| velusunivers-sys | when the ubuntu server installed it asked for a use, im needing to root into it ow do i get the root password | 00:12 |
|---|---|---|
| bekks | !root | velusunivers-sys | 00:13 |
| ubottu | velusunivers-sys: Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo | 00:13 |
| velusunivers-sys | i dont want to be using sudo i want ot be able to use root | 00:14 |
| bekks | velusunivers-sys: Againm read what ubottu just told you. | 00:15 |
| genii | velusunivers-sys: Use sudo -i | 00:19 |
| genii | velusunivers-sys: Then: exit ...when done doing root-things | 00:19 |
| === jelly-home is now known as jelly | ||
| lordievader | Good morning. | 09:44 |
| a_ok | What is the recommended way to limit resources of a process in Ubuntu 14.04? | 09:59 |
| rbasak | a_ok: ulimit? Or cgroups? | 10:25 |
| a_ok | rbasak: I think cgroups. I don't really care what method is used as long as I can limit the memory usage of varnish (it mmaps everything untill other processes crash). | 10:26 |
| rbasak | a_ok: "ulimit -v" might be enough for that. I'm not as familiar as I'd like with cgroups, but they're more complex. | 10:27 |
| rbasak | systemd makes things easier to apply resource limits but not in 14.04. | 10:27 |
| a_ok | rbasak: I know that I can use ulimit -v. I just get tired of finding out where and how to make this happen. | 10:28 |
| rbasak | a_ok: looks like upstart has a "limit" keyword | 10:29 |
| a_ok | I know there is limits.conf. that requires a lot of messing with pam files to get it to work on services. If at all possible I do not want to hack upstart scripts | 10:29 |
| rbasak | http://upstart.ubuntu.com/cookbook/#limit | 10:29 |
| a_ok | rbasak: ok that looks like the most elegant solution untill an upgrade comes along | 10:29 |
| rbasak | Well, a service startup script would be the right place to configure this kind of thing if a daemon itself cannot do it. | 10:30 |
| rbasak | With systemd, it's essentially in the same place, just a different syntax. | 10:30 |
| rbasak | (and a different override mechanism) | 10:30 |
| rbasak | a_ok: http://upstart.ubuntu.com/cookbook/#override-files | 10:30 |
| a_ok | rbasak: thanks that will help (a lot actually) | 10:30 |
| a_ok | rbasak: that was the whole reason I was looking into cgroups. there seems to be a cgred deamon that should be able to place my processes in cgroups on the fly but it feels like swatting at mosquito with a boulder. | 10:32 |
| Deeps | hi guys, just installed ubuntu server 14.04 lts, during the install it asked me if i wanted to encrypt my homedir, which i dutifully agreed too, and then after that got an option for partitioning disks and setting up an encrypted lvm. if this is a single user system (me), is there any benefit to having an encrypted homedir if the rest of the system partition is also encrypted? | 12:20 |
| === admcleod1 is now known as admcleod | ||
| lukesoft | Guys i just installed ubuntu server, and at some point during installation is asked me what i would like to install, and there was like 6 options including DNS server, Samba etc…….without knowledge i installed just the first one……and i am not sure if its exactly what i need, how do i go back to that option | 12:23 |
| rbasak | Deeps: one benefit is that nobody can access the data in the encrypted homedir when it is not unlocked, for example if nobody is logged in. Probably makes no difference for a server. I don't do it, relying on full disk encryption only, on both desktops and servers. | 12:27 |
| Deeps | rbasak: cool thakns, thats what i thought, and was already reinstalling it without encrypted homedir :> | 12:27 |
| rbasak | lukesoft: I think the program you want is called "tasksel". But it's just a set of preselected packages. You can just install what you need without that. | 12:27 |
| rbasak | kirkland: ^^ I wonder if we can avoid prompting for encrypted homedir on the server ISO? Seems misleading to me. | 12:29 |
| rbasak | Not sure how we'd achieve that technically mind. | 12:29 |
| lukesoft | rbasak: Thanks, I thot i did something wrong | 12:29 |
| === n00p is now known as naise | ||
| Deeps | fresh install of ubuntu server from 14.04.4 iso, on first boot: updates are available to install | 12:44 |
| Deeps | feels a bit like windows | 12:44 |
| Deeps | would be cool if it had an option to install newest packages from net during install time | 12:45 |
| Walex | Deeps: updates happen pretty frequently.... | 12:45 |
| Deeps | Walex: yep, not saying that the iso should be updated every time, but that it could fetch updated packages during install time | 12:46 |
