> okay, then 660 so that not *everyone* can change the files but authorized users only, use a general $fileserverusers-group if u trust them
[10:33] <DenBeiren> we have two groups,.. gebruikers and directie
[10:33] <neurotus> add them to the group and set the sticky bit
[10:33] <DenBeiren> would you like me to paste the smb.conf?
[10:34] <neurotus> havent worked with samba-servers
[10:35] <neurotus> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
[10:35] <neurotus> lots to read
[10:36] <neurotus> dont have the time
[10:36] <DenBeiren> again,.. more & more to read :-)
[10:36] <neurotus> https://help.ubuntu.com/12.04/serverguide/samba-fileserver.html
[10:36] <neurotus> there's a quick one
[10:37] <neurotus> DenBeiren: i'm going for a cig
[10:37] <neurotus> DenBeiren: but u can paste the smb.conf in pastebin
[10:37] <DenBeiren> same here,..
[10:37] <DenBeiren> AND a coffee,.. seems like i'll need it
[10:37] <neurotus> i like to study
[10:46] <DenBeiren> neurotus: http://pastie.org/9716156
[11:04] <neurotus> https://www.liberiangeek.net/2014/07/ubuntu-tips-create-samba-file-server-ubuntu-14-04/
[11:05] <neurotus> in the end there is a quick guide to create a secure share
[11:14] <neurotus> DenBeiren: maybe apparmor would do the task if not a generic group is not enough
[11:14] <neurotus> https://help.ubuntu.com/12.04/serverguide/samba-fileprint-security.html
[11:15] <neurotus> DenBeiren: dont know what have happened with win8 and win7 clients and samba thou
[11:15] <neurotus> if u use a workgroup
[11:16] <neurotus> if just a a share then the liberiantgeek.net guide is enough. not sure thou
[11:20] <neurotus> DenBeiren: u have added the users with smbpasswd ?
[11:20] <neurotus> and created that group ?
[11:20] <neurotus> security = user: requires clients to supply a username and password to connect to shares. Samba user accounts are separate from system accounts, but the libpam-smbpass package will sync system users and passwords with the Samba user database.
[11:21] <neurotus> Security = User
[11:21] <neurotus> This section will reconfigure the Samba file and print server, from Samba File Server and Samba Print Server, to require authentication.
[11:21] <neurotus> First, install the libpam-smbpass package which will sync the system users to the Samba user database:
[11:21] <neurotus> sudo apt-get install libpam-smbpass
[11:21] <DenBeiren> i think i did,.. but will run over it again to be sure
[11:22] <neurotus> http://pastebin.com/k8bZEj5L
[11:22] <neurotus> i would do it according to that guide
[11:23] <neurotus> dont have any knowledge on this subject in practice
[11:24] <neurotus> and remember to use the smb.conf syntax check
[11:24] <neurotus> for any errors in config
[11:24] <lordievader> DenBeiren: As I figured ;)
[15:12] <mdeslaur> hallyn: ok, qemu pushed to vivid, I'm done with qemu and libvirt for now
[15:13] <hallyn> ok, thanks.  probably won't have time to do srus today, but will do qemu srus next week
[15:21] <tych0> hi rbasak, when i try to symlink /var/lib/uvtool to some other partition (my root partition isn't that big), when i start a vm i get: http://paste.ubuntu.com/8988707/
[15:22] <rbasak> tych0: I've noticed some issues around symlinking like that. Definitely a bug, but I need to investigate in more detail
[15:22] <tych0> rbasak: ok, cool
[15:22] <tych0> as long as its on your radar :)
[15:23] <rbasak> tych0: bug 1289784 is what I have. Yours sounds a little different.
[15:24] <tych0> rbasak: yeah, i've found in past releases it was best to start with an empty pool as a symlink
[15:24] <tych0> rbasak: i had stuff like that in the past
[15:24] <tych0> rbasak: i was running with a symlink successfuly on trusty, though
[15:25] <rbasak> tych0: I haven't really looked at uvtool in a cycle now :-/
[15:25] <tych0> ah
[15:25] <tych0> any ideas what this might be? i tried chmodding things to various perms and got nowhere
[15:25] <tych0> i suspect it probably isn't a permissions error, but something else entirely
[15:26] <rbasak> Check with virsh that it's not a libvirt issue.
[15:26] <rbasak> The domain XML and volume definitions should be sane.
[15:26] <tych0> yeah, they looked reasonable
[15:26] <rbasak> There's a little bit of an issue with the "key" of a volume in libvirt and its interaction with uvtool.
[15:27] <tych0> i don't have them now, i had to resize my / because i need to get work done :(
[15:27] <rbasak> A workaround might be to change libvirt's volume pool definition to point to the destination of the symlink.
