=== Metacity is now known as ChewToyOfFailvil
=== ChewToyOfFailvil is now known as Metacity
=== markthomas is now known as markthomas|away
=== bilde2910|away is now known as bilde2910
acmehandleHow do I go about updating my openssl?02:50
acmehandleI have version 1.0.1f and I should have version 1.0.1g02:51
sarnoldacmehandle: sudo apt-get update && sudo apt-get -u upgrade02:51
acmehandleHhhm, I ran update.  This is a fresh install.02:51
sarnoldacmehandle: check that the version that is installed matches the most recent release http://www.ubuntu.com/usn/usn-2385-1/02:52
acmehandleYeah, '0 upgraded'02:52
sarnoldacmehandle: you can check the version with dpkg -l openssl 'libssl*'02:53
acmehandleYeah, it says 1.0.1f02:54
acmehandleWhich is a January release02:55
acmehandleFirst thing I did when I started this vps was upgrade02:55
sarnoldoh I'm sorry, I forgot dpkg -l cuts off the version numbers. sigh.02:55
acmehandleupdate then upgrade rather02:55
sarnoldacmehandle: dpkg -l openssl 'libssl*' | cat02:55
sarnoldthe pointless |cat means output isn't a terminal, so it won't truncate the vresion numbers. look for the 1.0.1f-1ubuntu2.7 or whatever...02:56
Patrickdkor just do a apt-get install openssl libssl02:56
Patrickdkand it will force it02:56
acmehandleRight, it all says 1.0.1f02:56
sarnoldacmehandle: that's not the part that matters.02:56
sarnoldacmehandle: the part that matters is _after_ the hyphen02:57
Patrickdkbut openssl website says he needs g or h :)02:57
Patrickdkyour fine02:57
sarnoldacmehandle: yay :) you've got hte most recent02:57
acmehandleWhat Patrick said.  :/02:57
acmehandleSo why does openssl says g02:58
tewardacmehandle: the OpenSSL website may say that you need g or h, but the security patches to fix those vulnerabilities have already been applied to 1.0.1f-1ubuntu2.702:58
acmehandleAh, I see.02:58
tewardacmehandle: openssl upstream will always recommend to use the latest release to get all the bug fixes02:58
sarnoldacmehandle: because they think everyone downloads openssl source and recompiles it all the time, when in reality, almost no one compiles their own openssl, because that's how you get regressions :)02:59
tewardbut the security team takes the upstream patch commits and applies them to the older revisions (like 1.0.1f) and patches the vulnerabilities, in accordance with security triage procedures.02:59
tewardand what sarnold says.02:59
tewardacmehandle: but rest assured, so long as the full version string (1.0.1f-1ubuntu2.7) is installed, you're fine, as it has those patches02:59
sarnoldI mean, I'm glad for the folks who do run upstream openssl, because someone has to find the regressions :)02:59
sarnold.. same as I'm glad someone runs linus's -rc kernels :)03:00
Patrickdkthe only upstream that maintains stuff, is bash :)03:01
sarnoldChet was amazing during the whole shellshocked thing.03:03
=== Metacity is now known as DiedN0AsAlways
=== DiedN0AsAlways is now known as DiedNight0AsAlwa
=== DiedNight0AsAlwa is now known as Metacity
tewardsarnold: indeed.03:04
tewardPatrickdk: heheh03:05
Patrickdkhey, it made life easy for me to backport that crap to debian v403:05
tewardurgh, debian 4...03:12
tewardmakes me glad I use Ubuntu, I don't have to deal with massive version changes from one release to another, as much...03:13
Patrickdkwell, not my fault03:13
Patrickdkcompany I contract for, bought another company03:13
Patrickdkthey where working on a new product (fully deployed on 13.10? why? not lts?)03:13
Patrickdkand the old system that was in, self-manage mode, was left from years ago, on debian403:14
tewardPatrickdk: at least you aren't having to take 14.04 patches and taking them back to Hardy, or god forbid Dapper, versions03:14
* teward had a case where he had to do that :/03:14
sarnoldPatrickdk: zounds...03:14
PatrickdkI took over maintance a month03:14
Patrickdkand hadn't even learned where everything was yet03:14
Patrickdkteward, I had already backported around 30 things to trusty, 2months before it was released03:15
tewardPatrickdk: tell me about it, during the Trusty dev cycle I was already backporting entire packages to Precise just for my own needs, let alone nitpicking security patches03:15
