[00:33] <Srgjames> #ubuntu-server
[00:33] <Srgjames> erofl
[00:33] <Srgjames> How the hell can i get Mod_rewrite or the Vitrualhost when using a vhost on 443
[00:43] <nacc> Srgjames: hard to tell what exactly you are asking for, but: https://httpd.apache.org/docs/2.4/rewrite/vhosts.html
[00:44] <Srgjames> nacc so instead of Login.php its just login
[00:44] <nacc> Srgjames: you mean that http://.../login redirects to login.php? or you don't want to see login.php at all?
[00:45] <nacc> *https://...
[00:47] <Srgjames> nacc I have this file https://thorn.eveinterface.com/login.php but would rather people see https://thorn.eveinterface.com/login
[00:53] <nacc> Srgjames: i don't think that's what mod_rewrite is for
[00:54] <nacc> https://www.plothost.com/kb/how-to-remove-php-html-extensions-with-htaccess/
[00:54] <nacc> though, maybe? it's limited to just the extension, afaict
[00:59] <sarnold> mod_rewrite can do way more than just strip extensions http://httpd.apache.org/docs/current/mod/mod_rewrite.html
[00:59] <sarnold> whether or not it *should* do those things is another question
[01:05] <Srgjames> sarnold no clue why but I cant get it to work at all
[01:05] <Srgjames> at least with extensions
[01:27] <nacc> sarnold: sorry, i meant the above link, htaccess based rewrite
[01:28] <sarnold> ah!
[01:29] <nacc> sarnold: i'm not sure you can do more than the extension-based rewrite in htaccess
[01:29] <sarnold> I never spent much time seeing what htaccess could do, those are re-read and re-parsed and so on every single request, so I pretend they don't exist because that's just silly.
[01:31] <nacc> heh
[01:50] <hehehe> sarnold: can you even code creatively?
[01:51] <sarnold> no, too old now
[02:03] <jak2000> hi all
[02:03] <jak2000>  how to check if a port is open?
[02:05] <sarnold> ss -l or netstat -lnp
[02:14] <easyOnMe> blackflow: good day
[02:14] <easyOnMe> I figure out the issue and it has something to do with codeigniter configuration
[02:14] <easyOnMe> do you have any idea about it
[02:46] <jak2000> sarnold:  https://paste.debian.net/1034013/
[02:47] <sarnold> those are two separate commands. try them both.
[02:51] <jak2000> sarnold: https://paste.debian.net/1034016/
[02:51] <jak2000> the port 3306 is open?
[04:14] <jak2000> sarnold
[04:14] <jak2000>  if stop iptables i can connect to mysql if start cant connect...   how to open the port?
[06:15] <lordievader> Good morning
[08:53] <tobasco> anybody seen issues with masked systemd files before?
[08:53] <tobasco> https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1782097
[08:53] <tobasco> coreycb: semi-openstack related since redis is used in the CI when testing bionic+rocky ^
[08:57] <oerheks> did you edit /etc/redis/redis.conf and set supervised systemd ?
[09:00] <tobasco> oerheks: thanks for the tip, setting supervised to "systemd" did not help, systemctl enable still fails
[09:03] <oerheks> i found that on, https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-redis-on-ubuntu-18-04
[09:03] <oerheks> umask gave no error .. curious
[09:08] <tobasco> oerheks: weird, i spawned up a new bionic machine from vagrant and it worked
[09:09] <tobasco> must be something puppet related that causes it to be masked or smth like that
[09:10] <tobasco> wonder why i can't unmask though
[09:15] <tobasco> oerheks: thanks for the help, I found the issue :)
[09:15] <oerheks> tobasco, nice
[09:15] <oerheks> is it just a glitch or ..?
[09:17] <tobasco> oerheks: somehow related to puppet when installing the package, more of a workaround, don't enable it :(
[09:17] <oerheks> :-)
[10:04] <SomeT> anyone help me with the following step, step 6 at https://gitlab.com/tslocum/tinyib it says to set directories as writeable (https://i.gyazo.com/d3c5a3997a8aa3bf1db0f109df0f91b5.png) but what chmod number do I use for this and what command in Linux Ubuntu therein?
