[05:52] <Sonu> hi
[05:53] <Sonu> Hi , i am unable to copy my data from ubuntu to my yureka android mobile. http://imgur.com/6zX990u
[09:52] <Sling> hmm security.ubuntu.com doesn't seem to be reachable over ipv6?
[10:00] <henkjan_> 2001:67c:1562::17 and 2001:67c:1562::16 are not working for me
[11:54] <zolder> Hi, im currently setup an sftp server and ssh with a custom port etc.. its running from the inside and outside, only i dont know where i need to change the root directory where the sftp starts
[11:55] <zolder> when i login into it :)
[12:11] <RoyK> zolder: http://www.cyberciti.biz/tips/howto-linux-unix-rssh-chroot-jail-setup.html perhaps?
[12:11] <RoyK> zolder: if you don't use chroot, it should normally be secure enough anyway unless you do something exceedingly stupid
[12:12] <RoyK> zolder: using rssh is always a good idea for sftp if the users won't need full ssh access
[12:20] <zolder> i just use it for personal use
[12:20] <zolder> im confused by the man sftp-server
[12:21] <zolder> Subsystem sftp /usr/lib/openssh/sftp-server so that rule in my sshd.conf, do i need to put the -d command there ?
[12:22] <RoyK> zolder: sftp is enabled by default
[12:22] <RoyK> zolder: with all ssh servers
[12:22] <zolder> its running
[12:22] <zolder> but when i login
[12:22] <zolder> i need to set a home directory where it begins
[12:23] <RoyK> zolder: default PWD after login is /home
[12:23] <zolder> so i was told to typ,  MAN sftp-server
[12:23] <zolder> so in the first line i read -D or -d
[12:23] <zolder> To set my start directory
[12:24] <zolder> i want to set my staret directory to /var/www/downloads
[12:24] <RoyK> zolder: not sure, but I *guess*
[12:24] <zolder> and not to /home
[12:24] <RoyK> Subsystem sftp /usr/lib/openssh/sftp-server -d /var/www/downloads
[12:24] <zolder> yeah thats what i have to put in the rule then
[12:25] <zolder> i was not sure how to put it
[12:25] <zolder> sftp /usr/lib/openssh/sftp-server what does that part do then ?
[12:25] <zolder> cant i just delete that ?
[12:25] <RoyK> uh?
[12:26] <zolder> so if i do Subsytem sftp-server -d /var/www/downloads
[12:26] <RoyK> zolder: you don't want two lines with 'Subsystem sftp'
[12:26] <zolder> no i understand
[12:26] <zolder> but why do i need the first part of that subsystem
[12:26] <RoyK> I have this in my sshd_config
[12:26] <RoyK> Subsystem sftp /usr/lib/openssh/sftp-server
[12:27] <zolder>  yeah me too atm
[12:27] <RoyK> just add '-d /whatever' to that line
[12:27] <zolder> ok
[12:27] <zolder> cool
[12:27] <RoyK> might even work ;)
[12:27] <zolder> I read on a tutorial that someone changed that line to sftp-internal or something
[12:27] <zolder> but im not sure what it all is doin
[12:27] <zolder> to newb for that :P
[12:28] <RoyK> just testet - works
[12:28] <zolder> ok
[12:28] <zolder> cool
[12:28] <RoyK> but it doesn't chroot anything
[12:28] <RoyK> so if you need chroot, see the link above
[12:29] <zolder> is chroot something like chown ?
[12:29] <zolder> il click the link
[12:29] <zolder> lol
[12:30] <zolder> chroot locks a user into  a directory
[12:30] <zolder> sounds legit
[12:31] <zolder> pretty complicated
[12:31] <zolder> damn
[12:32] <RoyK> yeah, better lock users to /home or something and set permissions to only allow users to access their own dir
[12:32] <RoyK> chmod go-rwx /home/*
[12:32] <RoyK> or something
[12:32] <RoyK> then you probably won't need chroot that much
[12:33] <zolder> chroot seems so much effort
[12:33] <zolder> damn
[12:33] <RoyK> we're not using it anymore for our servers, with 20k users ;)
[12:33] <zolder> it doesnt explain enough
[12:33] <zolder> why create the things and all the folders
[12:33] <zolder> its just like follow this and you will be ok
[12:34] <RoyK> zolder: because if something is chrooted, the actual process is also chrooted, and it needs access to some libs and devices etc
[12:34] <zolder> omg 20k users... so much fun to setup :P
[12:34] <zolder> but i guess u use a script for that?