Patrickdkno, I mean, to trusty, before release03:16
Patrickdkto precise, ya, still doing that03:16
PatrickdkI have dropped support for lucid though03:16
Patrickdkhalf my stuff is on trusty03:16
Patrickdkthe other half, is likely never to upgrade, but will be replaced03:16
Patrickdkor run in parrallel, till precise dies03:17
tewardPatrickdk: funny story: when i took over the nginx PPAs, it was around 12.04 that I took over almost exclusively, and the first thing I did was drop all Lucid support - that was causing headaches upon headaches for me... and I had bad experiences with the interim dev releases so I just started sticking to LTSes03:17
tewardmakes life easier on production systems, sticking to the LTSes03:17
teward(so long as you backport software where necessary to support the applications you have to run)03:18
Patrickdkwhy must the rhel installer be so annoying compared to ubuntu03:21
acmehandleAny advice where I should point the 'root' path on my server?  I often hear that /var/www/ is not a good place03:27
Patrickdkand I always thought it was /root03:29
sarnoldPatrickdk: lol03:29
sarnoldacmehandle: what's wrong with an htdocs of /var/www/?03:29
Patrickdkit depends on a crapload of things03:29
Patrickdknothing to do with not a good place :)03:29
acmehandleThe great thing about the internet is that anyone can be an admin.03:30
Patrickdkit is as good a place as any other, depending on how you *configure* your server03:30
acmehandlesarnold: I honestly dont know.  For django framework I hear one thing,03:30
acmehandlefor rails I hear another.03:30
acmehandlewhen talking to apache its another.03:30
Patrickdkthat is cause they all have their own defaults03:30
Patrickdkjust adjust it, and make sure you maintain proper security03:31
Patrickdkthough, with django/rails/...03:31
Patrickdkthey will be working as fastcgi likely03:31
Patrickdkso they don't even have to even care03:31
Patrickdkas long as you direct the aliases for their static content, correctly03:31
Patrickdkthey could even be on totally seperate servers, as far as apache cares03:32
sarnoldacmehandle: aha. :) there's a fair amount of cargo-culting in some of those communities. It might not hurt to ask "why?" when something seems arbitrary :)03:33
acmehandleRight, the 'why' is where I have to remember to put on an asbestos suit03:34
Patrickdknormally the answer is, cause you have to change it so many times!03:34
sarnoldsometimes yes :) hehe03:34
sarnoldI'm a grumpy old grouch so I don't much care one way or the other, hehe :)03:35
acmehandleI'm admining my own vps webserver. So honestly I dont care.  I'm going to experiment with nginx this time around and hopefully experiment with django and rails03:35
acmehandleand some javascript03:35
acmehandleI personally dont even care about nginx or apache for that matter, but from what I gather so far if I want to do any kind of web sockety stuff I need nginx03:36
acmehandleBut I thought there were some kind of genuine security concerns the way everyone makes it sound about /var/www/ or wherever.03:36
sarnoldacmehandle: I found nginx easier to configure than apache; I've never pushed either one far enough to worry about their performance03:38
sarnoldacmehandle: I really don't like the debian style of having the apache or nginx process owned by user www-data --- the name encourages people to set the owner of their web contents to www-data. But you don't want the web server to have write access to anything, beyond its log files and maybe a database / fcgi socket ...03:39
sarnoldacmehandle: I wish the web server ran with a username like www-exec or www-prog or something that didn't scream "chown all your files to me"03:40
tewardsarnold: and, in the case of dynamic PHP apps like forums, the forums' cache folder, is sometimes ok to write to.03:40
acmehandleYes, thus far thats what I hear quite often.  Only thing that bothers me is I spent time on figuring out the proper settings I need for apache on one vps and somehow by magic all my settings were rolled back.  So now I'm in the process of transfering to another vps and am starting from scratch, so to speak.  At least this vps runs ubuntu 14 whereas the other one was 10.04.03:41
