| sarnold | Drew_Neilson: there's a few options: (a) you can write an apparmor profile for applications (b) systemd service files allow some filesystem namespace options, seccomp system call filters, etc (c) you can use bwrap to do some sandboxing (d) you can use firejail to do some sandboxing | 00:09 |
|---|---|---|
| Drew_Neilson | sarnold I'm brand new to Linux and am just starting to learn the Terminal. Would you mind explaining that to me like I'm 5 years old? | 00:12 |
| Drew_Neilson | Does each Linux application and/or service have its own "user"? | 00:14 |
| Drew_Neilson | I ask because I'm trying to set up Emby server and it says "you must grant the Emby system user at least read access to your storage locations." | 00:16 |
| Drew_Neilson | And while researching this, I came across the following: https://support.emby.media/support/solutions/articles/44002313183-how-to-set-permissions-on-dsm-7#:~:text=Click%20Edit%2C%20then%20select%20the%20Permissions%20tab%3A%20Change,but%20we%20suggest%20granting%20Read%2FWrite%20access%20like%20this%3A | 00:17 |
| Drew_Neilson | ... which is about Synology network storage and so not directly applicable, but it shows that the user needs to grant permissions to *individual applications/software*. | 00:18 |
| sarnold | Drew_Neilson: some services, like apache or nginx, will have their own user accounts; most programs just run as whatever user started the program | 00:19 |
| sarnold | Drew_Neilson: so eg your libreoffice applications have access to your firefox cookies, your firefox has access to your tax files, etc | 00:20 |
| sarnold | Drew_Neilson: these emby folks probably have an application ecosystem where every single service gets its own user account, and files, and you can say which accounts get access to which files | 00:21 |
| Drew_Neilson | Since my Ubuntu Server is headless and I'm setting it up so that when I need to access it (do commands, etc.) I do it via SSH, is it possible that when it boots it doesn't load any user? | 00:21 |
| Drew_Neilson | (and therefore, Emby cannot access the local media folder I want it do because I'm possibly not logged in as "drew"?) | 00:21 |
| oerheks | when i read https://learnubuntumate.weebly.com/emby-media-server.html the 1st user is vreated at first start.. | 00:22 |
| oerheks | c/created | 00:23 |
| sarnold | Drew_Neilson: probably your ubuntu server will be running processes owned by root, syslog, messagebus, systemd-timesyncd, systemd-resolved, maybe more.. | 00:23 |
| oerheks | read it through, before beginning to configure it | 00:24 |
| sarnold | Drew_Neilson: those are all real 'user accounts', but you won't need to actually know about / interact with them often, if ever | 00:24 |
| oerheks | ekse, there is a #emby chanel here on #Libera | 00:24 |
| sarnold | Drew_Neilson: the snap packages on ubuntu have sandboxing applied already -- so, eg, if you use the firefox snap package, it shouldn't have access to your ~/.gnupg or ~/.ssh directories (I think, I haven't actually checked) | 00:25 |
| Drew_Neilson | oerheks that link seems like it might solve this issue | 00:28 |
| oerheks | jups, especially the UFW part is handy.. | 00:28 |
| Tahr-user | Here is the Ubuntu entry so far: | 01:04 |
| Tahr-user | label 4 | 01:04 |
| Tahr-user | kernel /f/umate/casper/vmlinuz | 01:04 |
| Tahr-user | append initrd=/f/umate/casper/initrd.gz pmedia=usbflash psubdir=/f/umate | 01:04 |
| Tahr-user | What should the entry be so it boots? | 01:07 |
| preach | what | 01:09 |
| Tahr-user | How do I get Ubuntu to boot? I have extracted the Ubunto MATE .iso into the directory /f/umate on the flashdrive (or used the software to help copy out the files and directories after mounting the .iso). | 01:12 |
| sarnold | it'd probably be easier to just dd the iso to a memory stick and reboot | 01:13 |
| Tahr-user | I have the .iso file in the directory too, but it would still require a correct command entry. | 01:15 |
| === M4he is now known as mahe | ||
| webchat34 | hi | 01:59 |
| webchat34 | would anyone be willing to help me out | 01:59 |
| guiverc | webchat34, provide your OS/release details & your issue and people will respond as they're able to. (try and keep to a single line & no multi-line pastes) | 02:00 |
| webchat34 | I use Ubuntu 20.04, but i recently fu**ed my installation pretty badly. Attempted to "manually" install a deb pkt by doing `cd / && tar xvf /path/to/data.tar.xz` and right after i became unable to exec any non-builtin cmd (even with direct path). i verified (with bash builtin + bash expansions) that the file exists, however it tells me "no such | 02:02 |
| webchat34 | file or directory." ex. when i run i run /usr/bin/bash or /usr/bin/ls | 02:02 |
| ash_m | For Ubuntu 20 you can enable Dark theme under settings > appearance. Is there some configuration I can add to get the same effect on i3? | 02:04 |
| === ootput0 is now known as ootput | ||
| webchat34 | after reboot even recovery mode leads to kernel panic, now am attempting to liveboot ubuntu from usb to get more info | 02:04 |
| sarnold | webchat34: depending upon what you unpacked, you might be better served to reinstall | 02:05 |
| webchat34 | it was libvert-daemon-system: https://packages.debian.org/unstable/libvirt-daemon-system | 02:07 |
