[00:33] but is there anyway to actually know what shell is being used? [00:35] arooni: sure, check crontab(5) and see that it says /bin/sh is used :) [00:36] ok my bad; i shoulda rtfmd [07:45] who know how to reach roundcube? [07:45] I did sudo apt-get install roundcube [07:46] and go to this url kselax.ru/roundcube and can't reach [07:48] define "can't reach" [07:58] ikonia: can't access roundcube [07:58] http://kselax.ru/roundcube/ [07:58] now good it shows error 500, before didn't work at all [07:59] this instruction https://help.ubuntu.com/community/Roundcube [08:01] I forgot where to watch errors for web server [08:04] /var/log/ [08:08] ikonia: https://91.227.18.36/info.php [08:08] php doesn't show errors by default [08:08] and apache log file I removed everything from there and it doesn't show errors also [08:09] apache log here /var/log/apache2/error.log [08:09] I need put php log in the same file for easier look logs [08:09] better when all logs in the same file [08:10] php logs just fine [08:13] ikonia: default it off [08:19] it will log in the apache error log the core problem of a 500 [08:26] ikonia: php hasn't errors, and apache also [08:28] pretty such if you're getting an error 500 one of them will be erroring [08:30] now works, [08:30] might it was cache [08:31] I watch log in vim [08:31] vim won't update real time [08:32] ikonia: yes, there might exists cache [08:32] who can update? [08:32] not cache [08:32] error https://paste.ubuntu.com/p/zsd33dcyHM/ [08:32] ikonia: buffer [08:32] it's just not a real time tool [08:32] it's not a buffer [08:32] it's not a real time tool [08:33] in vim all files open and put to buffer [08:33] it opens what is there at that moment in time [08:33] it's not a buffer [08:37] I changed user for apache from www-data to neo [08:38] ok, I see it doesn't work properly, better way install roundcube it's load on server files and put to separated folder like I before doing [08:38] automatically it impossible something customize [08:39] using sudo apt-get [08:39] drwxr-x--- 2 www-data adm 4096 Apr 6 2016 roundcube/ [08:40] my user neo can't write there [08:40] for apache2 more useful to have main user user which is load files to server [08:41] I don't want www-data [08:41] you need to use www-data [08:41] it is the correct way to use the permissions model [08:41] ikonia: why? How I will load files on server using ftp? I will always care about permission [08:41] ok, then you do that [08:41] no-one else will [08:42] correct, but not useful, after each load I need change my neo to www-data [08:42] that's because your approach is wrong [08:42] ikonia: no, with neo like apache user I load files and not ot change permission [08:43] this approach works, I read about in one book [08:43] we can change user for apache [08:43] then why are you having problems if this process works ? [08:44] ikonia: because I installed roundcube by default using ' apt-get install roundcube', and it uses www-data, and might some folders don't have needed permission for my user neo [08:44] did you see this log file [08:44] drwxr-x--- 2 www-data adm 4096 Apr 6 2016 roundcube/ [08:44] so your process is broken with all standard packages / permissions model [08:44] rwx r x, my neo can't do there nothing [08:45] roundcube is a webmail client why would you manually need to upload anything into that directory [08:45] ikonia: if I use www-data, how I will load my files on server using filezila? [08:45] why would you need to load any files into the roundcube web root [08:46] ikonia: roundcube is usual php application and we can easy set up it loading on server [08:46] right, you don't need to upload anything if you do apt-get install roundcube [08:46] so you don't need "file zilla to upload" anything [08:47] ikonia: but permission, did you see? Roundcube has been installed in a few folders, and my neo can't rich that, from this might errors [08:47] ikonia: which model do you use/ [08:48] ? [08:48] www-data is your apache2 user? [08:48] Then say how you load php files to your server using your own user. it' impossible without changing permission on file always [08:49] Neo4: you don't need to access roundcube folders [08:49] there is nothing to upload [08:51] i load some file file.php to server and it wil have 664 rights and user neo grop neo. www-data can't reach it [08:52] ikonia: no, I need, in those folder could be needed files for roundcube could work [08:53] when