sarnoldteward: ahh, yes, I always forget about php. (It's not like I _try_, I just don't think of it often. :)03:41
sarnoldacmehandle: yikes and yikes :)03:41
sarnoldacmehandle: that can sometimes happen when they've got some helper frontend like cpanel or whatever. blech.03:41
acmehandlesarnold: with regards to www-data.  Isnt it user: apache if compiled from source?03:42
sarnoldacmehandle: or httpd or something, yeah03:43
sarnoldacmehandle: this is a failing in debian policy, a failing ubuntu has inherited.03:44
acmehandleAh right.03:44
acmehandleThe thing that bothers me mostly about nginx is its thin license.03:46
acmehandleI get this sense like they can yank the public license at any time03:47
acmehandlethen all those big fancy lovely websites running on nginx would be the only ones who could afford nginx03:47
Patrickdkwhy would that matter?03:48
Patrickdkthe older releases would still be available03:48
Patrickdkand can be forked03:48
sarnolda great many projects have contributor license agreements that allow relicensing to e.g. BSD or MIT -- which amounts to much the same thing03:52
grendal_primeI got docmgr up and working but it will not index word documents05:37
farawayhi, I installed ruby2.0 on my 12.04 server using the brightbox but currently those a keep back from upgrade as there seems a dep issue „ruby2.0 : Depends: ruby (>= 1:“  is anyone here also using brightbox?06:56
=== Lcawte|Away is now known as Lcawte
lordievaderGood morning.08:18
adacubuntu saves the data in:  /var/lib/postgresql/9.3/main  what exactly happens when there comes postgres version 9.4?09:45
adacwould then change the data directory too?09:45
=== zz_DenBeiren is now known as DenBeiren
lordievaderHey pmatulis, how are you doing?12:21
pmatulislordievader: tired, i need some ginseng12:30
lordievaderNot coffee?12:39
ObrienDavecoffee 1st12:47
=== ihre is now known as ihre`bnc
=== ihre`bnc is now known as ihre
=== TonyL is now known as Guest41932
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== Guest41932 is now known as TonyL
K4kIs there a way in apt to set an alternate mirror for a repository should the primary one be unavailable for some reason? What I'm trying to do is force clients to use our internal package repo when onsite but still be able to get updates offsite since the internal mirror will not be facing outside the firewall.15:37
jpdsK4k: Yep, just have another 'deb' line for the repo in sources.list.15:37
jpdsK4k: apt ignores the things it can't get to.15:38
K4kIs there a way to set a priority on the deb entries or does it just pick the one that's listed in the file first?15:38
jpdsK4k: It takes what it can.15:38
K4kFor example, could I use two different sources.list.d files with 01-internal and then 02-external as the source file names?15:38
ubottupinning is an advanced feature that APT can use to prefer particular packages over others. See https://help.ubuntu.com/community/PinningHowto15:38
K4kgenii: thanks!15:39
geniiK4k: Yer welcome :)15:39
jpdsK4k: Pinning is something different.15:41
jpdsK4k: If the repos have the same packages, it doesn't matter.15:42
geniijpds: It's usual usage is to freeze a file at a particular version or to only use one from a particular repository. But it is more flexible than people think.15:42
=== MeltedDed is now known as MeltedLux
K4kjpds: yeah, was just reading that... it can set priority but doesn't look like you can pin priority based on repo, only per package.15:43
jpdsK4k: Another thing you can do is a DNS hijack.15:43
K4kWould have to be on the client side using dnsmasq... which sounds ugly and error pron15:44
jpdsK4k: Have like; gb.archive.u.c go to an internal IP as opposed to the real one.15:44
jpdsWhat's wrong with dnsmasq?15:44
K4kHaving to muck with DNS resolution client side just seems like a bad idea to me15:44
jpdsWell, It Works.15:45
K4kHow would I do that anyway. I would need some sort of conditional based on their interface IP?15:45
jrwrendoes apt-cacher-ng help achieve your goal?15:46
jpdsapt-cacher-ng is so unreliable.15:46