[10:07] <lordievader> Writable for whom?
[10:08] <SomeT> this is the thing thats confusing me I think...
[10:08] <SomeT> it literally just says: CHMOD write permissions to these directories:
[10:08] <SomeT> ./ (the directory containing TinyIB)
[10:08] <SomeT> ./src/
[10:08] <SomeT> ./thumb/
[10:08] <SomeT> ./res/
[10:08] <SomeT> ./inc/flatfile/ (only if you use the flatfile database mode)
[10:08] <SomeT> then lists those directories
[10:08] <SomeT> I presume it means to make them writeable publically?
[10:09] <lordievader> That sounds like a bad idea.
[10:09] <lordievader> Investigate who needs those right and only give them the rights.
[10:09] <ducasse> SomeT: don't crosspost, it's rude and wastes other peoples time
[10:09] <SomeT> I just crossposted because that other guy is crying in there
[10:10] <SomeT> so he is getting all the attention about his graphics driver
[10:10] <oerheks> SomeT, i still wonder who needs write permissions, the user, or a group, or php ?
[10:10] <oerheks> that guide is pretty ... not saying
[10:11] <SomeT> would it be all three?
[10:12] <SomeT> so basically 776?
[10:12] <lordievader> Like I said, investigate.
[10:12] <SomeT> I cant
[10:12] <SomeT> this is all the info I have
[10:14] <lordievader> Is it code that is supposed to run?
[10:14] <ducasse> contact the maintainer(s)
[10:14] <SomeT> no
[10:15] <SomeT> the folders are empty
[10:16] <lordievader> Looking at the gitlab page it looks like a bunch of photos scripts. So whoever runs the php stuff on your machine needs write rights, most likely.
[10:18] <oerheks> add it to the www-data group?
[10:23] <lordievader> Depends on the setup.
[11:29] <ahasenack> rbasak: hi, I didn't understand one thing about https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777
[11:29] <ahasenack> rbasak: why are they installing the sss-sudo (name to be corrected) package if they do not want to use it?
[11:29] <ahasenack> it just comes along because of dependencies perhaps?
[11:29] <ahasenack> libsss-sudo*
[11:37] <rbasak> ahasenack: I assume it's a Recommends so is coming in automatically.
[11:37] <ahasenack> sssd-common indeed recommends libsss-sudo
[11:41] <ahasenack> teward: hi, did you see https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1781971 ?
[11:42] <ahasenack> wishlist?
[11:47] <rbasak> I commented with a side note
[11:48] <rbasak> But yeah, +1 for Wishlist
[11:50] <ahasenack> thx
[12:45] <teward> ahasenack: rbasak: saw, and replied.
[12:45] <teward> there's a headache to consider here though
[12:45] <teward> to do this we need to do three things at least:
[12:45] <teward> (1) rename nginx-core (which is the 'upstream-provided modules only' version of nginx-full) to something else,
[12:46] <teward> (2) each flavor of NGINX needs its own -core package
[12:47] <teward> which means we go from nginx, nginx-{light,core,extras,full,doc,common} to nginx, nginx-doc, nginx-{light,ubuntu?,extras,full,doc,common}, nginx-core-{light,ubuntu,extras,full}
[12:47] <teward> of which nginx, nginx-ubuntu, nginx-core-ubuntu, and nginx-common become Main included
[12:48] <teward> (assuming that nginx-ubuntu is whatever name we rename nginx-core to)
[12:48] <teward> (3) This makes maintaining this while merging from Debian that much more difficult
[12:48] <teward> meaning as I said in my reply to the bug we probably have to permanently diverge in a non-mergeable way from Debian
[12:49] <teward> not to mention the build rules currently don't take kindly to changing, we'd have to do some serious work on the d/rules to probably make this work
[12:49] <teward> it may be the lack of coffee talking just now, but I'd be hesitant to do this without some heavy-duty discussions first
[12:50] <teward> so the earliest I think we could roll this out would be *maybe* next cycle if we choose to do this
[12:50] <teward> the key problem is nginx-{core,light,full,extras} all have different nginx binary applications in them
[12:50] <teward> because not all NGINX modules are dynamically includeable
[12:51] <teward> so to replace this so each of those flavors' nginx executables are able to be used independently in a 'core' package variant like MySQL does is a significant overhaul
[12:51] <teward> and I can't guarantee it'll even be done by next cycle.