[12:34] <zolder> ahhh
[12:34] <RoyK> for what? the chroot thing?
[12:34] <zolder> so you create your personal root..
[12:35] <RoyK> yeah, something like that
[12:35] <zolder> lot of setting with that then
[12:35] <RoyK> and that makes it rather hard to break out of it
[12:35] <zolder> ok
[12:36] <RoyK> zolder: better chroot users to just /home instead of $HOME - no need to have a chroot evironment in every homedir
[12:37] <RoyK> zolder: or just drop it - if file permissions are ok, there's no need to restrict things any further
[12:37] <zolder> so i type like chroot username:groupname and then ?
[12:37] <RoyK> chroot /somedir
[12:37] <zolder> and that applyś to the user im logged into ?
[12:37] <RoyK> or yeah
[12:38] <zolder> home is fine, only crap in there so
[12:38] <zolder> its just if someone gets onto my sftp i dunno how, but still
[12:38] <zolder> he cant go to my systemfiles
[12:38] <zolder> just to be a little bit more safe.
[12:39] <zolder> Do you suggest to put PAM on or off ?
[12:39] <RoyK> well, they won't be able to read the important bits
[12:39] <RoyK> disabling PAM is *not* recommended
[12:39] <zolder> ok
[12:39] <zolder> and allowDNS off ?
[12:40] <RoyK> the default config is fairly secure as it is
[12:40] <zolder> ok good to know
[12:40] <zolder> i see people making a lot of changes on one say pam on or off, the other say something else
[12:40] <zolder> the tutorials are not always clear
[12:40] <zolder> thanks man for helping
[12:40] <RoyK> if you're not a linux wiz, just don't touch anything you don't know ;)
[12:41] <zolder> thats what i want to do
[12:41] <zolder> else i never learn it
[12:41] <RoyK> then test in a VM
[12:41] <zolder> i try do to everything from the terminal
[12:41] <zolder> im 2 days in linux, and got a cups server, sambaserver, lamp server, sftp,
[12:41] <RoyK> that's very wise
[12:41] <zolder> but i all set it up by terminal
[12:42] <RoyK> very good indeed :)
[12:42] <zolder> 10 years ago i used a Distro called Trustix Secure linux, it was only terminal commands
[12:42] <zolder> i learned the command mdma that time
[12:42] <zolder> had so much fun with that :), so thats why i picked it up again
[12:44] <RoyK> zolder: I've been using linux since late 1994 and even though I had a short period abusing webmin, I gave up on that rather quickly and went back to the commandline ;)
[12:44] <zolder> hehe
[12:45] <zolder> f you understand the cli
[12:45] <zolder> you gonna understand linux
[12:45] <RoyK> you will
[12:45] <zolder> the dekstop is not doin much for me
[12:45] <zolder> l;azyness
[12:45] <zolder> because when people install stuff, and they used desktop and they find a problem, they cannot fix it, because they dont know how to use the console
[12:46] <RoyK> zolder: if you want to test things like chroot or with/without PAM with ssh, I'd suggest installing kvm/libvirt/virt-manager and creating a VM or two to test things there
[12:47] <zolder> i can install kvm on top of my mint ?
[12:47] <RoyK> yeah
[12:47] <zolder> can i make the VM bootable too so i start in fullscreen ?
[12:48] <RoyK> and install virt-manager - it's a GTK GUI thing for managing them
[12:48] <RoyK> zolder: no need, really, just install sshd on them and do the rest from there
[12:48] <zolder> k
[12:48] <zolder> i will look into that later i write it down
[12:48] <RoyK> apt-get install kvm libvirt virt-manager # ta-taa!
[12:49] <zolder> whats the tataatata ?
[12:49] <zolder> just a syntax after its installed?
[12:50] <RoyK> # is "comment symbol"
[12:50] <zolder> kk
[12:50] <zolder> i know from the config files, but didnt know can use it this way hehe
[12:54] <zolder> hmm i cannot use chroot command
[12:54] <zolder> do i need to be su ?