K4kWas looking at approx, apt-cacher-ng and apt-proxy(?) and none of them seem to do what I need the way I need to do it. They all do some part of it though15:47
jpdsK4k: You tell dnsmasq: if you see a request for; archive.ubuntu.com, give it this A record ->, etc.15:48
jpdsWhere that A record is your internal mirror.15:48
K4kand when they're not on the internal network, how would it fall back to using the actual archive.ubuntu.com address?15:48
jpdsK4k: Yes.15:49
jpdsK4k: You set that on your LAN's DNS server.15:49
jpdsK4k: Nothing special on the clients.15:49
K4kI don't have control over the LAN DNS unfortunately :(15:49
K4kWell... let me rephrase that15:49
K4kIt's a windows DNS server. I'm not sure if it can do that15:50
genii Hm. Conceivably you could just have a post-up directive  for the ethernet adapter which decides where it's connected, and sets the Dir::Etc::sourcelist "sources.list";  variable to something appropriate15:50
jrwrenif only upstart had a network-changed event you could toggle between sources.list files using it.15:50
jrwrenwhat genii said.15:51
jrwrenI forgot about post-up15:51
K4ksome sort of client side resolution timeout would be all I'd need really. `if archive.ubuntu.com; then go; redirect after 30s back to archive.ubuntu.com proper`15:52
K4kbut I'll investigate all of these possibilities. They all sound good.15:52
geniiK4k: Apologies for not properly understanding your original question, had to go back up and carefully read it first :)15:55
jpdsK4k: Could you do a transparent proxy on the LAN?15:55
K4kjpds: I don't think so, not easily.15:56
NigeySafternoon :)15:57
NigeyScan anyone recommend a way to get a file from server1 to server2 using scp as root without hardcoding the password into the script that runs it?15:59
jpdsNigeyS: SSH key.15:59
jpdsNigeyS: And whatever you do, use a forced command: http://binblog.info/2008/10/20/openssh-going-flexible-with-forced-commands/16:00
NigeySjpds we use ssh keys currently .. if i use ssh key via a bash script, and it prompts for a password does that interrupt the script at all ? .. trying to scp apache configs to server2 after creating them on server 1 but dont want to use a hardcoded password in the script, or paswordless ssh keys, work will fire me for that !16:01
jpdsNigeyS: The SSH key has a passphrase?16:01
NigeySno, not by default on AWS instances, if i enable it it enables passwords for all users right ?16:02
jpdsNigeyS: You're talking about two different things.16:03
NigeySoh sorry see what you mean, keyphrase on the key itself16:03
K4kNigeyS: for that purpose I typically use Git, actually16:03
jpdsNigeyS: If the key has no passphrase, it shouldn't prompt for one in the script.16:03
NigeyScurrently it doesnt no, i could add that to server 2's ubuntu user, but how do i sudo to get that file in /etc/apache2 within the script ?16:03
K4kyou can do the transfer with a non-root user and then use a git-hook to put the file from the local git repo in to the web directory using root locally on the system16:04
NigeySoh, thats something i havent heard of before16:04
NigeySi guess the other option is to put configs in a dir that doesnt require root access16:05
* jpds wonders why system1 should be poking with server2's apache config.16:05
K4kOthers may have a different opinion on that but that's how I manage all of my websites so that I don't have to deal with sftp or scp when I update site content16:05
NigeySjpds cluster of web servers, configs have to be kept in sync16:05
K4kor you could configure ACLs for limited access to the directory by an unprivileged user16:05
jpdsNigeyS: Well, use something like Puppet for that.16:05
NigeyScant have test.com exist on server1, and not server2 as theyre load balanced.16:06
jpdsNigeyS: Puppet, Chef, salt, ansible, are all built for this kind of thing.16:06
NigeySthats a bit overkill for something thats only going to happen a few times amonth at the most.16:06
jpdsYour life will be a happier place than having root run around with shell scripts.16:07
NigeySthats a fair point16:07
NigeySideally i like the config on the nfs mount and they dont have to be copied anywhere but dammed if i can find how to tell apache to look there for them, on ubuntu at least.16:09