| guiverc | webchat34, fyi: if it's a desktop system, you can re-install without foramt to keep your existing files untouched (ie. install won't touch anything in /home unless you format), and packages you manually installed (from Ubuntu repositories) will also be attempted to be re-installed too; ie. re-install without format is pretty fast fix. ie. I agree with sarnold depending on what you expanded; command used etc | 02:07 |
| sarnold | ash_m: i3wm colours are set in the i3 config file https://i3wm.org/docs/userguide.html#_changing_colors -- if you've configured your ~/.Xresources file, you can configure i3 to use that, instead: https://i3wm.org/docs/userguide.html#xresources | 02:07 |
| ash_m | Thanks! | 02:08 |
| sarnold | webchat34: my wild guess -- fixing your owner, group, and permissions on the files in that package will probably help. This is from my focal desktop: https://termbin.com/afzb | 02:09 |
| sarnold | I'm headed out for the night -- good luck :) | 02:10 |
| webchat34 | guiverc can that be done via a bootable usb? | 02:10 |
| webchat34 | sarnold i wish i could, however anything other than 'cd' 'echo' and other builtins is not executable ex. i cant run ls, chmod, chown, etc. | 02:10 |
| guiverc | yep; the re-install I mentioned is triggered by you re-using existing partitions WITHOUT FORMAT... usually that's "Something else" option (Manual Partitioning if using a calamares installer like Lubuntu/UbuntuStudio..) | 02:11 |
| webchat34 | i use luks2 full disc encryption, will it still work alongside this? | 02:12 |
| guiverc | I've used it with encryption too inc. partition encryption no longer supported in 20.04; for the older encryption it was just adding packages to live system BEFORE starting the installer so it could handle partition; if your partition was manually setup & not just Ubuntu packages I'm unsure though & suggest maybe you test in a VM first | 02:13 |
| guiverc | correct; the encryption i mentioned is supported in focal/20.04; just no longer default & no-longer supported with default packages found on ISO ^ | 02:14 |
| webchat34 | ok, im at the menu reached after selecting "something else" however i dont see a way to enter my disk password to give it knowledge of current partitioon layout | 02:17 |
| guiverc | I've not done it recently so cannot advise with authority sorry; I do recall trying maybe 2-3 things before I got it right last time, but was many months ago now (a 20.04 system re-installed with 22.04 prior to its release) | 02:21 |
| webchat34 | ok, i will try to use cryptsetup commands to unlock it and see if installer is smart enough to detect this | 02:22 |
| guiverc | encryption makes it far more complex... ensure you have your data backed up first ! | 02:22 |
| webchat34 | luckily i have a semi recent backup of important files on another drive in case something goes wrong - i will copy any modified files to a separate drive if i am able to before i proceed with the repair | 02:24 |
| webchat34 | hm im beginning to suspect an selinux issue after doing `strace chroot /media/ubuntu/<cryptsetup_volume>` | 02:30 |
| === Abrax- is now known as Abrax | ||
| qwertyui | anyone have a solution for installing wine32:i386? on winehq, or ubuntu version stuck with the grep/libpcre3 issues conflicts/unmet deps.. and seeing some posts back to 2020.. but im fully upgraded on 22.04 | 02:37 |
| Tahr-user | Okay, I am going to try the LXDE Debian Live CD/DVD. I may have to shut down the chat to prevent the machine from crashing. | 02:45 |
| webchat34 | hehay, success! i rsynced the /usr, /lib, and /lib64 dirs from liveboot to disk and i can now successfully chroot, indicating whatever problems were caused have been solved - props to this stackoverflow for the idea https://unix.stackexchange.com/questions/128046/chroot-failed-to-run-command-bin-bash-no-such-file-or-directory. thanks for the help | 03:44 |
| webchat34 | guiverc! | 03:44 |
| guiverc | Well done for solving it webchat34 | 03:46 |
| === fullstack is now known as mostafa | ||
| === fullstack1 is now known as mostafa | ||
| === fullstack is now known as mostafa | ||
| === Kristine_ is now known as Kristine | ||
| nshire | 10gb should be enough to start out with for a 22.04lts server install right? | 07:45 |
| nshire | wow looks like even 2gb is ok | 07:46 |
| lotuspsychje | nshire: i think ubuntu asks 8GB free space these days | 07:46 |
| nshire | for desktop | 07:47 |
| lotuspsychje | well on -desktop that is, didnt test on -server myself | 07:47 |
| nshire | just setting up a very minimal server atm | 07:47 |
| lotuspsychje | nshire: https://ubuntu.com/server/docs/installation | 07:48 |
| === ootput0 is now known as ootput | ||
| === ChunkzZ is now known as Chunkyz | ||
| webchat59 | greetings guys. I'm having to check the list of installed software on my ubuntu box. How do I do that please help ? "apt list --installed" would list all the packages, including the kernel packages... | 08:55 |
| nshire | maybe dpkg -l | 08:56 |
| ogra | and "snap list" | 08:57 |
| nshire | yea dont forget snap | 08:57 |
| lotuspsychje | webchat59: and dpkg --list | grep linux-image for the kernels | 08:57 |
| webchat59 | apart from linux-image* theres's a lot of default packages like gnome, dbus,....that are the core packages. How do i exclude them all @lotuspsychje | 09:08 |
| webchat59 | @ogra thanks but "snap list" doesn't seem to list packages i installed via "apt install", it shows only a few packages on my box which is wrong | 09:09 |