[12:57] <zolder> ahh i need to use chown
[13:03] <jamespage> coreycb, finally got to my sweepup of packaging vmware-nsx + networking-l2gw from last cycle
[13:03] <jamespage> coreycb, uploaded to debian unstable for NEW queue review
[13:03] <jamespage> but also in ppa:james-page/xenial
[13:03] <RoyK> zolder: you need a chroot environment
[13:12] <RoyK> zolder: did you manage to get kvm/libvirt running?
[13:20] <zolder> no not yet
[13:20] <zolder> i was doin some  http://www.techrepublic.com/blog/linux-and-open-source/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/
[13:21] <zolder> im locked i nmy directory now
[13:21] <zolder> thats good
[13:22] <zolder> i onyl need to change my permission so i can upload files
[13:25] <paule32> hello, someone there with squid knowledge?
[13:29] <Sling> I know they have ink
[13:43] <RoyK> zolder: nice - didn't know that :)
[13:43] <RoyK> !ask | paule32
[13:59] <meekrat> Is samba and winbind still the preferred method to join a Linux box to a Windows domain in Ubuntu Server 14.04LTS?
[14:01] <hateball> meekrat: https://help.ubuntu.com/community/LikewiseOpen
[14:01] <meekrat> hateball: That's 3rd party?
[14:02] <meekrat> hateball: and it looks to be not activly maintained
[14:02] <meekrat> Is this still preferred?   https://help.ubuntu.com/14.04/serverguide/samba-ad-integration.html
[14:03] <hateball> meekrat: hmm yes it does look abandoned. my bad for going off memory
[14:04] <meekrat> No problem....just trying to see if something out of the box or actively supported (and/or stable) exists
[14:20] <RoyK> meekrat: isn't sssd the preferred nowadays? or is that just on rhel/centos?
[14:21] <meekrat> RoyK: don't know.  I'mm going throught the Samba Winbind docs not - just doing it like old school days back in 1999....I'm just creating a linux member server to an existing windows domain
[14:21] <meekrat> Crossing fingers it'll work.
[14:40] <RoyK> meekrat: it will
[14:41] <RoyK> meekrat: using AD?
[14:44] <zolder> royk you learn everyday :P
[14:49] <davidic654> more rebbots I see
[14:49] <davidic654> reboots
[14:49] <RoyK> more rabbits
[14:49] <davidic654> when will Ubuntu stop the need to reboot twice a week
[14:50] <davidic654> my deb servers are like every 3 motnhs
[14:50] <davidic654> months
[14:50] <RoyK> which version of ubuntu?
[14:51] <davidic654> 12.04 and 14.04
[14:51] <RoyK> davidic654: ubuntu usually requests restarts after kernel or libc is updated
[14:51] <RoyK> davidic654: with 4.x kernels, automatic kernel upgrades will be dynamic (when that work's done), so you won't need a reboot
[14:51] <davidic654> any way around these frequent reboots, I manage upto 50 servers and its a pain
[14:51] <davidic654> ty
[14:52] <RoyK> but for libc, you'll need to restart most processes (or all) meaning a reboot is easier
[14:53] <davidic654> less reboots is a great selling point I would have thought
[14:53] <RoyK> davidic654: even if ubuntu requests a reboot, check /var/run/reboot-required.pkgs
[14:53] <davidic654> ty
[14:53] <davidic654> less reboots and a great EOL and its a winner :)
[14:54] <RoyK> seems my old 12.04 server has a bunch of new kernels :P
[14:54] <davidic654> :)
[14:55] <pmatulis> meekrat: https://help.ubuntu.com/14.04/serverguide/sssd-ad.html
[14:55] <RoyK> I'm also waiting for this http://www.zdnet.com/article/no-reboot-patching-comes-to-linux-4-0/
[14:56] <RoyK> pmatulis: it works without sssd too
[14:56] <davidic654> yeah its an obvious issue they are looking at
[14:56] <davidic654> ty for that RoyK
[14:57] <davidic654> less than ever ;)
[14:57] <davidic654> its like twice a week with Ubuntu at the mo
[14:58] <davidic654> One reason to love Linux on your servers or in your data-center is that you so seldom needed to reboot it :) Really
[14:59] <davidic654> I like Ubuntu because of its great EOL and compatibility with the CP I use for clients, but sod these frequent reboots, hope all improves soon