jpdsNigeyS: Yeah, and there's the NFS server dying.16:09
jpdsNigeyS: And your HA cluster going along with it.16:09
NigeySi really dont want to symlink to nfs for that very reason16:09
K4kJust HA all the things16:09
jpdsAutomate all the things.16:10
NigeySso far everything but this is automated :)16:10
K4ksoooo... then we're back to puppet jpds?16:10
jpdsWhy not.16:10
NigeySlol ok! i'll go look at puppet :)16:10
K4kIf not puppet then, personally, I'd use the git-hooks but even that's kind of iffy16:10
jpdsNigeyS: And with puppet, you can tweak a lot more than just Apache.16:11
NigeySthats true, i will go read :) thanks for the advice16:11
=== Xbert is now known as Guest12533
NigeySwhile i'm here, any of you ever had a situation where your gss.d and statd logs were filling up with lines of "y" to the point where it uses 30GB in a few hours ?16:12
K4kIs anyone here using foreman? I am working on our package management systems, since we have to re-vamp everything for RHEL7 anyway, and saw that Foreman can manage both Redhat and Ubuntu packages but some material was talking about using Katello as well, is that something that works with Ubuntu or is that soley a RHEL thing?16:13
K4kAnd how do you like foreman if you are using it?16:14
jpdsI've been meaning to try it but haven't had time to do so yet.16:15
Ameuruxanyone know if  pxelinux.0  is added on the FIX?16:16
jpdsAmeurux: FIX?16:16
Ameuruxit's a bug16:16
jpdsWhich bug?16:16
Ameuruxpxelinux.0 is missing on 14.1016:16
jpdsAmeurux: Erm, no.16:16
jpdsAmeurux: pxelinux.0 is a file you're suppose to create for your PXE server.16:16
Ameuruxok, thx, Im just trying to get PXE server working on 14.1016:17
Ameuruxwill give it a try16:17
K4kgenii: Looks like post-up.d script will do what I need. I can have it try to resolve the address for our internal mirror and if successful I can set a line in /etc/hosts to re-point archive.ubuntu.com to our internal server16:17
* jpds really doesn't like the sound of network stuff poking files in /etc.16:18
K4k* or set up something in dnsmasq16:19
jpdsOne day you'll wake up and find your /etc/hosts file is empty.16:20
K4kheh... yeaaahhhh16:20
NigeySWarning: Do not use this module on an existing Apache setup. It will purge any Apache configurations that are not managed by Puppet.16:23
NigeySthats not very good of puppet..lol16:23
jpdsNigeyS: It is.16:24
jpdsNigeyS: If it's not managing it, it shouldn't be there.16:24
NigeySbut i have already set up and installed apache..16:24
jpdsIt's too avoid config conflicts.16:25
jpdsNigeyS: Last thing you want is to have "www.test.com" by hand.16:27
jpdsNigeyS: Then add a vhost in Puppet for "www.test.com".16:27
jpdsNigeyS: And then Apache dying as there's two configs for that domain.16:28
NigeySyup, there's that !16:31
K4kIt's fairly straight forward to tell puppet "deploy this config file". Though it is proper to use the Apache modules you can just say "put this file here"16:33
K4kIf all you're using it for is to deploy a couple of configs to two different systems, that's going to be the path of least resistence to get it working and then you can worry about migrating to the "proper" way later16:34
jrwrenNigeyS: chown the config files you want to copy to some non-root sentinel account and scp using that?16:36
jpdsjrwren: ...16:36
jrwrenNigeyS: are you using an ssh-agent?16:37
K4kOH! You don't need a puppet server to do what you want. You could put the puppet manifest that manages the config file on an NFS share and then there is a flag for puppet-agent you can use on the client to just read from that "local" manifest file16:39
K4kI just remembered that16:39
=== webwiz is now known as jturek
NigeySsorry just got back.. let me read up :)16:48
NigeySjrwren good idea, turns out this script ive been writing doesnt want to work properly anyway lol maybe thats a sign ;)16:49
NigeySanyone care to take a look and see why im getting some funky errors? http://pastebin.com/HL36G0Tp16:54
NigeyS./Test2.sh: 10: ./Test2.sh: function: not found16:54
NigeyS./Test2.sh: 13: [: =: unexpected operator16:54