[12:51] <teward> *my* suggestion would be to upstream this to Debian for their thoughts, and depending on what they do decide where we go next
[13:06] <rbasak> teward: OK, thank you for your thoughts.
[13:20] <teward> rbasak: not to say we can't do it, but it'd need thought out, adjusted, and heavily tested
[13:20] <teward> that's the thoughts I have on it right now
[13:20] <teward> I also have to get into the habit of version controlling the package (do we have it in git yet?)
[13:20] <teward> (Launchpad VCS is... tricky to say the least... compared to github or such)
[13:22] <teward> now, to be fair, I've got an idea of how this can be implemented.  It'll just be very tricky to get working properly...
[13:23] <teward> rbasak: ahasenack: do you want me to proceed with prototyping this so we can see how the existing 18.04 package would have to be altered to work properly?  do we have a replacement name for the 'core' flavor that we have for NGINX?
[13:36] <rbasak> teward: I suggest you hold on this for now, pending further discussion. Some of my colleagues are sprinting at the moment so it may not be for a week or two.
[13:37] <rbasak> (given that Andres filed the bug, I suspect that it's because MAAS would like this facility from the nginx package; there may be other possible solutions)
[13:52] <teward> rbasak: ACK
[13:56] <sweb> my preseed command is return exit code 1
[13:56] <sweb> here my command : https://paste.ubuntu.com/p/4YGmgJ82VR/
[14:57] <l4m8d4> Is it possible to create a network bridge on a physical interface, and at the same time derive MACVLAN interfaces from it?
[15:12] <RoyK> l4m8d4: yes - it's quite simple
[15:13] <RoyK> l4m8d4: something like this https://wiki.debian.org/BridgeNetworkConnections
[15:25] <sweb> https://serverfault.com/questions/922311/ubuntu-pressed-exit-with-code-1
[15:30] <l4m8d4> RoyK: Ok, not sure if what I wanted is really what I need. I (will) have 2 containers and 1 vm (possibly more in the future) on the machine, and I have 1 physical NIC (eno1) that I want to devote completely to the containers and vm. Another physical NIC is used to directly connect the host to the network seperately. Would I be able to create 3 virtual NICs, bridge them with the physical eno1, then
[15:30] <l4m8d4> "give" them to the containers and VM?
[15:32] <l4m8d4> And also, would these be able to configure these virtual NICS themselves, assigning addresses, putting up and down, and so on?
[15:34] <l4m8d4> Before, I planned on only containers, there I could just use MACVLAN with systemd-nspawn, which would do just that, without evem requiring a bridge, or any manual config on the host even. With VMs, I guess this approach wont work (it seems netplan can not configure macvlan that can be handed to the VM)
[15:48] <RoyK> l4m8d4: kvm?
[15:50] <l4m8d4> Yes
[15:51] <RoyK> then just use that bridge
[15:51] <l4m8d4> Ok. Systemd containers support connection to the brdige too, so that should be ok
[15:51] <RoyK> in the vm setup, just connect to that bridge - it'l work - I use the same thing on a few servers
[15:53] <l4m8d4> RoyK: Thanks, I'll try to set it up like this then!
[15:59] <SomeT> having trouble getting php code to connect to my sql database
[15:59] <SomeT> checked ufw and the port 3306 is open
[15:59] <SomeT> I can't figure out what else is wrong?
[16:04] <RoyK> SomeT: which sql server?
[16:06] <RoyK> mysql? postgresql? mariadb? sqlite? mssql?
[16:06] <SomeT> mysql
[16:08] <SomeT> @RoyK?
[16:09] <RoyK> SomeT: are you connecting from the same machine or another?