| aniketgm | apt list --installed is what you need. use the magic of grep to exclude the types you want: something like apt list --installed | grep -v 'automatic' | 09:14 |
| aniketgm | *types you don't want | 09:14 |
| aniketgm | webchat59: ^ | 09:16 |
| webchat59 | yep it seems that's the only way aniketgm , just that it's impossible to know what to exclude... | 09:18 |
| lotuspsychje | what are you trying to catch exactly webchat59 maybe if you define, volunteers might have ideas | 09:21 |
| aniketgm | afaik, there are just three: installed, automatic, auto-removable. | 09:23 |
| webchat59 | I'm following a security checklist for my server. One of the requirements is something like "Sys Admins have to have a method to list unused packages in the server". So i thought I'd have to be able to list all the packages installed and manually decide which unused packages should be removed | 09:24 |
| webchat59 | lotuspsychje aniketgm ^^ | 09:25 |
| lotuspsychje | webchat59: tnx, thats more clear end goal, what i usualy use on -desktop to cleanup is bleachbit and stacer, stacer is GUI though | 09:30 |
| lotuspsychje | webchat59: for the installed package with apt, the admin of the system should be aware of the packages installed and what to use and whatnot right? | 09:32 |
| aniketgm | yeah, stacer is a good option, personally, I think it's too much bloated. but ehh!!. if it gets the job done. | 09:32 |
| lotuspsychje | not sure if there's a way to findout wich packages are the less used on a system? | 09:33 |
| aniketgm | webchat59: I suggest frequent runs of sudo apt autoremove. to remove unncessary ones' | 09:34 |
| webchat59 | lotuspsychje he should know what's installed but a couple reasons. 1, there are multiple users who can use account. 2, maybe he accidentally installed something weird. | 09:34 |
| lotuspsychje | multiple users have admin on the server webchat59 ? | 09:35 |
| webchat59 | let's say my stack is MEAN. Then I wanna make sure MongoDb related, node-related packages are installed . And the system stuff. | 09:35 |
| webchat59 | anything not in that list i want to find out so i can check to remove it | 09:36 |
| webchat59 | yes, a few admins in the past. Now i have to check it | 09:36 |
| webchat59 | not just packages, but also all the binaries installed by manually compiling & installing from source code | 09:38 |
| lotuspsychje | webchat59: other ideas arising maybe are audit tools or server management like, lynis & cockpit | 09:39 |
| lotuspsychje | so you get a good overview whats happening on your server | 09:39 |
| lotuspsychje | also /var/log/dpkg logs can help you to trace what has been installed in the past, maybe a grep your keywords there? | 09:40 |
| webchat59 | thanks lotuspsychje i haven't heard of lynis & cockpit, will check that out | 09:42 |
| lotuspsychje | !info lynis | 09:42 |
| ubottu | lynis (3.0.7-1, jammy): security auditing tool for Unix based systems. In component universe, is optional. Built by lynis. Size 222 kB / 1,612 kB | 09:42 |
| lotuspsychje | !info cockpit | 09:42 |
| ubottu | cockpit (264-1, jammy): Web Console for Linux servers. In component universe, is optional. Built by cockpit. Size 20 kB / 68 kB | 09:42 |
| === SteelRose_ is now known as SteelRose | ||
| EriC^^ | webchat59: this command can give you a list of manually installed packages roughly, you still get a bunch of extra stuff though but it narrows it down a little, comm -23 <(apt-mark showmanual | sort -u) <(gzip -dc /var/log/installer/initial-status.gz | sed -n 's/^Package: //p' | sort -u) | 09:47 |
| EriC^^ | you could also use /var/log/apt/history.log* to see stuff | 09:48 |
| webchat59 | EriC^^ that really does help | 09:48 |
| webchat59 | that gives me a very short list on my server, (about 30 packages so that's really cool). | 09:50 |
| webchat59 | Any way to check for the binaries installed manually ? | 09:50 |
| EriC^^ | apt/ubuntu won't log any of that, you'd have to search /usr/local or /opt and find them, or maybe go through the shell history in case it still has the commands used | 09:59 |
| webchat59 | EriC^^ thanks that's gonna be a tough one for me ^^ | 10:07 |
| === xenial is now known as Guest5109 | ||
| blerimshqip | hi, just a quick Q - which kernel will 22.04 point release use? | 10:28 |
| oerheks | sorry, no info for that, 22.04.1 will be released in august | 10:29 |
| oerheks | currently 5.15 | 10:30 |
| oerheks | .. i am waiting for 5.19, retbleed patch | 10:30 |
| blerimshqip | oerheks i thought they announced it or something | 10:35 |
| === Starmina3 is now known as Starmina | ||
| oerheks | sure, but they have not done that yet | 10:37 |
| oerheks | too early i guess | 10:37 |
| aniketgm | It's wierd that 22.04 LTS is available, but folks with 20.04 can't upgrade yet. | 10:45 |
| Unit193 | !ltsupgrade | 10:46 |
| ubottu | Regular upgrades from the last but one LTS release to the latest LTS release, 22.04 "Jammy Jellyfish", are enabled days or weeks after 22.04.1 is released. This delay helps to ensure that any lingering issues are resolved before people upgrade production systems. If you'd prefer to upgrade now, use sudo do-release-upgrade -d | 10:46 |
| Unit193 | Normal for it to not be available for upgrade until the first point release. | 10:46 |