NigeyS./Test2.sh: 21: [: =: unexpected operator16:54
patdk-wknot really16:57
patdk-wkbut likely cause the script was written in bash and not dash16:57
NigeySwell,it works fine without my new $restartapache commands, but theyre just a duplicate of $needdb .. so i dont get why it doesnt work16:58
jrwrenNigeyS: bash v. dash?16:58
NigeySwouldnt that cause it to not work at all in bash though?16:59
acmehandleHow can I find out if openssl was built with tls compression enabled?16:59
jrwrenNigeyS: no.  anyway, I think you want function createsite() {.. }16:59
acmehandleSorry if this sounds like a stupid quesiton16:59
NigeySjrwren okies, ill keep fiddling17:00
NigeySjrwren works fine i removed #!/bin/bash by mistake17:03
=== markthomas|away is now known as markthomas
jrwrenNigeyS: :)17:09
NigeySbut just realised that script will cause apache to fail17:10
* NigeyS needs more coffee17:10
patdk-wkacmehandle why does it matter?17:11
jpdsNigeyS: http://paste.ubuntu.com/9355999/17:14
jpdsNigeyS: That was easy.17:14
NigeySjpds legend! lol17:15
acmehandleBecause I dont want RC4 enabled on my server.17:15
patdk-wkwhat does compression have to do with rc4?17:15
NigeySbut theres a few extra things id have to get puppet to do aswell, like insert the user data to the auth database etc17:15
jpdsNigeyS: Though, I've not tested it, and you'll probably need to load a CGI module.17:15
NigeySacmehandle try openssl version -a17:15
acmehandlepatdk-wk: it is similar in nature.17:16
patdk-wkrc4 is cipher17:16
patdk-wkcompression is well, compression17:16
patdk-wktotally different in nature17:16
NigeySjpds i need to chage that script quite a bit as far as the vhost settings go, we dont use cgi anymore for example, and i dont think all those options work with 2.417:16
acmehandlepatdk-wk I'll admit I'm not an expert but:  https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what17:17
patdk-wkI can understand rc4, it's not very secure anymore17:17
acmehandleIn the System Administrators section17:17
K4kjpds: It looks like dnsmasq, using the -y flag, can select an IP from /etc/hosts for a given hostname that is on the same subnet. That might work for what I was trying to do earlier.17:17
patdk-wkacmehandle, yes, but that website is talking about scope17:18
patdk-wkthe only tls compression attack is crime17:18
patdk-wkand that requires you to send repeated data at the start of the session17:18
patdk-wkit doesn't apply to openvpn17:18
RoyKhi all. I have a wee problem here, not really related to ubuntu server, but I hoe it's not too offtopic. I login to this host, call it A, and I run xfreerdp from there and to a windows server on a closed-off network17:19
RoyKnow, xfreerdp and xquartz aren't good friends, so it the keyboard doesn't work. I can't use rdesktop, since the windows servers require crypto not supported by rdesktop. I don't have a linux machine here atm, so wonder if it's possible to do this with some ssh tunnel magick17:20
RoyKthe host A is heavily firewalled and only answers to 22/tcp. From there on, it's fairly open17:21
patdk-wksure as long as they didn't disable ssh tunnels/forwarding17:22
RoyKpatdk-wk: I didn't :P17:23
patdk-wkit's common for me to disable those now :)17:23
patdk-wkhad too many people abusing them17:23
RoyKpatdk-wk: not many have access to this box17:23
patdk-wkI had some users passwords get compromised17:24
patdk-wkand the new *owners*, used ssh to portforward and attack other systems17:24
RoyKpatdk-wk: it requires both key and password, so it's a bit hard that way17:24
RoyKpatdk-wk: and company policy is to require password protected keys17:24
jrwrenRoyK: ssh -n -N -L 3389:windows-server:3389 A ; remote desktop to localhost17:29
patdk-wkif you use remmina, it has an option under ssh to do it for you :)17:32
=== guampa_ is now known as guampa
grendal_primeok soooo after i got this thing up and running and everything seems to be working right, I transfered the vm to the production server and although it seems to be up and working correctly i cant log into the web interface.17:43
grendal_primeip address is differnt, is there something i need to change ...listening address or such on the alfresco server?17:43