| Walex | Deeps: and some people for whatever odd reasons of their insist on being on an *exact* point release, even if it is largely meaningless | 12:46 |
| Deeps | Walex: those people dont care about kernel vuln updates? openssl updates? | 12:46 |
| Deeps | Walex: also note, 'option', covers those people | 12:46 |
| Deeps | fwiw i'm coming from using debian netinst as standard, so i'm used to installing and having an up to date system immediately | 12:47 |
| Deeps | just an idea | 12:47 |
| Walex | Deeps: the updates happen IIRC if you do a network install rather than from-ISO | 12:47 |
| Deeps | gotcha | 12:47 |
| Deeps | so i used the wrong installer | 12:47 |
| * Deeps finds the right one | 12:47 | |
| rbasak | Deeps: I agree, it would be nice if the even the main ISO installer did what you said when network connected. I'm not sure why it doesn't. | 12:49 |
| lukesoft_ | I have ubuntu 15 desktop, and a wireless router (TP-LINK WR740N)...I am need to redirect everyone who connects to the wireless access point to my custom php page running on my apache webserver on the ubuntu box......Where do i start? | 14:19 |
| lukesoft_ | <lukesoft_> I do not need to authenticate people or anything like that | 14:19 |
| lukesoft_ | I have ubuntu 15 desktop, and a wireless router (TP-LINK WR740N)...I need to redirect everyone who connects to the wireless access point to my custom php page running on my apache webserver on the ubuntu box......Where do i start? | 14:19 |
| lukesoft_ | I do not need to authenticate people or anything like that | 14:20 |
| trippeh | I had to mask 99-default.link to get /etc/systemd/networkd/*.link to work, that doesnt seem right | 14:30 |
| trippeh | (16.04) | 14:30 |
| trippeh | err, /etc/systemd/network | 14:31 |
| trippeh | ah, hum, ordering.. | 14:38 |
| velusunivers-sys | what would glibc be under in ubntu in the aptget | 14:48 |
| Pici | velusunivers-sys: the source package? | 14:53 |
| Pici | velusunivers-sys: the source pacakge is eglibc on 12.04 and 14.04, glibc on other supported releases. libc6 itself is installed by default. | 14:55 |
| kirkland | rbasak: that's fine | 15:01 |
| kirkland | rbasak: you're welcome to patch that out | 15:01 |
| velusunivers-sys | brain fart here, how do i use tar to untar a file? | 15:58 |
| velusunivers-sys | a tar.bz | 15:58 |
| qman__ | tar xjf archive.tar.bz2 | 15:58 |
| velusunivers-sys | can i do a wildcard for it i.e tar xjf *.tar.bz2 | 15:59 |
| velusunivers-sys | and same for .gz and such | 15:59 |
| lordievader | I would do that in a loop, your shell expands the *, not tar. | 16:01 |
| ddellav | coreycb oslo-messaging has been fixed. My changes are in the ubuntu/mitaka branch | 16:03 |
| rbasak | echo *.tar.bz2|xargs -n1 tar xjf | 16:03 |
| rbasak | xargs will call "tar xjf <file>" for each thing that is piped in. | 16:04 |
| rbasak | I hear that newer tar doesn't require the decompression specifier any more as it autodetects. Not tried it though and don't know when it happened. | 16:05 |
| sdeziel | indeed, tar xf will figure it out | 16:05 |
| coreycb | ddellav, thanks I"ll take a look shortly | 16:05 |
| velusunivers-sys | so how would i do that then? | 16:05 |
| ddellav | yea, it's nice. tar xf will auto detect. Not sure if it's based on the file extension or not. | 16:06 |
| rbasak | echo *.tar.{bz2,gz}|xargs -n1 tar xf | 16:06 |
| velusunivers-sys | ok just done echo *.tar.bz2|xargs -n1 tar xjf and im waiting to see if it works now | 16:06 |
| velusunivers-sys | what about xz | 16:06 |
| rbasak | echo *.tar.{bz2,gz,xz}|xargs -n1 tar xf | 16:06 |
| rbasak | Also .tgz is a common extension | 16:07 |
| rbasak | echo *.{tar.{bz2,gz,xz},tgz}|xargs -n1 tar xf | 16:07 |
| rbasak | You get the idea ;) | 16:07 |
| velusunivers-sys | and what about .patch? | 16:08 |
| rbasak | Patch files can't be unpacked, only applied. | 16:08 |
| velusunivers-sys | ok | 16:08 |
| velusunivers-sys | and if i wanted to rmoves all tars and not the actual folders i.e archive.tar.gz archive2.tar.xz .... but keep /archive /archive2 ... how would i remove it | 16:10 |
| rbasak | Use rm. Spend some time understanding how the commands above work and you should be able to figure it out. | 16:11 |
| lordievader | velusunivers-sys: Also read up on regular expressions. | 16:11 |
| velusunivers-sys | would i do something like echo *.tar.{bz2,gz}|xargs -nl rm ? | 16:12 |
| lordievader | velusunivers-sys: 'rm *.{tar.{bz2,gz},tgz}' would do the trick. | 16:13 |
| coreycb | ddellav, all the clients are at the latest release for mitaka, just need the python-positional MIR | 16:13 |
| velusunivers-sys | ok | 16:14 |
| velusunivers-sys | i did as above what i said and that worked | 16:14 |
| coreycb | ddellav, I skipped that test for ceilometer and opened a bug upstream | 16:14 |
