[00:53] <rxdeath> hey hey.   i'm trying to get a connection to mssql 2008 r2 going using ubuntu 20.04 and php 7.4
[00:53] <rxdeath> sqlcmd doesn't work from commandline, however i am able to telnet to the sql server.  it is running and in production on the old webserver i'm attempting to replace
[00:54] <rxdeath> i've followed most of the basic tutorials but am still getting [Microsoft][ODBC Driver 17 for SQL Server]Client unable to establish connection  type errors
[00:54] <rxdeath> does anyone have experience getting connection to mssql going on ubuntu 20.04 server?
[01:10] <sarnold> rxdeath: are there any more details? check logs on both server and client, perhaps one of them logged something more useful
[01:10] <sarnold> rxdeath: if there's nothing in the logs that's helpful, it might be useful to fire up wireshark or tshark or tcpdump and watch the connection live
[01:14] <rxdeath> sarnold: i'm able to connect with nc and telnet
[01:14] <rxdeath> and the server is use from the old webserver, so at most it would be a driver thing, but  know remote connections are up, etc
[02:43] <Intelo>  I cannot 'startx' on virtualbox when doing it by tty alt+ctrl+f2/3/4'. it says https://termbin.com/cmeq any clues?
[02:44] <sarnold> [    75.279] (II) Server terminated successfully (0). Closing log file.
[02:44] <sarnold> wild guess, you don't have a ~/.startxrc file to tell the server what to do
[02:45] <Intelo> sarnold: checking
[02:46] <Intelo> sarnold: I don't have that file in the system where tty works too.
[02:47] <Intelo> sarnold: are you sure its .startxrc? don't think so
[02:48] <sarnold> Intelo: check the startx manpage
[02:51] <Intelo> sarnold: found /etc/X11/xinit/xinitrc  in a working system
[02:51] <Intelo> now checking the not-working one
[02:57] <Intelo> sarnold: both working and non working have identical files (I didn't go in depth though) but one difference is that the working one has xubuntu installed while the non working has xubuntu installed afterwards (it was ubuntu-server initially)
[02:58] <Intelo> sarnold: what do you think how can i trace the issue here
[03:00] <sarnold> Intelo: I'm not sure; if it were me, I'd create a ~/.xinitrc file with xterm    in it and see if that works
[03:56] <apb1963> Intelo, Did you notice this? [    74.292] (EE) open /dev/fb0: Permission denied
[03:59] <Intelo> apb1963: sarnold hm..
[04:00] <Intelo> sarnold: how to make such file?
[04:00] <Intelo> apb1963: what should it be fixed with
[04:15] <apb1963> Intelo, No clue.  I find problems, not fix them :p   Try this link, they're talking about it.  Personally I have no clue.  https://unix.stackexchange.com/questions/149985/startx-cannot-open-dev-fb0-permission-denied
[04:16] <apb1963> Intelo, And that ends my participation... good luck, I'm off to dinner :)
[04:18] <apb1963> Intelo, Last thing and then I'm gone.   "Asked 6 years, 8 months ago
[04:18] <apb1963> Active 6 years, 8 months ago "  So I don't know if it's still relevant but permission denied is often relevant.  Good luck!
[06:20] <Ringtailed-Fox> so, i think i royally messed up my install by accidentally installing a couple packages that are incompatible to the point that not even "sudo apt --fix-broken install" does nothing...
[06:21] <Ringtailed-Fox> i was trying to get dependencies to get avxsynth to compile, so i grabbed the deb files and tried to install them... and yeah, i think that broke everything.  please advise on how to fix
[06:22] <Ringtailed-Fox> the command that i think broke everything was wget http://ftp.br.debian.org/debian/pool/main/d/double-conversion/libdouble-conversion1_3.1.0-3_amd64.deb http://archive.ubuntu.com/ubuntu/pool/main/libj/libjpeg-turbo/libjpeg-turbo8_2.0.3-0ubuntu1_amd64.deb http://archive.ubuntu.com/ubuntu/pool/main/libj/libjpeg8-empty/libjpeg8_8c-2ubuntu8_amd64.deb
[06:23] <mgedmin> a wget can't possibly break apt, so that command must've gotten truncated on irc
[06:23] <mgedmin> you didn a dpkg -i or something, didn't you
[06:24] <mgedmin> please pastebin the output of apt --fix-broken instlal
[06:26] <Ringtailed-Fox> doing so now
[06:28] <Ringtailed-Fox> https://pastebin.com/SHt5rTGn
[06:29] <mgedmin> ahm hm, interesting
[06:30] <mgedmin> sounds like a multiarch problem where you have both libjpeg-turbo8:amd64 and libjpeg-turbo8:i386 installed and you're trying to upgrade just one of them
[06:30] <Ringtailed-Fox> i didn't want the i386 version, though
[06:30] <mgedmin> and the error message doesn't mention it; can we check if :i386 is even installed?
[06:31] <Ringtailed-Fox> sure
[06:31] <mgedmin> can you pastebin the output of apt policy libjpeg-turbo8:{i386,amd64}
[06:32] <Ringtailed-Fox> alrighty
[06:33] <Ringtailed-Fox> https://pastebin.com/x0XmMGV2
[06:33] <mgedmin> huh, so the i386 is not installed at all?
[06:34] <mgedmin> and, wait, libjpeg-turbo8 is already at the latest version?
[06:35] <mgedmin> so apt succeeded despite that error?
[06:35] <mgedmin> what happens if you run apt install --fix-broken again?
[06:37] <Ringtailed-Fox> Reading package lists... Done
[06:37] <Ringtailed-Fox> Building dependency tree
[06:37] <Ringtailed-Fox> Reading state information... Done
[06:37] <Ringtailed-Fox> 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
[06:37] <Ringtailed-Fox> i wonder why it was tryign to install i386 packages... this is an x86_64 machine running ubuntu in WSL2... can it even *run* i386 programs/libraries?