hadifarnoudI have never setup an email server. can someone see this tutorial and tell me how I should setup outgoing server on my Mail client? http://www.krizna.com/ubuntu/setup-mail-server-ubuntu-14-04/18:24
hadifarnoudI used standard default setting (port 25 with password auth)18:24
grendal_primeok...dont know why but it just...started working18:26
bekkshadifarnoud: USe this one: https://help.ubuntu.com/community/Postfix18:26
grendal_primeis it possible to connect this to an existing filer?  Whe have a samba based cifs server that already has a bunch of document on it.18:27
jamespagetyhicks, kirkland: have you seen this bug ? https://bugs.launchpad.net/ecryptfs/+bug/132868918:27
uvirtbotLaunchpad bug 1328689 in ecryptfs-utils "ecryptfs-utils does not work with Ubuntu 14.04.1" [Undecided,Confirmed]18:27
tyhicksjamespage: I've seen the bug report but haven't had a chance to look into it18:32
hadifarnoudbekks: my postfix config for smpt is "submission inet n       -       -       -       -       smtpd"18:33
hadifarnoudnot sure what "chroot" is for but it is not set to "n"18:33
hadifarnoudwhat is starttls in postfix? right at the end of this tutorial, there is an example conf for mail client. I have no option for "STARTTLS" on OSX Mail.18:46
tewardhadifarnoud: might be 'SSL/TLS' or just 'TLS'18:47
teward(at least in OSX mail)18:47
hadifarnoudteward: I've got 'Use SSL' next to port and 'TLS (External client certificate)' in authentication.18:49
hadifarnoudbit confused. that means I have to provide a certificate to OSX Mail?18:49
patdk-wkno idea18:51
patdk-wkfunky osx18:51
hadifarnoudteward: also, there is an option for TLS certificate.18:51
hadifarnoudbloody OSX Mail18:51
hadifarnoudI guess SSL check box next to port is sort of TLS.18:52
hadifarnoudfault might be with my server setup18:52
tyhickskirkland: re: bug #1328689> When running the adduser --encrypt-home command, it proceeds to try to mount the home directory before prompting for the user's password19:06
uvirtbotLaunchpad bug 1328689 in ecryptfs-utils "ecryptfs-utils does not work with Ubuntu 14.04.1" [Undecided,Confirmed] https://launchpad.net/bugs/132868919:06
tyhickskirkland: so a valid auth tok obviously isn't in the kernel keyring yet19:07
hadifarnoudseems like my sever blocks connection from other IPs. I get this error in syslog "SSL_accept error from unknown[]:"19:09
=== Lcawte is now known as Lcawte|Away
abramshello :)19:35
pmatulishello there19:35
abramsguy's I have a problem with Unity desktop19:36
abramsi can't find resolution19:36
pmatulisabrams: try #ubuntu , this is the channel for ubuntu server19:36
pmatulissee topic ↑19:36
abramsWhen I try to drag and drop icon from unity to desktop19:36
NigeySanyone know if i put an IncludeOptional into apache2.conf and it points to vhost configs, do i still have to run them through a2ensite?19:37
abramssory :)19:37
pmatulisabrams: is ok19:37
=== markthomas is now known as markthomas|away
=== markthomas|away is now known as markthomas
=== bilde2910 is now known as bilde2910|away
kully3xfwhat's up all. How can I compare many text file's contents in two directories?21:32
kully3xfdiff -r dir1 dir2?21:33
kully3xfwill that compare the file's contents or just if the file exists21:33
elliotd123anyone know if there's software out there that can basically let me run proccesses with the GPU instead of the onboard CPU?21:51
geniiProbably the closest thing would be anything compiled using CUDA, but you'd also need an NVidia for that21:57
elliotd123that's ok, so I'm not familiar with CUDA, is that a compiler?21:59
geniielliotd123: It's a parallel-processing library from NVidia. It uses the cores of their GPUs22:02
geniielliotd123: If an app is compiled from source with CUDA enabled, it will use the NVidia card to run them on.22:02
elliotd123Sounds intriguing. I'll look into that. Thanks, genii22:03
=== Lcawte|Away is now known as Lcawte
acmehandleIs there a difference if I install something using just apt-get versus something from ppa?22:19
acmehandleI often see suggestions to install someting using PPA and I am wondering how necessary that might be22:20
Patrickdkit is the same thing22:20
