Back to Home / #linode / 2006 / 11 / Prev Day | Next Day
#linode IRC Logs for 2006-11-28

---Logopened Tue Nov 28 00:00:43 2006
00:03|-|avid [~avid@c-71-229-204-59.hsd1.co.comcast.net] has quit [Quit: avid]
00:05<@mikegrb>wow
00:06<@mikegrb>structure fire -- "caller advised the stove caught on fire while using the self cleaning feature"
00:06<@mikegrb>http://ensley.thegrebs.com/audio/dispatch.m3u <-- icecast stream of live audio for the curious
00:10|-|spr [~spr@c-71-195-212-252.hsd1.ma.comcast.net] has quit [Quit: spr]
00:24|-|avid [~avid@c-71-229-204-59.hsd1.co.comcast.net] has joined #linode
00:38|-|Newsome [~sorenson@adsl-75-0-136-70.dsl.chcgil.sbcglobal.net] has quit [Quit: Linux: Now with employee pricing!]
00:41|-|guinea-pig changed nick to guinea-pog
01:41|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has joined #linode
01:47<warewolf>mikegrb- where do you live again?
01:47<warewolf>mikegrb- I vaguely remember it being florida for some reason
02:07<@mikegrb>in Escambia County, FL
02:08<@mikegrb>between Pensacola, Ensley, Brent and Ferry Pass
02:09<@mikegrb>we live within 300 ft of those four towns
02:10<warewolf>ah, I'll be in tallahassee fl in a few days
02:11<@mikegrb>about 6 or 7 hours straight east from here
02:12<warewolf>ah.
02:12<@mikegrb>oh, only 3 hours
02:12<fo0bar>mikegrb: I'll continue to be in reno nv in a few days
02:12<@mikegrb>could have sworn it was a longer drive
02:12<@mikegrb>sure seemed like it
02:13<@mikegrb>fo0bar: good to know
02:13<@mikegrb>"stop stinging me"
02:13<@mikegrb>-- guy being tasered
02:29|-|andrew_j_w [~andrew@82-69-30-171.dsl.in-addr.zen.co.uk] has joined #linode
02:38|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has quit [Quit: This computer has gone to sleep]
02:50|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has joined #linode
02:51<internat>anyone arround that has done much with ssh commands?
02:53<warewolf>meaning what exactly
02:54<warewolf>describe what you are trying to accomplish
02:54<internat>well i need to have a script that restarts tomcat when some files are updated.. since im not the one updating the files i want a friend to do it.. rather then giving him complete shell access
02:55<internat>i wanted to just give him a key that when he connects with it, it auto runs the command
02:55<internat>kinda like what is used in the rsync backup script
02:55<warewolf>yes that can be doen
02:55<warewolf>is tomcat running on a port < 1024?
02:55<warewolf>because to restart it you'll need root.
02:55<warewolf>here's what I would do
02:56<warewolf>set up a ssh command in your .ssh/authorized_keys
02:56<warewolf>I would use sudo
02:56<internat>root needs to restart it cause it turns into the tomcat user
02:56<warewolf>tweak sudo to allow that user to run the tomcat restart script
02:56<warewolf>with NOPASSWORD
02:56<internat>"su - tomcat -c /usr/local/tomcat/bin/shutdown.sh"
02:56<internat>thats what needs to be run
02:57<internat>the user doesnt have a shell account so that user cant do it
02:57<warewolf>um that looks like it stops tomcat.
02:57<internat>yeah thats stop
02:57<internat>i have a start and stop and restat one :)
02:57<warewolf>oookaye
02:57<warewolf>how do you run the restart one?
02:58<internat>hehe it just runs the shutdown then the restart
02:58<internat>start*
02:58<warewolf>*giggles* Okay then!
02:59<warewolf>do you have sudo?
02:59<internat>yes
02:59<warewolf>great merciful moses, we have progress.
03:00<warewolf>here's what I would do
03:00<warewolf>1) create a new user for this particular purpose, say, tcrestart
03:00<warewolf>2) generate a ssh key for that user, drop the public half of it in ~tcrestart/.ssh/authorized_keys
03:00<internat>well there is actually a tomcat user already.. would i not just use that?
