=== Lcawte|Away is now known as Lcawte === Lcawte is now known as Lcawte|Away [00:40] hello [00:40] someone there with squid3 and mysql knowledge? === mfisch is now known as Guest88107 === med_ is now known as Guest17963 === Monthrect is now known as Piper-Off === Guest88107 is now known as mfisch === paule32_ is now known as paule32 === mfisch is now known as Guest9086 === Piper-Off is now known as Monthrect === Monthrect is now known as Piper-Off === Piper-Off is now known as Monthrect === Sprockt is now known as Sprocks === wmp is now known as Guest86302 === neunon_ is now known as neunon === dasjoe_ is now known as dasjoe === Ursinha_ is now known as Ursinha === DalekSec_ is now known as DalekSec === dasjoe_ is now known as dasjoe === hackemate is now known as hxm === Monthrect is now known as Piper-Off === Piper-Off is now known as Monthrect === lionel_ is now known as lionel === ValicekB_ is now known as ValicekB === Guest86302 is now known as wiuempe [11:30] Good afternoon. === galeido_ is now known as galeido === Lord_Govindam is now known as krishna === krishna is now known as Brahman === Brahman is now known as Govindam [12:01] hello [12:01] some on there with take some time? [12:02] my custom external helper does not work [12:02] i want a custom helper, that search website in database [12:02] if it blocked, then return "ERR" [12:02] else "OK" [12:02] here the script: [12:02] http://pastebin.com/p1zAkhDQ [12:02] and here the config: [12:02] http://pastebin.com/kE3kbVGT [12:02] this is log output: [12:02] kid1| helperHandleRead: unexpected read from blockscript #Hlpr0, 3 bytes 'ERR' [12:14] paule32: It would probably help you to output the actual error instead of 'ERR'. [12:14] read from blockscript #Hlpr0, 3 bytes [12:16] What I mean is if it errors you don't know if $row[2] was equal to one or if $rec was less than one. When trying to debug something you want as much (relevant) information as possible. [12:18] $row[0] ::= id [12:19] $row[1] ::= name (of url) [12:19] $row[2] ::= blocked (0 || 1) [12:22] I guess this is very specific to Squid, perhaps it is a good idea to ask around in #squid. [12:23] there sill noise [12:23] in the docs stands - return ERR or OK [12:24] the funny thing on this stroy is, i can run the script under console without exceptions [12:24] i can enter so long as i want [12:24] cancel with ctrl+c [12:26] Likely due to a completely different environment. === pleia2_ is now known as pleia2 === yeats_ is now known as yeats === stgraber_ is now known as stgraber [16:24] Hey there [16:24] Guys I'm trying to create ftp server [16:24] and I need to use a user who own /var/www/username [16:25] i can do it with adduser command [16:25] but my problem is that [16:25] whenever this user upload a file to there, www-data will say "it is forbidden for me" [16:25] how can I set default chown or chmod for that directory? [16:28] mrtAkdeniz: you should make sure the files are owned by a group where both www-data and the user uploading files are member [16:28] so I need to add that user to www-data? [16:28] no [16:28] and set chmod 775 ? [16:28] no [16:28] create a new group, add the www-data user and this ftp user to it [16:29] then make the user the owner of all these files + folders, and make the shared group the group owner [16:29] then set 750 for folders and 640 for files [16:29] like chown ftpuser:createdgroup ? [16:29] sure [16:29] thanks Sling [16:30] that way the httpd has only read rights to the content [16:30] hmm [16:30] and the user also doesn't have more permissions than he/she needs [16:30] but sometimes httpd need to write? [16:30] like logs, io based caching etc? [16:30] those would be exceptions [16:30] usually they would be in separate filesystem locations than the regular content [16:31] actually nope, at least in my framework :\ [16:31] web content are in public folder [16:31] but logs, sessions, caches etc are in the