Patrickdkjust ppa normally means, not maintained by ubuntu22:20
geniiSome PPA are more trusted than others, like for instance xorg-edgers22:21
PatrickdkI trust my ppa a lot22:21
mapletonI have a problem with Bind9.8 and Samba4(latest git) on Ubuntu Server 12.04.5LTS.  I'm trying to get DNS_DLZ working.  The DNS server was starting without the dynamic zones, and doing lookups fine, but integrated it hasn't started;  AppArmor is throwing a permissions error on /usr/local/samba/private/dns/sam.ldb (just wants r.)  I see the line for that file in /etc/apparmor.d/local/usr.sbin.named  (named is the bind user accoun22:21
TechIsCoolhow do I give a different user access to a single file22:22
TechIsCoolI still need to allow the access to the file from the origingal group and user22:22
Patrickdkmake a new group22:23
Patrickdkenable and use acl's?22:23
=== MeltedLux is now known as MeltedDed
sarnoldmapleton: you were cut off at "bind user accoun"22:32
sarnoldmapleton: if you have a line /usr/local/samba/private/dns/sam.ldb r,   in your /etc/apparmor.d/local/usr.sbin.named file and your main /etc/apparmor.d/usr.sbin.named file has an #include <local/usr.sbin.named> line, then you just need to reload the profile; apparmor_parser --replace /etc/apparmor.d/usr.sbin.named   should do it22:33
mapletonthanks, sorry.22:33
mapletonwas basically complete.. gonna give that a shot22:33
mapletonokay... got a little further.   "could not create /var/run/named/session.key"  I'm guessing its a permissions issue, since I'm no longer running bind as the default.  The samba wiki mentions (for the zone files) to chown named:named and chmod 640.  Does that apply here?22:45
=== bilde2910|away is now known as bilde2910
sarnoldmapleton: sorry, dunno there; it could be apparmor again.22:46
sarnoldmapleton: check again for more DENIED lines in dmesg22:46
mapletonNo Apparmor DENIED now, just a couple of permission errors, both in that directory.  Is it safe to add the chown and chmod 640 permission to /var/run/named/?22:53
sarnoldmapleton: it's probably safe22:53
sarnold.. I'm not an expert on either one, but some user account has to own them, and it could either be bind or samba, depending upon how they are modified..22:54
mapletonone more thing, I guess:  how do I find the current ownership and permissions stats of a file22:54
sarnoldmapleton: ls -l is the easiest22:54
sarnoldmapleton: stat /path/to/filename can also show you22:55
keithzg_Hrmmm, does postfix filter relay recipients only during an actual connection to the relay?22:55
mapletonmany thanks for your help, btw.. sarnold.. its my second day on ubuntu22:56
sarnoldmapleton: welcome aboard :)22:56
* keithzg_ is seeing a server just deferring mail to addresses that in theory should be filtered out by our relay_recipients22:56
sarnoldmapleton: could you file a bug against apparmor (ubuntu-bug apparmor) once you've gotten it sorted? we may want to add the rules you needed to the default profile22:57
mapletonwill do, thanks22:57
mapletonalthough I do feel a bit of a 'computer user, non-technical' so was thinking its more user error than anything ;)22:59
sarnoldmapleton: hehe, not a bad first instinct, but it could be the others who have done this setup before you didn't report bugs either, hehe :)23:02
=== Lcawte is now known as Lcawte|Away
mapletonscrew it... chmod 666 -r /23:08
mapletonokay.. I've exhausted the troubleshooting steps I could guess at.  I even added (and reset) the directory to apparmor (** rwk) in case...  "Could not open '/var/run/named/named.pid',"could not create /var/run/named/session.key"  I used stat, and not entirely sure I know what I'm looking for, but its chmod is 66423:23
mapletonI changed ownership to named.  I assume the error "named[1913]" means thats the executable context (the daemon named)23:25
sarnoldmapleton: correct, the 'named' comes from the process's "comm" field (first 16 bytes) and the 1913 is the pid of the process23:28
mapletonchown -r named /var/run/named did it.  one more error, but hey.. probably similar23:31
=== jvwjgames_ is now known as jvwjgames

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!