| ddellav | ok, im running through all the checklists so i dont miss anything. | 16:14 |
| ddellav | coreycb ah ok, good to know | 16:14 |
| === unreal_ is now known as unreal | ||
| dannymichel | what error logs can i look at to troubleshoot 502 bad gateway? nginx error log is giving me nothing | 17:09 |
| teward | dannymichel: there's any of a billion potential causes of the error | 17:10 |
| teward | dannymichel: what's your backend that you're trying to reach to? PHP? Passenger? Another web service on an internally-listening-only port? | 17:10 |
| dannymichel | it happened after The following NEW packages will be installed: php-apc php5-apcu php5-common php5-json | 17:11 |
| teward | dannymichel: what OS? | 17:11 |
| teward | or rather what version of Ubuntu | 17:11 |
| dannymichel | just ried installing apc using apt-get | 17:11 |
| dannymichel | 14 | 17:11 |
| teward | dannymichel: check the PHP configuration then - determine where it's set up to listen on, then point NGINX to that for the proxy_pass or however you reach out to PHP | 17:12 |
| dannymichel | ok | 17:12 |
| teward | also without your configs I can't tell if you disable error logging or not for that site; | 17:12 |
| teward | or whether your errors go to other logs, etc. | 17:12 |
| teward | but start by checking if the following are true: | 17:12 |
| teward | (1) php is listening | 17:13 |
| teward | (2) php is listening where nginx is trying to send to it | 17:13 |
| teward | (3) nginx is configured to use the correct listening location for wherever PHP is listening (could be a local UNIX socket, could be a local TCP socket) | 17:13 |
| dannymichel | ok thanks | 17:13 |
| teward | i.e. if your proxy_pass goes to 127.0.0.1:9987 then you need to make sure the php backend process is listening there :) | 17:13 |
| teward | you're welcome | 17:14 |
| dannymichel | ok thanks again | 17:14 |
| maswan | Sling: btw, my drbd stuff, it turns out it was the network buffers I needed to bump, like in http://lists.linbit.com/pipermail/drbd-user/2016-January/022611.html | 17:16 |
| maswan | but it took a while to figure out that the way to do this in order to take for my deployment was: drbd:net-custom="--max-buffers 36k --sndbuf-size 1024k --rcvbuf-size 2048k | 17:16 |
| maswan | and that changing it with drbdsetup during a resync doesn't affect that resync either | 17:16 |
| linuxlove | hello | 17:29 |
| linuxlove | i am going to grant permission to a user for upload files on /var/www/html how can i do that? | 17:30 |
| Siilwyn__ | Hi there folks. I made a new SSH key, added it to my server then deleted the 'old' ssh key by editing the 'authorized_keys' file. But I'm still able to login to my server with the old SSH key, how is that possible? | 17:32 |
| linuxlove | i am going to grant permission to a user for upload files on /var/www/html how can i do that? | 17:32 |
| linuxlove | how can i just access to one directory /var/www/html ? | 17:34 |
| Siilwyn__ | linuxlove, add a new user on your system. Then make that user the owner (or add the user to a certain group) of the directory with `chown`. Then change user permissions to be able to write with `chmod`. | 17:34 |
| Norbin | unattended ubuntu 14.04.4 installation just hangs. any debugging that can be done somehow to understand where it's stuck? | 17:35 |
| Norbin | did some minor changes, followed instructions as on the official guide / forums | 17:35 |
| linuxlove | Siilwyn__, do i create group named webcontent? | 17:35 |
| linuxlove | i have created a user | 17:35 |
| linuxlove | Siilwyn__, groupadd webcontent | 17:37 |
| linuxlove | ? | 17:37 |
| linuxlove | Siilwyn__, then how can i assign that directory to this group could you say please? | 17:38 |
| linuxlove | i have created a group named webcontent how can i assign accessing to /var/www/html to members of this group ? | 17:43 |
| linuxlove | omg | 17:43 |
| linuxlove | it seems this channel is empty | 17:43 |
| Siilwyn__ | patience is a virtue | 17:51 |
| Siilwyn__ | don't expect people to respond right away at an IRC channel, people are helping others here out of goodwill | 17:51 |
| Siilwyn__ | anyway linuxlove checkout `man chown` | 17:52 |
| Siilwyn__ | you can assign a group with that command | 17:52 |
| linuxlove | Siilwyn__, if i assign user to web-data group can he write on /var/www/html? | 17:55 |
| Siilwyn__ | linuxlove, if the directory has that group as an owner and the group permissions have write. then yes | 17:57 |
| * Siilwyn__ brb. going to eat | 17:57 | |