[15:01] <davidic654> apt-get update apt-get upgrade apt-get autoreove apt-get autoclean reboot, story of my life at the moment :)
[15:01] <davidic654> autoremove
[15:02] <davidic654> the 5 commandments :)
[15:04] <davidic654> see you sorted the grub timeout issue with headless servers, well done
[15:06] <davidic654> just in libxml2 vulnerabilities, needs reboot, geeeeez
[15:06] <davidic654> 3 hours of my life gone tomorrow
[15:09] <mdeslaur> davidic654: there's nothing special about ubuntu that would require more reboots than any other linux distro
[15:10] <mdeslaur> davidic654: it's pretty much only kernel updates
[15:10] <davidic654> I use Debian and Ubuntu but Ubuntu reboots are over the top
[15:10] <davidic654> Ubuntu has a lot more kernel updates
[15:11] <mdeslaur> davidic654: if you're fine with waiting three months between kernel updates, then just reboot every three months
[15:11] <mdeslaur> davidic654: we publish kernel updates pretty much every three weeks
[15:12] <davidic654> actually can I ask a Q I have a few servers with hetzner and I never have a kernel update just the dev part is that normal?
[15:12] <davidic654> they running a special kernel or something
[15:12] <mdeslaur> debian does a kernel update every 4-6- weeks
[15:13] <davidic654> I mean for security reasons, so and so found tthat etc
[15:13] <mdeslaur> davidic654: sorry, don't know anything about hetzner
[15:14] <davidic654> all my kernel updates are because of security
[15:14] <davidic654> so and so found etc
[15:15] <mdeslaur> so ubuntu only has about 1.5 more kernel updates than debian
[15:15] <davidic654> I guess the expoits are very sophisticated but I like to keep servers secure
[15:15] <davidic654> exploits
[15:15] <davidic654> maybe I worry too much
[15:17] <davidic654> http://www.ubuntu.com/usn/
[15:18] <davidic654> looks like they are looking at the issue anyway
[15:31] <jpds> davidic654: Looking into the issue?
[15:31] <davidic654> the new kernel
[15:32] <davidic654> I think reboots are annoying a lot of people
[15:32] <jpds> You know that you don't HAVE to reboot when you get a new kernel?
[15:32] <davidic654> for security issues?
[15:32] <jpds> No
[15:32] <jpds> You can look at the changelog and see what exactly has changed
[15:33] <RoyK> davidic654: use && between them
[15:33] <davidic654> why does Ubuntu say that you have to reboot for the changes to take effect
[15:33] <jpds> If all that's changed is that some kernel module that you never use, you don't need to reboot
[15:34] <RoyK> davidic654: libc changes makes you have to restart all processes - kernel changes makes a reboot needed unless you use some hotpatching thing
[15:35] <davidic654> its always a security thing tho
[15:35] <davidic654> hangon
[15:35] <RoyK> davidic654: mostly "reboot required" only means "it would be nice for a reboot because some things may have changed"
[15:36] <davidic654> ok
[15:36] <RoyK> davidic654: https://xkcd.com/1328/
[15:37] <RoyK> davidic654: see the mouseover ;)
[15:37] <davidic654> USN-2803-1: Linux kernel vulnerability is specifically for KVM hypervisor for eg, so you only need to update the kernel if running that
[15:38] <jpds> davidic654: Exactly
[15:38] <davidic654> got it
[15:38] <davidic654> geez now I can go on holiday :)
[15:39] <RoyK> davidic654: you'll get an email tomorrow that a new critical fix is on the way :D
[15:39] <davidic654> maybe Ubuntu should say if its a core file or something??
[15:42] <jpds> davidic654: Define core file
[15:42] <davidic654> minimal install?
[15:42] <jpds> davidic654: The whole kernel's part of the minimum install
[15:42] <davidic654> I just run webservers
[15:43] <davidic654> I think I may have been rebooting for things not on my servers maybe
[15:43] <davidic654> so maybe my fault
[15:43] <jpds> davidic654: Some obscure kernel module that it's used by a network card may be core for someone, but maybe not for me and you
[15:45] <davidic654> thanks all for the input :)
[15:57] <rickbeldin> caribou_:  You around for a quick question?
