/srv/irclogs.ubuntu.com/2015/11/17/#ubuntu-server.txt

=== Lcawte is now known as Lcawte|Away
=== neurotus is now known as Guest39542
=== bekks_ is now known as bekks
=== bilde2910_ is now known as bilde2910
=== jrgifford_ is now known as jrgifford
=== neurotus is now known as Guest70696
=== hsmiths_ is now known as hsmiths
=== adam_g` is now known as adam_g
Sonuhi05:52
SonuHi , i am unable to copy my data from ubuntu to my yureka android mobile. http://imgur.com/6zX990u05:53
=== andol_ is now known as andol
Slinghmm security.ubuntu.com doesn't seem to be reachable over ipv6?09:52
henkjan_2001:67c:1562::17 and 2001:67c:1562::16 are not working for me10:00
=== G_ is now known as G
=== Lcawte|Away is now known as Lcawte
=== Piper-Off is now known as Monthrect
=== cpaelzer_ is now known as cpaelzer
zolderHi, im currently setup an sftp server and ssh with a custom port etc.. its running from the inside and outside, only i dont know where i need to change the root directory where the sftp starts11:54
zolderwhen i login into it :)11:55
RoyKzolder: http://www.cyberciti.biz/tips/howto-linux-unix-rssh-chroot-jail-setup.html perhaps?12:11
RoyKzolder: if you don't use chroot, it should normally be secure enough anyway unless you do something exceedingly stupid12:11
RoyKzolder: using rssh is always a good idea for sftp if the users won't need full ssh access12:12
zolderi just use it for personal use12:20
zolderim confused by the man sftp-server12:20
zolderSubsystem sftp /usr/lib/openssh/sftp-server so that rule in my sshd.conf, do i need to put the -d command there ?12:21
RoyKzolder: sftp is enabled by default12:22
RoyKzolder: with all ssh servers12:22
zolderits running12:22
zolderbut when i login12:22
zolderi need to set a home directory where it begins12:22
RoyKzolder: default PWD after login is /home12:23
zolderso i was told to typ,  MAN sftp-server12:23
zolderso in the first line i read -D or -d12:23
zolderTo set my start directory12:23
zolderi want to set my staret directory to /var/www/downloads12:24
RoyKzolder: not sure, but I *guess*12:24
zolderand not to /home12:24
RoyKSubsystem sftp /usr/lib/openssh/sftp-server -d /var/www/downloads12:24
zolderyeah thats what i have to put in the rule then12:24
zolderi was not sure how to put it12:25
zoldersftp /usr/lib/openssh/sftp-server what does that part do then ?12:25
zoldercant i just delete that ?12:25
RoyKuh?12:25
zolderso if i do Subsytem sftp-server -d /var/www/downloads12:26
RoyKzolder: you don't want two lines with 'Subsystem sftp'12:26
zolderno i understand12:26
zolderbut why do i need the first part of that subsystem12:26
RoyKI have this in my sshd_config12:26
RoyKSubsystem sftp /usr/lib/openssh/sftp-server12:26
zolder yeah me too atm12:27
RoyKjust add '-d /whatever' to that line12:27
zolderok12:27
zoldercool12:27
RoyKmight even work ;)12:27
zolderI read on a tutorial that someone changed that line to sftp-internal or something12:27
zolderbut im not sure what it all is doin12:27
zolderto newb for that :P12:27
RoyKjust testet - works12:28
zolderok12:28
zoldercool12:28
RoyKbut it doesn't chroot anything12:28
RoyKso if you need chroot, see the link above12:28
zolderis chroot something like chown ?12:29
zolderil click the link12:29
zolderlol12:29
zolderchroot locks a user into  a directory12:30
zoldersounds legit12:30
zolderpretty complicated12:31
zolderdamn12:31
RoyKyeah, better lock users to /home or something and set permissions to only allow users to access their own dir12:32
RoyKchmod go-rwx /home/*12:32
RoyKor something12:32
RoyKthen you probably won't need chroot that much12:32
zolderchroot seems so much effort12:33
zolderdamn12:33
RoyKwe're not using it anymore for our servers, with 20k users ;)12:33
zolderit doesnt explain enough12:33
zolderwhy create the things and all the folders12:33
zolderits just like follow this and you will be ok12:33