[06:39] <mgedmin> I don't think it was trying to install i386
[06:39] <mgedmin> but according to dpkg -S /usr/share/doc/libjpeg-turbo8/changelog.Debian.gz, the only two packages that share this file
[06:40] <mgedmin> are libjpeg-turbo8:i386, libjpeg-turbo8:amd64
[06:40] <Ringtailed-Fox> yeah, i figured as much
[06:40] <mgedmin> it looks like apt somehow managed to conflict libjpeg-turbo8:amd64 with itself?  don't ask me how
[06:40] <mgedmin> maybe file a bug, if you've time
[06:40] <mgedmin> so "1 not upgraded", what is that about?  apt  policy claims libjpeg-turbo8:amd64 is alread at the latest version
[06:41] <mgedmin> is it still stuck in the unconfigured state because of the failure?
[06:41] <mgedmin> if you run sudo dpkg --configure -a, does that resolve the situation?
[06:41] <Ringtailed-Fox> i have no idea which package is "not upgraded"
[06:42] <Ringtailed-Fox> sudo dpkg --configure -a just returns nothing
[06:42] <Ringtailed-Fox> ran sudo apt-get upgrade
[06:42] <Ringtailed-Fox> said that libmysqlclient20:amd64 had an upgrade available
[06:43] <Ringtailed-Fox> okay... this is definitely entering bizarre territory for me. never had apt-get crap itself that hard... but i'm glad it seems to have fixed itself with your guidance, mgedmin :)
[06:44] <mgedmin> well it had help
[06:44] <Ringtailed-Fox> from me?  not likely.. i come from fedoraland... still getting used to ubuntu's habits :P
[06:44] <mgedmin> don't install random packages with wget + dpkg unless you enjoy cleaning up messes ;)
[06:44] <Ringtailed-Fox> oh yeah.  i agree
[06:45] <Ringtailed-Fox> my next question is.... would following these instructions be a good idea? https://stackoverflow.com/questions/42120938/exec-format-error-32-bit-executable-windows-subsystem-for-linux  you know... just in case i find a good tool but it only comes in a 32-bit package, without a 64-bit version available...
[06:47] <mgedmin> which instructions specifically?
[06:48] <Ringtailed-Fox> sudo apt install qemu-user-static
[06:48] <Ringtailed-Fox> sudo update-binfmts --install i386 /usr/bin/qemu-i386-static --magic '\x7fELF\x01\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x03\x00\x01\x00\x00\x00' --mask '\xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xf8\xff\xff\xff\xff\xff\xff\xff'
[06:48] <mgedmin> eh, I don't see how it could hurt
[06:48] <Ringtailed-Fox> You'll need to reactivate binfmt support every time you start WSL:
[06:48] <Ringtailed-Fox> sudo service binfmt-support start
[06:48] <Ringtailed-Fox> if that's the case, i'd like it to be automatic, so i don't have to worry about forgetting something like that
[06:49] <mgedmin> I don't know how WSL works; doesn't it start services on startup?  would systemctl enable binfmt-support suffice?
[06:50] <Ringtailed-Fox> running that as sudo works :D
[07:30] <CQ> hello, how can I have everything in englishon my system, and just the number formatting and times european?
[07:31] <CQ> in my regional settings I have american english as the default, and in formats I have region s en_US and the numbering etc. in de_DE, but still some applications (apt, and some programs) are coming up in German...
[07:47] <mort> https://p.mort.coffee/F5m.png Ubuntu needs an easier way to let people choose between duplicate ubuntu software entries
[07:50] <ariejan> Hi, I have a ryzen 3700X + Radeon 5600XT system, but booting the ubuntu desktop 21.04 installer panics during boot on amdgpu. I have 1 gpu, 2 monitors. I'm not sure if https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1926792 is related or not. Does anyone know more about this?
[07:51] <geirha> mort: Haven't checked, but I'm guessing one of those is a snap and the other is from apt
[07:52] <mort> yeah
[07:52] <mort> the entries should probably say something about that though
[07:52] <mort> (the snap listing is also wrong, it claims to be 0.18 in the description but has version 0.19)
[07:53] <mort> (oh, and the apt listing is wrong, it claims to be proprietary and never updated)
[08:36] <gebbione> do you know if there is a way to force sound from speakers even when the headphone jack is plugged in?
[08:38] <mgedmin> yes: open sound preferences, select output device
[08:39] <mgedmin> ... I think, it's been a long time since I used wired headphones on my laptop
[08:39] <mgedmin> if you can't switch between headphones and speakers there, there's still a way with pactl from the command line
[08:39] <mgedmin> but pactl is a terribly inconvenient tool
[08:49] <gebbione> switching output device does not work for me indeed
[08:55] <txtsd> How long does it usually take for the first LTS point release to come out?
[08:57] <gebbione> mgedmin, pulse volume shows the line output (as opposed to headphones) as unplugged even if the cable is still plugged in
[08:58] <mgedmin> huh
[09:06] <lotuspsychje> !release | txtsd
[10:34] <txtsd> lotuspsychje: point release, not a full release
[10:35] <lotuspsychje> txtsd: did you click the first wiki to see the . releases list?