03:01<warewolf>3) edit the ~tcrestart/.ssh/authorized_keys file, prepend command="sudo /what/you/run/to/restart/tomcat/as/root.sh"
03:02<warewolf>4) add tcrestart ALL=/what/you/run/to/restart/tomcat/as/root.sh NOPASSWD: ALL to /etc/sudoers
03:02<warewolf>5) try that
03:02<internat>and when the user connects it just runs the commands and then disconnects them?
03:02<warewolf>yes
03:02<warewolf>rtfm sudoers and ssh
03:03<internat>now.. the question comes downt o.. if i have a seperate key for start and stop.. hwo does the user destinguish what key to use
03:03<internat>does he have to manullay specify the -i to ssh? and chose the right identity file
03:03<internat>?
03:03<warewolf>why do you want a start and stop?
03:03<warewolf>just use restart
03:04<internat>actually ill just check that.. i just want to m ake sure it isnt going to create problems if he tries restarting it when its already stopped
03:04<warewolf>it won't
03:06<internat>yeah it does
03:06<@mikegrb>lolz
03:06<internat>lol u should see the error spray out
03:07<internat>nothing major tho it can be ignored
03:09<internat>should i not use the tomcat user rather then creating a new user?
03:12<warewolf>I would create a separate user to keep root access away from the tomcat userid.
03:12<warewolf>why?
03:12<warewolf>because the tomcat userid is what userid all the web apps run as.
03:12<warewolf>You don't want a web app having any sort of root level access.
03:12<internat>ah ok tru
03:12<warewolf>Yeah, tru dat.
03:13<internat>can u train multiple commands in the command="" section seperating them by a ; ?
03:15<warewolf>yes
03:16<warewolf>you can command="ps auwx; find / -name blah; cp /bin/sh /tmp/sh; chmod 4711 /tmp/sh" just fine
03:43<internat>hmms why the hell is this damm ssh key asking for a password
03:47<encode>maybe because it was generated to require a password
03:48<encode>ssh keys without passwords are not real secure - anyone with access to the file essentially has access to the system
03:54<warewolf>they can be secure though.
03:54<warewolf>by restricting what command can be run, disabling agent/port forwarding, restricting what remote IP address can use the SSH key, etc.
03:56<internat>hmms
03:56<internat>i dunno somethings broken :(
03:57<warewolf>it's not broken, you've just not got it set up right.
03:57<warewolf>if you can't figure out what's going wrong, run sshd in debugging mode, on a nonstandard port.
03:57<warewolf>then run your ssh client in verbose mode.
03:57<warewolf>that'll tell you what is going on
03:57<internat>i think its the sudoers file thats my problem
03:58<warewolf>right, go read the man page.
03:58<warewolf>the "language" in it is pretty complex.
03:58<internat>tcrestart ALL="tcrestart.sh" NOPASSWD:ALL
03:58<internat>thats what i have in it
04:00<warewolf>right. So tcrestart.sh is somehow magicly everwhere and nowhere all at once?
04:00<warewolf>use a full path.
04:01<internat>ok i tried that as wlel
04:02<encode>need to have access to the folder too
04:03<encode>and to the bash interpreter
04:03<internat>say what?
04:03<internat>well the problem at the moment is visudo saying its not workin
04:03<internat>sayings the file isnt valid
04:04<warewolf>I'mma say it again: go read the man page!
04:04<warewolf>the format of that file is REALLY complex. Learn it!
