/srv/irclogs.ubuntu.com/2015/01/20/#ubuntu-server.txt

=== Lcawte is now known as Lcawte|Away
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
=== zz_DenBeiren is now known as DenBeiren
=== markthomas is now known as markthomas|away
=== martinst is now known as martins-afk
=== martins-afk is now known as martinst
=== kickinz1|afk is now known as kickinz1
=== Lcawte|Away is now known as Lcawte
=== superspring_ is now known as superspring
miphix_xD08:16
miphix_How's every one doing?08:18
=== Lcawte is now known as Lcawte|Away
=== bilde2910|away is now known as bilde2910
lordievaderGood morning.08:51
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== kickinz1 is now known as kickinz1|away
=== Sander^work2 is now known as Sander^work
caraconanHi here. I'm a little bit confused here. I had a 12.10 server, and then after a "sudo do-release-upgrade" I can see "13.10" in my /etc/issue, but looking at https://wiki.ubuntu.com/Releases it's marked as end of life. What should I do to upgrade my server to the... "current" version? Thanks12:21
caraconanOk, I can imagine that I'm missing another jump12:23
=== kickinz1|away is now known as kickinz1
lordievadercaraconan: Continue the upgrade procedure.12:44
caraconanok thanks12:44
dominic1134hi there, we're looking for developers and package maintainers which would like to join our development team for an open source anti spam appliance project. check out www.openas.org . we're happy to hear from you :-)12:59
=== nevada_germ is now known as Cpt_ManlyPink
thor77hello, i have an ubuntu-vps with a nginx-webserver. i want to easily (without sudo) copy/edit files to /usr/share/nginx/ (the webserver's root). what's the easiest way to archive this?14:02
tewardthor77: beat yourself with the guide to linux - there's a thousand safety reasons for why you don't do that.14:03
tewardthor77: not to mention, you shouldn't put your web root in a package-maintained directory anyways, and should make an alternate directory, either as a subdirectory in there (as root/sudo) or elsewhere, so long as nginx has +x on the directories (and the ability to read the files)14:04
tewardthor77: the biggest reason for me saying don't use /usr/share/nginx/ directly and either use a directory under that or move elswhere, is because https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/119407414:06
tewardthor77: the second biggest reason is you don't want a hijacked user account to be able to edit the files without needing the sudo password - this is also why you should SSH Key Auth Only your server so you don't have rouge access in case your password gets stolen14:08
teward(and use a different password on your SSH key)14:08
=== kickinz1 is now known as kickinz1|afk
patdk-wkteward, why?14:11
thor77teward: okey, okey, didnt thought about the security issues14:11
patdk-wkso your trading a stolen password for a stolen rsa key?14:11
patdk-wkyou should use 2factor14:11
thor77tekk: and my server is using ssh key auth only14:12
thor77ssh key is protected with a password14:12
patdk-wkpassword + keyauth, keyauth + token, password + token, something14:12
patdk-wkssh key can be brute forced14:12
tewardpatdk-wk: and you can brute force a 2048bit key in how long?14:12
patdk-wkit is not 2048 bit14:13
tewardpatdk-wk: then what's the bitstrength of a default generated ssh key in 14.0414:13
tewardpatdk-wk: point standing: it's easier to bruteforce a password than the privkey.14:13
thor77my ssh-key is 204814:13
patdk-wkwe aren't talking about the generated key14:13
patdk-wkwe are talking about the PASSWORD protecting that key14:13
thor77the key is on my local computer14:13
tewardpatdk-wk: this is a discussion for elsewhere, IMO14:14
patdk-wkyour password is also on your local computer14:14
patdk-wktill it got compromised :)14:14
tewardpatdk-wk: again, discussion for elsewhere14:14
tewardthor77: i strongly suggest not changing the permissions for the folder, and use another path, but NOT in the home dir14:14
teward(there's other security considerations there)14:14
thor77teward: i will think about it, thanks for your suggestion14:15
tewardpatdk-wk: if only everyone followed the SANS recommendations: don't use the same password for everything14:15
patdk-wkthat is good, but don't put all your credentials in one location :)14:15
patdk-wkthat is even harder14:15
patdk-wkbut 2factor helps that, storing two passwords for everything, in two locations14:15
tewardpatdk-wk: and the "Use Strong Passwords!  > 12 characters, alphanumeric+punctuation+special symbols, random14:15
