/srv/irclogs.ubuntu.com/2016/03/02/#ubuntu-server.txt

velusunivers-syswhen the ubuntu server installed it asked for a use, im needing to root into it ow do i get the root password00:12
bekks!root | velusunivers-sys00:13
ubottuvelusunivers-sys: Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo00:13
velusunivers-sysi dont want to be using sudo i want ot be able to use root00:14
bekksvelusunivers-sys: Againm read what ubottu just told you.00:15
geniivelusunivers-sys: Use sudo -i00:19
geniivelusunivers-sys: Then: exit   ...when done doing root-things00:19
=== jelly-home is now known as jelly
lordievaderGood morning.09:44
a_okWhat is the recommended way to limit resources of a process in Ubuntu 14.04?09:59
rbasaka_ok: ulimit? Or cgroups?10:25
a_okrbasak: I think cgroups. I don't really care what method is used as long as I can limit the memory usage of varnish (it mmaps everything untill other processes crash).10:26
rbasaka_ok: "ulimit -v" might be enough for that. I'm not as familiar as I'd like with cgroups, but they're more complex.10:27
rbasaksystemd makes things easier to apply resource limits but not in 14.04.10:27
a_okrbasak: I know that I can use ulimit -v. I just get tired of finding out where and how to make this happen.10:28
rbasaka_ok: looks like upstart has a "limit" keyword10:29
a_okI know there is limits.conf. that requires a lot of messing with pam files to get it to work on services. If at all possible I do not want to hack upstart scripts10:29
rbasakhttp://upstart.ubuntu.com/cookbook/#limit10:29
a_okrbasak: ok that looks like the most elegant solution untill an upgrade comes along10:29
rbasakWell, a service startup script would be the right place to configure this kind of thing if a daemon itself cannot do it.10:30
rbasakWith systemd, it's essentially in the same place, just a different syntax.10:30
rbasak(and a different override mechanism)10:30
rbasaka_ok: http://upstart.ubuntu.com/cookbook/#override-files10:30
a_okrbasak: thanks that will help (a lot actually)10:30
a_okrbasak: that was the whole reason I was looking into cgroups. there seems to be a cgred deamon that should be able to place my processes in cgroups on the fly but it feels like swatting at mosquito with a boulder.10:32
Deepshi guys, just installed ubuntu server 14.04 lts, during the install it asked me if i wanted to encrypt my homedir, which i dutifully agreed too, and then after that got an option for partitioning disks and setting up an encrypted lvm. if this is a single user system (me), is there any benefit to having an encrypted homedir if the rest of the system partition is also encrypted?12:20
=== admcleod1 is now known as admcleod
lukesoftGuys i just installed ubuntu server, and at some point during installation is asked me what i would like to install, and there was like 6 options including DNS server, Samba etc…….without knowledge i installed just the first one……and i am not sure if its exactly what i need, how do i go back to that option12:23
rbasakDeeps: one benefit is that nobody can access the data in the encrypted homedir when it is not unlocked, for example if nobody is logged in. Probably makes no difference for a server. I don't do it, relying on full disk encryption only, on both desktops and servers.12:27
Deepsrbasak: cool thakns, thats what i thought, and was already reinstalling it without encrypted homedir :>12:27
rbasaklukesoft: I think the program you want is called "tasksel". But it's just a set of preselected packages. You can just install what you need without that.12:27
rbasakkirkland: ^^ I wonder if we can avoid prompting for encrypted homedir on the server ISO? Seems misleading to me.12:29
rbasakNot sure how we'd achieve that technically mind.12:29
lukesoftrbasak: Thanks, I thot i did something wrong12:29
=== n00p is now known as naise
Deepsfresh install of ubuntu server from 14.04.4 iso, on first boot: updates are available to install12:44
Deepsfeels a bit like windows12:44
Deepswould be cool if it had an option to install newest packages from net during install time12:45
WalexDeeps: updates happen pretty frequently....12:45