| BillAtChem402 | Hi. I've got a 'trusty' ubu-server installed. I'm looking for the latest openssl updates in response to the 'DROWN' vulnerability. an apt-get update finds nothing afaict. What repo do I need in sources.list to get the update? | 17:59 |
| Pici | /50/50 | 18:08 |
| linuxlove | Siilwyn__, are you there | 18:11 |
| linuxlove | Siilwyn__, i used usermod -aG www-data user but user cant write to var/www/html what should i do? | 18:13 |
| nacc_ | BillAtChem402: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0800.html ? | 18:13 |
| nacc_ | BillAtChem402: if i understand, correctly | 18:13 |
| linuxlove | Siilwyn__, when i use sudo chmod 640 user i get this error that user is not in sudo file | 18:13 |
| Siilwyn__ | BillAtChem402, you don't need to update your openssl. All you need to do is configure your ssl to not fallback to old versions. | 18:14 |
| Deeps | BillAtChem402: you may find you've got automatic security updates enabled, and thus, the latest package has already been supplied | 18:14 |
| linuxlove | how can i grant write permission to that user ? | 18:14 |
| Siilwyn__ | linuxlove, what does ls -A tell you about the permissions? | 18:15 |
| BillAtChem402 | nacc_: Yep, that looks like the one. Siilwyn__ Interesting. How do I prevent fallback? Deeps 'automatic' is more than just having security repos in source.list? | 18:15 |
| linuxlove | ls -A? | 18:16 |
| Deeps | BillAtChem402: yeah, ubuntu has an automatic security updates option which you can enable at install time (and toggle some how later on i assume). either way, ubuntu like debian wasn't affected by DROWN, as debian compiles openssl without sslv2 support | 18:16 |
| linuxlove | Siilwyn__, ls -A /var/www/html? | 18:17 |
| Deeps | BillAtChem402: https://help.ubuntu.com/lts/serverguide/automatic-updates.html | 18:17 |
| BillAtChem402 | Deeps: yep, just found it ... already there. thx. | 18:17 |
| Siilwyn__ | linuxlove, no just `ls -A` in the parent directory | 18:17 |
| Siilwyn__ | BillAtChem402, that depends on what you're using SSL for. I'm guessing HTTPS? | 18:18 |
| linuxlove | Siilwyn__, i just see my files in output of ls -A in terminal and i see no thing for permissions | 18:19 |
| Siilwyn__ | oh snap | 18:19 |
| BillAtChem402 | Siilwyn__: Mail server , VPN & web/https . Are you talking about preventing the fallbacks is those apps' configs? If so, that's already taken care of. | 18:19 |
| linuxlove | Siilwyn__, ls -l say about permissions | 18:19 |
| Siilwyn__ | linuxlove, I meant `ls -l` | 18:19 |
| Siilwyn__ | indeed | 18:20 |
| linuxlove | Siilwyn__, how can i add my user to sudoers? | 18:20 |
| Siilwyn__ | BillAtChem402, that's what I was talking about. That's all you gotta do, as long as your services don't fallback to the old SSL there is nothing wrong. | 18:21 |
| BillAtChem402 | Siilwyn__: Ok. I thought that I also had to do something ubu-server-wide , too. Sounds likes I'm set. And I do have auto-updates on for security .... | 18:22 |
| linuxlove | Siilwyn__, i get this error cp /home/mohsen/web.xml /var/www/html/ | 18:26 |
| linuxlove | cp: cannot create regular file ‘/var/www/html/web.xml’: Permission denied | 18:26 |
| Siilwyn__ | linuxlove, that is something wildly different | 18:26 |
| Siilwyn__ | I take that back, ;d | 18:27 |
| linuxlove | Siilwyn__, how can i assigh him write permission to just /var/www/html while he is not in sudoers | 18:27 |
| Siilwyn__ | could you `ls -l` and send the line of results for that directory here? | 18:28 |
| BillAtChem402 | Thx! | 18:28 |
| * Siilwyn__ for example: drwx------ 2 pancake pancake 4096 Aug 25 2015 .docker | 18:28 | |
| ogra_ | damn ... i knew i shouldnt have clicked on this channel ... hungry now | 18:29 |
| * ogra_ goes to find some pancake | 18:29 | |
| Siilwyn__ | ^^ | 18:29 |
| linuxlove | ls -l /var/www/html/ | 18:31 |
| linuxlove | total 32 | 18:31 |
| linuxlove | -rw-r--r-- 1 root root 21 Jan 24 07:50 a.html | 18:31 |
| linuxlove | -rw-r--r-- 1 root root 84 Feb 29 08:45 index.html | 18:31 |
| linuxlove | -rw-r--r-- 1 root root 81 Feb 29 08:41 index.html~ | 18:31 |
| linuxlove | drwxr-xr-x 3 root root 4096 Feb 29 15:51 PhpProject1 | 18:31 |
| linuxlove | -rw-r--r-- 1 root root 12840 Feb 25 13:15 README.FIRST | 18:31 |
| nacc_ | linuxlove: please use pastebin | 18:34 |
| Siilwyn__ | linuxlove, now I would like to know that but only for the html directory | 18:34 |
| Siilwyn__ | nacc_, he only needed to send one line though. ;P | 18:34 |
| nacc_ | Siilwyn__: fair enough ... they are also asking the same question on #ubuntu, fwiw | 18:34 |
| linuxlove | Siilwyn__, are you there? | 18:35 |
| linuxlove | nacc_, it doesnt make sence | 18:35 |
| Siilwyn__ | nacc_, yeah linuxlove is also pm'ing me for no reason. | 18:35 |
| === PaulePanter is now known as PaulePanetr | ||
