=== Monthrect is now known as Piper-Off [00:45] Greetings. [00:46] I screwed up my admin account on an up-to-date Ubuntu 14.04 LTS - I mistyped the password during password change and now I can't recall which character I might have transposed. [00:47] I'm trying to recover via http://linuxconfig.org/ubuntu-14-04-lost-password-recovery -- the GRUB2 menu flashes by way too fast to even read it, so I can't drop to recovery mode during boot. [00:47] reboot with iso and replace the password [00:47] patdk-lap: OKi - so no difference between ISO bootstrapping and SSD media? Please confirm, hunting for the ISO now :) [00:48] patdk-lap: Please confirm. [00:48] iirc holding down left shift helps with that menu [00:48] well, if recovery mode will let you [00:48] I know for me it normally asks for root password [00:48] or maybe that is a different os [00:48] probably different os, ubuntu has no root passwd by default :) [00:49] sarnold: Left-shift -- I will try that first, thanks (I was trhying the right Shift key). [00:49] I tent to set root passwords [00:49] sarnold, patdk-lap: Trying both of these in a bit, thanks for your help. [00:50] pr3d4t0r: fwiw, I haven't burned an ISO to cd in forever, I just dd the things to USB memory sticks. Probably it'd work fine on an ssd too. [00:52] sarnold: Yeah. I installed off a USB drive originally. [00:52] sarnold: On this box. [00:52] sarnold: Checking first if I have the install image I used -- save some time. [00:52] *nod* [00:53] with as cheap as they are these days I've thought about buying a few and just using them as write-once disks.. but i'm too lazy to get around to even that. [00:54] sarnold: I write to mine multiple times but they have gotten too small in my opinion [00:54] ianorlin: hehe, yeah, my first usb stick looks adorable at 256 megs now :) [00:54] finding something tiny is the last thing you want to do when you need to reinstall [00:55] sarnold: I think I found it. Back in a bit, thanks again. [00:56] I think I bought some usb 3.0 ones off newegg for like 8 us dollars that I reusue but don't take too much power so boot of usb 2.0 ports fine as well and large enough and are yellow and black so it won't blend in with a surface [00:56] sarnold: Trying Left-Shift first, then boot/recovery (hoping that 14.04 LTS Server ISO will have the option front and center). [00:56] Cheers. === Lcawte is now known as Lcawte|Away [01:07] Hola. [01:07] pr3d4t0r: how'd it go? [01:08] sarnold: Not good. [01:08] sarnold: /dev/mapper/varenka--vg-root on / type ext4 (rw,errors=remount-ro) [01:09] sarnold: I couldn't mount this partition for recovery :\ [01:09] sarnold: It tells me that no suitable shell was found, yada yada yada. [01:09] sarnold: The GRUB screen still goes by super-fast (less than a second) so I can't select anything from it :\ [01:10] sarnold: I need to find a recovery guide that tells me how to mount that virtual volume during recovery :\ [01:11] sarnold: Right now I have no idea of how to recover, though :( [01:12] * pr3d4t0r googles how to slow GRUB2's screen down if Left-Shift isn't working (or Right-Shift, for that matter). [01:13] pr3d4t0r: this site http://labs.bjfocus.co.uk/2013/04/ubuntu-recovery-mode-with-lvm-drives/ suggests it's "lvm vgscan –v ; lvm vgchange –a y ; lvm lvs –all; issue mount commands as needed" [01:13] sarnold: Checking, thanks. [01:14] sarnold: My network is crippled too because the same server acts as a gateway :\ so getting infos/checking/validating/etc. -- long cycle :) [01:15] pr3d4t0r: ouch. cell phone? [01:15] pr3d4t0r: http://tinyurl.com/gpkojuv tinyurl for the above big url :) [01:19] sarnold: I can run a physical cable to the front end gateway and connect from there, but then I'll have to both strengthen my workstation's firewall rules and go under the rack to rewire; trying to avoid doing that but oh, well :) if that's what it takes... :) [01:21] pr3d4t0r: ugh :) yes that sounds terrible :) [01:23] sarnold: The LVM instructions seem to be solid. I'm just double-checking