DeepsWalex: yep, not saying that the iso should be updated every time, but that it could fetch updated packages during install time12:46
WalexDeeps: and some people for whatever odd reasons of their insist on being on an *exact* point release, even if it is largely meaningless12:46
DeepsWalex: those people dont care about kernel vuln updates? openssl updates?12:46
DeepsWalex: also note, 'option', covers those people12:46
Deepsfwiw i'm coming from using debian netinst as standard, so i'm used to installing and having an up to date system immediately12:47
Deepsjust an idea12:47
WalexDeeps: the updates happen IIRC if you do a network install rather than from-ISO12:47
Deepsgotcha12:47
Deepsso i used the wrong installer12:47
* Deeps finds the right one12:47
rbasakDeeps: I agree, it would be nice if the even the main ISO installer did what you said when network connected. I'm not sure why it doesn't.12:49
lukesoft_I have ubuntu 15 desktop, and a wireless router (TP-LINK WR740N)...I am need to redirect everyone who connects to the wireless access point to my custom php page running on my apache webserver on the ubuntu box......Where do i start?14:19
lukesoft_<lukesoft_> I do not need to authenticate people or anything like that14:19
lukesoft_I have ubuntu 15 desktop, and a wireless router (TP-LINK WR740N)...I need to redirect everyone who connects to the wireless access point to my custom php page running on my apache webserver on the ubuntu box......Where do i start?14:19
lukesoft_ I do not need to authenticate people or anything like that14:20
trippehI had to mask 99-default.link to get /etc/systemd/networkd/*.link to work, that doesnt seem right14:30
trippeh(16.04)14:30
trippeherr, /etc/systemd/network14:31
trippehah, hum, ordering..14:38
velusunivers-syswhat would glibc be under in ubntu in the aptget14:48
Picivelusunivers-sys: the source package?14:53
Picivelusunivers-sys: the source pacakge is eglibc on 12.04 and 14.04, glibc on other supported releases.  libc6 itself is installed by default.14:55
kirklandrbasak: that's fine15:01
kirklandrbasak: you're welcome to patch that out15:01
velusunivers-sysbrain fart here, how do i use tar to untar a file?15:58
velusunivers-sysa tar.bz15:58
qman__tar xjf archive.tar.bz215:58
velusunivers-syscan i do a wildcard for it i.e tar xjf *.tar.bz215:59
velusunivers-sysand same for .gz and such15:59
lordievaderI would do that in a loop, your shell expands the *, not tar.16:01
ddellavcoreycb oslo-messaging has been fixed. My changes are in the ubuntu/mitaka branch16:03
rbasakecho *.tar.bz2|xargs -n1 tar xjf16:03
rbasakxargs will call "tar xjf <file>" for each thing that is piped in.16:04
rbasakI hear that newer tar doesn't require the decompression specifier any more as it autodetects. Not tried it though and don't know when it happened.16:05
sdezielindeed, tar xf will figure it out16:05
coreycbddellav, thanks I"ll take a look shortly16:05
velusunivers-sysso how would i do that then?16:05
ddellavyea, it's nice. tar xf will auto detect. Not sure if it's based on the file extension or not.16:06
rbasakecho *.tar.{bz2,gz}|xargs -n1 tar xf16:06
velusunivers-sysok just done echo *.tar.bz2|xargs -n1 tar xjf and im waiting to see if it works now16:06
velusunivers-syswhat about xz16:06
rbasakecho *.tar.{bz2,gz,xz}|xargs -n1 tar xf16:06
rbasakAlso .tgz is a common extension16:07
rbasakecho *.{tar.{bz2,gz,xz},tgz}|xargs -n1 tar xf16:07
rbasakYou get the idea ;)16:07
velusunivers-sysand what about .patch?16:08
rbasakPatch files can't be unpacked, only applied.16:08
velusunivers-sysok16:08
velusunivers-sysand if i wanted to rmoves all tars and not the actual folders i.e archive.tar.gz archive2.tar.xz .... but keep /archive /archive2 ... how would i remove it16:10
rbasakUse rm. Spend some time understanding how the commands above work and you should be able to figure it out.16:11
lordievadervelusunivers-sys: Also read up on regular expressions.16:11
velusunivers-syswould i do something like echo *.tar.{bz2,gz}|xargs -nl rm ?16:12
lordievadervelusunivers-sys: 'rm *.{tar.{bz2,gz},tgz}' would do the trick.16:13
coreycbddellav, all the clients are at the latest release for mitaka, just need the python-positional MIR16:13
velusunivers-sysok16:14