RoyKzolder: because if something is chrooted, the actual process is also chrooted, and it needs access to some libs and devices etc12:34
zolderomg 20k users... so much fun to setup :P12:34
zolderbut i guess u use a script for that?12:34
zolderahhh12:34
RoyKfor what? the chroot thing?12:34
zolderso you create your personal root..12:34
RoyKyeah, something like that12:35
zolderlot of setting with that then12:35
RoyKand that makes it rather hard to break out of it12:35
zolderok12:35
RoyKzolder: better chroot users to just /home instead of $HOME - no need to have a chroot evironment in every homedir12:36
RoyKzolder: or just drop it - if file permissions are ok, there's no need to restrict things any further12:37
zolderso i type like chroot username:groupname and then ?12:37
RoyKchroot /somedir12:37
zolderand that applyĹ› to the user im logged into ?12:37
RoyKor yeah12:37
zolderhome is fine, only crap in there so12:38
zolderits just if someone gets onto my sftp i dunno how, but still12:38
zolderhe cant go to my systemfiles12:38
zolderjust to be a little bit more safe.12:38
zolderDo you suggest to put PAM on or off ?12:39
RoyKwell, they won't be able to read the important bits12:39
RoyKdisabling PAM is *not* recommended12:39
zolderok12:39
zolderand allowDNS off ?12:39
RoyKthe default config is fairly secure as it is12:40
zolderok good to know12:40
zolderi see people making a lot of changes on one say pam on or off, the other say something else12:40
zolderthe tutorials are not always clear12:40
zolderthanks man for helping12:40
RoyKif you're not a linux wiz, just don't touch anything you don't know ;)12:40
zolderthats what i want to do12:41
zolderelse i never learn it12:41
RoyKthen test in a VM12:41
zolderi try do to everything from the terminal12:41
zolderim 2 days in linux, and got a cups server, sambaserver, lamp server, sftp,12:41
RoyKthat's very wise12:41
zolderbut i all set it up by terminal12:41
RoyKvery good indeed :)12:42
zolder10 years ago i used a Distro called Trustix Secure linux, it was only terminal commands12:42
zolderi learned the command mdma that time12:42
zolderhad so much fun with that :), so thats why i picked it up again12:42
RoyKzolder: I've been using linux since late 1994 and even though I had a short period abusing webmin, I gave up on that rather quickly and went back to the commandline ;)12:44
zolderhehe12:44
zolderf you understand the cli12:45
zolderyou gonna understand linux12:45
RoyKyou will12:45
zolderthe dekstop is not doin much for me12:45
zolderl;azyness12:45
zolderbecause when people install stuff, and they used desktop and they find a problem, they cannot fix it, because they dont know how to use the console12:45
RoyKzolder: if you want to test things like chroot or with/without PAM with ssh, I'd suggest installing kvm/libvirt/virt-manager and creating a VM or two to test things there12:46
zolderi can install kvm on top of my mint ?12:47
RoyKyeah12:47
zoldercan i make the VM bootable too so i start in fullscreen ?12:47
RoyKand install virt-manager - it's a GTK GUI thing for managing them12:48
RoyKzolder: no need, really, just install sshd on them and do the rest from there12:48
zolderk12:48
zolderi will look into that later i write it down12:48
RoyKapt-get install kvm libvirt virt-manager # ta-taa!12:48
zolderwhats the tataatata ?12:49
zolderjust a syntax after its installed?12:49
RoyK# is "comment symbol"12:50
zolderkk12:50
zolderi know from the config files, but didnt know can use it this way hehe12:50
zolderhmm i cannot use chroot command12:54
zolderdo i need to be su ?12:54
zolderahh i need to use chown12:57
jamespagecoreycb, finally got to my sweepup of packaging vmware-nsx + networking-l2gw from last cycle13:03
jamespagecoreycb, uploaded to debian unstable for NEW queue review13:03
jamespagebut also in ppa:james-page/xenial13:03
RoyKzolder: you need a chroot environment13:03
=== paule32_ is now known as paule32
RoyKzolder: did you manage to get kvm/libvirt running?13:12
zolderno not yet13:20