apache2 run roundcube he see in config folders where it placed, and go to this folders to include files and it can't, that's why I got error 500 [08:53] ok, I temporarely change user on www-data and will see what happen [08:54] Neo4: there is nothing you need [08:54] Neo4: you apt-get install roundcube - it puts all you need in place [08:54] there is no need for you to upload anything [08:54] you are making a problem where one doens't exist [08:54] you changing the permissions is breaking things [08:54] there is no need to change the permissions [08:54] ikonia: see http://kselax.ru/roundcube/ [08:55] I dont need to see that [08:55] www-data works, but I want neo [08:55] why [08:55] why do you want "neo" [08:56] ikonia: reason in uploading files to server, see when I neo and connected to server using FileZila, load there files, which atribute will have this file? [08:56] user: neo [08:56] grop: neo [08:56] permission 644 [08:56] standard permission for directory 755 for files 644 [08:56] you don't have to upload files to the roundcube directory [08:56] so you don't need to change the permissions at all [08:56] and could www-data read my file? No [08:57] you have zero reasons to upload files for roundcube [08:57] so you have zero reasons to want the user neo to own them [08:57] ikonia: for roundcube I don't, but I need for virtual hosts [08:57] so you have zero reason to change the permissions [08:57] Neo4: right, so don't impact round cube with your other virtual host problem [08:58] before I have a few tests servers where I upload wordpress and other applicatiosn. if user www-data I will alway change permission [08:58] then you are silly [08:58] add my neo to group www-data [08:58] as that is the correct permissions model [08:58] ikonia: model correct, but difficult work with server in real time [08:58] no it's not [08:58] everyone else in the world manages just fine [09:00] ikonia: no, right, I want to modify file, I open it using FileZila, file download to my computer and went to editor, after modifying I load it back and it now not to belong www-data [09:00] ikonia: and I must again connect to server using console and change file atributes, [09:01] as I said your model is wrong [09:01] ikonia: why wrong? [09:01] because it doesn't work [09:02] Why apache2 have this opertunity to change user? It might made specially for this case [09:02] sorry, I don't understand your last question [09:02] could you try to explain it again please [09:02] ikonia: no, if I do apache2 user neo then all works perfactlly [09:02] right, but nothing else works [09:02] as you've just found with roundcube [09:02] because you've broken the correct permissions model [09:02] ikonia: I load files they are neo:neo and apache also neo user, and everything don't have errors [09:03] ikonia: automatically installation doesn't works only [09:03] it's pointless to discuss this [09:03] correct, it won't work - because it uses the correct standard permisisons, which you've broken [09:03] ikonia: before I installing roundcube and squirelmal copying them to server by ftp [09:03] so your workflow breaks everything else [09:03] so because you don't understand the permission model, you're breaking things [09:04] which is fine, if you want to overrirde the standard permissions model, do it, but don't expect help with your custom workflow approach [09:05] ikonia: well, see what I think, phpmyadmin works, nevertheless I installed it by using apt-get install, it means there something could have www-data user, I think about run some command that will scan all folders and change www-data to neo. [09:05] you're incorrect [09:05] is it possible? This would be entrance [09:06] but you seem unable to understand why, so just carry on [09:06] ikonia: ok what do you offer? [09:06] change your workflow to something that everyone else uses [09:06] ikonia: How can I useful modify files over ssh usinb FileZilla without forever change manually permission or user? [09:06] look at your workflow for starters [09:07] look at your users and group permisisons and where they are shared between interactive users and system users [09:07] look at where / how you set up document roots [09:08] ikonia: I add user neo to group www-data and www-data to grou neo, anyway files has 644 [09:08] I don't understand your last statement [09:08] I forgot, for apache can modify file that is from group we need 664 [09:09] ikonia: see suppose I add www-data