[15:57] <caribou_> rickbeldin: hey sure
[15:59] <eneko> hi ubuntu-server team, got an apache2 conf question
[15:59] <davidic654> fire away
[15:59] <eneko> thanks!
[16:00] <rickbeldin> caribou_: see private chat.
[16:02] <eneko> i have two DNSs that point to the same ubuntu 14.04/apache.2.4 server. Lets say http://example1.com and http://example2.com resolve to this one ubuntu box.  My ubuntu server has only one server (a LAMP running Drupal).  One of the addresses resolves in miliseconds ($time curl example1.com) and the other in 9seconds. What could be at play?  Im the authoritative for one of the DNS, and Network Solutions is the other (for example2.co
[16:03] <eneko> My apache conf includes the directives in 000-default.conf, which I tried w/o ServerName and ServerAlias, but I also tried with both directives, no difference
[16:04] <rbasak> cpaelzer: join #ubuntu-meeting for the server team meeting please?
[16:05] <cpaelzer> rbasak - busy with jgrimm joining
[16:05] <cpaelzer> rbasak - thanks for notifying
[16:39] <smoser> anyone want to help ?
[16:39] <smoser> http://paste.ubuntu.com/13314598/
[16:39] <smoser> Odd_Bloke is often helpful for me in such situations.
[16:42] <Odd_Bloke> smoser: https://docs.python.org/3/library/functools.html#functools.lru_cache ?
[16:42] <Odd_Bloke> Py3-only; I'm sure I've seen a Py2 one somewhere.
[16:44] <smoser> huh. thats neat.
[16:44] <smoser> but what am i doing wrong... http://stackoverflow.com/questions/6268278/modifying-global-variables-in-python-unittest-framework seems to say it should work
[16:44] <smoser> is mock getting in my way ?
[16:47] <jamespage> coreycb, do I remember correctly that it was planned to update the python version in 14.04?
[16:54] <coreycb> jamespage, hmm?
[16:55] <game0> guys, I'm not able to use apt-get in my server
[16:57] <game0> E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
[16:57] <coreycb> smoser, don't you need to declare 'global __lsb_release' before being able to write to it in test_expected()?
[16:57] <game0> this is the message that I'm recieving
[16:57] <game0> how can I solve this problem
[16:57] <game0> ?
[16:58] <smoser> coreycb, well i'm trying to write to it via its module namespace.
[16:58] <smoser> shoudlnt that work?
[16:58] <jamespage> coreycb, we did some fixes in openstack to support python 2.7.9 which I think got backported right?
[16:59] <coreycb> smoser, I'm not positive but I thought you had to do it the same way you do in reset_lsb()
[17:01] <coreycb> jamespage, are your referring to bug 1403068?
[17:02] <jamespage> coreycb, yeah that's the one - lemme check with doko
[17:05] <coreycb> jamespage, bug 1434575
[17:06] <jamespage> coreycb, right
[17:06] <jamespage> coreycb, this is the one causing zul and i headaches right now:
[17:06] <jamespage> https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1443704
[17:07] <zul> jamespage: we can probably get a newer version placed in backports maybe?
[17:10] <coreycb> jamespage, yuck, but yeah maybe the python upgrade would fix it
[17:29] <smoser> coreycb, well, http://stackoverflow.com/questions/1301346/the-meaning-of-a-single-and-a-double-underscore-before-an-object-name-in-python
[17:29] <smoser> thats what it is.
[17:29] <smoser> the __ makes was causing name mangling.
[17:32] <SCHAAP137> what is preferable: sudo reboot, or sudo shutdown -r now ?
[17:32] <SCHAAP137> or is it exactly the same?
[17:33] <smoser> SCHAAP137, there might be some difference, but i'm not aware of one.