zolderi was doin some  http://www.techrepublic.com/blog/linux-and-open-source/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/13:20
zolderim locked i nmy directory now13:21
zolderthats good13:21
zolderi onyl need to change my permission so i can upload files13:22
paule32hello, someone there with squid knowledge?13:25
SlingI know they have ink13:29
=== Emmanuel_Chanel_ is now known as Emmanuel_Chanel
=== Pici` is now known as Pici
RoyKzolder: nice - didn't know that :)13:43
RoyK!ask | paule3213:43
ubottupaule32: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience13:43
=== Monthrect is now known as Piper-Off
meekratIs samba and winbind still the preferred method to join a Linux box to a Windows domain in Ubuntu Server 14.04LTS?13:59
hateballmeekrat: https://help.ubuntu.com/community/LikewiseOpen14:01
meekrathateball: That's 3rd party?14:01
meekrathateball: and it looks to be not activly maintained14:02
meekratIs this still preferred?   https://help.ubuntu.com/14.04/serverguide/samba-ad-integration.html14:02
hateballmeekrat: hmm yes it does look abandoned. my bad for going off memory14:03
meekratNo problem....just trying to see if something out of the box or actively supported (and/or stable) exists14:04
RoyKmeekrat: isn't sssd the preferred nowadays? or is that just on rhel/centos?14:20
meekratRoyK: don't know.  I'mm going throught the Samba Winbind docs not - just doing it like old school days back in 1999....I'm just creating a linux member server to an existing windows domain14:21
meekratCrossing fingers it'll work.14:21
=== diplo_ is now known as diplo
RoyKmeekrat: it will14:40
RoyKmeekrat: using AD?14:41
zolderroyk you learn everyday :P14:44
=== alai888 is now known as alai
davidic654more rebbots I see14:49
davidic654reboots14:49
RoyKmore rabbits14:49
davidic654when will Ubuntu stop the need to reboot twice a week14:49
davidic654my deb servers are like every 3 motnhs14:50
davidic654months14:50
RoyKwhich version of ubuntu?14:50
davidic65412.04 and 14.0414:51
RoyKdavidic654: ubuntu usually requests restarts after kernel or libc is updated14:51
RoyKdavidic654: with 4.x kernels, automatic kernel upgrades will be dynamic (when that work's done), so you won't need a reboot14:51
davidic654any way around these frequent reboots, I manage upto 50 servers and its a pain14:51
davidic654ty14:51
RoyKbut for libc, you'll need to restart most processes (or all) meaning a reboot is easier14:52
davidic654less reboots is a great selling point I would have thought14:53
RoyKdavidic654: even if ubuntu requests a reboot, check /var/run/reboot-required.pkgs14:53
davidic654ty14:53
davidic654less reboots and a great EOL and its a winner :)14:53
RoyKseems my old 12.04 server has a bunch of new kernels :P14:54
davidic654:)14:54
pmatulismeekrat: https://help.ubuntu.com/14.04/serverguide/sssd-ad.html14:55
RoyKI'm also waiting for this http://www.zdnet.com/article/no-reboot-patching-comes-to-linux-4-0/14:55
RoyKpmatulis: it works without sssd too14:56
davidic654yeah its an obvious issue they are looking at14:56
davidic654ty for that RoyK14:56
davidic654less than ever ;)14:57
davidic654its like twice a week with Ubuntu at the mo14:57
davidic654One reason to love Linux on your servers or in your data-center is that you so seldom needed to reboot it :) Really14:58
davidic654I like Ubuntu because of its great EOL and compatibility with the CP I use for clients, but sod these frequent reboots, hope all improves soon14:59
davidic654apt-get update apt-get upgrade apt-get autoreove apt-get autoclean reboot, story of my life at the moment :)15:01
davidic654autoremove15:01
davidic654the 5 commandments :)15:02
davidic654see you sorted the grub timeout issue with headless servers, well done15:04
davidic654just in libxml2 vulnerabilities, needs reboot, geeeeez15:06
davidic6543 hours of my life gone tomorrow15:06
mdeslaurdavidic654: there's nothing special about ubuntu that would require more reboots than any other linux distro15:09