| === PaulePanetr is now known as PaulePanter | ||
| linuxlove | nacc_, we are here to help | 18:35 |
| linuxlove | Siilwyn__, it is for no reason? | 18:35 |
| sarnold | mm pancakes | 18:35 |
| linuxlove | Siilwyn__, how can i know that for just one directory? | 18:36 |
| Siilwyn__ | by reading what I ask you. -_- | 18:36 |
| nacc_ | linuxlove: ls -l /var/www/html | 18:37 |
| nacc_ | no trailing / | 18:37 |
| Siilwyn__ | > "send the line" | 18:37 |
| sarnold | nacc_: itym ls -ld | 18:37 |
| nacc_ | sarnold: i was just quoting Siilwyn__ :) | 18:37 |
| nacc_ | sarnold: i think you're right, though | 18:38 |
| linuxlove | -ld /var/www/html/ | 18:38 |
| linuxlove | drwxr-xr-x 3 root root 4096 Feb 29 08:45 /var/www/html/ | 18:38 |
| linuxlove | nacc_, you are just need to learn more i think instead of look for my questions in ubuntu also | 18:39 |
| linuxlove | Siilwyn__, if your purpose is help just tell me what should i do ? | 18:40 |
| linuxlove | and i am Pm`ing you with no reason say me to leave here | 18:40 |
| nacc_ | linuxlove: i don't know what you're saying, but I think Siilwyn__ is helping you | 18:41 |
| linuxlove | i am not here with no reason | 18:41 |
| * genii makes more coffee | 18:41 | |
| nacc_ | linuxlove: it's considered bad etiquette to PM someone if you are already asking questions publicly. That's like spamming. | 18:42 |
| linuxlove | it is hard for members from ubuntu-server to help me to grant write permission to a special directory | 18:42 |
| hallyn | smb: if you're looking at another libvirt merge, also consider bug 1552241 | 18:42 |
| ubottu | bug 1552241 in libvirt (Ubuntu) "libvirt-bin apparmor settings for usb host device" [Undecided,Incomplete] https://launchpad.net/bugs/1552241 | 18:42 |
| linuxlove | Siilwyn__, excuse me for calling you | 18:43 |
| linuxlove | have a good time | 18:43 |
| genii | I think I'd probably do userdirs on apache instead of mucking with permissions/ownership stuff directly under /var/www | 18:44 |
| nacc_ | linuxlove: i think you have a few options (if you can't decide which is best, then I think you need to take a step back and consider googling around): 1) allow everyone to write to that directory (chmod o+w); create a special group, add users to that group as needed, and chgrp a directory; or use userdirs as they are intended by apache | 18:45 |
| linuxlove | my friend is going to upload files to /var/www/html with rsync command from his terminal | 18:46 |
| coreycb | ddellav, oslo.messaging uploaded, thanks for the merge! | 18:46 |
| ddellav | coreycb yay finally :) | 18:46 |
| linuxlove | i created user named mohsen for him | 18:47 |
| linuxlove | and i assigned him to www-data group | 18:47 |
| linuxlove | please tell me what i the best solution for me at moment | 18:48 |
| Siilwyn__ | nacc_, may I bother you with a question? nobody at #linux seems to know the answer... I made a new SSH key, added it to my server then deleted the 'old' ssh key by editing the 'authorized_keys' file. But I'm still able to login to my server with the old SSH key, how is that possible? I already restarted the ssh service. | 18:49 |
| sarnold | Siilwyn__: o_O that's very odd | 18:50 |
| linuxlove | in this output ls -ld /var/www/html/ | 18:50 |
| linuxlove | drwxr-xr-x 3 root root 4096 Feb 29 08:45 /var/www/html/ | 18:50 |
| nacc_ | is it possible there is an ssh agent caching something? | 18:50 |
| Siilwyn__ | sarnold, yeah I know right. I'm pretty worried atm. about what could be wrong | 18:50 |
| linuxlove | how can i add mohsen beside root also | 18:51 |
| sarnold | Siilwyn__: is this machine online atm? I wonder if it's allowing -any- key or something similar | 18:51 |
| nacc_ | Siilwyn__: ssh -vvv might tell you more, too, not positive | 18:52 |
| linuxlove | thanks friend it seems nobody want to help me | 18:52 |
| linuxlove | i got a new concept of help | 18:52 |
| sarnold | linuxlove: I don't think you're asking questions that have answers. try this: http://www.catb.org/esr/faqs/smart-questions.html | 18:52 |
| nacc_ | linuxlove: and you were given 2 answers already ... | 18:53 |
| linuxlove | nacc_, i am new to linux | 18:53 |
| Siilwyn__ | nacc_, what is `ssh -vvv` supposed to do? For me it just displays the help text. | 18:53 |
| linuxlove | nacc_, you cant tell me what should i do in terminal? | 18:53 |
| nacc_ | Siilwyn__: sorry, as part of the command ... e.g. ssh -vvv remote_server | 18:53 |
| Siilwyn__ | nacc_, sarnold just tried it with a newly generated ssh key and that worked too 0.0 maybe it is indeed my ssh agent doing weird things | 18:53 |
| sarnold | Siilwyn__: I wouldn't expect your agent to be involved -- that was my initial fear, too.. | 18:54 |