| oerheks | aniketgm, that is correct | 10:46 |
| oerheks | in august, with 22.04.1 you can. this is by design, you want a good tested LTS version | 10:47 |
| aniketgm | agreed, however, if that so, 22.04 LTS could've waited untill 22.04.1 for a fully tested release. | 10:49 |
| oerheks | ehm, that is where we are? | 10:50 |
| oerheks | teams tested it, and now the early adopters | 10:50 |
| aniketgm | oh ok.. for early adopters. i get it now. | 10:52 |
| zothix | I am getting an issue https://www.mail-tester.com/test-mzahal9hq in this report, i have set spf and dkim records, yet my demar record still isn't sufficient, kindly recommend what i am doing wrong here | 10:55 |
| === diskin is now known as Guest6552 | ||
| === diskin_ is now known as diskin | ||
| === tom is now known as Guest5687 | ||
| === lotuspsychje_ is now known as lotuspsychje | ||
| ocZio | hi there, trying to configure a eno1 interface with systemd-networkd, it is listed when I do ifconfig however seems that it is not really working (no internet connection), what would be steps to verify and see where things can go wrong ? | 12:19 |
| === scoobydoob is now known as scoobydoo | ||
| === halvors1 is now known as halvors | ||
| BluesKaj | Hi all | 12:59 |
| oerheks | hi BluesKaj | 13:00 |
| BluesKaj | hi oerheks | 13:00 |
| === Starmina7 is now known as Starmina | ||
| === SteelRose_ is now known as SteelRose | ||
| neobrain | hey there! Looks like I can't boot into any graphical interface anymore since yesterday's reboot. Runlevel 3 works, but upon starting sddm I'm getting a blackscreen and "sddm[2829]: Failed to read display number from pipe; Could not start Display server on vt 1" in journalctl. Does that ring a bell for anyone? | 13:05 |
| neobrain | That's on 22.04 and ARM in a Parallels VM on MacOS, with their guest tools installed for gpu acceleration | 13:06 |
| neobrain | Neat, I ran `aptitude reinstall '~i'` to reinstall all packages, and sddm works again :) | 13:30 |
| mviale | r | 14:01 |
| roots | -r | 14:03 |
| === ootput6 is now known as ootput | ||
| Bokka | hello | 14:49 |
| yuzi | Hi | 14:57 |
| oerheks | :-) | 14:57 |
| yuzi | Can I make a new partition from my root/ , I need to install windows on it | 14:57 |
| yuzi | In short how do I dual boot windows on my ubuntu | 14:57 |
| yuzi | I have 200gb root partion 175gb free | 14:57 |
| ravage | you cant install windows on that partition. you may be able to resize your existing partition with a live USB of gparted live for example | 14:59 |
| ravage | keep in mind that messing with partitions is always risky so make a full backup | 15:00 |
| ravage | also installing windows may affect your ability to boot Ubuntu | 15:00 |
| yuzi | hmm | 15:01 |
| oerheks | we advise; install windows first, then ubuntu.. or better - skip first step | 15:01 |
| yuzi | skipping first | 15:02 |
| ravage | for a lot of stuff Windows in a VM works just fine | 15:02 |
| ravage | see gnome boxes or virt-manager | 15:02 |
| leftyfb | yuzi: boot into a live usb, resize your root partition, making room at the end of your drive for the Windows install. After you install Windows you'll need to repair grub for Ubuntu | 15:04 |
| yuzi | I am not going to mess with grub | 15:07 |
| yuzi | Istead i will use VM | 15:07 |
| Payam | hi | 15:21 |
| Payam | I have moved to ubuntu 20 and now it is no longer possible to create a deb package using dh_virtual since python2 is not present anymore. | 15:21 |
| Payam | How do you now create deb packages? | 15:21 |
| Payam | from a python project | 15:21 |
| oerheks | use python3 ? one can install python2, but it is dead jim | 15:23 |
| leftyfb | Payam: I think you might want #ubuntu-devel | 15:24 |
| oerheks | https://packages.ubuntu.com/jammy/python2 | 15:24 |
| Payam | leftyfb thanks | 15:24 |
| oerheks | packaging guide https://packaging.ubuntu.com/html/packaging-new-software.html | 15:25 |
| Maik | python2 is EOL | 15:26 |
| leftyfb | Payam: also, yes, rewrite your app in python3 | 15:26 |
| Payam | no no this is not a good guide | 15:26 |
| Payam | leftyfb it is written in python3 but build to .deb with python2 I guess | 15:27 |
| yuzi | Hi | 15:29 |
| yuzi | can I delete the .cache file contents safley | 15:30 |
| yuzi | It's getting quite huge | 15:30 |
| oerheks | yuzi, no, do not delete it manually, clean your browser history? | 15:31 |
| yuzi | okay | 15:31 |
| yuzi | exit | 15:32 |
| liberaider | Is there a way to recreate the default `ubuntu` user? | 15:42 |
| oerheks | no, as the installer is in single user mode = root. | 15:43 |
| oerheks | you can create an account named ' ubuntu' though | 15:43 |
| liberaider | I re-installed the OS on my server and the `ubuntu` user is not there, but I expected it to be. Is this because of some configuration flag used during the install or something like that? | 15:44 |
| oerheks | no, the username you created during install is the only one | 15:44 |
| oerheks | there is no root account, see | 15:45 |
| oerheks | !root | 15:45 |
| ubottu | Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo | 15:45 |
| liberaider | hmm... why do I expect `ubuntu` to be there? Do I just auto-pilot create the `ubuntu` username each time I set up my OS? (not too often) | 15:46 |
| rfm | If your server had an 'ubuntu' user to being with it was created from a cloud-image rather than the installer | 15:46 |