mdeslaurdavidic654: it's pretty much only kernel updates15:10
davidic654I use Debian and Ubuntu but Ubuntu reboots are over the top15:10
davidic654Ubuntu has a lot more kernel updates15:10
mdeslaurdavidic654: if you're fine with waiting three months between kernel updates, then just reboot every three months15:11
mdeslaurdavidic654: we publish kernel updates pretty much every three weeks15:11
davidic654actually can I ask a Q I have a few servers with hetzner and I never have a kernel update just the dev part is that normal?15:12
davidic654they running a special kernel or something15:12
mdeslaurdebian does a kernel update every 4-6- weeks15:12
davidic654I mean for security reasons, so and so found tthat etc15:13
mdeslaurdavidic654: sorry, don't know anything about hetzner15:13
davidic654all my kernel updates are because of security15:14
davidic654so and so found etc15:14
mdeslaurso ubuntu only has about 1.5 more kernel updates than debian15:15
davidic654I guess the expoits are very sophisticated but I like to keep servers secure15:15
davidic654exploits15:15
davidic654maybe I worry too much15:15
=== Guest80875 is now known as mfisch
davidic654http://www.ubuntu.com/usn/15:17
=== mfisch is now known as Guest20594
=== Guest20594 is now known as mfisch
davidic654looks like they are looking at the issue anyway15:18
jpdsdavidic654: Looking into the issue?15:31
davidic654the new kernel15:31
davidic654I think reboots are annoying a lot of people15:32
jpdsYou know that you don't HAVE to reboot when you get a new kernel?15:32
davidic654for security issues?15:32
jpdsNo15:32
jpdsYou can look at the changelog and see what exactly has changed15:32
RoyKdavidic654: use && between them15:33
davidic654why does Ubuntu say that you have to reboot for the changes to take effect15:33
jpdsIf all that's changed is that some kernel module that you never use, you don't need to reboot15:33
RoyKdavidic654: libc changes makes you have to restart all processes - kernel changes makes a reboot needed unless you use some hotpatching thing15:34
davidic654its always a security thing tho15:35
davidic654hangon15:35
RoyKdavidic654: mostly "reboot required" only means "it would be nice for a reboot because some things may have changed"15:35
davidic654ok15:36
RoyKdavidic654: https://xkcd.com/1328/15:36
RoyKdavidic654: see the mouseover ;)15:37
davidic654USN-2803-1: Linux kernel vulnerability is specifically for KVM hypervisor for eg, so you only need to update the kernel if running that15:37
jpdsdavidic654: Exactly15:38
davidic654got it15:38
davidic654geez now I can go on holiday :)15:38
RoyKdavidic654: you'll get an email tomorrow that a new critical fix is on the way :D15:39
davidic654maybe Ubuntu should say if its a core file or something??15:39
jpdsdavidic654: Define core file15:42
davidic654minimal install?15:42
jpdsdavidic654: The whole kernel's part of the minimum install15:42
davidic654I just run webservers15:42
davidic654I think I may have been rebooting for things not on my servers maybe15:43
davidic654so maybe my fault15:43
jpdsdavidic654: Some obscure kernel module that it's used by a network card may be core for someone, but maybe not for me and you15:43
davidic654thanks all for the input :)15:45
=== zerick_ is now known as zerick
rickbeldincaribou_:  You around for a quick question?15:57
caribou_rickbeldin: hey sure15:57
=== caribou_ is now known as caribou
enekohi ubuntu-server team, got an apache2 conf question15:59
davidic654fire away15:59
enekothanks!15:59
rickbeldincaribou_: see private chat.16:00
enekoi have two DNSs that point to the same ubuntu 14.04/apache.2.4 server. Lets say http://example1.com and http://example2.com resolve to this one ubuntu box.  My ubuntu server has only one server (a LAMP running Drupal).  One of the addresses resolves in miliseconds ($time curl example1.com) and the other in 9seconds. What could be at play?  Im the authoritative for one of the DNS, and Network Solutions is the other (for example2.co16:02