[16:09] <blockflaw> SomeT: what kind of "Trouble"?
[16:10] <SomeT> its a digitalocean dropley
[16:10] <blockflaw> surely there's a specific error message to it
[16:10] <SomeT> its a digitalocean droplet
[16:10] <SomeT> one sec
[16:10] <SomeT> give you more details
[16:10] <blockflaw> wait, you're accessing your db remotely, over the public internet?
[16:10] <RoyK> with cleartext password?
[16:10] <RoyK> fun
[16:10] <SomeT> no
[16:10] <SomeT> well kinda
[16:10] <SomeT> I am logged into a virtual machine
[16:10] <SomeT> https://gitlab.com/tslocum/tinyib
[16:10] <SomeT> I am trying to install this on a LEMP stack
[16:11] <SomeT> via digital ocean
[16:11] <SomeT> I got as far as step as step 7
[16:11] <SomeT> on there read me
[16:11] <SomeT> when I go to/imgboard.php
[16:11] <blockflaw> doesn't matter where you're logged. the question is on which server is the php client and on which server is the db and is the traffic going over the public internet, or infact, any network between two different IP addresses.
[16:11] <SomeT> https://gyazo.com/e879dd520f7e58d0eba7ee03c0635715
[16:11] <SomeT> I get that error message
[16:11] <RoyK> SomeT: can you telnet into port 3306 in that db server?
[16:12] <SomeT> um never tried that
[16:12] <SomeT> but I already checked ufw
[16:12] <RoyK> SomeT: erm - you're missing a library
[16:12] <blockflaw> mysql by defautl listens on localhost only, if I'm not mistaken? so... is this supposed to work between two different machiens or is all within localhost?
[16:12] <SomeT> https://gyazo.com/dea0f3ef73de514c3a35d607f6e9a2cc
[16:12] <SomeT> a library?
[16:12] <SomeT> which one?
[16:13] <blockflaw> mysql client lib for PHP otoh
[16:13] <RoyK> the first thing you pastbinned was saying "mysql library missing"
[16:13] <RoyK> pretty normal noob issue ;)
[16:14] <spaces> hi guys, do we still need ondrej for PHP packages in 18.04 ?
[16:14] <SomeT> wait I need that enabled?
[16:14] <blockflaw> spaces: probably if you'll want 7.3 in a few months.
[16:14] <SomeT> what thing
[16:14] <SomeT>  https://gyazo.com/e879dd520f7e58d0eba7ee03c0635715 ?
[16:14] <RoyK> php-mysql something
[16:15] <SomeT> ah I see
[16:15] <SomeT> one sec
[16:15] <SomeT> http://zchan.net/test.php
[16:15] <blockflaw> mysql PDO probably (as there's THREE mysql libs for PHP.... two actually I think one was discontinued with 7.x)
[16:15] <SomeT> definitely the mysql library?
[16:15] <SomeT> if you check that page for me
[16:15] <spaces> blockflaw I wasn't able to install php-curl with the default repo's in 18.04, it failed, dependency and I came from ondrej
[16:15] <SomeT> because I find it bit confusing to read
[16:16] <blockflaw> SomeT: you got them all it seems, ont he _server_. where's the client? on the same machiine?
[16:16] <nacc> spaces: you never "needed" ondrej
[16:16] <SomeT> yeah
[16:16] <nacc> spaces: you chose to require something that wasn't in ubuntu, which then made you need ondrej's repo
[16:16] <SomeT> I usually just direct connect through pUTTy
[16:16] <spaces> nacc 7.1 and 7.2 had some advanatges where 16.04 didn't had those
[16:16] <blockflaw> SomeT: so, mysql and php (fpm) are running on the same machine?
[16:16] <nacc> spaces: can you pastebin the exact output of installing php-curl?