tewardpatdk-wk: true14:15
thor77but if i use a new folder, is it a security issue when the web-user AND my normal-user have write acess to it?14:16
patdk-wkstolen laptop, stolen phone14:16
patdk-wknot likely for both to happen at once14:16
tewardpatdk-wk: my passcode db is inside a truecrypt container inside an ecryptfs container on a hardware-encrypted flash drive14:16
patdk-wkatleast for me14:16
tewardwhich itself has a pincode that if yo ufail 10 times the data is nuked14:16
thor77you are very paranoic...14:16
* teward may be a little paranoid :)14:16
patdk-wklets see14:17
patdk-wkmine is in a keepass file14:17
patdk-wkon a encrypted drive14:17
patdk-wkthat is secured via a usb token14:17
patdk-wkthat is secured via a nother usb token14:17
patdk-wkthat is secured via a password14:17
tewardoop i forgot to mention the PGP encrypted files... eheheheheh14:17
* teward keeps that on a separate device14:17
* teward forgot he got more paranoid :)14:18
patdk-wkI attempt to use 25random char passwords :(14:18
patdk-wkso many places limit me to 15chars or sometimes less14:18
tewardpatdk-wk: wish there were ways to use yubikey cloud otps on everything but meh14:18
patdk-wkwe did go paranoid with rsa keys, I forced them too though14:19
patdk-wkrsa logins work, but require token auth also14:19
tewardpatdk-wk: my keys are 8192bit strength so meh14:19
tewardand they in turn require passwords that were randomgen'd > 64 characters14:19
tewardso........14:19
teward:P14:19
=== kickinz1|afk is now known as kickinz1
=== Lcawte is now known as Lcawte|Away
arcskyhello, i have a few Ubuntu-servers running at my office. I wonder if there are any mangmenet open tool for lets say upgrade it and other mangment stuff15:03
patdk-wkapt-get15:04
tewardpatdk-wk: i think he means en masse management and such15:04
tewardrather than connect to each manually15:04
tewardlandscape or puppet come to mind... but i'm not a fan of either15:05
* teward prefers the manual touch :P15:05
patdk-wkyes, he wanted landscape15:05
patdk-wkbut he also said open tool15:05
tewardpatdk-wk: heh15:05
patdk-wkand that means, basically no15:05
arcskyGUI crap15:05
patdk-wkpuppet isn't exactly what he wanted :)15:05
patdk-wkplus again, not open, so chef, but still not what he wanted :)15:06
arcskyPuppet good?15:06
patdk-wkas good as the person setting it up and using it15:06
marty_axelcan someone help me with vsftpd configuration?15:39
thor77marty_axel: use ssh15:41
thor77you dont need vsftpd, if you have sshd installed15:41
thor77you can use sftp and scp then15:41
ppetrakior rsync15:41
marty_axelmhmm...15:42
marty_axeli configured vsftpd from google. All perfect, but when i set pasv_address=my_public_ip and try to connect using my public ip, it`s not working. I can connect with localhost and 192.168.1.14, but not with public ip15:43
teward!crosspost | marty_axel15:43
ubottumarty_axel: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.15:43
teward(pick here or #ubuntu - stick to it - that's the most effective method)15:43
rbasakkickinz1: can you take bug 1412830 please? I can help you through it.15:45
kickinz1rbasak: looking15:52
kickinz1rbasak, ok15:54
tewardserver team meetings are public right16:02
rbasakteward: yes. In #ubuntu-meeting16:02
tewardrbasak: i think i'll lurk today :)16:02
rbasak(on now)16:02
rbasakteward: please do!16:03
tewardmaybe i should o/ since i'm still on the 'team' on LP xD16:03
tewardrbasak: it's helpful that i don't have a schedule full of classes on tuesdays now xD16:07
rbasak:)16:08
bananapiewhich program do I use to see all the files modified by a particular program? I think it was gdb or something like that, but I can't remember16:09
rbasakbananapie: strace maybe?16:11
rbasakstrace -eopen is useful for that kind of thing16:11
bananapieNice :)16:12
bananapiethanks :)16:12
tewardrbasak: general question: nginx is on the server team's list of things they keep eyes on since the MIR, right?  (in this case, now, it's on my radar all the time, since updates no longer sit for 3 weeks before being looked at)16:14
rbasakteward: we do, but generally I look to see if you respond first, and usually you do :)16:15
tewardrbasak: yep.16:16
teward:P16:16
tewardrbasak: well, feel free to always throw things my way :)16:16
tewardrbasak: especially given -devel is somewhere I lurk now :)16:16
rbasakThanks!16:17
thor77is it possible to run a process in a virtual env with limited ressources?16:17
rbasakthor77: look into ulimit? Or for more control, maybe cgroups, LXC, etc.16:17