to group neo, addgroup www-data neo [09:09] ikonia: now my www-data is able to modify files that belongs to neo, yes? [09:10] www-data has group neo and can modify files belonging to neo:neo [09:10] but this files should have 664, and they have 644 [09:10] 4 only read [09:10] again it can't. I anyway must manually changed rights after upload files [09:11] ikonia: do you know php? [09:11] you can make experiment [09:11] open FileZila and load on your server two php files from your user [09:12] I don't need to do a test [09:12] or open remotely file from your server, in your local editor, modify it and load back and check atributes [09:12] I don't need to do a test [09:12] ikonia: atributes will changed [09:12] "attributes" ? [09:13] ikonia: I noticed it when I was using windows. From linux it works difference [09:13] what are you even talking about ? [09:14] ikonia: see on a remote server resized file index.php with www-data:www-data and 664 [09:14] resized file ?? [09:14] if you change a file - of course its file size will change [09:14] plased* [09:14] as thats the point you've "changed" the files size [09:15] ikonia: I forgot that word with re, will use placed [09:16] ikonia: there placed index.php www-data:www-data 664 [09:16] ikonia: you open FileZila, navigate to file and right click on it select open in editor or edit [09:17] ikonia: you do some editing and press CTR+S (save file), then go to fileZila and confirm loading back file [09:17] and check file atributes, now they will neo:neo with 644 [09:17] ikonia: your apache can't reach it even if it has neo group, 4 means only read [09:18] you need put 6 manually 664 for www-data could modify goup files [09:18] it isn't useful do in real time editing and alway care about rights, [09:18] that's why I changed user to neo from www-data [09:19] ikonia: ok, I see you aren't in this theme :) [09:21] ok, Ill try find command that find all files with owner www-data and replace them to neo [09:29] ? [09:30] Neo4: you're making a problem with your workflow [10:03] Good afternoon [10:21] ikonia: вот настроил на обычном хосте с apache neo работает http://kselax.ru/roundcubemail-1.3.6/ [10:21] там небыло нужных билиотек [10:22] oh, forgot language [10:22] works on ordinary server, with user neo [10:22] there weren't needed php libs [10:23] now, I'll try to create instruction for apt-get [10:23] before use apt-get we must install all needed php libs [10:27] this also works with www-data https://91.227.18.36/roundcube/ [10:29] well, everything is clearly. Need list of php libs, and list of paths where allow server access, and then write shell function that will do this automatically [10:31] roundcub is not good install using apt-get, because you can't see whether all right with server. When we install manually we see page where all requirements are shown [10:31] Neo4: roundcube in Ubuntu has been supported very badly. It's in universe and so far didn't receive any security fixes in previous ubuntus. A thing to keep in mind. [10:32] blackflow: ok, I don't know how to create shell script for it. use apt-get install roundcube or try set up manually in separated folder [10:33] in separated folder works perfactly, but automatically would be nice with apt-get like phpmyadmin [10:33] Neo4: using the tarball from upstream directly would be a wise choice, as the package in ubuntu is not taken care of. [10:33] it put it to /usr/lib [10:34] no to /usr/share [10:34] thankfully, it's very easy to maintain it that way, just unpack into a target folder and stay at the major branch. updates are as simple as that. unpack and run the upgrade script. There's a README with all the info. [10:35] blackflow: download using curl in folder [10:36] blackflow: yes, and we will see page with errors. that roundcube installer [10:39] blackflow: I'm going to write two scripts for roundcube and squirrelmail [10:40] why squierrelmail? that's... long abandoned. [10:43] blackflow: easy to use [10:43] simple interface, easy to install, good mail client [10:44] so is roundcube. I wonder if squirrel will even run on PHP 7.x [10:44] anyway we can use thunderbird or others desktop clients [10:44] blackflow: I tried on php5.6, works nice [10:45] roundcube has modern interface, squirrelmail is old, but anyway could be used [10:45] Neo4: you should really pay more attention about security of software you're trying to use. Running a web server exposes your machine to thousands