[16:16] <nacc> spaces: right, that's a *choice* you make
[16:16] <SomeT> yes
[16:16] <spaces> nacc I can see if it's tstill in my terminal
[16:17] <nacc> spaces: ok
[16:17] <SomeT> I don't care about the security to much at this stage
[16:17] <SomeT> I am still learning ;)
[16:17] <SomeT> I will make a not of your security advisement though
[16:17] <SomeT> as I get where your coming from
[16:17] <blockflaw> don't say that. even if you don't care, someone else cares that you don't and will gladly take over your machine and turn it into a 100Mbps UDP gun for hire.
[16:17] <SomeT> besides it makes sense because thats how I do it locally
[16:17] <spaces> nacc php-culr is sumlinked as you know: https://pastebin.com/Hd9bET7M
[16:17] <SomeT> the amount I delete my servers anyway it dont matter so much
[16:18] <nacc> spaces: you have ondrej enabled.
[16:18] <nacc> spaces: don't use a ppa.
[16:18] <SomeT> but anyway back on point, you said the mysql library is installed right?
[16:18] <blockflaw> SomeT: if you don't install in your brain a security savvy mind and do it the right thing from the start, it'll be harder later to do so.
[16:18] <spaces> nacc it was not enabled anymore
[16:18] <blockflaw> SomeT: according to that phpinfo, it is.
[16:18] <spaces> nacc earlier you needed appa
[16:18] <SomeT> because php -m gives:
[16:18] <spaces> *ppa
[16:18] <SomeT> mcrypt
[16:18] <SomeT> mysqli
[16:18] <SomeT> mysqlnd
[16:18] <SomeT> no just mysql
[16:18] <nacc> spaces: yes you do.
[16:18] <nacc> spaces: look at the output.
[16:19] <nacc> spaces: `apt-cache policy php7.2-curl`
[16:19] <blockflaw> SomeT: that's okay. also, pdo should be listed there
[16:19] <SomeT> yeah pdo is on there
[16:20] <nacc> spaces: if i had to guess, you didn't purge the ppa, and still have packages from it.
[16:20] <SomeT> I am at a loss
[16:20] <SomeT> like I even looked through the code to find whats bringing up that error message but could not find it
[16:21] <SomeT> ohhh
[16:21] <SomeT> actually
[16:21] <SomeT> https://gitlab.com/search?utf8=%E2%9C%93&search=MySQL+library+is+not+installed&group_id=&project_id=6824919&search_code=true&repository_ref=master
[16:21] <SomeT> didnt think to search using gitlab
[16:22] <SomeT> if (!function_exists('mysql_connect')) is my key to solving this
[16:22] <SomeT> question is which function?
[16:23] <nacc> SomeT: do you just need to set TINIB_DBMODE to mysqli?
[16:23] <nacc> *TINYIB
[16:23] <SomeT> um
[16:23] <SomeT> could be
[16:23] <SomeT> one sec
[16:23] <blackflow> SomeT: that tinyib thing is using mysqli, which you have according to that phpinfo
[16:23] <SomeT> not tried that
[16:24] <nacc> blackflow: i believe by default it might use 'mysql'
[16:24] <SomeT> how do I even enter mysqli command line in ubuntu though...
[16:24] <blackflow> I grep'd the source
[16:24] <SomeT> I will try it and see
[16:24] <SomeT> I tried to change to pdo already
[16:24] <blackflow> oh wait, yes, it can use more than one backend....
[16:24] <nacc> SomeT: took me about 5 seconds of reading their maing gitlab page
[16:25] <SomeT> ok
[16:25] <SomeT> Could not select database: Unknown database 'TinyIB'
[16:25] <SomeT> I get that when I change to mysqli
[16:25] <nacc> SomeT: that's a better error
[16:25] <SomeT> I defined the database in the code
[16:25] <SomeT> I thought it would auto create it
[16:25] <nacc> dunno
[16:25] <SomeT> but now my issue is I have no idea how to create a database in mysqli
[16:25] <nacc> that seems more like a tinyib problem than an ubuntu one
[16:25] <SomeT> only in mysql
[16:25] <SomeT> yeah at least you got me that far thanks
[16:25] <SomeT> is a better error
[16:26] <SomeT> MySQLi is a replacement for the mysql functions, with object-oriented and procedural versions. It has support for prepared statements.