velusunivers-sysi did as above what i said and that worked16:14
coreycbddellav, I skipped that test for ceilometer and opened a bug upstream16:14
ddellav ok, im running through all the checklists so i dont miss anything.16:14
ddellavcoreycb ah ok, good to know16:14
=== unreal_ is now known as unreal
dannymichelwhat error logs can i look at to troubleshoot 502 bad gateway? nginx error log is  giving me nothing17:09
tewarddannymichel: there's any of a billion potential causes of the error17:10
tewarddannymichel: what's your backend that you're trying to reach to?  PHP?  Passenger?  Another web service on an internally-listening-only port?17:10
dannymichelit happened after The following NEW packages will be installed: php-apc php5-apcu php5-common php5-json17:11
tewarddannymichel: what OS?17:11
tewardor rather what version of Ubuntu17:11
dannymicheljust ried installing apc using apt-get17:11
dannymichel1417:11
tewarddannymichel: check the PHP configuration then - determine where it's set up to listen on, then point NGINX to that for the proxy_pass or however you reach out to PHP17:12
dannymichelok17:12
tewardalso without your configs I can't tell if you disable error logging or not for that site;17:12
tewardor whether your errors go to other logs, etc.17:12
tewardbut start by checking if the following are true:17:12
teward(1) php is listening17:13
teward(2) php is listening where nginx is trying to send to it17:13
teward(3) nginx is configured to use the correct listening location for wherever PHP is listening (could be a local UNIX socket, could be a local TCP socket)17:13
dannymichelok thanks17:13
tewardi.e. if your proxy_pass goes to 127.0.0.1:9987 then you need to make sure the php backend process is listening there :)17:13
tewardyou're welcome17:14
dannymichelok thanks again17:14
maswanSling: btw, my drbd stuff, it turns out it was the network buffers I needed to bump, like in http://lists.linbit.com/pipermail/drbd-user/2016-January/022611.html17:16
maswanbut it took a while to figure out that the way to do this in order to take for my deployment was: drbd:net-custom="--max-buffers 36k --sndbuf-size 1024k --rcvbuf-size 2048k17:16
maswanand that changing it with drbdsetup during a resync doesn't affect that resync either17:16
linuxlovehello17:29
linuxlovei am going to grant permission to a user for upload files on /var/www/html how can i do that?17:30
Siilwyn__Hi there folks. I made a new SSH key, added it to my server then deleted the 'old' ssh key by editing the 'authorized_keys' file. But I'm still able to login to my server with the old SSH key, how is that possible?17:32
linuxlovei am going to grant permission to a user for upload files on /var/www/html how can i do that?17:32
linuxlovehow can i just access to one directory /var/www/html ?17:34
Siilwyn__linuxlove, add a new user on your system. Then make that user the owner (or add the user to a certain group) of the directory with `chown`. Then change user permissions to be able to write with `chmod`.17:34
Norbinunattended ubuntu 14.04.4 installation just hangs. any debugging that can be done somehow to understand where it's stuck?17:35
Norbindid some minor changes, followed instructions as on the official guide / forums17:35
linuxloveSiilwyn__, do i create group named webcontent?17:35
linuxlovei have created a user17:35
linuxloveSiilwyn__, groupadd webcontent17:37
linuxlove?17:37
linuxloveSiilwyn__, then how can i assign that directory to this group could you say please?17:38
linuxlovei have created a group named webcontent how can i assign accessing to /var/www/html to members of this group ?17:43
linuxloveomg17:43
linuxloveit seems this channel is empty17:43
Siilwyn__patience is a virtue17:51
Siilwyn__don't expect people to respond right away at an IRC channel, people are helping others here out of goodwill17:51
Siilwyn__anyway linuxlove checkout `man chown`17:52
Siilwyn__you can assign a group with that command17:52
linuxloveSiilwyn__, if i assign user to web-data group can he write on /var/www/html?17:55
Siilwyn__linuxlove, if the directory has that group as an owner and the group permissions have write. then yes17:57
* Siilwyn__ brb. going to eat17:57