and thousands of bots that will touch and try every facet exposed to the public internet and try to break it somehow. Especially if you run mail, and PHP. [10:46] blackflow: I don't know, I will run one mails server for myself, and for VPS migh be only postfix. and might be to install some mails servers for send ads. and nothing else [10:47] I dont think somebody will interested my personal mail server :) [10:47] Neo4: you don't understand do you? BOTS. Automated programs that will find your server in no time and try to probe it. [10:48] blackflow: ok [10:48] need to use long passwords 15 - 20 symbols [10:48] main protection [10:49] bots could make Ddos on front page webmail and try brute force password [10:50] and exploit bugs in your software, avoiding your long passwords to break in. [10:50] blackflow: see additional protection for phpmyadmin https://91.227.18.36/phpmyadmin [10:51] Neo4: as you where told in #postfix - you should not be running a mail server [10:51] you have zero understanding of how any of this works, and you should really not be doing it [10:51] you should not be running ANY public server, until you're familiar with all the problems that occur when exposing a computer to the public internet. [10:52] you don't understand the basic needs and principals of these services [10:52] ikonia: less listen what somebody says, they just joked [10:52] they didn't joke [10:52] they where serious [10:52] indeed. [10:53] ikonia: it was somebody personal opinion that not pretending to be truth, Don't pay attestation :) [10:54] no it wasn't [10:54] it was multiple people echo'ing what I've just said [10:54] and I agree with them [10:54] ikonia: one person says you don't need to run and you can always find many others who say you are the best. It isn't worth worrying about [10:55] multiple people said you should not do, no-one said you should [10:56] ikonia: this is even better, multiple people are herd, World is consists from people so called gray mass and some excursive people, if say all something it could be also good sight, don't pay attantion :) [10:57] ikonia: multiple people are stupid herd. not worth paying attantion too. There in #postfix was everythign all right [10:58] no they where not stupid [10:58] Neo4: why are you here then? If you don't take advice seriously, why are you here? You obviously don't need any support. Go run your mail server and good luck with that. [10:58] don't listen to "gray mass" of advice. You know better. [10:58] already found 2 weakeness [10:58] 220 mail.kselax.ru ESMTP Postfix (Ubuntu) [10:58] blackflow: no I need, I don't like bad support like you don't need run mail sever, etc... :) [10:59] that is good support and really good advice [10:59] more so when basically you're just going to run yet another spam service [10:59] blackflow: yes, don't need listen "grey mass" because you will like they are [11:00] blackflow: do you want to be like majoryty people (80%), obviously not, better to belong to 20% people [11:00] Neo4: good, then /part and save yourself from the bad people. [11:00] ikonia: yes, nothing help and say you are don't need run it [11:00] ikonia: that was direct abuse [11:00] it's not abuse [11:01] ikonia: that guy said I am stupid and can't run mail server [11:01] no he didn't [11:01] he said you lacked experience and basic understanding to run a mail server [11:02] ikonia: I can estimate this like abuse, couse he said I am stupid for run mail server. It was abuse, he attacked me, Why I should seriously perceive that crape, if person deliberately wants to hurt me? That guy always criticize me :) [11:02] you're behaving foolishly now [11:02] taking someone's constructive advice as "abuse" [11:03] and to be honest, even if it was abuse, you shouldn't ignore the context [11:03] someone being rude still may have valuable experience and information [11:03] ikonia: oh, I don't like such advices that hurt my self estim [11:03] then you are foolish [11:04] if you ignore advice because it hurts your pride/self estim [11:04] ikonia: oh, yes, will you listen somebody who will say 'you are stupid'? Why shall I follow that stupid advice? That was insult [11:05] I couldn't have accept that, sorry :) [11:05] lovely so running your mail server on the same physical host and IP as your mail server [11:05] and you're running PHP version with vunerabilities [11:05] and that guy is moderator, I can't say something him, he can kick