[10:35] <txtsd> Oh I see it now
[10:35] <txtsd> Thanks
[10:35] <mgedmin> generally when there's a new non-LTS release, there's also a point release for the previous LTS at about the same time
[10:36] <Maik> txtsd: the first point release of a LTS comes about 3 months after the first LTS release
[10:36] <Maik> it's in the release schedule
[10:45] <txtsd> Thanks
[12:16] <nikolam> So, is it recommended to update from 20.10 to 21.04 yet ? (Xfce/Xubuntu desktop)
[12:16] <nikolam> Have Btrfs apt-btrfs-snapshots on package install, so I can go back)
[12:18] <mgedmin> https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1925010 is still not fixed, and 20.10 -> 21.04 release upgrades remain disabled for now
[12:19] <nikolam> thanks mgedmin
[12:21] <BluesKaj> Hi folks
[12:21] <luna> hey
[12:52] <pagios> hello, i did setup the default ubuntu hotspot and it takes WPA by default how can i switch it to WPA2 ?
[13:03] <jeremy31> pagios: Should be able to edit the connection to change it
[13:05] <pagios> jeremy31, issue is windows machines refuse to connect
[13:05] <pagios> i have wpa3 does not work with windows too
[13:09] <jeremy31> pagios: Surprised that windows refuses because of WPA
[13:16] <TJ-> pagios: you're using hostapd? check its logs
[13:17] <pagios> TJ-, not sure what it is using
[13:17] <pagios> not hostapd as i dont see it in the p-s -ef
[13:19] <TJ-> pagios: hostpad is the parent (project) of wpa_supplicant
[13:19] <pagios> TJ-, yea i do havethat process  /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
[13:20] <TJ-> pagios: are you using NetworkManager to configure the local AP, or something else?
[13:20] <pagios> TJ-, i am using the graphical interface inside gnome, the one in the sidebar
[13:21] <TJ-> pagios: I don't use gnome so don't know what it uses
[13:24] <jeremy31> gnome-network-manager
[13:28] <pagios> so any idea?
[13:34] <JonJ> Hello! A couple of years ago the Ubuntu shop where you could buy stuff like hats/bags/whatever got shut down. Anyone know if Canonical is planning on bringing it back?
[13:36] <timvisher> Is there any way to retrieve older deb files for a package that's been updated in the primary package archives? I'm specifically looking for older versions of openjdk-8-jdk.
[13:38] <lotuspsychje> !discuss | JonJ
[13:39] <JonJ> Ah, okay
[13:42] <oerheks> timvisher,  go wild on http://ftp.ubuntu.com/ubuntu/pool/universe/o/openjdk-8/
[13:42] <oerheks> no support
[13:44] <timvisher> oerheks: Obviously. :)
[14:48] <Peanut> Hi! I have an issue in 21.04 with Ethernet interface names changing every reboot, making networking quite unreliable. I've tried to configure systemd to use 'path' based names, but still end up with 'eno0/1 and eth0/1' duking it out. I've removed netplan to go back to 'interfaces', with no improvement. What are the various parts of the kernel, systemd or elsewhere that control this naming, and how could
[14:49] <Peanut> one figure out which is doing these things? I'd like to have 'stable' names like enp3s0f0.
[14:51] <sarnold> Peanut: my guess is udev rules, there (was? is?) a file like 70-persistent-net-names or something similar that usually had macs and names in them
[14:52] <Peanut> sarnold: Thanks, but that seems to have long ago been replaced by systemd, even my few remaining 18.04 systems don't have that file any more.
[14:53] <sarnold> but udev is part of systemd..
[14:53] <Walex2> Peanut: You have to create that file if you want it to work...
[14:54] <Walex2> Peanut: 'systemd' has its own variant of 'udevd' but it uses the same configuration files. 'man 8 systemd-udevd'
[14:58] <Peanut> Walex2: The scheme we've had since 18.04 was names like 'enp4s0f0', which requires no further configuration or handcrafting of configuration files. Is there a way to enable that again without having to generate the old 70-persistent-net-names again?
[15:02] <TJ-> Peanut: see "man systemd.net-naming-scheme"
[15:07] <Peanut> TJ-: Going through that one now. The file /lib/systemd/network/99-default.link is the only one that seems to be in effect. Copied it to /etc/systemd, and changed 'NamePolicy' to only include 'path'. That seems to have given me fixed names again, but that file hasn't changed between 20.04 and 21.04.
[15:07] <TJ-> Peanut: that has a link to https://systemd.io/PREDICTABLE_INTERFACE_NAMES/ where it describes the algoorthim for choosing, and where it shows that eno1 form is the preferred since systemd v197 *if firmware/BIOS  provides it*
[15:08] <TJ-> Peanut: in the web-link read the section "What precisely has changed in v197?" and the list 1 - 5
[15:08] <TJ-> Peanut: my guess is the newer kernel now extracts the info required by (1) and therefore it is being used
[15:10] <Walex2> Peanut: if you want totally stable naming the only way is to associated the name with a unique id like Ethernet addreess rather than hardware path, which *may change* (even if quite rarely).
[15:10] <Peanut> TJ-: Unfortunately, it seems to have brought us right back to where we started: interface names changing upon reboot. I have two on-board ports, and they randomly get eth0/eth1/eno0/eno1
[15:10] <Walex2> Peanut: then you have conflicting naming schemes.
[15:11] <Peanut> Walex2: Clearly - or rather, this is a brand-new 21.04 install, so I would sayt that Ubuntu may have a conflicting naming scheme in 21.04.
[15:11] <TJ-> Peanut: have you examined the udevd logs, afte renabling debug logging
[15:12] <Walex2> Peanut: because eth0, eth1 vs. eno0, eno1, is a different problem from eno0, eno1 vs. eno3, eno4.
[15:12] <Walex2> the case of different numbers within the same naming scheme can happen if the hw paths are enumerated differently, but that cannot happen if the naming schemes changes randomly.