[17:33] <TJ-> reboot is often a symlink
[17:33] <TJ-> depends on the init-system as to what it links to
[17:34] <coreycb> smoser, ah good to know, thanks
[17:35] <davidic654> reboot is a very popular command these days ;)
[17:35] <smoser> coreycb, http://paste.ubuntu.com/13315248/
[17:35] <SCHAAP137> cool, thanks smoser, TJ-
[17:36] <TJ-> reboot should be a symlink to /bin/true :)
[17:36] <SCHAAP137> i just saw the same question appear in #openbsd, and i curiously thought, would it make a difference in Ubuntu?
[18:27] <SCHAAP137> i have an issue with nginx. When nginx starts during the boot process, not all of my IPv6 addresses are up yet. How can I make it start later in the boot process?
[18:32] <SCHAAP137> my workaround now is to kill nginx and restart the service manually, after boot is completed
[18:32] <sarnold> SCHAAP137: you can use an .override file for the upstart configuration to change the 'start on' line; you'd need to make sure that the service that sets up the ipv6 addresses emits a signal of some sort, or you 'manually' emit the signal yoursellf, see http://upstart.ubuntu.com/cookbook/#ordering and some of the following sections for a better sketch of this
[18:33] <SCHAAP137> cool, i will read that, thanks sarnold
[18:33] <SCHAAP137> i'm just using /etc/network/interfaces to set up the addresses
[18:34] <sarnold> hmm, it feels like that should work better :/
[18:34] <sarnold> teward: around? :) ^^^
[18:36] <SCHAAP137> i'm assigning one address statically, and use 'up /sbin/ifconfig eth0 inet6 add [addr]' twice within that same block, for adding a few extra ones
[18:36] <SCHAAP137> the nginx error is about one of those
[18:39] <sarnold> yeah, I'd expect that to work, hehe :)
[18:39] <SCHAAP137> yeh me too
[18:39] <sarnold> granted, there's funny delays with ipv6, DAD and all
[18:41] <SCHAAP137> now i got that wacky workaround in my /etc/rc.local, which is not pretty ;P
[18:41] <sarnold> indeed, no :)
[18:41] <SCHAAP137> restarting ssh service from there as well, because tun0 and tun1 aren't up yet when ssh starts
[18:41] <sarnold> a better workaround, if a proper fix is just too hard to get working, is to use the 'manual' method of starting it, and then keep your /etc/rc.local change to -start- nginx, rather than restarting it :) that at least saves a useless start and stop
[18:42] <sarnold> e.g. http://upstart.ubuntu.com/cookbook/#override-files
[18:42] <SCHAAP137> hmm, clever thinking... i should do it like that indeed
[20:37] <jetsaredim> does anyone in here know how to fix a broken systemd?
[20:37] <jetsaredim> I recently upgraded from 14.10 to 15.04 (on the way to 15.10) and when I rebooted the system just hangs on "systemd[1]: Freezing execution"
[20:44] <antix> https://bugs.launchpad.net/maas/+bug/1446699
[20:44] <antix> jetsaredim: ^
[20:45] <antix> I don't know if that's relevant
[20:51] <jetsaredim> i don't know if i have maas installed
[20:51] <jetsaredim> i actually commented on that bug (the last comment)
[20:53] <jetsaredim> according to the description of maas, it seems like some sort of cluster provisioning front-end and I certainly don't have that sort of environment
[20:54] <jetsaredim> the issue I have is that I can't even boot the system to attempt any fixes
[20:55] <sarnold> if you can't get the "single" or "rescue" things to work, you can always boot with init=/bin/bash
[21:04] <jetsaredim> it's not really even clear from that bug report what I'd need to fix
[21:19] <jetsaredim> sarnold: looks like maybe the real bug is...
[21:19] <jetsaredim> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1491658
[21:20] <sarnold> jetsaredim: yikes, if that message is correct that's _really_ annoyuing
[21:20] <sarnold> jetsaredim: .. fedora pulled kdbus entirely the other day so the authors could work on it further
[21:20] <sarnold> jetsaredim: head into #ubuntu-devel and poke pitti with that bug number -- unforutnately it'll be a few huors before pitti's around but this feels like it needs his input
[21:21] <jetsaredim> fun times
[22:11] <jetsaredim> sarnold: I see what part of the issue is...  I have an mdadm device listed in my fstab file without "nofail" and it seems to not be correctly starting the device on boot
[22:11] <jetsaredim> I have to go in and manually update it
[23:48] <teward> sarnold: ping