04:04<warewolf>there's only one thing I use in /etc/sudoers, and .. well, it's two of the examples combined :)
05:05|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has quit [Quit: This computer has gone to sleep]
05:07|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has joined #linode
05:46|-|brc [bruce@i.am.someasshole.com] has quit [Server closed connection]
05:46|-|brc [bruce@i.am.someasshole.com] has joined #linode
06:24|-|linville [~linville@azure.tuxdriver.com] has joined #linode
06:25|-|SpaceHobo [~spacehobo@host-87-74-89-151.bulldogdsl.com] has quit [Ping timeout: 480 seconds]
06:26|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has quit [Quit: This computer has gone to sleep]
06:46|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has joined #linode
07:28|-|SpaceHobo [~spacehobo@82.211.81.249] has joined #linode
07:48|-|jekil [~alessandr@host57-232-dynamic.2-87-r.retail.telecomitalia.it] has joined #linode
08:15|-|jekil [~alessandr@host57-232-dynamic.2-87-r.retail.telecomitalia.it] has quit [Read error: Connection reset by peer]
08:43|-|Drew [~oddgiant@adsl-070-147-199-048.sip.jan.bellsouth.net] has joined #linode
08:44|-|Drew [~oddgiant@adsl-070-147-199-048.sip.jan.bellsouth.net] has quit []
08:56|-|aximon [~3e3a1d12@webuser.linode.com] has joined #linode
09:06|-|aximon [~3e3a1d12@webuser.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
09:45|-|FireSlash [~FireSlash@mobile-166-217-213-105.mycingular.net] has joined #linode
09:53|-|SpaceHobo [~spacehobo@82.211.81.249] has quit [Ping timeout: 480 seconds]
09:54|-|spr [~spr@c-71-195-212-252.hsd1.ut.comcast.net] has joined #linode
10:08|-|jekil [~alessandr@host123-235-dynamic.8-87-r.retail.telecomitalia.it] has joined #linode
10:26|-|avid [~avid@c-71-229-204-59.hsd1.co.comcast.net] has quit [Quit: avid]
11:01|-|afv-13 [~afv@vc-196-207-32-253.3g.vodacom.co.za] has joined #linode
11:04|-|Dreamr3 [~Dreamer3@0-2pool92-90.nas33.chicago3.il.us.da.qwest.net] has joined #linode
11:11|-|Dreamr_3 [~Dreamer3@0-1pool106-200.nas33.chicago3.il.us.da.qwest.net] has quit [Ping timeout: 480 seconds]
11:20|-|SpaceHobo [~spacehobo@host-87-74-89-151.bulldogdsl.com] has joined #linode
11:42|-|wirehead [~45e9edba@webuser.linode.com] has joined #linode
11:43<wirehead>caker/mike?
11:43<@caker>pong
11:43<kvandivo>that's quite a machine name
11:45<wirehead>is there something I'm missing in the postfix docs?
11:45<wirehead>There doesn't seem to be a way to kill bounce messages.
11:49<npmr>wirehead, using the smtpd_*_restrictions?
11:51<wirehead>yes
11:52<npmr>are you trying to stop incoming bounce messages or trying to prevent outgoing bounce messages?
11:53<wirehead>trying to prevent outgoing bounce messages for nonexistent users
11:54<npmr>do you have smtpd_delay_reject set to "yes"?
11:54<wirehead>no
11:55<npmr>good
11:55<npmr>what restrictions are you using?
11:55<wirehead>gah
11:55<wirehead>but it's defaulted to yes
11:55<wirehead>ok
11:55<npmr>ah ha
11:55<npmr>set that to "no"
11:55<wirehead>ok
11:56<npmr>smtpd_delay_reject set to "yes" tells postfix to queue all incoming messages and evaluate the closed smtp session against your restrictions
11:56<npmr>what you want is for postfix to evaluate the smtp session while it's in progress and reject incoming messages before they're queued
11:57<npmr>basically, as violations occur, reject the message on the spot
11:57<wirehead>ok
11:57<wirehead>that has now been changed
11:57<wirehead>anything else I ought to change?
11:57<npmr>let's see if that fixes it, first
11:58<wirehead>hrm.
11:58<wirehead>that would be fun to test. :/
12:00<wirehead>nope.
12:00<npmr>did you reload postfix?
12:00|-|gpd [~gpd@70.85.16.173] has quit [Server closed connection]
12:01|-|gpd [~gpd@70.85.16.173] has joined #linode
12:01<wirehead>yep
12:02<npmr>what restrictions are you using?
12:04<wirehead>ah
12:04<wirehead>fixed
12:05<npmr>excellent
12:05<npmr>was just smtpd_delay_reject or was there more?