| linuxlove | a guy yesterday was here and he could understand what does it mean new to linux | 18:54 |
| nacc_ | linuxlove: i don't think it's a good idea to just tell you what to do, as you're liable to make your server vulnerable to security issues. I think you should educate yourself on users, groups, and permissions. And then you can decide what makes the most sense for your setup. | 18:55 |
| linuxlove | nacc_, i put mohsen in sudoers file | 18:55 |
| nacc_ | linuxlove: why would you do that? | 18:56 |
| linuxlove | nacc_, i couldnt get a good help from here | 18:56 |
| linuxlove | nacc_, i do that because my friend is waiting for uploading | 18:56 |
| Siilwyn__ | linuxlove, add a new user on your system. Then make that user the owner (or add the user to a certain group) of the directory with `chown`. Then change user permissions to be able to write with `chmod`. | 18:57 |
| Siilwyn__ | ^ I told you this before, do this for the /var/www/html directory | 18:57 |
| nacc_ | linuxlove: also, in any case, this has little to nothing to do with server itself; you did ask on #ubuntu, I believe, and were being helped, but you didn't like their answers either (that's my reading of what happened, at least). | 18:57 |
| linuxlove | i created user and i assigned him to www-data wasnt it useful for me? | 18:58 |
| nacc_ | linuxlove: does that group have permissions for the directory in question? | 18:59 |
| Siilwyn__ | nacc_, no it doesn't. it it owned by root:root | 18:59 |
| Siilwyn__ | already told him | 18:59 |
| nacc_ | Siilwyn__: I know, I want linuxlove to understand this | 18:59 |
| linuxlove | Siilwyn__, i created a webcontent group | 18:59 |
| Siilwyn__ | whoops, okay. Got a bit to fast in my response | 18:59 |
| linuxlove | hey guys | 18:59 |
| Siilwyn__ | nacc_, anything particular I should look for in the output of `ssh -vvv`? | 19:00 |
| linuxlove | excuse me for my less knowledge | 19:00 |
| linuxlove | please be patient about me | 19:00 |
| nacc_ | Siilwyn__: i'm just curious what it says for how it authenticated, which key it chose to use | 19:00 |
| nacc_ | sarnold may be more helpful debugging it, tbh, but you can pastebin the output if you'd like | 19:01 |
| sarnold | Siilwyn__: it's hard to describe; can you ssh to another server that will reject you? (sarnold.org ought to reject you..) | 19:01 |
| linuxlove | i created a webcontent group which command in terminal will help me to put this group owner of /var/www/html ? | 19:01 |
| sarnold | Siilwyn__: comparing the two outputs may help you spot the issue if you don't want to pastebin the output | 19:01 |
| nacc_ | sarnold: good point | 19:01 |
| nacc_ | linuxlove: chgrp | 19:02 |
| nacc_ | linuxlove: or chown | 19:02 |
| nacc_ | linuxlove: as Siilwyn__ told you earlier | 19:02 |
| linuxlove | nacc_, chgrp webcontent /var/www/html? | 19:02 |
| Siilwyn__ | sarnold, it's asking for your user's password. (maybe you know that already) but I would disable password-based auth if I were you | 19:02 |
| linuxlove | i need to do that step by step | 19:03 |
| nacc_ | linuxlove: that will make group webcontent the group owner of /var/www/html, yes | 19:03 |
| sarnold | Siilwyn__: hah, I hadn't realized. it's a hosted instance, I've got no actual administrative control over it.. doing something better has been on my todo list for ages :) | 19:04 |
| sarnold | Siilwyn__: thanks :D | 19:04 |
| Siilwyn__ | :D no problem, I was hoping that was the case for you | 19:05 |
| linuxlove | i did that | 19:05 |
| Siilwyn__ | sarnold, found this in the `ssh -vvv` response: "Could not load "/home/siilwyn/.ssh/randomnewkey.pub" as a RSA1 public key" | 19:06 |
| linuxlove | hello | 19:08 |
| linuxlove | ls -ld /var/www/html/ | 19:08 |
| linuxlove | drwxr-xr-x 3 root webcontent 4096 Feb 29 08:45 /var/www/html/ | 19:08 |
| sarnold | linuxlove: nice; now chmod 02775 /var/www/html -- that will enable the setgid bit on the directory, which will cause all new files and directories created there to inherit the group | 19:10 |
| Siilwyn__ | sarnold, nacc_ I really don't know what I should look for, not even sure which key it is using would you mind looking into the log: https://gist.github.com/Siilwyn/114e18c70cd19d50dc26 | 19:11 |
| Siilwyn__ | sarnold, props for the setgid bit! | 19:11 |
| sarnold | Siilwyn__: jeezae you had me terrified when I saw this: debug1: Server host key: ECDSA 01:02:03:04:05 | 19:12 |
| sarnold | Siilwyn__: .. but then I noticed the IPs also looked funny. hah. ;) | 19:12 |
| Siilwyn__ | ;D yeah not sure if that was needed but I thought posting my ports and fingerprints on internet might not be very smart | 19:13 |