enekoMy apache conf includes the directives in 000-default.conf, which I tried w/o ServerName and ServerAlias, but I also tried with both directives, no difference16:03
=== ossurayynot is now known as tonyyarusso
rbasakcpaelzer: join #ubuntu-meeting for the server team meeting please?16:04
cpaelzerrbasak - busy with jgrimm joining16:05
cpaelzerrbasak - thanks for notifying16:05
smoseranyone want to help ?16:39
smoserhttp://paste.ubuntu.com/13314598/16:39
smoserOdd_Bloke is often helpful for me in such situations.16:39
Odd_Blokesmoser: https://docs.python.org/3/library/functools.html#functools.lru_cache ?16:42
Odd_BlokePy3-only; I'm sure I've seen a Py2 one somewhere.16:42
smoserhuh. thats neat.16:44
smoserbut what am i doing wrong... http://stackoverflow.com/questions/6268278/modifying-global-variables-in-python-unittest-framework seems to say it should work16:44
smoseris mock getting in my way ?16:44
jamespagecoreycb, do I remember correctly that it was planned to update the python version in 14.04?16:47
coreycbjamespage, hmm?16:54
game0guys, I'm not able to use apt-get in my server16:55
game0E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?16:57
coreycbsmoser, don't you need to declare 'global __lsb_release' before being able to write to it in test_expected()?16:57
game0this is the message that I'm recieving16:57
game0how can I solve this problem16:57
game0?16:57
smosercoreycb, well i'm trying to write to it via its module namespace.16:58
smosershoudlnt that work?16:58
jamespagecoreycb, we did some fixes in openstack to support python 2.7.9 which I think got backported right?16:58
coreycbsmoser, I'm not positive but I thought you had to do it the same way you do in reset_lsb()16:59
coreycbjamespage, are your referring to bug 1403068?17:01
ubottubug 1403068 in OpenStack Identity (keystone) juno "Tests fail with python 2.7.9" [Undecided,Fix committed] https://launchpad.net/bugs/140306817:01
jamespagecoreycb, yeah that's the one - lemme check with doko17:02
coreycbjamespage, bug 143457517:05
ubottubug 1434575 in neutron (Ubuntu Trusty) "[SRU] OpenStack test updates to support PEP 476" [Medium,In progress] https://launchpad.net/bugs/143457517:05
jamespagecoreycb, right17:06
jamespagecoreycb, this is the one causing zul and i headaches right now:17:06
jamespagehttps://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/144370417:06
ubottuLaunchpad bug 1443704 in python2.7 (Ubuntu) "Support for TLS 1.2 not present (added in 2.7.9)" [Undecided,Confirmed]17:06
zuljamespage: we can probably get a newer version placed in backports maybe?17:07
coreycbjamespage, yuck, but yeah maybe the python upgrade would fix it17:10
smosercoreycb, well, http://stackoverflow.com/questions/1301346/the-meaning-of-a-single-and-a-double-underscore-before-an-object-name-in-python17:29
smoserthats what it is.17:29
smoserthe __ makes was causing name mangling.17:29
SCHAAP137what is preferable: sudo reboot, or sudo shutdown -r now ?17:32
SCHAAP137or is it exactly the same?17:32
smoserSCHAAP137, there might be some difference, but i'm not aware of one.17:33
TJ-reboot is often a symlink17:33
TJ-depends on the init-system as to what it links to17:33
coreycbsmoser, ah good to know, thanks17:34
davidic654reboot is a very popular command these days ;)17:35
smosercoreycb, http://paste.ubuntu.com/13315248/17:35
SCHAAP137cool, thanks smoser, TJ-17:35
TJ-reboot should be a symlink to /bin/true :)17:36
SCHAAP137i just saw the same question appear in #openbsd, and i curiously thought, would it make a difference in Ubuntu?17:36
=== meerkat is now known as Guest31434
=== Piper-Off is now known as Monthrect
SCHAAP137i have an issue with nginx. When nginx starts during the boot process, not all of my IPv6 addresses are up yet. How can I make it start later in the boot process?18:27