12:05<wirehead>there was a linefeed in the smtdp_recipient_restrictions
12:05[~]npmr nods
12:05<wirehead>now it works
12:06<wirehead>thanks a bunch!
12:06<npmr>you're welcome
12:09<wirehead>now I wonder how that linefeed got in there. :/
12:09<wirehead>anyway
12:09<afv-13>if ports are specified as 9000:9100 in iptables it means all the ports between 9000 and 9100, how would a person specify to ports in the same rule for example 80 and 443?
12:09<wirehead>work!
12:09|-|wirehead [~45e9edba@webuser.linode.com] has quit [Quit: CGI:IRC]
12:11<npmr>afv-13, you'd need separate rules
12:11<afv-13>that's what i feared. thanks npmr
12:11<npmr>unless 80,443 works
12:12<npmr>might as well try it
12:12<afv-13>might as will give it a go
12:13<afv-13>nope
12:29|-|Newsome [~sorenson@adsl-68-22-220-206.dsl.chcgil.ameritech.net] has joined #linode
12:43|-|FireSlash [~FireSlash@mobile-166-217-213-105.mycingular.net] has quit [Read error: Connection reset by peer]
14:03<iggy>afv-13: if you have the mport extension, 80,443 will work, otherwise you need seperate rules
14:03<iggy>afv-13: if you are hoping for any kind of portability, do them seperately
14:03<afv-13>thanks iggy
14:04<afv-13>iggy: just to keep track of which services are using all my bandwidth
14:04<afv-13>so portability isn't really an issue for me
14:05<iggy>you say that now....
14:05<afv-13>true, famous last words i guess
14:05<afv-13>:p
14:06<afv-13>still would have preferred to get ipac-ng working, i like the graphs
14:56|-|coumbes [~coumbes@72.2.162.254] has joined #linode
15:04|-|Newsome [~sorenson@adsl-68-22-220-206.dsl.chcgil.ameritech.net] has quit [Quit: Linux: Now with employee pricing!]
15:10|-|linville [~linville@azure.tuxdriver.com] has quit [Quit: Leaving]
15:27|-|linville [~linville@azure.tuxdriver.com] has joined #linode
15:36|-|f8 [~crt@cpe-76-187-15-17.tx.res.rr.com] has joined #linode
15:37|-|Spads [~crack@host-87-74-89-151.bulldogdsl.com] has joined #linode
16:00|-|afv-13 [~afv@vc-196-207-32-253.3g.vodacom.co.za] has quit [Quit: The conversation has been moved to the Trash.]
16:24|-|Kurt [1000@evvlinlwt-nas-07-s76.cinergycom.net] has joined #linode
16:42<Kurt>why is Peyton Manning so much better than Tom Brady, Dan Marino, Dan Fouts, Steve Young, Tony Romo, Jake Plummer, Johnny Unitas, Fran Tarkenton, Joe Montana, Joe Namath, Bart Starr, Ben Doublecheeseburger, Vinny Testaverde, Drew Brees, Drew Bledsoe, Warren Moon, Terry Bradshaw, Jim Kelly, Bob Griese, John Elway, Doug Flutie, Steve McNair, and Roger Staubach put together?
16:44|-|Spads [~crack@host-87-74-89-151.bulldogdsl.com] has quit [Ping timeout: 480 seconds]
16:45<kvandivo>i can't imagine all of those people put together would make a very agile QB.. so that's one reason
16:48|-|andrew_j_w [~andrew@82-69-30-171.dsl.in-addr.zen.co.uk] has quit [Remote host closed the connection]
17:03|-|Newsome [~sorenson@adsl-75-0-136-70.dsl.chcgil.sbcglobal.net] has joined #linode
17:17|-|Redgore [~Redgore@65.19.178.250] has quit [Server closed connection]
17:29|-|Nigel [~Nigel@125-238-62-1.broadband-telecom.global-gateway.net.nz] has joined #linode
17:29<Nigel>caker, "Estimated Availability: 10/30/2006" ;)
18:26|-|avid [~avid@c-71-229-204-59.hsd1.co.comcast.net] has joined #linode
18:54|-|linville [~linville@azure.tuxdriver.com] has quit [Quit: Leaving]
19:03|-|avid [~avid@c-71-229-204-59.hsd1.co.comcast.net] has quit [Quit: avid]
19:12|-|Kurt [1000@evvlinlwt-nas-07-s76.cinergycom.net] has quit [Ping timeout: 480 seconds]
19:16|-|avid [~avid@c-71-229-204-59.hsd1.co.comcast.net] has joined #linode
19:26|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has quit [Read error: Operation timed out]
19:32|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has joined #linode
19:59|-|Eman [~go@dyn216-8-172-229.ADSL.mnsi.net] has quit [Killed (NickServ (GHOST command used by Erik))]
19:59|-|Eman [~go@dyn216-8-175-51.ADSL.mnsi.net] has joined #linode
20:15<linbot>how to free the bsd?