| linuxlove | hey guys | 19:13 |
| linuxlove | i did that | 19:13 |
| linuxlove | excuse me that i bothered you | 19:13 |
| linuxlove | you are great guys | 19:13 |
| sarnold | linuxlove: does creating a new file in that directory show the correct user:group? | 19:13 |
| linuxlove | my friend is uploading with rsync now | 19:14 |
| sarnold | Siilwyn__: I _think_ the trustytitan key was accepted; check again the ~/.ssh/authorized_keys? | 19:14 |
| * Siilwyn__ loves happy endings, *sniff* what an happy ending. | 19:14 | |
| sarnold | Siilwyn__: hehe | 19:14 |
| sarnold | Siilwyn__: (and just to make sure.. you're checking and changing onthe -server- side, right? please don't hit me..) | 19:15 |
| linuxlove | sarnold, ls -ld /var/www/html/web.xml | 19:15 |
| linuxlove | -rw-r--r-- 1 mohsen webcontent 1230 Mar 2 14:12 /var/www/html/web.xml | 19:15 |
| Siilwyn__ | haha yeah serverside ;p otherwise that would be the ultimate fail | 19:15 |
| linuxlove | Siilwyn__, thanks | 19:15 |
| sarnold | linuxlove: nice. he may want to change umask setting to 0200 instead of 0220 but it otherwise looks promising | 19:15 |
| sarnold | Siilwyn__: okay, sorry, just have to check .. :) | 19:16 |
| Siilwyn__ | no problem, it's always good to check the most basic things first. | 19:16 |
| Siilwyn__ | sarnold, authorized_keys still only showing one key | 19:16 |
| linuxlove | sarnold, you exactly understand what does it mean new to linux | 19:16 |
| sarnold | Siilwyn__: time to grab server logs :/ does anything show up? | 19:17 |
| linuxlove | hey guys | 19:17 |
| sarnold | Siilwyn__: it is slightly reassuring that it didhn't just accept you o nthe first one.. | 19:17 |
| linuxlove | good nigh | 19:17 |
| linuxlove | thanks for help | 19:17 |
| sarnold | linuxlove: yeah, I _loved_ being new to linux.. so much to learn, so much to read :) | 19:17 |
| sarnold | linuxlove: it's grown a bit since then of course.. | 19:18 |
| sarnold | linuxlove: have fun | 19:18 |
| linuxlove | nacc_, really thnks for step by step helping | 19:18 |
| Siilwyn__ | g'night! | 19:18 |
| linuxlove | sarnold, you are great | 19:18 |
| sarnold | linuxlove: my hint for the day: read those manpages. they are worth their weight in gold :) | 19:18 |
| linuxlove | Siilwyn__, good night really thanks | 19:18 |
| linuxlove | sarnold, you are right | 19:19 |
| Siilwyn__ | sarnold, all auths in the sshd (with the old and new key) have the same RSA. | 19:19 |
| linuxlove | but i am weak at english | 19:19 |
| linuxlove | i love you alll | 19:20 |
| Siilwyn__ | <3 | 19:20 |
| linuxlove | if someone can introduce me a book for website administrator please tell me | 19:21 |
| linuxlove | i am on a ubuntu15.10 | 19:21 |
| Siilwyn__ | in the sshd log it first shows a 'postponed publickey ... ssh2 [preauth]' then 'accepted publickey ... RSA <same fingerprint for all requests>' pretty nothing else going on in the log | 19:22 |
| genii | linuxlove: https://help.ubuntu.com/lts/serverguide/ is the most current guide for Ubuntu Server | 19:23 |
| linuxlove | genii, thanks | 19:24 |
| Siilwyn__ | sarnold, shall I pm you my server info so you can try to login? I'm afraid it accepts every ssh key atm... | 19:25 |
| sarnold | Siilwyn__: sure | 19:26 |
| Siilwyn__ | wait a sec. | 19:26 |
| Siilwyn__ | just discovered that if I change the user it rejects me | 19:26 |
| sarnold | pfew, mine's rejected :) | 19:29 |
| === IdleOne- is now known as IdleOne | ||
| Siilwyn__ | okay I think I have been stupid, seems like the ssh process on my laptop has been running all this time. can't kill it though | 19:37 |
| Siilwyn__ | :| | 19:40 |
| Siilwyn__ | I guess I'll look into it further tomorrow, have been trying for the last 4 hours. Driving me insane | 19:41 |
| sarnold | Siilwyn__: ugh; good luck, please do let me know if you remember when you sort it out :) | 19:42 |
| Siilwyn__ | sarnold, I will! thank you for reassuring me the server isn't open to everybody. | 19:44 |
| sarnold | yeah, that's very reassuring :) from crisis to curiosity... | 19:44 |
| Siilwyn__ | haha that was it felt like yes | 19:45 |
| coreycb | ddellav, oslo.versionedobjects uploaded. we should be ok on all the clients and oslos now for B3. | 20:55 |
| beisner | coreycb, promoted aodh 2.0.0~b2-2ubuntu2~cloud0 from staging to proposed for the mitaka cloud archive | 20:57 |
| coreycb | beisner, thanks! | 20:57 |
| beisner | coreycb, yw | 20:57 |
| dasjoe | May libvirt 1.3.2 make it into xenial? | 21:06 |
| nacc_ | dasjoe: not sure, but it seems unlikely, as a 1.3.1-1ubuntu4 was just put out yesterday and we're in FF. When did 1.3.2 release? | 21:09 |
| dasjoe | nacc_: yesterday | 21:10 |