SCHAAP137my workaround now is to kill nginx and restart the service manually, after boot is completed18:32
=== roo_ is now known as roo
sarnoldSCHAAP137: you can use an .override file for the upstart configuration to change the 'start on' line; you'd need to make sure that the service that sets up the ipv6 addresses emits a signal of some sort, or you 'manually' emit the signal yoursellf, see http://upstart.ubuntu.com/cookbook/#ordering and some of the following sections for a better sketch of this18:32
SCHAAP137cool, i will read that, thanks sarnold18:33
SCHAAP137i'm just using /etc/network/interfaces to set up the addresses18:33
sarnoldhmm, it feels like that should work better :/18:34
sarnoldteward: around? :) ^^^18:34
SCHAAP137i'm assigning one address statically, and use 'up /sbin/ifconfig eth0 inet6 add [addr]' twice within that same block, for adding a few extra ones18:36
SCHAAP137the nginx error is about one of those18:36
sarnoldyeah, I'd expect that to work, hehe :)18:39
SCHAAP137yeh me too18:39
sarnoldgranted, there's funny delays with ipv6, DAD and all18:39
SCHAAP137now i got that wacky workaround in my /etc/rc.local, which is not pretty ;P18:41
sarnoldindeed, no :)18:41
SCHAAP137restarting ssh service from there as well, because tun0 and tun1 aren't up yet when ssh starts18:41
sarnolda better workaround, if a proper fix is just too hard to get working, is to use the 'manual' method of starting it, and then keep your /etc/rc.local change to -start- nginx, rather than restarting it :) that at least saves a useless start and stop18:41
sarnolde.g. http://upstart.ubuntu.com/cookbook/#override-files18:42
SCHAAP137hmm, clever thinking... i should do it like that indeed18:42
=== neurotus is now known as Guest26654
=== csdc is now known as adv_
jetsaredimdoes anyone in here know how to fix a broken systemd?20:37
jetsaredimI recently upgraded from 14.10 to 15.04 (on the way to 15.10) and when I rebooted the system just hangs on "systemd[1]: Freezing execution"20:37
=== jdstrand_ is now known as jdstrand
antixhttps://bugs.launchpad.net/maas/+bug/144669920:44
ubottuLaunchpad bug 1446699 in MAAS "After upgrade to 15.04, unable to boot with maas installed running systemd" [Critical,Fix committed]20:44
antixjetsaredim: ^20:44
antixI don't know if that's relevant20:45
jetsaredimi don't know if i have maas installed20:51
jetsaredimi actually commented on that bug (the last comment)20:51
jetsaredimaccording to the description of maas, it seems like some sort of cluster provisioning front-end and I certainly don't have that sort of environment20:53
jetsaredimthe issue I have is that I can't even boot the system to attempt any fixes20:54
sarnoldif you can't get the "single" or "rescue" things to work, you can always boot with init=/bin/bash20:55
jetsaredimit's not really even clear from that bug report what I'd need to fix21:04
jetsaredimsarnold: looks like maybe the real bug is...21:19
jetsaredimhttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/149165821:19
ubottuLaunchpad bug 1491658 in linux (Ubuntu) "systemd[1]: Failed to insert module 'kdbus': Function not implemented" [Medium,Expired]21:19
sarnoldjetsaredim: yikes, if that message is correct that's _really_ annoyuing21:20
sarnoldjetsaredim: .. fedora pulled kdbus entirely the other day so the authors could work on it further21:20
sarnoldjetsaredim: head into #ubuntu-devel and poke pitti with that bug number -- unforutnately it'll be a few huors before pitti's around but this feels like it needs his input21:20
jetsaredimfun times21:21
jetsaredimsarnold: I see what part of the issue is...  I have an mdadm device listed in my fstab file without "nofail" and it seems to not be correctly starting the device on boot22:11
jetsaredimI have to go in and manually update it22:11
=== rmc3_ is now known as rmc3
=== Monthrect is now known as Piper-Off
tewardsarnold: ping23:48

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!