thor77thanks for the keywords16:17
tewardrbasak: no problem - and if the server team always wants to throw things my way they're welcome to16:18
rbasakteward: remember, you're part of the server team :)16:20
tewardrbasak: i meant as a regular thing in the meetings and such, if nginx becomes heavily more active16:20
rbasakteward: ack :)16:21
=== Lcawte|Away is now known as Lcawte
tewardcoreycb: hopefully you don't mind the nginx mention with the server team meeting - since nginx-core got into main (thanks to rbasak and sarnold and all for the MIR processing, again), it's definitely on my radar a ton more nowadays.16:29
tewardespecially since there's more people using it (according to all the errors I see on errors.u.c :P)16:29
rbasakteward: no problem, thanks for coming!16:29
coreycbteward, yes, not a problem whatsoever, that's what the meeting is for16:30
coreycbthanks for attending!16:30
tewardcoreycb: how fortunate my schedule isn't full nowadays16:30
tewardi can attend the meetings more frequently now16:31
rbasakteward: 8678 popcon installs apparently16:31
coreycbteward, that's guaranteed not to last for long right? :)16:31
coreycb(the schedule not full part)16:31
tewardcoreycb: at least until finals week or midterms - my class schedule has only a 14:00-15:45 class tuesdays16:33
coreycbteward, oh man, I'm jealous :)16:33
tewardcome summer, back at the 9-5 job :P16:33
teward09:00 - 17:00 job*16:33
* teward needs to do 24-hour time notation by default now16:33
tewardcoreycb: and if i'm not able to attend, i'll drop a blurb to the -server mailing list for nginx updates that should be in the meeting - but as i said to rbasak, emails, bug reports, and pings in -devel -server    are the best way to get my attention (in that order)16:34
coreycbteward, sounds good, thank you16:35
tewardyou're welcome16:36
tewardand the lovely thing about PPU rights is that the updates no longer sit in the sponsoring queue for 3 weeks xD16:36
tewardso there's expedited processing of merges16:36
tewardand non-security things outside of the development release (I loop in the security team for security-impacting Vivid updates for nginx now though)16:37
tewardcoreycb: i also know there was previous discussion adding nginx to the images, as something you can select and install.  But I don't know whether there's any need for such changes at this time.16:38
coreycbteward, I am not sure tbh. rbasak do you know?16:39
tewardthat request came into my email and on ask ubuntu and other locations, I believe, and prompted the MIR16:39
teward(which in turn prompted nginx-core's creation)16:39
tewardit's probably an old discussion at this point16:41
tewardat least a year or more16:41
tewardoh, two years, almost...16:42
rbasakteward: I don't remember talking about adding an nginx option to the installer. Right now we just have LAMP I think, which does apache?16:42
tewardrbasak: right.  i had a question come up in a bug (trying to remember!) which said "Will this be on the images"16:43
rbasakI see.16:43
tewardat the time, i said "out of my purview"16:43
rbasakI have no major objection, although there are always space constraints, and the desire to reduce complexity rather than increase it.16:43
tewardrbasak: indeed.16:44
tewardrbasak: the discussion might come up in future, maybe closer to the next LTS, but i bet you there's a few people what would like it16:44
rbasakI'm also biased away from the images. I'm happy for the crowd who use them to continue to use them, but I don't.16:44
tewardalthough i have no objection to leaving it off of the images.16:44
rbasakThe future is in cloud images, rather than the traditional installer, IMHO.16:44
tewardagreed16:44
tewardrbasak: there are the traditionalists though xD16:44
rbasakYes and they're welcome to look after the installer images :)16:45
tewardrbasak: isn't part of QA's testing to test the traditional installer images...?  :/16:46
tewardi think i remember seeing a testing task for it somewhere16:46
tewardyep there's a test item >.>16:46
tewardrbasak: what package do we provide for LAMP?  Or is it just a set of things to install, is all?16:48
rbasakteward: I think it just installs MySQL, Apache and PHP (libapache2-mod-php5 presumably).16:53
tewardmmm16:54
jpdsIsn't there a tasksel thing?16:55
tewardrbasak: well i see a problem setting up an nginx+mysql+php stack with the images, in that php5-fpm (what is typically used with nginx) is universe16:55
tewardif it too needs to be in main we open a can of worms, I believe16:55