BillAtChem402Hi.  I've got a 'trusty' ubu-server installed.  I'm looking for the latest openssl updates in response to the 'DROWN' vulnerability.  an apt-get update finds nothing afaict.  What repo do I need in sources.list to get the update?17:59
Pici/50/5018:08
linuxloveSiilwyn__, are you there18:11
linuxloveSiilwyn__, i used  usermod -aG www-data user but user cant write to var/www/html what should i do?18:13
nacc_BillAtChem402: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0800.html ?18:13
nacc_BillAtChem402: if i understand, correctly18:13
linuxloveSiilwyn__, when i use sudo chmod 640 user i  get this error that user is not  in sudo file18:13
Siilwyn__BillAtChem402, you don't need to update your openssl. All you need to do is configure your ssl to not fallback to old versions.18:14
DeepsBillAtChem402: you may find you've got automatic security updates enabled, and thus, the latest package has already been supplied18:14
linuxlovehow can i grant write permission to that user ?18:14
Siilwyn__linuxlove, what does ls -A tell you about the permissions?18:15
BillAtChem402nacc_: Yep, that looks like the one.  Siilwyn__ Interesting.  How do I prevent fallback?  Deeps 'automatic' is more than just having security repos in source.list?18:15
linuxlovels -A?18:16
DeepsBillAtChem402: yeah, ubuntu has an automatic security updates option which you can enable at install time (and toggle some how later on i assume). either way, ubuntu like debian wasn't affected by DROWN, as debian compiles openssl without sslv2 support18:16
linuxloveSiilwyn__, ls -A /var/www/html?18:17
DeepsBillAtChem402: https://help.ubuntu.com/lts/serverguide/automatic-updates.html18:17
BillAtChem402Deeps: yep, just found it ... already there. thx.18:17
Siilwyn__linuxlove, no just `ls -A` in the parent directory18:17
Siilwyn__BillAtChem402, that depends on what you're using SSL for. I'm guessing HTTPS?18:18
linuxloveSiilwyn__, i just see my files in output of ls -A in terminal and i see no thing for permissions18:19
Siilwyn__oh snap18:19
BillAtChem402Siilwyn__: Mail server , VPN & web/https .  Are you talking about preventing the fallbacks is those apps' configs?  If so, that's already taken care of.18:19
linuxloveSiilwyn__, ls -l say about permissions18:19
Siilwyn__linuxlove, I meant `ls -l`18:19
Siilwyn__indeed18:20
linuxloveSiilwyn__, how can i add my user to sudoers?18:20
Siilwyn__BillAtChem402, that's what I was talking about. That's all you gotta do, as long as your services don't fallback to the old SSL there is nothing wrong.18:21
BillAtChem402Siilwyn__: Ok. I thought that I also had to do something ubu-server-wide , too.  Sounds likes I'm set.  And I do have auto-updates on for security ....18:22
linuxloveSiilwyn__, i get this error cp /home/mohsen/web.xml /var/www/html/18:26
linuxlovecp: cannot create regular file ‘/var/www/html/web.xml’: Permission denied18:26
Siilwyn__linuxlove, that is something wildly different18:26
Siilwyn__I take that back, ;d18:27
linuxloveSiilwyn__, how can i assigh him write permission to just /var/www/html while he is not in sudoers18:27
Siilwyn__could you `ls -l` and send the line of results for that directory here?18:28
BillAtChem402Thx!18:28
* Siilwyn__ for example: drwx------ 2 pancake pancake 4096 Aug 25 2015 .docker18:28
ogra_damn ... i knew i shouldnt have clicked on this channel ... hungry now18:29
* ogra_ goes to find some pancake18:29
Siilwyn__^^18:29
linuxlove ls -l /var/www/html/18:31
linuxlovetotal 3218:31
linuxlove-rw-r--r-- 1 root root    21 Jan 24 07:50 a.html18:31
linuxlove-rw-r--r-- 1 root root    84 Feb 29 08:45 index.html18:31
linuxlove-rw-r--r-- 1 root root    81 Feb 29 08:41 index.html~18:31
linuxlovedrwxr-xr-x 3 root root  4096 Feb 29 15:51 PhpProject118:31
linuxlove-rw-r--r-- 1 root root 12840 Feb 25 13:15 README.FIRST18:31
nacc_linuxlove: please use pastebin18:34
Siilwyn__linuxlove, now I would like to know that but only for the html directory18:34
Siilwyn__nacc_, he only needed to send one line though. ;P18:34
nacc_Siilwyn__: fair enough ... they are also asking the same question on #ubuntu, fwiw18:34
linuxloveSiilwyn__, are you there?18:35
linuxlovenacc_, it doesnt make sence18:35