| oerheks | oh cloud image, but there was no mention of that | 15:47 |
| liberaider | Ah, maybe the virtualbox image comes with `ubuntu` creation | 15:47 |
| liberaider | Been a while since I touched server stuff. Just been doing stuff in my dev environment. | 15:47 |
| liberaider | Is there something like a canonical way to create `ubuntu`? | 15:48 |
| === coz_ is now known as charredcoz | ||
| === charredcoz is now known as charred-coz | ||
| ravage | https://ubuntu.com/download/server | 15:52 |
| sarnold | liberaider: maybe you usually use the cloud images or server installer or similar? | 15:57 |
| liberaider | sarnold: I've been using https://app.vagrantup.com/ubuntu/boxes/focal64 and I'd like to manually create an `ubuntu` user on a fresh install to match that one as closely as posslb.e | 16:08 |
| liberaider | possible* | 16:08 |
| liberaider | Yes, it looks like it does use a cloud image. | 16:09 |
| oerheks | oh vagrant.. | 16:10 |
| oerheks | what kernel do they use now? 2.6 ? | 16:10 |
| leftyfb | liberaider: why do you need to assume the "ubuntu" user exists? | 16:10 |
| Aeilxyz | Londoners don't know how to handle heat, embarrassing, need 1 years more 40C+ heat wethr | 16:11 |
| liberaider | heh, because I wrote some bootstrap scripts for deploying my stuff according to what I saw in this vagrant image and I /think/ creating the user is the quickest way to get things working right now, rather than re-writing parts of the script | 16:11 |
| oerheks | !ot | Aeilxyz | 16:11 |
| ubottu | Aeilxyz: #ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please register with NickServ (see /msg ubottu !register) and use #ubuntu-offtopic for other topics (though our !guidelines apply there too). Thanks! | 16:11 |
| leftyfb | liberaider: so create the user | 16:12 |
| liberaider | Right, but how exactly so that it is identical to the one in the vagrant image? | 16:12 |
| leftyfb | it probably doesn't need to be identical | 16:13 |
| leftyfb | just create the ubuntu user, try your automation, if it fails, adjust and test again | 16:13 |
| Payam | what are the difference between python3-all and python3? | 16:16 |
| sarnold | liberaider: hmm, depending upon what you're doing, it might be worthwhile adding your own cloud-init userdata to do your setup https://cloudinit.readthedocs.io/en/latest/ | 16:16 |
| oerheks | python3-all is just a metapackage https://packages.ubuntu.com/jammy/python3-all | 16:18 |
| oerheks | that includes https://packages.ubuntu.com/jammy/python3 | 16:18 |
| oerheks | see file lists | 16:18 |
| ash_m | Can I generate an .Xresources file from my settings? | 16:23 |
| === CapPICAR1 is now known as CapPICARD | ||
| mostafa | Hello Guys Can we update Ubuntu from 21 to new version ? i mean version 22...inside Ubuntu? if yes... how much size for updating to new version? | 16:28 |
| leftyfb | !eolupgrade | mostafa | 16:29 |
| ubottu | mostafa: End-Of-Life is when security updates and support for an Ubuntu release stop. Make sure to update Ubuntu before it goes EOL so you get updates promptly for newly-discovered security vulnerabilities. See https://help.ubuntu.com/community/EOL and https://wiki.ubuntu.com/Releases for more info. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades | 16:29 |
| oerheks | debian says it is populated by xrdb https://wiki.debian.org/Xresources > xrdb -load ~/.Xresources ## and some more info https://www.computerhope.com/unix/uxrdb.htm | 16:30 |
| ash_worksi | oerheks: that sounds like if you already have the file....no? | 16:31 |
| oerheks | no, i don' t | 16:31 |
| oerheks | no fancy resolution or terminal colours,.. | 16:32 |
| ash_worksi | oerheks: I am not totally sure I follow | 16:32 |
| sarnold | as far as I know, nothing exists to take settings from some application and write out an Xresources file | 16:36 |
| oerheks | vnc uses it, IIRC | 16:36 |
| oerheks | or is this old/depreciated? | 16:37 |
| oerheks | i mean not used on wayland? | 16:38 |
| ash_worksi | hmm; well I have 2 goals: (1) make it so system settings (anything affecting k/v/m) are easily transferable to other machines and (2) prefer those settings in the form of files, something I can track on github | 16:43 |
| ash_worksi | I mean, setting like that (language, shortcut keys, appearance:light/dark, keyboard-layout) are not in ~ dot files right? | 16:59 |
| liberaider | I created the `ubuntu` user and added them to the sudoers file, but when I try to sudo as `ubuntu`, it asks me for ubuntu's password. I created the user with `--disabed-password`. I'm expecting not to need a password here. | 17:02 |
| ash_worksi | liberaider: wait, you're logging in as ubuntu and want to use the `sudo` command from that user? | 17:04 |
| ash_worksi | liberaider: who are you sudo'ing to? | 17:04 |
| ash_worksi | liberaider: normally people add themselves to the sudoer's file (and they know their own password, for example liberaider:secret_password) and then they sudo from there | 17:05 |
| liberaider | ash_worksi: yes to the first question, and I don't understand the second. | 17:05 |
| ash_worksi | liberaider: so if you had some reason to run commands as 'ubuntu', then you could sudo from liberaider to ubuntu and run commands | 17:05 |
| aniketgm | liberaider: add NOPASSWD in the sudoers | 17:05 |
| liberaider | ash_worksi: I thought disabling password authentication was recommended. | 17:05 |