[15:13] <TJ-> Peanut: try adding "udev.log_priority=debug" to the kernel command line
[15:13] <Peanut> TJ-: done, rebooting
[15:16] <Peanut> TJ-: Wowk, that generates a lot of scrolling on the console! (Logged in over IPMI at the moment, due to lack of stable networking)
[15:17] <TJ-> Peanut: ahh, yes, well "debug"
[15:18] <TJ-> Peanut: "journalctl -b 0 -u systemd-udevd.service" when you have good access
[15:23] <Peanut> TJ-: Ok, got there (didn't take quite 5 minutes, took a quick break)
[15:34] <Peanut> On this boot, it seems we got eno1 and eth1. For enp3s0f0 and enp3s0f1, two posts on an on-board dual-port 10G X540-AT2. How would one find the original kernel name?
[15:37] <vlm> Peanut, did you try dmesg|grep 'X540-AT2' or else hardware name?
[15:39] <TJ-> original kernel names would be eth0 and eth1
[15:39] <Peanut> vlm: Good one. I get 'eno1: renamed from eth0' (but never eth0) in dmesg, the other one seems to stay as eth1.
[15:39] <TJ-> Peanut: my guess is eth0 -> en1 then attempts eth1 -> en1 which is taken
[15:39] <Peanut> The dmesg doesn't show the original kernel names, only when they happen to get renamed.
[15:40] <TJ-> Peanut: the udev log should show what happened during renaming, in detail
[15:42] <Peanut> TJ-: 32252 lines of detail, working through that at the moment.
[15:45] <TJ-> Peanut: search for "net_id" the  builtin that handles it
[15:45] <Peanut> Curiously, the 'eno1: renamed from eth0' does not seem to have a corresponding entry in the udev log at all, so that may happen before udev?
[15:45] <TJ-> Peanut: or the first instance of "eth0"
[15:45] <Peanut> There's no instance of the string 'eth0' in the udev log, but there is in dmesg.
[15:47] <Peanut> In dmesg, we get "ixgbe 0000:03:00.0 eno1: renamed from eth0", so I wonder if that's due to the ixgbe driver itself?
[15:47] <TJ-> Peanut: does the systemd-udevd log have entries such as "Using default interface naming scheme 'v245' "
[15:48] <Peanut> Yes, v247
[15:50] <TJ-> Peanut: what does this report: "sudo udevadm test-builtin net_id /sys/class/net/eth1"
[15:52] <Peanut> 'No such device' but that's because I have for now configured systemd to use the 'path' naming convention. When I do it for enp3s0f0, and for enp3s0f1, they both report 'ID_NET_NAME_ONBOARD=eno1'
[15:53] <TJ-> aha
[15:53] <Peanut> So that seems to originate from the firmware.
[15:53] <TJ-> there is your problem then. because both interfaces are on the same slot
[15:53] <Peanut> That's expected for a dual port card, innit?
[15:54] <TJ-> well it ought not; it isn't like dual/quad port adapters aren't common
[15:55] <Peanut> These cards (and most dual/quad cards I've seen) are the same slot, but not the same function. That's why I get enp3s0f0 and enp3s0f1.
[15:59] <Peanut> TJ-: everyone - thanks very much for your help so far. I have to leave the office now (lockdown rules), back in an hour or so.
[16:02] <TJ-> Peanut: looking at the source-code for udev-builtin-net_id.c it gets the name from the system's ACPI DSDT, specifically the _DSM (device specific method)
[16:09] <timvisher> Is there some way to tell `apt-get install <pkg>=<version>` to install the package's dependencies at the correct version? I'm atteming to run `apt-get install openjdk-8-jdk=8u77-b03-3ubuntu3` and it's complaining that the wrong version of its dependencies are going to be installed but the correct versions are available if I run `apt-cache policy openjdk-8-jre`, for instance.
[16:16] <TJ-> timvisher: possibly adding --print-uris and --allow-downgrades and see what versions are revealed in the printed URIs
[16:17] <timvisher> TJ-: Thanks. I'll give that a try.
[16:20] <timvisher> TJ-: `sudo apt-get install --print-uris --allow-downgrades openjdk-8-jdk=8u162-b12-1
[16:20] <timvisher> …
[16:20] <timvisher> E: Unable to correct problems, you have held broken packages.` and I don't see any obvious URIs being printed. :\
[16:21] <timvisher> What appears to work is `apt-get install openjdk-8-jdk=8u162-b12-1 openjdk-8-jre=8u162-b12-1 openjdk-8-jdk-headless=8u162-b12-1 openjdk-8-jre-headless=8u162-b12-1` but obviously I'd like it to just select the proper version of the packages.
[16:32] <TJ-> timvisher: I think --print-uris failed because you'd previously had a failure to install
[16:33] <timvisher> TJ-: That makes sense.
[16:35] <TJ-> timvisher: as it stands apt doesn't have a way to do what you want with dependencies, but it is a valid use-case, so I reccommend opening a bug against apt.juliank has been doing a lot of improvements to apt so it may get on his radae
[16:36] <timvisher> TJ-: Neat! Thanks for helping me out. What I have isn't the worst work around. :)
[16:42] <nuala> uhm a friend gave me their laptop to fix… it's _not_ ubuntu, but seemingly freezes during decryption of luks disks. any clue where to go (their distro support don't seem strong with the luks-power… happy may4 btw)
[16:43] <TJ-> nuala: try asking in ##linux
[17:02] <nuala> ty!
[18:05] <j5v1> might be a bit of an odd question, but does anyone know of a theme for cinnamon and an icon pack to make my desktop look like older versions of ubuntu (such as ubuntu 8 or 10)?
[18:08] <Maik> j5v1: Ubuntu Mate would have been a better option than installing cinnamon on top of Ubuntu. Ubuntu MATE is easier to let it look like Ubuntu 8.04 or 10.04
[18:08] <shush> Hello, I'm looking to do `tail -f file.log | jq .` in a tmux session but scrolling in tmux is painful. Any suggestion on how I can get a tail of the log file with some good scrolling abilities?