Siilwyn__nacc_, yeah linuxlove is also pm'ing me for no reason.18:35
=== PaulePanter is now known as PaulePanetr
=== PaulePanetr is now known as PaulePanter
linuxlovenacc_, we are here to help18:35
linuxloveSiilwyn__, it is for no reason?18:35
sarnoldmm pancakes18:35
linuxloveSiilwyn__, how can i know that for just one directory?18:36
Siilwyn__by reading what I ask you. -_-18:36
nacc_linuxlove: ls -l /var/www/html18:37
nacc_no trailing /18:37
Siilwyn__> "send the line"18:37
sarnoldnacc_: itym ls -ld18:37
nacc_sarnold: i was just quoting Siilwyn__ :)18:37
nacc_sarnold: i think you're right, though18:38
linuxlove-ld /var/www/html/18:38
linuxlovedrwxr-xr-x 3 root root 4096 Feb 29 08:45 /var/www/html/18:38
linuxlovenacc_, you are just need to learn more i think instead of look for my questions in ubuntu also18:39
linuxloveSiilwyn__, if your purpose is help just tell me what should i do ?18:40
linuxloveand i am Pm`ing you with no reason say me to leave here18:40
nacc_linuxlove: i don't know what you're saying, but I think Siilwyn__ is helping you18:41
linuxlovei am not here with no reason18:41
* genii makes more coffee18:41
nacc_linuxlove: it's considered bad etiquette to PM someone if you are already asking questions publicly. That's like spamming.18:42
linuxloveit is hard for members from ubuntu-server to help me to grant write permission to a special directory18:42
hallynsmb: if you're looking at another libvirt merge, also consider bug 155224118:42
ubottubug 1552241 in libvirt (Ubuntu) "libvirt-bin apparmor settings for usb host device" [Undecided,Incomplete] https://launchpad.net/bugs/155224118:42
linuxloveSiilwyn__, excuse me for calling you18:43
linuxlovehave a good time18:43
geniiI think I'd probably do userdirs on apache instead of mucking with permissions/ownership stuff directly under /var/www18:44
nacc_linuxlove: i think you have a few options (if you can't decide which is best, then I think you need to take a step back and consider googling around): 1) allow everyone to write to that directory (chmod o+w); create a special group, add users to that group as needed, and chgrp a directory; or use userdirs as they are intended by apache18:45
linuxlovemy friend is going to upload files to /var/www/html with rsync command from his terminal18:46
coreycbddellav, oslo.messaging uploaded, thanks for the merge!18:46
ddellavcoreycb yay finally :)18:46
linuxlovei created user named mohsen for him18:47
linuxloveand i assigned him to www-data group18:47
linuxloveplease tell me what i the best solution for me at moment18:48
Siilwyn__nacc_, may I bother you with a question? nobody at #linux seems to know the answer... I made a new SSH key, added it to my server then deleted the 'old' ssh key by editing the 'authorized_keys' file. But I'm still able to login to my server with the old SSH key, how is that possible? I already restarted the ssh service.18:49
sarnoldSiilwyn__: o_O that's very odd18:50
linuxlovein this output ls -ld /var/www/html/18:50
linuxlovedrwxr-xr-x 3 root root 4096 Feb 29 08:45 /var/www/html/18:50
nacc_is it possible there is an ssh agent caching something?18:50
Siilwyn__sarnold, yeah I know right. I'm pretty worried atm. about what could be wrong18:50
linuxlovehow can i add mohsen beside root also18:51
sarnoldSiilwyn__: is this machine online atm? I wonder if it's allowing -any- key or something similar18:51
nacc_Siilwyn__: ssh -vvv might tell you more, too, not positive18:52
linuxlovethanks friend it seems nobody want to help me18:52
linuxlovei got a new concept of help18:52
sarnoldlinuxlove: I don't think you're asking questions that have answers. try this: http://www.catb.org/esr/faqs/smart-questions.html18:52
nacc_linuxlove: and you were given 2 answers already ...18:53
linuxlovenacc_, i am new to linux18:53
Siilwyn__nacc_, what is `ssh -vvv` supposed to do? For me it just displays the help text.18:53
linuxlovenacc_, you cant tell me what should i do in terminal?18:53
nacc_Siilwyn__: sorry, as part of the command ... e.g. ssh -vvv remote_server18:53
Siilwyn__nacc_, sarnold just tried it with a newly generated ssh key and that worked too 0.0  maybe it is indeed my ssh agent doing weird things18:53