now that all the LVM commands are where they need to be and etc. [01:23] pr3d4t0r: definitely a good idea :) [01:25] sarnold: This is when I should bitch about Linux being so robust that I don't have to screw with any of these commands for years at a time, unlike Windows Servers which require you to know how to recover a server no matter what because who knows what a service release or patch will do! :D [01:25] pr3d4t0r: hah, yeah; I only ever see my grub menu two or three times each year :) [01:26] sarnold: I'd be happy if I could just get to read it *once* today... :D /first_world_technical_problem_fast_booting_server [01:26] haha [01:27] sarnold: I have a vague memory of me tweaking the start up at some point to make the GRUB menu last as little as possible -- I'll eventually catch up and figure out what I did and increase the interval before boot. Anyway, starting recovery again [01:27] Cheers... [01:40] sarnold: Almost there - question: is it possible to umount /, then mount the alternate file system there, from the recovery shell? [01:41] sarnold: Also checking the passwd man page to see if I can specify which passwd file to modify (including shadow password), if I need to mount this in a separate volume. [01:41] pr3d4t0r: a few approaches.. you can use pivot_root to swap it over for everything, or you can use chroot to do something very similar but for specific processes [01:42] pr3d4t0r: I'm pretty sure I used the chroot approach inthe past; mount /dev/whatever/ /mnt/root ; chroot /mnt/root " then fix it up in that shell [01:42] I don't chroot often enough to remmber how to do it [01:43] sarnold: Checking if pivot_root is in the recovery image. [01:43] ianorlin: indeed, me neither, i had to look it up in the manpages just now to make sure I got it right :) [01:44] pr3d4t0r: it may also be in the mounted images, /mnt/whatever/sbin/pivot_root [01:44] sarnold: /mnt is empty. [01:45] pr3d4t0r: then mkdir /mnt/whatever ; mount /dev/mapper/whatever /mnt/whatever [01:45] sarnold: Reading man page to understand how that'd work. [01:47] sarnold: I'm wondering if chroot /mnt/real_server_root_here /bin/sh will be enough. Then run the passwd command from there and hope that /etc/passwd will be updated. Thoughts? [01:47] pr3d4t0r: that should do the job [01:48] sarnold: If you're in the Bay Area (or plan to visit soon), the next beer is on me. Or let me know if you have a tip jar somewhere :) [01:48] pr3d4t0r: hehe, no trips planned; thanks though :) [01:49] Back soon... [02:13] sarnold: Almost there. Neither chroot nor pivot_root seem to be doing the job. [02:14] sarnold: chroot tells me either "can't execute '/bin/sh'" or "Exec format error" depending on chroot w/o a command or if I try to specify the shell to use. All shells are sym-linked to /bin/busybox anyway, (ash -> /bin/busybox, sh -> /bin/busybox) and so on. Googling now to see if there's some other way. [02:16] Dammit. The issue is that the recovery disk and the OS aren't using the same architecture (probably a long due change after six months of patches and updates?). [02:19] heh? [02:19] boot the right one? [02:19] it should be either 64bit or 32bit [02:20] not too many architectures to worry about [02:20] Oh, shit. [02:20] patdk-lap: You're right - this image is probably for a 32-bit box I have somewhere else. Thanks. [02:20] Dammit, pressure :( [02:20] Shit, I forgot that. [02:44] patdk-lap: You were oh, so right kind sir. I was using the wrong ISO image -- everything just worked™ as soon as I used the right image :) [02:44] patdk-lap, sarnold: Thanks a whole bunch guys :) === Mitch is now known as GenericNode [05:57] can anyone confirm the permissions and ownership of qemu images under /var/lib/libvirt/images ? [05:58] i copied from my external drive to the new installation of ubuntu server, which has 777 and user ownership [06:20] argh IIT left but I would have liked to know which file system [06:20] also I think usually they are owned by root\ === cpaelzer_ is now known as