| ash_worksi | it is, in favor of keys | 17:06 |
| ash_worksi | but yeah, your probably want to do what aniketgm said | 17:07 |
| ash_worksi | usually, for me, it's "login without password to <system> as ash_m; sudo to (for example postgres) with ash_m password" -- not sure what the "best practice" is there | 17:09 |
| liberaider | like this? `ubuntu ALL=(ALL) NOPASSWD:ALL` | 17:11 |
| liberaider | Ah, okay, got it now. Was putting it too early in the file. | 17:15 |
| ash_worksi | liberaider: note, there is an /etc/sudoers.d/README file | 17:17 |
| liberaider | Is there a good book or some other resource to get more familiar with all this stuff? I find the man pages and official docs a little bit hard to digest. | 17:18 |
| liberaider | I am somewhat familiar - have been muddling around for years - but I could benefit from a bottom-up study. | 17:18 |
| ash_worksi | I just read SO articles and the like; this usually give me enough of a lexicon to approach the official docs or man pages in a digestible manner. | 17:20 |
| FortunateSon | hello all! I'm looking for a good tutorial (preferably text) on setting up a samba share with active directory backend authentication on ubuntu 14. (its old, I know) My google-fu is failing me. Any help is appreciated. | 17:21 |
| lotuspsychje | !crosspost | FortunateSon | 17:22 |
| ubottu | FortunateSon: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support. | 17:22 |
| FortunateSon | point taken | 17:23 |
| === nick1 is now known as vidant | ||
| oerheks | no support for ubuntu 14, also such systems should not be connected to the internet. | 17:47 |
| oerheks | 22.04 gives good access to AD | 17:47 |
| oerheks | https://ubuntu.com/server/docs/samba-active-directory | 17:48 |
| === oerheks1 is now known as oerheks | ||
| luna__ | !offtopic | 18:26 |
| ubottu | #ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please register with NickServ (see /msg ubottu !register) and use #ubuntu-offtopic for other topics (though our !guidelines apply there too). Thanks! | 18:26 |
| === u0_a2048 is now known as jadenlian | ||
| Payam | I don't understand why a package like dh-virtual is not included in 20.04. It wasn't available in 18 either | 18:33 |
| Payam | why is that? | 18:33 |
| jhutchins | FortunateSon: I do recall seeing something about AD being available in 22.04. | 18:33 |
| oerheks | https://ubuntu.com/server/docs/service-sssd-ad | 18:36 |
| oerheks | jhutchins, yes, see releasenotes | 18:36 |
| === youngjun is now known as kimerikal | ||
| luis220413 | Is there any DNSSEC validating resolver in the main component? | 18:59 |
| luis220413 | I am using Ubuntu 20.04. | 18:59 |
| sarnold | luis220413: I don't believe so; I suspect anyone who wants dnssec validation would be happier to be using upstream-provided repositories to more easily use upstream support | 19:06 |
| luis220413 | sarnold: There is systemd-resolved but the DNSSEC option was fatally broken in 18.04. It may work in 20.04. I will try now. | 19:07 |
| leftyfb | luis220413: bind9 can be configured to enable DNSSEC | 19:07 |
| ManjaroScrub99 | Hello. Is there any reasonable scenario where a user would want to run "apt update" without first running "apt upgrade"? Just curious, since that always seemed like a pitfall to me. | 19:16 |
| oerheks | update gets fresh lists, you want that. | 19:16 |
| deego | yes, in almost all cases it's reasonable to update before upgrade. | 19:16 |
| oerheks | upgrade the packages.. | 19:16 |
| deego | ManjaroScrub99: did you mean to ask the converse? | 19:17 |
| oerheks | dist-upgrade goes deeper... | 19:17 |
| oerheks | !distupgrade | 19:17 |
| ManjaroScrub99 | Oh sorry, I got that backwards. | 19:17 |
| ubottu | A dist-upgrade will install new dependencies for packages already installed and may remove packages if they are no longer needed. This will not bring you to a new release of Ubuntu, see !upgrade if that is your intention. | 19:17 |
| oerheks | so, installing without fresh lists, can be interesting :-D | 19:17 |
| ManjaroScrub99 | Yes, I meant "upgrade" before "update" | 19:17 |
| oerheks | :-) | 19:20 |
| ash_worksi | is there a good way (preferably git-trackable) to sync system settings across devices? | 19:20 |
| leftyfb | ash_worksi: git | 19:20 |
| ash_worksi | leftyfb: what files would I track for things like appearance, language, keyboard layout, pointer settings | 19:22 |
| leftyfb | ash_worksi: that is a loaded question. I tracked them all down and wrote an ansible playbook that redeploys them to my machine after a fresh install. The playbook is kept in git. Though it's not exactly "sync'd". I really don't recommend trying to maange all these realtime | 19:23 |
| ash_worksi | leftyfb: that's basically what I had in mind, but what would you even write in the playbook for such things? It's not like there's a "launch settings, click appearance, click dark theme" command | 19:25 |
| ash_worksi | or like "if (available(touchpad)) enable tap_to_click" | 19:27 |
| leftyfb | ash_worksi: there is, it's called gsettings | 19:27 |
| leftyfb | most of those settings can be done with gsettings | 19:27 |
| leftyfb | if you're running gnome | 19:27 |
| ash_worksi | leftyfb: I'll look into it; thanks | 19:27 |
| oerheks | ash_worksi, aptik | 19:28 |