sarnoldSiilwyn__: I wouldn't expect your agent to be involved -- that was my initial fear, too..18:54
linuxlovea guy yesterday was here and he could understand what does it mean new to linux18:54
nacc_linuxlove: i don't think it's a good idea to just tell you what to do, as you're liable to make your server vulnerable to security issues. I think you should educate yourself on users, groups, and permissions. And then you can decide what makes the most sense for your setup.18:55
linuxlovenacc_, i put mohsen in sudoers file18:55
nacc_linuxlove: why would you do that?18:56
linuxlovenacc_, i couldnt get a good help from here18:56
linuxlovenacc_, i do that because my friend is waiting for uploading18:56
Siilwyn__linuxlove, add a new user on your system. Then make that user the owner (or add the user to a certain group) of the directory with `chown`. Then change user permissions to be able to write with `chmod`.18:57
Siilwyn__^ I told you this before, do this for the /var/www/html directory18:57
nacc_linuxlove: also, in any case, this has little to nothing to do with server itself; you did ask on #ubuntu, I believe, and were being helped, but you didn't like their answers either (that's my reading of what happened, at least).18:57
linuxlovei created user and i assigned him to www-data wasnt it useful for me?18:58
nacc_linuxlove: does that group have permissions for the directory in question?18:59
Siilwyn__nacc_, no it doesn't. it it owned by root:root18:59
Siilwyn__already told him18:59
nacc_Siilwyn__: I know, I want linuxlove to understand this18:59
linuxloveSiilwyn__, i created a webcontent group18:59
Siilwyn__whoops, okay. Got a bit to fast in my response18:59
linuxlovehey guys18:59
Siilwyn__nacc_, anything particular I should look for in the output of `ssh -vvv`?19:00
linuxloveexcuse me for my less knowledge19:00
linuxloveplease be patient about me19:00
nacc_Siilwyn__: i'm just curious what it says for how it authenticated, which key it chose to use19:00
nacc_sarnold may be more helpful debugging it, tbh, but you can pastebin the output if you'd like19:01
sarnoldSiilwyn__: it's hard to describe; can you ssh to another server that will reject you? (sarnold.org ought to reject you..)19:01
linuxlovei created a webcontent group which command in terminal will help me to put this group owner of /var/www/html ?19:01
sarnoldSiilwyn__: comparing the two outputs may help you spot the issue if you don't want to pastebin the output19:01
nacc_sarnold: good point19:01
nacc_linuxlove: chgrp19:02
nacc_linuxlove: or chown19:02
nacc_linuxlove: as Siilwyn__ told you earlier19:02
linuxlovenacc_, chgrp webcontent /var/www/html?19:02
Siilwyn__sarnold, it's asking for your user's password. (maybe you know that already) but I would disable password-based auth if I were you19:02
linuxlovei need to do that step by step19:03
nacc_linuxlove: that will make group webcontent the group owner of /var/www/html, yes19:03
sarnoldSiilwyn__: hah, I hadn't realized. it's a hosted instance, I've got no actual administrative control over it.. doing something better has been on my todo list for ages :)19:04
sarnoldSiilwyn__: thanks :D19:04
Siilwyn__:D no problem, I was hoping that was the case for you19:05
linuxlovei did that19:05
Siilwyn__sarnold, found this in the `ssh -vvv` response: "Could not load "/home/siilwyn/.ssh/randomnewkey.pub" as a RSA1 public key"19:06
linuxlovehello19:08
linuxlovels -ld /var/www/html/19:08
linuxlovedrwxr-xr-x 3 root webcontent 4096 Feb 29 08:45 /var/www/html/19:08
sarnoldlinuxlove: nice; now chmod 02775 /var/www/html  -- that will enable the setgid bit on the directory, which will cause all new files and directories created there to inherit the group19:10
Siilwyn__sarnold, nacc_ I really don't know what I should look for, not even sure which key it is using would you mind looking into the log: https://gist.github.com/Siilwyn/114e18c70cd19d50dc2619:11
Siilwyn__sarnold, props for the setgid bit!19:11
sarnoldSiilwyn__: jeezae you had me terrified when I saw this: debug1: Server host key: ECDSA 01:02:03:04:0519:12
sarnoldSiilwyn__: .. but then I noticed the IPs also looked funny. hah. ;)19:12