[18:09] <j5v1> Maik, good point, may have to look into using MATE
[18:09] <Maik> j5v1: here's mine from a while ago: https://ubuntu-mate.community/uploads/default/original/3X/e/5/e5fff2e827d074bc3eccf7f809683ddbf3474283.jpeg
[18:34] <jason1234> !ubuntu releases
[18:34] <jason1234> In year 2003, which Ubuntu release was available?
[18:34] <jpmh> I am NOT a docker user and do not have it on my servers.  I have a client that wats us to allow docker.  I created adocker container that was JUST Ubuntu, on a Ubuntu machine.   When I use that container on another machine with the docker daemon it can bypass file permissions because the dameon runs as the root, from what O can see.  Is this true?
[18:35] <lordcirth> jason1234, none. The first release was 2004.
[18:36] <lordcirth> jpmh, if the container is running in priviledged mode, it can break out. But unprivileged is the default.
[18:38] <jpmh> lordcirth:  you say "the container" - If I pull the container from another test server when running as an unpriv user how does that allow the conatiner to run priv, as it seems to? So, clearly I'm missing soething crucial here
[18:38] <jpmh> lordcirth: I would add that I literally just installed docker using apt so on both test machines it is set however the defaukt it
[18:39] <lordcirth> jpmh, I'm not very familiar with docker, but perhaps the container was configured to run priv, and that was copied. https://docs.docker.com/engine/security/userns-remap/
[18:40] <lordcirth> You may need to create /etc/sub{g,u}id
[18:41] <jpmh> lordcirth: I'm sure that is the case. But that sure seems a problem.  If I create sucha container on MY server then go to a server that I do not have privs on and bring in that container that should notallow meto break out
[18:43] <jpmh> lordcirth: realistically it is HORRENDUS that the defaul docker setup has this hole.  Or, am I missing something?
[18:44] <lordcirth> jpmh, the default docker setup presumably does not assume an untrusted user being able to run arbitrary docker commands on the host.
[18:44] <lordcirth> How are you allowed to spawn containers if you are not trusted?
[18:45] <jpmh> lordcirth: yes - but that BREAKS the whole *nix philosophy
[18:45] <lordcirth> jpmh, You should ask on #docker
[18:50] <jpmh> lordcirth: I lost connectin - if you suggested anything ghen please re-send
[18:50] <TJ-> jpmh: there's a difference between the permissions of docker daemon and the container itself
[18:51] <jpmh> lordcirth: so, the probem would seemtobe that if I allow a user ANY access to docker I am giving hom complete accessto the machine.  My cliet wants to be able to run a simple docker container
[18:52] <jpmh> TJ-: OK - so, the daemon is running the default way the install set it.It seems therefore that any container that is run has complee acces to the entre machine.  What am I missing?
[18:52] <jpmh> TJ-: indeed the daemon is running as the root - that's how the defaut install goes
[18:53] <TJ-> jpmh: docker-daemon is the supervisor, not the container. It takes the image, creates the container, sets the cgroup/namespace limitations, for unprivileged containers it alters the UIDs/GIDs based on subuid/subgid and starts the init process inside the container
[18:54] <TJ-> jpmh: in the same way that logind, running as root, allows you to log-in and create a user session
[18:54] <lordcirth> jpmh, If you want the client to have a container, but not any priviledges outside of it, then *you* make the container and add his ssh keys or whatever. Do not give their user permissions to manage docker.
[18:54] <TJ-> your user session has your UID/GID not root
[18:55] <TJ-> jpmh: if you want a daemonless alternative see podman and crun and friends
[18:55] <jpmh> lordcirth: the problem is  that the client is a Starbucks franchise and wans to run thecontainer that Starbucks provide.  So, making the container is not achoice
[18:56] <TJ-> jpmh: so just make the container unprivileged
[18:56] <lordcirth> jpmh, what do you mean? you download and run the container.
[18:56] <jpmh> TJ-: what I am missing here is that if I give a user acces to docker and he then choses to bring in a container that is privilged then he seems to get the priv -
[18:56] <TJ-> jpmh: you can also run the docker-daemon 'rootless'
[18:56] <lordcirth> jpmh, yes, if you give a user the ability to give orders to a daemon running as root, they have root.
[18:56] <TJ-> jpmh: you don't give the user access to docker, only to the container
[18:57] <lordcirth> Last I checked, rootless docker was a pain
[18:57] <TJ-> makes sense, if it ain't root !
[18:57] <jpmh> lordcirth: are you suggesting that I do not grant im a limited shell whth docker, bt that I just boot him right nto the container?  Actually, tat would work
[18:58] <TJ-> jmcgnh: https://docs.docker.com/engine/security/rootless/
[18:58] <jpmh> TJ-: our messages crossed - YEP - that makes sense
[18:58] <lordcirth> jpmh, there is no need for them to have any shell on the host.
[18:58] <lordcirth> They want a container, not a shell that can start containers
[18:58] <jpmh> lordcirth: YEP - that's the solution
[18:58] <TJ-> jmcgnh: think of it like operating a hotel. You operate the hotel, manage the kichen, serve the food... but you only allow your guests to sit at the table and eat what you serve them
[19:00] <jpmh> lordcirth:  and TJ- wht I do not like about this is that: 1) I did bother to test and check, and you guys helpedme gain clarity. 2) many users will not think this through and the default is HORRIBLE.  Unde *nix I shouldbe ableto give a user limited shellaccess and rely on the OS to LIMIT him
[19:00] <lordcirth> jpmh, by default, only root and users in the 'docker' group can manage the docker daemon.
[19:01] <lordcirth> So the default is correct.