| oerheks | https://blog.desdelinux.net/en/aptik-makes-a-backup-of-your-repositories%2C-themes%2C-programs-and-settings/ | 19:28 |
| oerheks | just settings, or themes, or programms, .. | 19:29 |
| oerheks | ppa is up2date | 19:29 |
| ash_worksi | oerheks: yeah, but that's not super trackable... ie; ansible can install on my machine using a file; so I can just change the file; commit; run and know that anywhere I pull that file it will have the latest change. I can do that with a backup too, but that's an entire backup rather than just the latest changes | 19:30 |
| oerheks | timeshift then ? https://launchpad.net/~teejee2008/+archive/ubuntu/timeshift | 19:30 |
| ash_worksi | leftyfb: any tips on that; like do you have a flow for hunting down settings you (might) want to change? | 19:30 |
| leftyfb | ash_worksi: 1 at a time | 19:31 |
| leftyfb | ash_worksi: these are some settings I came up with https://pastebin.ubuntu.com/p/JNFdMHDJW3/plain/ | 19:35 |
| ash_worksi | thanks leftyfb | 19:52 |
| oerheks | !cookie | leftyfb | 19:54 |
| ubottu | leftyfb: Wow! You're such a great helper, you deserve a cookie! | 19:54 |
| ash_worksi | leftyfb: why is ubuntu.com requiring me to sign-in to view your paste? | 20:00 |
| leftyfb | ash_worksi: https://pastebin.com/raw/7JFicZZR | 20:01 |
| oerheks | remove /plain | 20:02 |
| ash_worksi | oerheks: thanks | 20:02 |
| oerheks | for the user it is nice to keep track and remove the paste | 20:02 |
| ash_worksi | leftyfb: sooo... my guess is that if there are some utilities that don't exist, attempting to set the key is just like, "yeah, whatever, exit 0" ? | 20:05 |
| ash_worksi | for example, not all machines have a touchpad | 20:05 |
| ash_worksi | which I think ubuntu normally attempts to detect prior to presenting settings for it? | 20:06 |
| leftyfb | ash_worksi: write a check in ansible to only run things in a valid environment | 20:06 |
| leftyfb | ash_worksi: in particular.. when: | 20:06 |
| leftyfb | "when:" is part of ansible and will only run the task when "something" | 20:06 |
| ash_worksi | I'll look it up | 20:07 |
| === ootput9 is now known as ootput | ||
| leftyfb | ash_worksi: /join #ansible for additional help with ansible | 20:07 |
| ash_worksi | my knowledge of ansible is several years old cursory experience | 20:07 |
| sinned6915 | i need some help understanding how to use rsync | 20:59 |
| sinned6915 | i am trying to figure out if its appropriate for my needs/use | 20:59 |
| raub | Does anyone know why some programs want to open taking the entire screen? For example I just opened libreoffice draw. I have a 2560x1440 monitor; it should not need that just to open | 21:00 |
| Bashing-om | sinned6915: Help is what we do: see: https://www.maketecheasier.com/use-rsync-command-linux/ <- How to Master the rsync Command in Linux ; https://rolando.iblanco.us/index.php/2020/08/22/rsync-command/ and we answer your specific questions. | 21:02 |
| sinned6915 | i have a local Ubuntu server I am setting up | 21:02 |
| sarnold | sinned6915: be very careful with the trailing / character on your directory paths. rsync cares. most programs don't. | 21:03 |
| sinned6915 | I have a QNap NAS box that I would like to mirror to | 21:03 |
| sinned6915 | and somehow eventually bakcup up my OneDrive account in the cloud | 21:04 |
| sinned6915 | i think i can use rclone for onedrive | 21:04 |
| sinned6915 | or can i use rsync for that too? | 21:05 |
| ravage | rsync itself does not support cloud storages | 21:05 |
| sinned6915 | ok | 21:05 |
| sinned6915 | so for rsync, can the ubuntu server push the rsync data to the NAS? | 21:05 |
| ravage | rsync supports ssh. your NAS should support NFS | 21:06 |
| sinned6915 | what is confusing is which end is the rsync server? | 21:06 |
| ravage | so you can also mount your NAS on your ubuntu server and rsync then | 21:06 |
| sarnold | you're probably not actually using an rsync server; it's far more common to use rsync over ssh | 21:07 |
| oerheks | raub, i see no option for disable full screen in draw/office | 21:07 |
| ravage | using rsync as a server is totally valid if you do not need encryption. like on your LAN | 21:07 |
| sarnold | rsync servers are often used for things like software distribution -- the hundreds of sites providing ubuntu mirrors use rsync to stay up to date, and they use rsync servers run on the archive servers | 21:08 |
| ravage | and the server usually runs where you want you data to be stored | 21:08 |
| sarnold | but setting them up is inflexible and takes effort and so on; just using rsync between two machines could be as easy as: rsync -acvP local/directory/ username@remotehost:remote/directory/ | 21:08 |
| sarnold | and rsync handles ssh to the other host, and running rsync on the other end | 21:09 |
| ravage | a simple rsyncd.conf is not that complicated :) | 21:09 |
| sinned6915 | ok, i was picturing SMB to the NAS | 21:10 |
| sinned6915 | that is why i am confused | 21:10 |
| raub | oerheks: My pet peeve is that a lot of programs -- not only draw -- seem to want to start with as large a window as possible. I was wondering if that is some OS-wide setting | 21:10 |
| oerheks | raub, not that i know of.. | 21:11 |
| ravage | sinned6915, i dont know what protocols your NAS supports. but most support at least NFS and maybe also ssh. with NFS you can mount it on your server as i said above. with ssh you can transfer both ways without a specific server like sarnold said | 21:12 |