Siilwyn__;D yeah not sure if that was needed but I thought posting my ports and fingerprints on internet might not be very smart19:13
linuxlovehey guys19:13
linuxlovei did that19:13
linuxloveexcuse me that i bothered you19:13
linuxloveyou are great guys19:13
sarnoldlinuxlove: does creating a new file in that directory show the correct user:group?19:13
linuxlovemy friend is uploading with rsync now19:14
sarnoldSiilwyn__: I _think_ the trustytitan key was accepted; check again the ~/.ssh/authorized_keys?19:14
* Siilwyn__ loves happy endings, *sniff* what an happy ending.19:14
sarnoldSiilwyn__: hehe19:14
sarnoldSiilwyn__: (and just to make sure.. you're checking and changing onthe -server- side, right? please don't hit me..)19:15
linuxlovesarnold, ls -ld /var/www/html/web.xml19:15
linuxlove-rw-r--r-- 1 mohsen webcontent 1230 Mar  2 14:12 /var/www/html/web.xml19:15
Siilwyn__haha yeah serverside ;p otherwise that would be the ultimate fail19:15
linuxloveSiilwyn__, thanks19:15
sarnoldlinuxlove: nice. he may want to change umask setting to 0200 instead of 0220 but it otherwise looks promising19:15
sarnoldSiilwyn__: okay, sorry, just have to check .. :)19:16
Siilwyn__no problem, it's always good to check the most basic things first.19:16
Siilwyn__sarnold, authorized_keys still only showing one key19:16
linuxlovesarnold, you exactly understand what does it mean new to linux19:16
sarnoldSiilwyn__: time to grab server logs :/ does anything show up?19:17
linuxlovehey guys19:17
sarnoldSiilwyn__: it is slightly reassuring that it didhn't just accept you o nthe first one..19:17
linuxlovegood nigh19:17
linuxlovethanks for help19:17
sarnoldlinuxlove: yeah, I _loved_ being new to linux.. so much to learn, so much to read :)19:17
sarnoldlinuxlove: it's grown a bit since then of course..19:18
sarnoldlinuxlove: have fun19:18
linuxlovenacc_, really thnks for step by step helping19:18
Siilwyn__g'night!19:18
linuxlovesarnold, you are great19:18
sarnoldlinuxlove: my hint for the day: read those manpages. they are worth their weight in gold :)19:18
linuxloveSiilwyn__, good night really thanks19:18
linuxlovesarnold, you are right19:19
Siilwyn__sarnold, all auths in the sshd (with the old and new key) have the same RSA.19:19
linuxlovebut i am weak at english19:19
linuxlovei love you alll19:20
Siilwyn__<319:20
linuxloveif someone can introduce me a book for website administrator please tell me19:21
linuxlovei am on a ubuntu15.1019:21
Siilwyn__in the sshd log it first shows a 'postponed publickey ... ssh2 [preauth]' then 'accepted publickey ... RSA <same fingerprint for all requests>' pretty nothing else going on in the log19:22
geniilinuxlove: https://help.ubuntu.com/lts/serverguide/ is the most current guide for Ubuntu Server19:23
linuxlovegenii, thanks19:24
Siilwyn__sarnold, shall I pm you my server info so you can try to login? I'm afraid it accepts every ssh key atm...19:25
sarnoldSiilwyn__: sure19:26
Siilwyn__wait a sec.19:26
Siilwyn__just discovered that if I change the user it rejects me19:26
sarnoldpfew, mine's rejected :)19:29
=== IdleOne- is now known as IdleOne
Siilwyn__okay I think I have been stupid, seems like the ssh process on my laptop has been running all this time. can't kill it though19:37
Siilwyn__:|19:40
Siilwyn__I guess I'll look into it further tomorrow, have been trying for the last 4 hours. Driving me insane19:41
sarnoldSiilwyn__: ugh; good luck, please do let me know if you remember when you sort it out :)19:42
Siilwyn__sarnold, I will! thank you for reassuring me the server isn't open to everybody.19:44
sarnoldyeah, that's very reassuring :) from crisis to curiosity...19:44
Siilwyn__haha that was it felt like yes19:45
coreycbddellav, oslo.versionedobjects uploaded.  we should be ok on all the clients and oslos now for B3.20:55
beisnercoreycb, promoted aodh 2.0.0~b2-2ubuntu2~cloud0 from staging to proposed for the mitaka cloud archive20:57
coreycbbeisner, thanks!20:57
beisnercoreycb, yw20:57
dasjoeMay libvirt 1.3.2 make it into xenial?21:06
nacc_dasjoe: not sure, but it seems unlikely, as a 1.3.1-1ubuntu4 was just put out yesterday and we're in FF. When did 1.3.2 release?21:09
dasjoenacc_: yesterday21:10
nacc_dasjoe: then ... no21:10