[19:01] <jpmh> TJ-: the hotel anaology does not work for me - if the hotel gives me access to a phone I do not expect full access to the PHONE system
[19:01] <jpmh> lordcirth: and TJ - so does this sound a reasonable solution:
[19:02] <jpmh> set up a new account on the server for the user. Set that account to start directy into his docker container and so be llimited.  And of course that user would needto be part of the group "docker"
[19:03] <lordcirth> jpmh, no. They do not need any user on the host, and certainly not one in the privileged "docker" group
[19:03] <jpmh> lordcirth: OK, than how do I allow them access to the comtainer?
[19:03] <lordcirth> jpmh, ssh, usually
[19:04] <jpmh> lordcirth: that is what I was suggesting.  Set him up with ssh access to an account that IMMEDIATELY syatys then container instead of bash
[19:04] <lordcirth> jpmh, no, they ssh into *the container*.
[19:05] <jpmh> lordcirth: so you wnat the container already running?  Right?
[19:06] <lordcirth> jpmh, yes, just have the container configured to start on host boot.
[19:07] <jpmh> lordcirth: I'm not thinking this well.  Given that the container assumes that he has shell access and that it was started as an interactive terminal, how do I set that to be ssh accessible to him
[19:07] <jpmh> it is expecting tty not an ssh connection
[19:07] <lordcirth> Ah, I see.
[19:08] <lordcirth> A docker container that's only supposed to be run locally? That's... whyyyy.
[19:08] <jpmh> lordcirth: doyou seeanything wrong with my Kludge of an account that uses a startup of the container rather than bash?
[19:09] <jpmh> lordcirth: correct - itis HORRIBLE
[19:09] <lordcirth> jpmh, I guess it's ok, if you change their shell?
[19:09] <lordcirth> Or, actually, you could use sudo.
[19:10] <lordcirth> You could give them access to use sudo for the *one* command "docker run <container>"
[19:10] <jpmh> lordcirth: the only reason I am even CONSIDERING this is thta the client has 200 coffee shops that are using my POS system and he wants to add this feature - and 200+ is a significant proprtion of my 1200_ installations
[19:10] <jpmh> lordcirth: what is the advantage to the sudo compared to just a login-shell that is the docker container?
[19:11] <lordcirth> Alternatively, give up and give them a VM
[19:11] <lordcirth> A VM with a real OS with ssh.
[19:11] <leftyfb> jpmh: look into lxd maybe?
[19:11] <jpmh> the provider of the ontainer is assuming that the users will be using docker on their own machines, not a shared server I suspect
[19:11] <lordcirth> You can't launch a docker container in lxd without the LXD container being priv, I think
[19:11] <jpmh> lordcirth: I don't understand your last comment
[19:12] <leftyfb> jpmh: your docker questions should really be directed at #docker btw
[19:12] <jpmh> leftyfb: what are oyu suggesting with lxd
[19:12] <leftyfb> jpmh: lxd as opposed to docker. If it's an option
[19:12] <lordcirth> jpmh, The easy solution is to create an Ubuntu virtual machine (with libvirt) and give them ssh access to that. Then you don't have to worry about permissions.
[19:13] <lordcirth> Then they can be in the docker group and start their wierd local docker container in their own sandbox.
[19:13] <jpmh> leftyfb: but will lxdrun docker containers - remember I am NOT the creator of the container?
[19:14] <lordcirth> No, LXD is not a solution for a vendor-provided docker container
[19:14] <jpmh> lordcirth: what does that hive me that just setting their shell to the coeker container does not give me - TW, I am testing that idea as we speak and it seems clean - fast etc.  And when he exits the container he is disconneced
[19:16] <lordcirth> jpmh, Less ways for a mistake to happen. I don't know the security properties of hijacking $SHELL and trusting that to be secure.
[19:18] <jpmh> lordcirth: my understanding ofthe OS is that an ssh login starts the specified shell and when that exits the user is disconnected.  But that s a goodquestion - is  there a way past that
[19:20] <lordcirth> jpmh, try ssh -t "bash --noprofile"
[19:22] <jpmh> lordcirth: I'm missing something there
[19:22] <lordcirth> jpmh, supposedly that bypasses a modified shell
[19:23] <lordcirth> try it as your restricted user
[19:24] <jpmh> lordcirth: I'm trying it - I can do the -t, but I do not see the -t taking a parameter YET
[19:25] <lordcirth> It's the command, not a parameter to -t, I believe
[19:26] <jpmh> lordcirth: I trie: ssh -p 2323 test@testmachine.com - all works as exected I get my container
[19:26] <jpmh> then I tried ssh -p 2323 -t .... - again- all as expected
[19:26] <jpmh> what I do notsee is how topass "what to do" to the ssh daemon on the serrver
[19:27] <jpmh> in fact, if there wa a way to do that, wouldn't that be a horriblehole tat a user with a restricted shell ocpuld just use a NON-restcited shell by specifying what to do
[19:28] <jpmh> lordcirth: what are you suggestingmy ssh command should be to do that bypass
[19:29] <lordcirth> And "ssh -p 2323 test@testmachine.com -t "bash --noprofile" does what?
[19:30] <jpmh> if you are just suggesting that I have the command - then no - this is NOT a bypass since the command is executed by the shell that has been created per the etc/passwd file - and it is my container, and it does not know what to do with the command
[19:30] <jpmh> lordcirth: it just brings uo the cotainer - sI would hope
[19:31] <lordcirth> Ok.
[19:31] <jpmh> I think/believe that the command is apssed to the login shell, which in my case is the container
[19:32] <jpmh> if you think about it any other methd would mean that people could get past the use of rbash as a loginshell
[19:58] <jpmh> leftyfb: lordcirth TJ - thanks for the help and patience - I'm going to confirm in the docker groupl ut I think we have a solution
[20:19] <nuala> shush: more a workaround but: open a new tmux-window and have `less logfile` or `tail logfile -n99999|less` ready to use?