| sarnold | depending upon what you're doing, also take a few minutes to look at syncthing | 21:12 |
| raub | I could take one or two programs doing that, because lazy coders. but when it is more than 10 I wonder if there is something else happening. | 21:12 |
| sinned6915 | its a QNAP 251. it shows that Ihave ssh capability, but only as admin | 21:13 |
| ravage | syncthing is nice to sync one or more folders over multiple devices. maybe not idea for a "full" backup | 21:13 |
| raub | oerheks: inkscape is the biggest offender: open takign entire window to just have the drawing region taking less than 10% of the screen | 21:13 |
| sinned6915 | i also have NFSv2/v3 and NFS v4 as options | 21:13 |
| ravage | sinned6915, what do you want to backup? the whole server? some folders? | 21:13 |
| sinned6915 | I have 2 drives on the server. one is for OS, the other is file storage | 21:14 |
| sinned6915 | the file storage disk is essentailly 1 folder | 21:14 |
| sinned6915 | that is the one i want to backup | 21:14 |
| ravage | then mount your NAS in for example /backup via NFS, rsync the folder and unmount /backup | 21:15 |
| ravage | i would do that in a script so /backup is not always mounted | 21:15 |
| sinned6915 | yes, that is basically what i was thiking | 21:15 |
| sinned6915 | oh wait, maybe not | 21:16 |
| sinned6915 | give me a moment to prcoess that | 21:16 |
| sinned6915 | yes, that | 21:17 |
| sinned6915 | byt i did not think of the intermittent connection mnt/u-mnt aspect of that | 21:17 |
| ravage | you dont want you backup mounted all the time in case you execute the wrong command and delete something there | 21:18 |
| ravage | rsync -av --delete --dry-run /data/on/server/* /backup/ | 21:19 |
| ravage | you can test with --dry-run to make sure it does what you want it to do | 21:20 |
| ravage | and --delete will delete files and folders that do no longer exist on your server | 21:20 |
| ravage | that is optional but helpful if you want an exact copy of source and destination | 21:21 |
| sinned6915 | ok, i think i get it. | 21:22 |
| sinned6915 | i will be back i am sure | 21:23 |
| sinned6915 | ravage et all: thank you | 21:23 |
| ravage | have fun :) | 21:23 |
| jhutchins | !info rdiff-backup | 22:00 |
| ubottu | rdiff-backup (2.0.5-3build1, jammy): remote incremental backup. In component universe, is optional. Built by rdiff-backup. Size 180 kB / 737 kB | 22:00 |
| jhutchins | rsync has some difficult behaviors doing large transfers over CIFS. | 22:03 |
| === Starmina85 is now known as Starmina8 | ||
| blahboybaz | I've been having this problems for several weeks now: https://pastebin.com/dtZTQNbY I've been just doing $ sudo kill <process id> and that works - but it does not resolve the cause of the problem (this continues to happen). I thought I found an article that addresses the problem but it turns out it isn't exactly the same thing: https://itsfoss.com/could-not-get-lock-error/ My Software Updates is not | 22:21 |
| blahboybaz | set to do any updats (afaict): https://imgur.com/a/Do2yc8U How can I resove the cause of this problem? | 22:21 |
| oerheks | unattended updates going on.. | 22:21 |
| oerheks | just click the update icon ? | 22:21 |
| blahboybaz | It is my habit to do updates manually on the command line | 22:22 |
| jhutchins | oerheks: Do automatic updates get enabled by default? | 22:54 |
| u0_a2048 | how can i delete any line that is shorter than 3 characters in a file | 22:56 |
| ash_worksi | leftyfb: the description for 'org.gnome.shell.extensions.dash-to-dock intellihide-mode' is empty; what does that do? | 23:01 |
| ash_worksi | leftyfb: also, how do you go about finding these schema/keys in general? Like, do you have a process for hunting these down? | 23:03 |
| jhutchins | u0_a2048: You might try #bash. It matters what kind of file. | 23:04 |
| u0_a2048 | ok | 23:09 |
| csaikia | I am trying to install an Ubuntu 22.04 LTS server ISO through Packer. I am using | 23:10 |
| csaikia | "linux /casper/vmlinuz --- autoinstall ds='nocloud-net;s=http://{{.HTTPIP}}:{{.HTTPPort}}/'<enter><wait>", | 23:10 |
| csaikia | "initrd /casper/initrd<enter><wait>", | 23:10 |
| csaikia | "boot<enter>", | 23:10 |
| csaikia | "<enter><f10><wait>" | 23:10 |
| csaikia | in the boot parameters and have pointed to the meta-data and user-data file (known to be working for Ubuntu 21.10). But it is not detecting my user-data auto-install files and is stuck in the "Select language" page. Any pointers in how auto-install differs between Ubuntu 21.10 and Ubuntu 22.04? | 23:10 |
| ash_worksi | through packer? like hashicorp/packer? | 23:20 |
| ash_worksi | I thought packer was for creating new vagrant boxes | 23:21 |
| winshit | hi there. i am having issues with a system that shows: "Temporary failure in name resolution" | 23:53 |
| winshit | it wont resolve hosts in my .local domain | 23:54 |
| winshit | if i use dig to query my dns i get the ip address | 23:54 |
| winshit | i successfully resolves public dns | 23:54 |
| winshit | resolvectl status also lists my dns server as "Current DNS Server" | 23:55 |
| winshit | the host runs 20.04 | 23:56 |
| winshit | any help on this? | 23:59 |
| hggdh | whinshit: change your nick now, please | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!