nacc_dasjoe: i'd think21:10
nacc_debian hasn't packaged it yet,either (even in experimental)21:10
dasjoenacc_: it'd be nice, as ZFS became a first-class filesystem and libvirt 1.3.2 brings ZFS support21:10
dasjoe(libvirt had ZFS support for a while, 1.3.2 just enabled it on Linux)21:11
dasjoeHere's the relevant diff: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=82f17fbe68d3204932e72296fe07fd416aa8f9fc;hp=c94f6d4dff41b97f603738b6e749900eb83d19b221:11
sarnolddasjoe: oh is libvirt already patched up to zfs on linux?21:17
sarnolddasjoe: man that'd be wonderful to not hot-patch :)21:17
BrandonG777so i'm trying to setup the apache pwauth module and everything seems to work fine except it's throwing failed to open /var/lib/samba/private/secrets.tdb. even after giving read access to everyone and restarting apache it's still throwing that error21:32
sarnoldwhat error message do you get? do you get better error messages elsewhere in logs?21:34
BrandonG777all i get is Failed to open /var/lib/samba/private/secrets.tdb from /var/log/apache/error.log21:34
sarnoldI hate stupid programs that don't include the actual error message.21:35
sarnoldBrandonG777: check dmesg or auditd logs for DENIED entries from apparmor perhaps?21:36
BrandonG777dmesg is doesn't have any mention of pwauth or apache or anything else related. i believe i disabled apparmor21:37
BrandonG777or not, shows installed :/21:37
BrandonG777is there a log or anything for apparmor?21:39
sarnoldBrandonG777: /var/log/syslog or /var/log/audit/audit.log (if you installed auditd)21:42
BrandonG777found it...21:43
BrandonG777from auth.log21:43
BrandonG777Mar  2 15:42:17 Veyron pwauth: pam_smbpass(pwauth:auth): Cannot access samba password database, not running as root.21:43
=== utlemmin` is now known as utlemming
BrandonG777now i'm even more confused, i thought apache ran as root but maybe it's not spawning as the apache user?21:45
sarnoldapache keeps a scoreboard process as root but all the workers that handle web traffic run as www-data or something similar21:47
BrandonG777yeah i even chgrp the secrets.tdb to www-data and gave appropriate permissions but still no love21:48
sarnoldthat's not an OS-provided error message, I suspect they don't even try21:49
sarnoldthere's probably a stupid if (geteuid() != 0) error(hurr durr not root!) check in the code21:50
BrandonG777that's from pwauth correct? not pam?21:51
sarnoldprobably21:51
BrandonG777i would think chgrp www-data secrets.tdb and chmod g+r would fix this...21:55
BrandonG777i wish i could just turn off the samba portion i dont even need it :/21:56
sarnoldhah there it is http://sources.debian.net/src/samba/2:4.3.3%2Bdfsg-2/source3/pam_smbpass/pam_smb_auth.c/#L11622:01
BrandonG777yeah i was looking at pam but i dont want to turn it off because i want the samba and system passwords to sync22:03
sarnoldhow is this thing being kicked off by apache?22:03
tarpmanif you have the initial migration finished already (everyone's passwords have been synced once), you could remove smbpass from the auth stack, and just leave it in the passwd stack for future password changes22:04
BrandonG777it's just a auth_module22:04
sarnoldtarpman: ooo22:04
tarpmanno idea what pam-auth-update would think of that22:04
BrandonG777anyone know of an easier way to authenticate apache logins with system users?22:05
BrandonG777AddExternalAuth pwauth /usr/sbin/pwauth22:06
BrandonG777SetExternalAuthMethod pwauth pipe22:06
BrandonG777that's how i'm calling it from my apache config22:06
tarpmanhuh, I thought there was a mod_pam_auth or such for apache? of course it would have the same problem22:07
BrandonG777discontinued in favor of this turd i think22:07
sarnoldbut they may not hardcode a geteuid() != 0 check22:07
BrandonG777gotta run and pick up my kiddo but i'll be availabe via my bouncer if anyone has any ideas, just mention my nick22:08
tarpmansarnold: same problem -> if the check in question is inside pam_smbpass, which it sounds like it is22:08
=== ^King is now known as King
=== laurent__ is now known as lau
=== Azelphur is now known as AzeIphur
=== AzeIphur is now known as Azelphur

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!