[20:35] <dob1> I don't use gnome as desktop manager but just openbox.  The problem is that every ubuntu related software (store and upgrade) doesn't work while am I using openbox. any help for this?    the softwares load but when there are some administrative task to execute (like instlaling/upgrading software) it do nothing.
[20:36] <sarnold> dob1: you'll probably have to be more specific
[20:36] <sarnold> dob1: I run apt upgrade and apt install things all the time in i3 and never noticed any problems
[20:38] <dob1> sarnold, apt and apt dist-upgrade are not a problem.  it's for example the store the problem.  when I click install on a software nothing happen. imho it doesn't prompt for password authentication needed for instlalation
[20:38] <dob1> it miss that dialog, I don't know why
[20:39] <dob1> and some software are on snap packages so the only way to install them is from the store
[20:40] <leftyfb> dob1: sudo snap install <package name>
[20:40] <leftyfb> dob1: there is no package that can be installed through the "store" that you can't install using apt or snap
[20:41] <dob1> leftyfb, ok I can use this way
[20:41] <sarnold> dob1: oh, so perhaps you don't have a policykit thing installed? I wonder if there's a favourite in the openbox community
[20:42] <dob1> sarnold, I have policykit-1  and policykit-desktop-privileges
[20:42] <sarnold> dob1: 'apt-cache search policy kit agent' will show you some package names for one from kde, gnome, lxde, and ukuik
[20:42] <sarnold> dob1: any agents?
[20:42] <dob1> sarnold, no
[20:43] <dob1> which one to install?
[20:43] <dob1> I don't know what ukuik is
[20:44] <sarnold> dob1: well, it's mostly a typo, hehe, it's 'ukui' :) I also haven't got a clue what it is.
[20:44] <sarnold> dob1: I'm still not great with this keyboard, hehe
[20:44] <dob1> sarnold, no problem :)
[20:46] <sarnold> dob1: try running 'apt-get -s install lxpolkit ; apt-get -s install lxqt-policykit ; apt-get -s install mate-polkit ; apt-get install -s policykit-1-gnome ; apt-get -s install polkit-kde-agent-1'  and compare the list of packages that will be installed; perhaps one will only require four or five packages, perhaps one will require a hundred
[20:46] <sarnold> dob1: without having a clear reason to pick one or another, I'd pick the one with the fewest deps :)
[20:47] <dob1> sarnold, I give it a try thanks
[21:06] <unloading> Hi, i'm running 3955WX on an GA-WRX80-SU8-IPMI motherboard, ubuntu-server kernel 5.11. I would like to have more control over my fans because of noise issues. In the bios of this motherboard you can enable "automatic mode", or 3 modes with no knowledge of the setpoints. I do not like that.... Running sensors-detect gives me "Found `Nuvoton NCT6683D eSIO'  (but not activated)". I tried modprobe
[21:06] <unloading> nct6683 force=1, didnt work. Also i enabled the kernel driver aspeed-pwm-tacho , but i have no idea how to interface with it. Looking for some idea's / help.
[21:12] <tomreyn> unloading: you didn't mention the ubuntu release
[21:12] <shush> nuala: You're saying to use less?
[21:13] <shush> What does -n99999 do?
[21:14] <shush> I tried less, but I don't see the coloring and I think less will cut off text after a certain point
[21:14] <shush> Is there a way to get scrolling in tmux?
[21:15] <leftyfb> shush: https://superuser.com/a/209608    # first result on google for "tmux scroll"
[21:15] <unloading> tomreyn: 21.04
[21:19] <tomreyn> unloading: hmm, ok, i came across bug 1858369 but i guess you foudn this one already, since you say you already tried     modprobe nct6683 force=1
[21:19] <unloading> tomreyn: yep :) dmesg returns: nct6683: EC base I/O port unconfigured
[21:21] <tomreyn> unloading: maybe you need to scan more areas with sensors-detect then
[21:22] <tomreyn> or just update the bios?
[21:22] <tomreyn> https://github.com/torvalds/linux/blob/e4adffb8daf476a01e7b4a55f586dc8c26e81392/drivers/hwmon/nct6683.c#L1370
[21:23] <unloading> tomreyn: i have the latest version.
[21:23] <tomreyn> about aspeed-pwm-tacho, you probably found https://www.kernel.org/doc/html/latest/hwmon/aspeed-pwm-tacho.html ?
[21:23] <unloading> tomreyn: yes
[21:24] <tomreyn> so you should see the pwmX FSO in /sys/module/aspeed_pwm_tacho/
[21:25] <tomreyn> and you should be able to echo integer values to it
[21:25] <unloading> tomreyn: Ye thats also not the case
[21:26] <tomreyn> so /sys/module/aspeed_pwm_tacho/ does not exist, or pwm* doesn't exist there, or...?
[21:27] <unloading> tomreyn: the dir exists. But pwm* doesn't
[21:28] <unloading> tomreyn: https://paste.ubuntu.com/p/jsFgZt9SyW/
[21:32] <tomreyn> unloading: there's a 5.12 pre change to this module: https://github.com/torvalds/linux/commit/da75b2245281ec28b74117f6da219405464928be
[21:33] <tomreyn> i'm not sure it's relevant, though
[21:34] <unloading> tomreyn: is there a way to use this, and not upgrading to kernel 5.12 ?
[21:35] <unloading> tomreyn: Because i can't upgrade to 5.12 because of openzfs support.
[21:35] <tomreyn> you could rebuild the module with the patch applied to it.
[21:36] <tomreyn> but i'm not even sure that you have pwm control done by the AST 2500 on your system. are you?
[21:37] <unloading> tomreyn: Atm its not controlled by ast2500. But i thought it could be controlled by the ast2500.