storage folder [16:32] storage and public need to be at the same level [16:32] i mean [16:32] - storage, -public, --index.html, -var [16:44] thank you Sling ^^ === SpamapS_ is now known as SpamapS [17:55] Hey there again! [17:57] I installed postfix and dovecot on my server, everything works well, I can read and sent mails from roundcube [17:58] But I can not make smtp configuration for thunderbird or android app [17:58] If I choose another SMTP and make IMAP conf. it works well [17:58] but when I try to do smtp configuration, it fails [17:58] postfix channel says, it is not releated to postfix [17:59] mrtAkdeniz: does the mail server have confirmed external access for *receiving* email? [17:59] mrtAkdeniz: are there firewall rules preventing connections. [17:59] there is no firewall on the server [18:00] and there is no problem about receiving :\ [18:00] If I choose another smtp, i can get my mails on thunderbird [18:00] if I get your point correct.. [18:01] TJ-, yeah I checked the meaning of receiving -lack of English, sorry-; and has no problem with receiving [18:01] but SMTP configuration [18:03] mrtAkdeniz: for a mail client to be able to send mail over SMTP, the SMTP server (postfix) probably needs to authenticate the client otherwise you'd have an open spam-relay. [18:03] mrtAkdeniz: if IMAP4 connections to dovecot also don't work that points to a common issue, which is why I mention the firewall. If firewall isn't the issue, look at the postfix (/var/log/mail.log) and dovecot (/var/log/dovecot.log) logs [18:06] TJ-, there is no log for dovecot, and it is what I all have -> http://pastie.org/private/4vjpvxbbob4imgoljx29w [18:06] I think my free ssl certificate forbidden by thunderbird [18:06] but I search for it, and tell thunderbird to skip ssl cert check [18:06] it is still failing.. [18:07] I am going to scp a website over to ubuntu 14.04, do I want to use scp -pr to preserve as much as i can for permissions? I may have to reown the files anyway though [18:14] well, guess ill find out soon enough. [18:20] <_KaszpiR_> anyone knows what is retention time for AWS AMI with Ubuntu 14.04.3 LTS daily builds? === yofel_ is now known as yofel [19:19] Guys [19:19] I'm buying SSL certificate [19:19] and I'll use it for mail also [19:19] and my mail server is on mail.mydomain.com [19:20] do I need to buy it for mail.mydomain or mydomain.com [19:26] hello [19:27] have problem with squid3 for linux [19:27] http://pastebin.com/HXB63yyh [19:32] <_KaszpiR_> looks like your /sap/squid/block.sh sucks in producting proper output [19:33] yes, because ERR\n0 [19:33] \0OK [19:36] any ideas? [19:38] hi all [19:38] i study about parallel programming in julia and get this statement. [19:38] The base Julia installation has in-built support for two types of clusters: [19:38] A local cluster specified with the -p option as shown above. [19:38] A cluster spanning machines using the --machinefile option. This uses a passwordless ssh login to start julia worker processes (from the same path as the current host) on the specified machines. [19:39] i want know what is cluster spanning and how i can create this in ubuntu [19:39] thank 's for your help [19:40] mahdi_ja: you should ask in #julia probably [19:40] this is not something ubuntu-specific [19:40] Sling, yes, but what is spanning cluster i do not find anythings about this [19:41] mahdi_ja: Probably multiple nodes running on different machines. [19:42] Wouldn't be surprised if it uses a mpich like technology underneath: https://www.mpich.org/ [19:55] Guys I need help [19:55] I'm trying to open ports [19:55] and I don't have ufw enable [19:55] I'm using sudo iptables -A INPUT -p tcp --dport 587 -j ACCEPT [19:55] flush the firewall [19:55] but telnet localhost 587 still returning error [19:55] mrtAkdeniz: why not ufw? [19:55] paule32, i have ufw disabled [19:56] iptables -t nat -L [19:56] ? [19:56] RoyK, because I don't