me [11:05] this shouldn't be too hard to compromise [11:06] ikonia: no, I better know how to behave, simply don't listen everything what somebody says you [11:06] I don't know what you're last statement means, sorry [11:07] ikonia: do you know who he is? Suddenly that was said by some student, or I dont know? You don't know hothing about person and you accept his advice like truth, it is stupid [11:08] ikonia: simply not to listen everthing that said by somebody [11:08] I don't know him or any of the others who spoke to you personally, I certainly know their experience and knowledge and can see by their regular advice/understanding how well they know postfix [11:08] ikonia: if I don't like you, can I start criticize you for humiliate you, will you listen me? [11:08] :) [11:09] ikonia: when somebody criticize you it means he is don't like you [11:09] ikonia: I can't be love by everybody in #postfix, it's obviously, and normally [11:09] Neo4: no it doesn't [11:09] Neo4: if someone criticizes you it has nothing to do with if they like you or not [11:10] no-one humilated you [11:10] ikonia: don't pay attantion as I said, That was nothing bad. You will see such guys many in your life [11:10] ikonia: I said it doesn't matter [11:10] it wasn't nothing [11:10] it was seasoned experienced people giving you advice, and you bluntly refusing it, but still asking for help [11:11] I suggest we end this discussion, its way out of scope for this channel [11:11] ikonia: why? it directly show his attitute to you, Will you criticize girl what you like of she you? Might not [11:12] ikonia: and all persons aren't ideal, we always can find something wrong and start humiliate him. I don't want explain how ti works. [11:12] That guy just show that he is not like me [11:12] :) [11:12] I understood this [11:13] nobody said bad about me, only he [11:13] drop it please [11:13] ok [11:13] stop [11:13] thank you [11:38] i am using kvm on 18.04 and i have ,windows 7 and centos as a guest installed [11:40] i have assign 3 gb ram to centos ,when i start centos ,free /top/system monitor say 3 gb ram is use but centos is using only 900 mb of ram so i am just wondering why host/ubuntu consume 3 gb ram [11:40] samba35: please don't cross-post [11:40] you're asking this in other channels [11:41] samba35: the bottom line is it's the host is "using" ram because you've allocated it to a VM [11:41] think of it as reserved [12:07] ikonia, my host is ubuntu [12:08] and guest is centos [12:09] ikonia, do you have any idea [12:10] how this issuse can be fixed [12:12] samba35: ikonia just told you. it's not an issue to be fixed. the host is reserving the ram for the VM [12:19] ok [16:33] who know how apt-get install roundcube creates mysql database? [16:33] without asking root password for mysql [16:34] I'm going to write shell script that will install roundcube in the same way [16:34] but now formy script need mysql root password [16:34] how to avoid asking mysql root pasword? [16:37] do you have a root password for mysql? [16:54] RoyK: yes [16:55] RoyK: and apt-get install roundcube has access to mysql withotu root password [16:56] RoyK: see my script with asking https://gist.github.com/kselax/418a052b49fb2d16a57014b3213c8cc0 [16:57] it works with asking, I am interested how "apt-get install roundcube" works without asking [16:58] apt-get asks me about input password for db name and password for roundcube user [16:59] Neo4: if you run "mysql" as root, does it prompt you for a password? [17:00] RoyK: if I do mysql -uroot -p it prompt me [17:00] if I do mysql -uroot without -p it show error [17:01] Neo4: try sudo -i ; mysql [17:01] ok, now [17:02] RoyK: https://paste.ubuntu.com/p/9TtgvBWdky/ [17:02] RoyK: I need to reach mysql and input commands for create db and user, but some installers for phpmyadmin for roundcube do it without root. Can I do the same [17:03] in google couldn't have found answer [17:03] only way to bypass mysql security is to start mysqld with --skip-grant-tables [17:04] last I checked [17:06] RoyK: how you start? systemctl restart mysql.service --skip-grant-tables [17:06] no, just stop the service and start mysqld manually [17:06] how manually? [17:06] mysqld --skip-grant-tables [17:06] I stopped using systemclt stop mysql.service [17:09] RoyK: doesn't work [17:09] ok [17:09] with use with root password, nothing bad [17:09] for a while [17:09] https://paste.ubuntu.com/p/Wg2tq5jqRj/ [17:11] not "mysqld start --skip-grant-tables" - "mysqld --skip-grant-tables" [17:11] and not systemctl something - just start mysqld directly with that flag [17:11] ok, will try [17:11] adding --skip-networking may be a good idea [17:13] RoyK: doesnt work, computer hang [17:15] RoyK: https://paste.ubuntu.com/p/bqmn65Qm4D/ [17:34] <[Kid]> anyone have multipath setup and working in 18.04? [17:35] <[Kid]> my server will see the paths, but it is not giving it a friendly name so that I can mount it [17:35] <[Kid]> unless the friendly name is dm-0 [17:35] <[Kid]> but i don't think so === jelly-home is now known as jelly [18:53] AA [18:54] sorry, my weechat went insane, carry on [20:15] Hello, I have installed ufw on a VPS (ubuntu 16.04), and I have executed ufw allow 63263, but when I execute: sudo nmap -sU -p 63263 localhost, it says: 63263/udp closed unknown [20:15] Do you know what is going on? and what should I do to open a port? [20:15] I was trying to do the same thing for 1194/udp. But it was the same. [20:16] probably missing the /udp part? [20:16] irwiss: I have tried 1194/udp and also without udp, but still the same [20:19] you can try poking in ufw status to see what ufw thinks it's allowing and check if it matches your expectations [20:19] irwiss: I have checked ufw status, and it is saying ALLOW. [20:20] on the vps I typed ifconfig, and the inet IP address and broadcast IP address are the same. Is that Ok? [20:29] mojtaba: try listen port telnet localhost 1194 [20:29] ufw status [20:30] mojtaba: you can scan wholly your server using: [20:30] nmap ip_of_yourserver [20:30] telnet: Unable to connect to remote host: Connection refused [20:30] Neo4: [20:31] it means port nobody use, it won't work [20:31] telnet localhost 1194, telnet: Unable to connect to remote host: Connection refused [20:31] ufw status [20:31] 1194/udp ALLOW Anywhere [20:31] mojtaba: what is show nmap? [20:32] port is opened [20:32] nmap -sU -p 1194 localhost [20:32] 1194/udp closed openvpn [20:32] all right, now you need customize applicatiosn that will use this port [20:32] mojtaba: I don't know exactly, but it seems you need customize applicatiosn that will use port [20:32] in one window I typed nc -l 1194 [20:33] it shows it still as closed. [20:33] mojtaba: it's bad, it should be opened and prepared for getting data [20:34] Neo4: So, why it is still closed? What should I do? It is a VPS. [20:35] mojtaba: when I customize IMAP on 143 port or SMTP on 587 and port is closed, telenet refused to connect. you must see config files app that must use port [20:36] in my case for 143 I look at dovecot config and 587 for postfix [20:36] mojtaba: it's not UFW problem [20:37] Neo4: but nc -l 1194 should make it open, right? [20:37] what is it? I don't know [20:37] maybe [20:37] netcat [20:38] mojtaba: for what you do this? [20:38] what will use this port? [20:38] node.js? [20:38] Neo4: Openvpn [20:39] mojtaba: with Openvpn, I can't help, sorry, haven't even heard about. [20:40] Neo4: nc opens the port and waits for connections, but after that nmap still shows the port as closed. === popey_ is now known as popey [20:41] mojtaba: I'm not sure, it seem port will always closed when turn off in your case Openvpn [20:47] mojtaba: see I opened 400 port on ufw in my vps kselax.ru and don't see that port [20:48] and see 143 and 587, if I turn off postfix and dovecot, will I see ports? [20:48] now check [20:48] Neo4: install netcat, with netcat you can mimic an app using the port. [20:53] mojtaba: see two port imap and smtp are closed https://paste.ubuntu.com/p/dWHJsrcmVR/ [20:53] I'll off apache [20:55] mojtaba: https://paste.ubuntu.com/p/wQ4NH9Bprb/ [20:55] yes, experiment show that closed port mens application off or badly customized [20:55] and I don't understand why I didn't see 400 port, in ufw it opened [20:57] mojtaba: telnet kselax.ru 80 . refused connection on closed port [20:58] now on all apps [20:58] Neo4: How you can open a random port for a short time to test. [21:00] mojtaba: I don't know, I opened 400 and nmap doesn't show 400 [21:00] mojtaba: recently I opened 3000 port for test node.js chat. I did ufw allow 3000 and it was shown in nmap [21:01] mojtaba: see what I think, you need run something on port [21:02] if port allowed in firewall we might can't see it without apps, I'll now try run some node.js on 400 port and will test using nmap [21:08] mojtaba: chat has been installed http://kselax.ru/chat/ [21:08]