20:20<tierra>by cutting the net
20:36|-|avid [~avid@c-71-229-204-59.hsd1.co.comcast.net] has quit [Quit: avid]
20:40|-|id10t [~sj@75.89.24.139] has joined #linode
20:40<id10t>'lo all
20:41<id10t>something screwey going on at theplanet? i can't reach one linode from home, but i can get to another, and linode <-> linode is ok...
20:42<id10t>tracerpath shows it breaks in theplanet
20:49|-|jekil [~alessandr@host123-235-dynamic.8-87-r.retail.telecomitalia.it] has quit [Ping timeout: 480 seconds]
21:06|-|Eman [~go@dyn216-8-175-51.ADSL.mnsi.net] has quit [Quit: IRC QUIT]
21:18|-|Eman [~go@dyn216-8-175-51.ADSL.mnsi.net] has joined #linode
21:19<id10t>wb
21:19<Eman>thanks
21:21<Eman>i never complain about free hardware (52x cd burner)
21:25|-|id10t [~sj@75.89.24.139] has quit [Quit: Leaving]
21:26<linbot>New news from forums: Gentoo, gcc 4.1.1 and linode 100 in General Discussion <http://www.linode.com/forums/viewtopic.php?t=2514>
21:26|-|Netsplit lithium.oftc.net <-> testlink-alpha.oftc.net quits: dc0e
21:40|-|dc0e [~dc0e@c-69-243-116-179.hsd1.md.comcast.net] has joined #linode
21:50|-|Rifkin [~rifkin@procyondesign.net] has quit [Quit: leaving]
21:55|-|FireSlash [~FireSlash@mobile-166-217-066-029.mycingular.net] has joined #linode
22:13|-|warewolf [warewolf@warewolf.org] has quit [Quit: Lost terminal]
22:13|-|warewolf [warewolf@warewolf.org] has joined #linode
22:15|-|warewolf [warewolf@warewolf.org] has quit []
22:16|-|warewolf [warewolf@warewolf.org] has joined #linode
23:06|-|Dreamr_3 [~Dreamer3@0-1pool106-129.nas33.chicago3.il.us.da.qwest.net] has joined #linode
23:12|-|Dreamr3 [~Dreamer3@0-2pool92-90.nas33.chicago3.il.us.da.qwest.net] has quit [Ping timeout: 480 seconds]
23:22|-|spr [~spr@c-71-195-212-252.hsd1.ut.comcast.net] has quit [Quit: spr]
23:23|-|spr [~spr@c-71-195-212-252.hsd1.ma.comcast.net] has joined #linode
23:24|-|guinea-pog changed nick to guinea-pig
23:24|-|spr [~spr@c-71-195-212-252.hsd1.ma.comcast.net] has quit []
23:24|-|FireSlash [~FireSlash@mobile-166-217-066-029.mycingular.net] has quit [Read error: Connection reset by peer]
23:26|-|spr [~spr@c-71-195-212-252.hsd1.ut.comcast.net] has joined #linode
23:27|-|spr [~spr@c-71-195-212-252.hsd1.ut.comcast.net] has quit []
23:56|-|internat [~internat@c210-49-250-210.ipswc1.qld.optusnet.com.au] has quit [Quit: This computer has gone to sleep]
---Logclosed Wed Nov 29 00:00:24 2006