[16:26] <spaces> nacc maybe indeed but installing curl itself fixed it all
[16:26] <spaces> so I think a dep issue in the ppa packages
[16:27] <spaces> old ones or so
[16:27] <spaces> dunno
[16:27] <nacc> spaces: no, it's because you have two repos setup
[16:27] <nacc> and ondrej's versions are after ubuntu's.
[16:27] <nacc> spaces: your issue is using a ppa you don't need
[16:28] <spaces> nacc yes but taht would be no issue as it should get the latest ones but I think it was still looking for 16.04 packages and didn't match where 18.04 were newer
[16:28] <SomeT> ok I fixed it
[16:28] <spaces> between ppa en 18.04
[16:28] <SomeT> I just went into mysql and created that database
[16:28] <SomeT> thansk for the help
[16:28] <nacc> spaces: i'm otp now, one sec
[16:29] <spaces> nacc I'm at att now (at the toilet)
[16:30] <spaces> more then one sec ;)
[16:30] <blackflow> ...
[16:32] <spaces> blackflow what's wrong with it, better let people know where you are, do you know how many people die on the toilet each year ?
[16:33] <blackflow> a statistic I'm dying to find out.
[16:33] <spaces> wot?
[16:35] <blackflow> you asked if I knew how many people died on the toilet each year, no?
[16:36] <blackflow> your rhetoric question was answered with a cynical, nihilistic sarcastic answer. sans smileys for a pokerface response.
[16:38] <spaces> blackflow you say so but it happens a lot because people hold up too long and need to use pressure to get it out, some vane in your head can explode then
[16:38] <spaces> kinda tricky, really when you get older
[16:38]  * blackflow politely coughs and looks at the offtopic sign hung near the door.
[16:39] <spaces> blackflow better know then find out when it's too late ;)
[16:39] <spaces> nothing wrong on the side for a small talk
[16:39] <blackflow> =)
[16:50] <spaces> blackflow now I need to drink so I can pee out later on what I didn't hydrate and sweated out <- tip is drink from time to time :P
[17:07] <DammitJim> is there a way to get a service status on Ubuntu 16 where it just prints the status and exits?
[17:07] <DammitJim> (you don't have to press q to quit)
[17:08] <RoyK> systemctl status <service>
[17:09] <DammitJim> RoyK, I appreciate it, but when you do that, you'll see at the bottom: lines 1-14/14 (END)
[17:09] <DammitJim> you need to press q to get out of that window
[17:09] <DammitJim> meaning, the systemctl command in that case doesn't return you back to the prompt
[17:11] <RoyK> dosaboy: it does
[17:11] <RoyK> DammitJim: it does
[17:11] <DammitJim> it does what?
[17:12] <RoyK> DammitJim: it returns - or if not, just "true | systemctl status <service>"
[17:12] <DammitJim> did you try it for yourself?
[17:12] <DammitJim> even with true, it still doesn't return you to continue running more commands
[17:13] <RoyK> I've never seen systemctl status not return
[17:13] <DammitJim> try it and pastebin it... maybe I have configured something wrong
[17:14] <RoyK> you paste bin it
[17:15] <DammitJim> https://paste.debian.net/1034115/
[17:15] <DammitJim> Again, I appreciate you trying to help, but please don't tell me that it returns when you haven't even tried it yourself
[17:16] <DammitJim> because as someone who is trying to learn, it makes it even more confusing
[17:16] <RoyK> it doesn't stop for a prompt there
[17:17] <DammitJim> does it return to the prompt for you?
[17:17] <DammitJim> paste bin it and let me see
[17:17] <RoyK> it does
[17:18] <RoyK> DammitJim: http://paste.debian.net/1034117/ <-- systemctl status apache2 - nothing else
[17:19] <DammitJim> yup, yours doesn't return to the prompt either
[17:19] <DammitJim> you can't run another command after it
[17:19] <DammitJim> you have to press q or something to get out of that console
[17:19] <RoyK> DammitJim: no
[17:19] <RoyK> DammitJim: you're quite wrong here
[17:23] <DammitJim> can you run the date command after that?