want [19:56] mrtAkdeniz: pastebin output of "iptables-save" [19:57] RoyK, http://pastie.org/private/xptz3rt4jdxjxfxxzl5irq [19:58] it is just pathetic, my localhost refusing my connection. [19:58] mrtAkdeniz: Is there anything listening to those ports? [19:58] lordievader, I've postfix and dovecot installed [19:58] and i think they are listening [19:58] mrtAkdeniz: all accepted there - nothing is blocking [19:58] mrtAkdeniz: netstat -tulpn|grep [19:58] lordievader, both returned empty === rxc_ is now known as rxc [19:59] So nothing is listening. [19:59] damn [20:00] (try it with sudo if you're not root) [20:00] I'm root :\ [20:01] mrtAkdeniz: it's not a firewall issue [20:01] mrtAkdeniz: nothing is blocked in that iptables setup [20:01] RoyK, yeah I got it :\ [20:01] it is postfix issue [20:01] mrtAkdeniz: the allow lines have no effect, since -P ACCEPT is on [20:02] mrtAkdeniz: I'd recommend using ufw until you get familiar with the iptables (or next, nftables) rules [20:02] when I enable ufw, even my 80 port blocked [20:02] and I had "ufw enable 80" and rebooted.. [20:03] no [20:03] ufw allow http [20:03] ufw allow ssh [20:03] ufw enable [20:03] not enable sorry [20:03] allow 80 [20:03] just use http [20:03] but I need to open other ports [20:03] first iptables -F [20:03] like 21, 25 etc [20:04] 21? are you (ab)using ftp? [20:04] and I have 81 port which is another webserver [20:04] yeah RoyK [20:04] just ufw allow 'whateverprotocol' [20:04] it's simple [20:04] ufw allow 81? [20:04] ufw allow 81/tcp [20:04] hmm [20:04] let me try it [20:05] flush iptables first [20:05] *first* [20:05] because custom rules and ufw may interfere [20:05] ok [20:05] iptables -F right? [20:06] mhm [20:07] then this: ufw allow ssh; ufw allow http; ufw allow 81/tcp; ufw allow ftp # the latter if you're stupid enough to use FTP in production [20:09] the thing about FTP is, it uses different ports for control and data, which is a bad idea with NATed machines [20:09] it works, however, with protocol helpers [20:09] but then, if you try to do something smart, as in encrypting the data, the router can't see which ports to forward, and FTP just won't work [20:10] use SFTP instead [20:14] is there a channel for LXD? [20:28] there's #lxcontainers and #lxc-devel [20:36] yep, just noticed that its just the regular LXC channel. Wasnt sure if there was one specific to LXD. [20:42] I am struggling to get sshd's AuthorizedCommandKeys bit to work successfully [20:42] made a script that literally just curl my github keys to stdout [20:42] can't actually auth from results [20:45] Anyone see anything painfully wrong? http://i.imgur.com/cO2P7eq.png [20:50] What is this "AuthorizedCommandKeys" [20:51] TJ-: this - https://gist.github.com/sivel/c68f601137ef9063efd7 [20:51] supposedly a command you can tell sshd to run to get an alternative authorized_keys set before checking each user's home directory [20:51] trying to use it as a simple way to not have to update authorized_keys files across vms [20:53] tonymke: it's "AuthorizedKeysCommand" [20:55] that's what's in the sshd config [20:55] so that's not it [20:55] just a typo in here [20:56] OK :) ... try increasing logging verbosity of sshd [20:59] tonymke: you've also got "AuthorizedKeysCommandUser" configured and set to a valid user account? [20:59] "unsave permissions or modes for file" [20:59] alright, that's helpful [21:01] The man-page does say "The program must be owned by root, not writable by group or [21:01] others and specified by an absolute path [21:02] yeah, it's owned by root. trying 700 perms now [21:03] im running LAMP on ubuntu server 14.04 [21:04] got it [21:04] wooo [21:04] can't run a proxy script [21:04] im getting error 500 [22:57] hello [22:57] have problems with squid3.4 [22:57] http://pastebin.com/HXB63yyh === Monthrect is now known as Piper-Off === Lcawte is now known as Lcawte|Away === Piper-Off is now known as Monthrect