cpaelzer_afk === CiPi is now known as cipi === cipi is now known as CiPi === cpaelzer_afk is now known as cpaelzer === Lcawte|Away is now known as Lcawte === arcsky_ is now known as arcsky [11:23] I've just installed ubuntu 15 server and wanted to ask what software I should install to make the server more secure. Maybe someboy knows a good tutorial for beginners? [11:24] somebody === rvba` is now known as rvba [11:40] rinpoo: "security for beginners" is a bit a contradiction in terms... [11:41] rinpoo: also response times under 1 minute are given only to heads of state :-) === CiPi is now known as cipi [12:32] sry was afk since it took so long to get an answer [12:33] why is security for beginners a contradiction? Everyone starts as a beginner with something [12:34] was asking for something like this: https://www.linode.com/docs/security/securing-your-server [12:52] just not for linode [12:57] 450 ppl in here and nobody knows or cares..... [13:06] I’m running 14.04 LTS and am trying to make an upstart script for a custom service, any idea how I would go about customizing handling for “service servicename restart”? the application has a socket handoff feature so that connections don’t get interrupted but I need to have it send a special flag for that, sending the flag should automatically terminate the old instance [13:09] heh? you don't customize handling [13:09] patdk-wk, is there a way to just make it so that doing a service restart doesn’t terminate the first instance of the service? [13:12] use the reload command [13:12] that is what it was made for [13:14] patdk-wk how does the application know what to do for a reload? [13:50] Lightsword: reload sends SIGHUP [13:51] JanC, is it possible to make it do something else like start a new process with a special flag? [13:51] (or whatever signal you configure with 'reload signal') [13:52] hmm, so it only allows you to specify a signal? [13:54] Lightsword: many applications allow you to reload with a signal [13:55] but AFAIK only with a signal, yes [13:55] JanC, this one is a bit weird the reload process for it is to spin up a new process and then handover the connections using an initialization flag [14:14] I have a test server at home and I want to disable all ports, then just open port 80 is there a terminal command to block all ports? [14:14] would sudo ufw block all work? [14:22] rinpoo if there's nothing listening on a port, it won't be open in the first place? === cipi is now known as CiPi [14:26] Well Im n00b so I dont know Ill be doing this: http://serverfault.com/questions/363741/how-can-i-block-all-but-three-ports-in-ubuntu === yoink_ is now known as yoink [16:01] I'm getting: /etc/bind/named.conf.options e212 can't open file for writing [16:02] after adding: recursion no; and version "Not Disclosed" [16:02] Im using vi [16:03] anyone know what I can do? [16:06] found the problem the file doesnt exist [16:25] coreycb: hey, do you know if I can try mitaka now? [16:25] you told me this week [16:28] EmilienM, I don't see it in the archive yet [16:29] Beret: it's not in -proposed? === cpaelzer is now known as cpaelzer_ === Lcawte is now known as Lcawte|Away [18:34] is there a way to scan packages before installing to see if they will require a reboot after being installed? [18:41] the only thing that requires a reboot is kernel [18:41] or if you have some program that uses a lib that cannot be restart, except via a reboot [18:42] libssl requires a reboot [18:42] for example [18:42] only to be sure every program that is using it, is restarted [18:42] it doesn't technically require a reboot [18:43] maybe if there's a way to scan all packages that need to be upgraded for a hook that creates /var/run/reboot-required [18:43] oh, then if I lsof all files that use the old ssl version and restart those services I'm golden [18:43] yes [18:44] thanks === CihanKaygusuz is now known as Cihan === mfisch` is now known as mfisch === mfisch is now known as Guest13696 === Lcawte|Away is now known as Lcawte