[17:23] <nacc> spaces: i'm back now
[17:23] <DammitJim> hey nacc
[17:23] <DammitJim> do you know of a command on Ubuntu 16 where you can check the status of a service
[17:24] <DammitJim> but the command returns you back to the prompt?
[17:24] <sarnold> DammitJim: try this: PAGER=cat systemctl status lst-dash89-1
[17:24] <nacc> DammitJim: do you want to just know if it's running?
[17:24] <DammitJim> yes
[17:24] <DammitJim> you know, use shell scripts and stuff
[17:25] <DammitJim> the old way was running: service <service_name> status
[17:25] <nacc> systemctl is-active?
[17:25] <DammitJim> it would return something I can parse
[17:25] <nacc> and --quiet if you don't want any output
[17:25] <DammitJim> noway!
[17:25] <nacc> parsing is alwways the wrong choice
[17:25] <DammitJim> thanks man!
[17:25] <nacc> use exit codes/retrun codes
[17:25] <nacc> the textual output of those commands is not an ABI :)
[17:26] <nacc> there is also is-failed, iirc
[17:26] <DammitJim> yeah, you are right nacc... I was saying parsing because right now that was the only way I knew from looking at the huge output from systemctl <service> status
[17:27] <nacc> sure
[17:27] <nacc> DammitJim: i think the above is what you want, though
[17:27] <DammitJim> now, is-active is not the same as running, or is it?
[17:27] <DammitJim> I've seen the status say: active (<something else in here>)
[17:28] <DammitJim> oh yeah, like: active (exited)
[17:28] <nacc> that'd be a oneshot if so
[17:28] <nacc> you can read the systemctl manpage to see
[17:28] <nacc> the closest you can get to 'running' is is-active, afaick
[17:28] <nacc> which just means it hasn't failed
[17:28] <DammitJim> ok, great!
[17:28] <nacc> if it is long-running, it's still running, if it's oneshot, well, it shot :)
[17:44] <DammitJim> thanks! that's very helpful
[21:08] <trekkie1701c> So is there a way to get the 4.15 kernel on 16.04 or do I have to go to 18.04?
[21:09] <nacc> trekkie1701c: you should wait for 16.04.5 to come out.
[21:09] <nacc> trekkie1701c: you can use the edge hwe kernel if you want, i think
[21:09] <trekkie1701c> hwe only goes to 4.13
[21:10] <nacc> !info linux-image-generic-hwe-16.04-edge
[21:10] <nacc> !info linux-image-generic-hwe-16.04-edge xenial
[21:10] <nacc> trekkie1701c: please do some research, as that is not correct.
[21:11] <trekkie1701c> I installed hwe a few minutes ago and I'm on the 4.13 kernel so...
[21:12] <nacc> trekkie1701c: read what i wrote *again*.
[21:12] <nacc> trekkie1701c: the *edge* hwe kernel.
[21:12] <trekkie1701c> Alright then, I didn't realize there was a difference.  Sorry.
[21:22] <ahasenack> hm, dpkg-buildpackage is complaining that I have changes that cannot be represented
[21:22] <ahasenack> so far, a common mistake,
[21:22] <ahasenack> but it's about .git/* content
[21:22] <ahasenack> I've never seen that before
[21:22] <nacc> ahasenack: pass -i -I
[21:22] <nacc> iirc
[21:22] <ahasenack> I never had to do that before
[21:23] <ahasenack> could something in cosmic have changed?
[21:24] <nacc> ahasenack: dunno, we pass it in git-ubuntu automatically
[21:24] <nacc> ahasenack: it's actually an option to dpkg-source, iirc
[21:24] <ahasenack> yeah, ignore certain default files/dir
[21:25] <ahasenack> nothing recent in dpkg's changelog, I must have skipped a step without realizing
[22:19] <Veus_uni> hello is there jshell for ubuntu? or something simular where i user would be logged into their dir, and not aloud to go out side of it, but able torun mono and screen
[22:21] <sarnold> you could set the user account to have a specific shell, and create an apparmor profile for that shell..