tewardmight open*16:56
patdk-wkwhat about php5-cgi?16:56
tewardrbasak: so it's a future discussion, obviously.  but at least nginx-core *is* in main and there's people who now actively maintain it  *points at self*16:56
patdk-wkyou don't have to use fpm16:56
tewardpatdk-wk: wouldn't that require a fastcgi wrapper?16:56
patdk-wkyou just need a fcgi or even cgi if you want :)16:56
patdk-wkteward, php5-cgi is a cgi AND fcgi16:56
patdk-wkfpm is a multi-fcgi wrapper16:57
tewardpatdk-wk: so php5-cgi could accept a fastcgi_pass then?16:57
patdk-wkyes, just using php5-fpm is normally *simpler* :)16:57
* teward sets up a server VM to test!16:57
patdk-wkit would16:57
patdk-wkbut you probably need to make init scripts and stuff for it16:57
patdk-wkwhereas fpm already has it16:57
patdk-wkfpm is what made, going from a single fcgi php to per user php simple16:58
tewardpatdk-wk: yeah, the init scripts might be the pain - if LAMP is implied to work out of the box, and php5-cgi has no init, can that even be a viable solution16:58
* teward won't write the init scripts :P16:58
patdk-wkwell, pick your pain :)16:58
tewardcatch-22.  both options are equally painful :p16:59
tewardi should blog about setting up an nginx+mysql+php5 stack on ubuntu 14.04+... hmmm16:59
patdk-wkpersonally, I like php5-fpm :)17:00
tewardpatdk-wk: agreed17:00
tewardmakes it less painful to set up :P17:00
patdk-wkput all my php.ini settings into it's per instance customization17:01
patdk-wkno more php update saying it needs to overwrite my php.ini :)17:01
patdk-wkmakes happy sysadmin17:01
=== markthomas|away is now known as markthomas
tewardheh17:02
patdk-wkinteresting17:02
patdk-wktoday seems to be a spam day17:02
rbasakteward: I feel that php5-fpm is inadequately maintained currently for it to be in main.17:03
tewardrbasak: you and I are in agreement17:03
tewardhence the 'can of worms'17:03
rbasakteward: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/126725517:03
rbasak:)17:03
tewardrbasak: *subscribed and watching*17:44
sarnoldjamespage: we've got a backlog of reactive work at the moment; probably I'll get to 1407695 and the other MIR work next week at the earliest18:25
tewardis server going to be on the testing tracker for alpha 2?18:35
NoobsFlyVFRI just installed xorg and i3-wm on my Ubuntu 14.04 LTS server and I am trying to install lightdm using sudo apt-get install lightdm. But it wants to install unity, and all other united related components.19:29
NoobsFlyVFRHow do I install lightdm without installing unity and everything else?19:29
sarnoldNoobsFlyVFR: maybe try installing lightdm-greeter alongside lightdm?19:30
NoobsFlyVFRThat worked, sarnold. Thanks a lot.19:30
sarnoldnice19:30
sarnoldI figured this looked like the reason why unity was being brought in: Recommends: xserver-xorg, unity-greeter | lightdm-greeter | lightdm-kde-greeter19:31
NoobsFlyVFRExactly.19:31
antiPoPHI, I have an ubuntu 12.04 server with automatic updates enabled. However some security updates are aplied automatically while others not. What is happening? here are the configs and relevant logs: https://gist.github.com/antiPoP/9c97efbc523caab148ea19:37
sarnoldantiPoP: perhaps those updates were published after the periodic check run?19:40
antiPoPsarnold maybe, but I didn't did an apt-get update19:49
sarnoldantiPoP: hmm19:49
antiPoPso how have been these fetched?19:49
=== kickinz1 is now known as kickinz1|afk
=== pgraner is now known as pgraner-afk
=== markthomas is now known as markthomas|away
=== markthomas|away is now known as markthomas
=== bilde2910 is now known as bilde2910|away
=== lazyPower is now known as lp|outy5000
=== Lcawte is now known as Lcawte|Away
dtscodehey guy... ive got a process that keeps saying this: dtscode@dragontoothsoftware:~/billbot$ warning: The echo canceller started acting funny and got slapped (reset). It swears it will behave now. is there any way to tell what is saying it?23:14
sarnoldecho canceller sounds like a voice-over-ip thing23:14
dtscodeoh. its probably my ts3 server then23:15
dtscodecan i restart it and redirect all output to /dev/null?23:16
sarnoldprobably23:16
sarnoldthogh you might want to investigate using an initscript or upstart script to manage it as a service, rather than just a program you have to 'nohup ./foo > /dev/null 2>/dev/null </dev/null'  ...23:17
dtscodewould sudo service teamspeak3 restart > /dev/null work?23:17
dtscodeoh ok23:17
X123screen! :)23:18
sarnoldtrue, screen or tmux is nice too :)23:19

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!