| nacc_ | dasjoe: then ... no | 21:10 |
| nacc_ | dasjoe: i'd think | 21:10 |
| nacc_ | debian hasn't packaged it yet,either (even in experimental) | 21:10 |
| dasjoe | nacc_: it'd be nice, as ZFS became a first-class filesystem and libvirt 1.3.2 brings ZFS support | 21:10 |
| dasjoe | (libvirt had ZFS support for a while, 1.3.2 just enabled it on Linux) | 21:11 |
| dasjoe | Here's the relevant diff: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=82f17fbe68d3204932e72296fe07fd416aa8f9fc;hp=c94f6d4dff41b97f603738b6e749900eb83d19b2 | 21:11 |
| sarnold | dasjoe: oh is libvirt already patched up to zfs on linux? | 21:17 |
| sarnold | dasjoe: man that'd be wonderful to not hot-patch :) | 21:17 |
| BrandonG777 | so i'm trying to setup the apache pwauth module and everything seems to work fine except it's throwing failed to open /var/lib/samba/private/secrets.tdb. even after giving read access to everyone and restarting apache it's still throwing that error | 21:32 |
| sarnold | what error message do you get? do you get better error messages elsewhere in logs? | 21:34 |
| BrandonG777 | all i get is Failed to open /var/lib/samba/private/secrets.tdb from /var/log/apache/error.log | 21:34 |
| sarnold | I hate stupid programs that don't include the actual error message. | 21:35 |
| sarnold | BrandonG777: check dmesg or auditd logs for DENIED entries from apparmor perhaps? | 21:36 |
| BrandonG777 | dmesg is doesn't have any mention of pwauth or apache or anything else related. i believe i disabled apparmor | 21:37 |
| BrandonG777 | or not, shows installed :/ | 21:37 |
| BrandonG777 | is there a log or anything for apparmor? | 21:39 |
| sarnold | BrandonG777: /var/log/syslog or /var/log/audit/audit.log (if you installed auditd) | 21:42 |
| BrandonG777 | found it... | 21:43 |
| BrandonG777 | from auth.log | 21:43 |
| BrandonG777 | Mar 2 15:42:17 Veyron pwauth: pam_smbpass(pwauth:auth): Cannot access samba password database, not running as root. | 21:43 |
| === utlemmin` is now known as utlemming | ||
| BrandonG777 | now i'm even more confused, i thought apache ran as root but maybe it's not spawning as the apache user? | 21:45 |
| sarnold | apache keeps a scoreboard process as root but all the workers that handle web traffic run as www-data or something similar | 21:47 |
| BrandonG777 | yeah i even chgrp the secrets.tdb to www-data and gave appropriate permissions but still no love | 21:48 |
| sarnold | that's not an OS-provided error message, I suspect they don't even try | 21:49 |
| sarnold | there's probably a stupid if (geteuid() != 0) error(hurr durr not root!) check in the code | 21:50 |
| BrandonG777 | that's from pwauth correct? not pam? | 21:51 |
| sarnold | probably | 21:51 |
| BrandonG777 | i would think chgrp www-data secrets.tdb and chmod g+r would fix this... | 21:55 |
| BrandonG777 | i wish i could just turn off the samba portion i dont even need it :/ | 21:56 |
| sarnold | hah there it is http://sources.debian.net/src/samba/2:4.3.3%2Bdfsg-2/source3/pam_smbpass/pam_smb_auth.c/#L116 | 22:01 |
| BrandonG777 | yeah i was looking at pam but i dont want to turn it off because i want the samba and system passwords to sync | 22:03 |
| sarnold | how is this thing being kicked off by apache? | 22:03 |
| tarpman | if you have the initial migration finished already (everyone's passwords have been synced once), you could remove smbpass from the auth stack, and just leave it in the passwd stack for future password changes | 22:04 |
| BrandonG777 | it's just a auth_module | 22:04 |
| sarnold | tarpman: ooo | 22:04 |
| tarpman | no idea what pam-auth-update would think of that | 22:04 |
| BrandonG777 | anyone know of an easier way to authenticate apache logins with system users? | 22:05 |
| BrandonG777 | AddExternalAuth pwauth /usr/sbin/pwauth | 22:06 |
| BrandonG777 | SetExternalAuthMethod pwauth pipe | 22:06 |
| BrandonG777 | that's how i'm calling it from my apache config | 22:06 |
| tarpman | huh, I thought there was a mod_pam_auth or such for apache? of course it would have the same problem | 22:07 |
| BrandonG777 | discontinued in favor of this turd i think | 22:07 |
| sarnold | but they may not hardcode a geteuid() != 0 check | 22:07 |
| BrandonG777 | gotta run and pick up my kiddo but i'll be availabe via my bouncer if anyone has any ideas, just mention my nick | 22:08 |
| tarpman | sarnold: same problem -> if the check in question is inside pam_smbpass, which it sounds like it is | 22:08 |
| === ^King is now known as King | ||
| === laurent__ is now known as lau | ||
| === Azelphur is now known as AzeIphur | ||
| === AzeIphur is now known as Azelphur | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!