[22:22] <Veus_uni> how do you mean?
[22:22] <Veus_uni> something like rbash?
[22:22] <Veus_uni> i knoe with cpanel they have jailshell which will only let them go to /home/user, but will let them run almost anything
[22:22] <sarnold> rbash is easy to bypass if you let the user run something like vim or mutt or screen since it's trivial to get to a real shell and then do what you want
[22:23] <sarnold> nearly every useful tool lets you execute shell commands..
[22:23] <sarnold> so that's why a stronger tool like apparmor is useful; it can confine the user beyond what a single "restricted" process is able to provide
[22:27] <Veus_uni> with apparmor are the users able to view through ssh other folder other than thier own i,e if i have user1 in /home/user1 would they be able to see anything in /home/user2
[22:30] <sarnold> if you wanted something that'd work on all users with the shell, you could write the rules like: "owner /home/*/** r," to let them read only files they own.. if you've got one user in mind, it could be "owner /home/untrusted/** r," to only let them read the files in their own home directory, IFF they own the file ..
[22:33] <Veus_uni> ok i sort of get that, would they be able to run screen and mono, and be able to write in their directory etc, basically im creating a hosting service for a niche market, and the users need to access their own directory only, i.e read write, but able to execte things like mono and screen, and also editors like nano so they can edit .ini files in their directory
[22:34] <sarnold> yeah, all that's possible with apparmor
[22:35] <Veus_uni> would it also be possible to restrict the amount of ram and space a user can use with apparmor? i.e let the programs they use only use2gb ram etc, and only let them have 20gb space? i think quota will work for the space
[22:35] <sarnold> you may also wish to investigate lxd; it uses the kernel's namespacing features to let you build a bunch of shared instances.. it's got less overhead than full virtualization, and is easier to admin / configure..
[22:36] <sarnold> lxd would do resource limits easier; apparmor can set the rlimits on processes, but it's harder to work with aggregate limits that way
[22:36] <Veus_uni> i had thought about that but went against it with the stuff needing mono etx
[22:37] <Veus_uni> the ram limits its not a major must atm
[22:46] <Veus_uni> with lxd how would the ip work? as the server will only have 1 ip, and that would need to go over all "containers"
[22:46] <sarnold> hmm, I don't know how that'd work :/
[22:47] <Veus_uni> looks like apprmor then, just need to know how to set it up ptoperly
[22:53] <sarnold> Veus_uni: hm. I'm getting a bit dissapointed when tyring to find some good docs on how to use apparmor. the apparmor.d manpage is too detailed -- it's good for reference but poor for learning..
[22:53] <Veus_uni> yeah im tryimg to read some atm
[22:53] <sarnold> Veus_uni: the apparmor wiki is best ignored -- a lot of it is just notes for us for future development work, and it's not obvious which bits are which
[22:54] <sarnold> Veus_uni: the suse folks have a nice enough chapter at https://www.suse.com/documentation/sled11/singlehtml/apparmor_quickstart/apparmor_quickstart.html -- but bits of it are specific to suse :)
[22:54] <Veus_uni> yeah, im thinking of getting someone to make a profile for me, then use that as a template
[22:54] <Veus_uni> grrr i need ubuntu though
[22:55] <sarnold> Veus_uni: here's a profile that I've used for testing things before http://paste.ubuntu.com/p/T3vm8SB6Pv/
[22:56] <sarnold> Veus_uni: if you cp /bin/bash to /tmp/bash and load this profile (store this file in /etc/apparmor.d/tmp.bash and then load it iwth apparmor_parser --replace /etc/apparmor.d/tmp.bash)
[22:57] <sarnold> Veus_uni: .. you can then execute /tmp/bash, see what works, see what doesn't work, watch the kernel logs or audit logs for the DENIED lines to see how it works.. add lines as needed..
[22:57] <sarnold> it's not a bad starting point to learn about apparmor anyway
[22:58] <Veus_uni> brb need to nip down stairs
[23:30] <Veus_uni> will do thanks
[23:39] <Veus_uni> sarnold, dpes appamor work for users?