[15:27] <tych0> rbasak: yeah, i tried that too, and got other errors
[15:27] <tych0> rbasak: a bandaid woudl be a --pool argument to uvtool
[15:27] <tych0> so that we could tell it to use alternate pools
[15:28] <tych0> not sure if that's easier than debugging what's there or not
[15:28] <rbasak> AFAIK, uvtool doesn't hardcode /var/lib/uvtool/libvirt/images anywhere. Only metadata/ which should be unaffected.
[15:28] <rbasak> So if the volume pool as libvirt knows it is somewhere else, I think it should be fine.
[15:28] <rbasak> (in theory - obviously it isn't)
[15:28] <rbasak> There's also AppArmor to consider. Any denials logged?
[15:29] <tych0> rbasak: IMAGE_DIR = '/var/lib/uvtool/libvirt/images/' # must end in '/'; see use
[15:29] <rbasak> Oh.
[15:29] <rbasak> Maybe not.
[15:29] <tych0> in uvt.simplestreams.libvirt
[15:29] <tych0> er
[15:29] <tych0> uvt.libvirt.simplestreams
[15:29] <tych0> but that should be ok, i think?
[15:29] <tych0> all that does is sync the simplestreams stuff
[15:29] <tych0> i haven't looked very close, though
[15:30] <tych0> rbasak: my /var/log/apparmor is empty
[15:30] <tych0> rbasak: is there somewhere better to look?
[15:30] <rbasak> dmeseg maybe
[15:30] <tych0> bingo,
[15:30] <tych0> [1537128.652964] audit: type=1400 audit(1415891484.649:322): apparmor="DENIED" operation="open" profile="libvirt-bcd89ed7-59dd-4cef-8d83-a7742af50457" name="/dl/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZDpzZXJ2ZXI6MTQuMTA6YW1kNjQgMjAxNDEwMjIuMw==" pid=30056 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=124 ouid=124
[15:30] <rbasak> Ah. IMAGE_DIR happened because I couldn't find a suitable API function.
[15:31] <rbasak> I think that needs to reflect how libvirt sees it and returns volume keys
[15:31] <tych0> rbasak: any thoughts on what the right fix is? :)
[15:32] <rbasak> tych0: edit /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
[15:32] <tych0> ah ha
[15:33]  * tych0 goes off to try
[15:33] <rbasak> I can't remember how you reload an AppArmor profile, but you'll need to do that.
[15:33] <rbasak> apparmor_parser <something>
[15:34] <rbasak> apparmor_parser -r < /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper  # maybe
[15:34] <tych0> rbasak: ok, cool thanks
[15:34] <jpds> rbasak: Without the <.
[15:35] <rbasak> jpds: my manpage says it takes stdin by default?
[15:38] <tych0> rbasak: \
[15:38] <tych0> o/
[15:38] <tych0> it works
[15:38] <tych0> thanks!
[15:38] <tych0> (and it is without the <, or at least, that's what i did)
[16:52] <The_Tick> what is dns-clean? is it really just to clean up dns entries for a dialup connection?
[23:19] <pot8to> Hi i need some help with netatalk on my raspberry pi. I have a 3TB seagate USB drive connected but i cannot seem to get it mounted so i can access it remotely
[23:20] <sarnold> where's the problem? getting the drive mounted? or getting netatalk to share something so huge? or getting netatalk to share something at all?
[23:21] <pot8to> I guess all of the above
[23:25] <pot8to> http://pastebin.com/JieuQp6b
[23:28] <sarnold> pot8to: yikes, 3tb as vfat??
[23:28] <sarnold> pot8to: (a) does that work (b) does that actually work? (c) I can't believe that works :) hehe
[23:29] <sarnold> pot8to: can you actually manipulate files in /mnt and have some proof that they are on the drive you think they're on? that just seems so .. unlikely.
[23:31] <shauno> it should work, with 32kb clusters fat32 maxes at ~8TB.  It doesn't sound like a particularly good idea though.  (especially on a machine like a pi, which is very prone to hard shutdowns, I'd prefer a journalled fs)
[23:32] <sarnold> I haven't had any success with any FAT-based filesystem beyond two gigabytes.
[23:32] <ogra_> yeah, 3TB isnt a prob technically ...
[23:36] <ogra_> but fat cant manage files greater than 4G ... so forget about these HD movies you wanted to serve ;)
[23:36] <pot8to> I forgot to mention that it is formatted as Mac OS Journaled
[23:36] <pot8to> im trying to use it as a file server and time machine for my mac
[23:37] <sarnold> are you sure about that? mount thinks it's vfat.
[23:38] <pot8to> Yes because I was using it as a time machine backup disk and file storage about 1 hr ago