[21:38] <tomreyn> if that's switchable it's most certainly switchable in bios
[21:40] <unloading> tomreyn: Well in bios there is only the option to switch fancontrol to automatic. Nothing more is given, just automatic mode. Or manual, than you can set 3 setpoints for low,medium,high fan rpm.
[21:41] <tomreyn> and there are no fan control options in the bmc, i assume?
[21:41] <unloading> tomreyn: Yes
[21:42] <tomreyn> then i wouldn't expect the fans tto be controlled by the ast2500 on this system
[21:42] <tomreyn> maybe the folks in ##hardware would know better, though
[21:42] <unloading> tomreyn: k maybe i can ask there
[21:43] <unloading> tomreyn: thanks for helping me
[21:43] <tomreyn> i'd also check lm-sensors for updates after the version you have now
[21:44] <tomreyn> i.e. check git commits, maybe there's something about the nct6683 that was only added recently
[21:45] <tomreyn> or just get the latest sensors-detect first of all
[21:45] <unloading> tomreyn: k
[21:46] <jjbuggle> Depends: grub2-common (>= 2.02~beta2-36ubuntu3.31) but 2.04-1ubuntu26.11 is to be installed  <------ how do I resolve that properly?
[21:46] <stemid> hey I'm expanding an LVM on an ubuntu 18.04 server and for some reason it was created on a logical partition, on an extended partition. never seen this setup before. https://bpa.st/XHVA here's how it looks. the start sector is slightly different on the extended partition but the logical one with the LVM signature is the same. so I guess that's fine right?
[21:47] <stemid> fdisk did find the LVM signature and kept it.
[21:49] <tomreyn> jjbuggle: which ubuntu release is this? you seem to be mixing packages from different releases
[21:50] <jjbuggle> tomreyn: I'm on xubuntu 20.04, an upgrade from 18.04.  Clean install of 18.04, with 10+ year old /home.    That's it
[21:50] <tomreyn> jjbuggle: how did you upgrade?
[21:51] <jjbuggle> tomreyn: hmmm, I don't remember.  But I usually follow the release notes instructions.  Probably used the graphical upgrade tool.  I think I did do that
[21:52] <jjbuggle> I think the only funny thing I did, was flip a setting, whatever, that made it do the upgrade when the release came out, rather than waiting for the point release which is when LTS usually upgrades
[21:52] <tomreyn> jjbuggle: if running this seems safe to you, please do:  sudo /bin/true && cat &>/tmp/aptlog < <(sudo grep -hEv '^([ ]*#.*)?$' /etc/apt/sources.list{,.d/*.list} 2>&1; sudo apt-get -y update 2>&1; apt-cache policy 2>&1; sudo apt-get -syV full-upgrade 2>&1;); nc termbin.com 9999 </tmp/aptlog && rm /tmp/aptlog
[21:53] <tomreyn> jjbuggle: so you did an unsupported upgrade, i see.
[21:54] <jjbuggle> I mean, unsupported, but, still following the official release notes, so....
[21:55] <tomreyn> if the above commands seem scary, try running those that seem safe one by one, and report both the full command you ran, and it's full output, incl. watrnings / errors, on a pastebin
[21:56] <jjbuggle> https://termbin.com/lxc8
[21:56] <jjbuggle> it did seem scary, but I looked through it.
[21:57] <tomreyn> stemid: your paste says "Before delete/create" and "After", but you're not telling what you changed exactly.
[21:58] <tomreyn> jjbuggle: what does this report?    apt list --installed | grep ',local\]$'
[21:58] <tomreyn> (on a pastebin)
[21:58] <jjbuggle> damn, I have to run actually.  my current work around was to just uncheck the grub stuff
[22:00] <stemid> tomreyn: nevermind, it worked. and also there were fs errors so had to run fsck -yf which is probably why the fs was remounted as ro in the first place. solved now.
[22:00] <jjbuggle> tomreyn: fwiw: https://termbin.com/q3gf
[22:01] <jjbuggle> ok, I really have to go.  Thanks for your help!
[22:02] <tomreyn> you're welcome
[22:08] <tomreyn> stemid: the partitioning tool you used there seems to have moved the start of the extended area to the front, which could be fine, since it does not overlap with the regular / primary partition area. it also seems to have extended the extended area to towards the end. it also increased the extended partion which contains your LVM PV, but did not move this partition within the extended area, so that you now have a bit of slack space at the
[22:08] <tomreyn> beginning of the xtended area.
[22:08] <tomreyn> (but so little it probably won't do harm)
[22:09] <tomreyn> stemid: whether or not the LVM PV was also grown can't be told based on the output you provided so far.
[22:09] <tomreyn> ("sudo pvs" could tell)
[22:24] <stemid> well it did grow. it's solvd now.
[22:24] <stemid> I just wasn't used to the setup of having a logical partition in an extended one. and the start sector changing made me concerned.
[22:24] <stemid> and the paste was pretty clear, it goes from one size to another.
[22:42] <Deano59> in debian, you install zram-tools but in ubuntu you install zram-config - debian is under /etc/default/zram-tools but I can't find it under ubuntu?
[22:43] <Deano59> brb, gonna google.
[22:43] <sarnold> Deano59: they're both in universe, why prefer one over the other?
[22:45] <Deano59> brb
[22:47] <Deano59> thanks sarnold, forgot about universe. :)
[22:48] <ash_worksi> sarnold: another happy customer
[22:48] <sarnold> :)
[22:50] <ash_worksi> :D
[22:50] <ash_worksi> o/
[23:09] <nuala> shush: "and I think less will cut off text after a certain point" i dont think i have experienced this. do you mean horizontally? have you tried cursor left and right keys?
[23:11] <nuala> tbh: i think tmux cuts of scrollback (or terminal emulator, can't tell) point is: given enough noise in between i cant scroll further back up. less is more and trusty tool to examine even bigger files... since... way before i head about it ^^;