|
I tried fallocate but swapon would fail with "swap file has holes". Though that was with CentOS which uses XFS, not Ubuntu. Also I forgot I'd have to chmod the file 0600 each time I make it. From googling it looks like my best bet would be to create a systemd service that does this.
|
#
?
Feb 14, 2018 16:24
|
|
|
|
| # ? Apr 23, 2024 09:14 |
|
|
Is there a available, decently-secure way to control a given systemd process/server/whatever from the web. I want to host a game server but I want to allow others to turn it off and on without A) command line access. B) training them on command line access. Obviously I don't want such a thing to root my server and I know enough to write a dumb applet to do it but I'd rather use something that's already been hardened instead of rolling my own. Surely someone has solved this but googling has been somewhat fruitless. I'm also open to other, non-web-centric ideas if they are reasonably easy / secure.' EDIT: vvv Yeah thanks for the suggestions. Thinking about it I could restrict the web user's access to sudo specific commands/scripts. And run on a non-standard port. SoftNum fucked around with this message at 17:45 on Feb 14, 2018 |
|
#
?
Feb 14, 2018 17:15
|
|
|
The risk you have to account for is giving your web server root privileges.. I'm sure you understand why that's a dangerous thing. sudo access to a script that accepts no input is probably the easiest way to do it semi-safely, but this assumes your web server is hardened against intrusion.. that is, your admins have good passwords not available in pastebin, your web server doesn't get owned, stuff like that. You'll probably want your sudo-calling web server script to be smart enough to not allow spamming commands, logging, and an easy way to lock accounts too. It's definitely not best practice but if you develop a list of the risks and a plan to mitigate them, it's not the worst idea in the history of mankind.
|
|
#
?
Feb 14, 2018 17:23
|
|
|
I think you'd want to use sudo to do this, you don't have to give the www user full root/sudo access but predefined commands by using a Cmnd_Alias. Something like in /etc/sudoers Cmnd_Alias Game_service = /usr/bin/systemctl start gameserver, /usr/bin/systemctl stop gameserver www-data ALL = (root) NOPASSWD: Game_service Defaults!Game_service !requiretty this would give www-data the ability to run as root the commands defined in Game_service and nothing else then you could use NGINX or whatever to define two URLS that run the commands when accessed, I'd probably add some random hash to the end of the URLs so they aren't just easily guessed. Like /STARTcf1e8c14e54505f60aa10ceb8d5d8ab3 and /STOPcf1e8c14e54505f60aa10ceb8d5d8ab3 also don't listen to me because I am still pretty rusty with Linux, but I think sudo the heart of what you are looking to do.
|
|
#
?
Feb 14, 2018 17:52
|
|
|
Alpha Mayo posted:I tried fallocate but swapon would fail with "swap file has holes". Though that was with CentOS which uses XFS, not Ubuntu. Also I forgot I'd have to chmod the file 0600 each time I make it. Yeah, in olden times you'd just dump the commands in /etc/rc.local. But that's deprecated with systemd and you should write a small service that is configured to run after everything else.
|
|
#
?
Feb 14, 2018 18:12
|
|
|
SoftNum posted:EDIT: vvv Yeah thanks for the suggestions. Thinking about it I could restrict the web user's access to sudo specific commands/scripts. And run on a non-standard port. Running on non-standard port does nothing towards security, but it does help with flyby wannabe hackers. Allowing to run commands from the web (via sudo, and potentially selinux) is opening a security hole on that machine large enough to fit a truck and there's nothing you can do about it. The only thing you can do is run said game server in a VM and be prepared to replace the image with a known good one on a moment's notice. It will get pwned. There's no "if" only a "when".
|
|
#
?
Feb 14, 2018 18:32
|
|
|
Alpha Mayo posted:How would I delete the swapfile on shutdown, then automate the creation of it on startup (with dd if=/dev/zero)? Why are you using swap?
|
|
#
?
Feb 14, 2018 21:56
|
|
|
I'm debating switching this laptop to Linux, but I have two things to ask. iospace fucked around with this message at 00:05 on Feb 15, 2018 |
|
#
?
Feb 14, 2018 22:05
|
|
|
I just like giving the kernel the option to move barely-used pages to swap if it decides to. That and it gives a safety net that can buy time to prevent essential processes from being killed for consuming too much memory. I've always been taught that swap is never a drawback in any situation, besides the disk capacity lost
|
|
#
?
Feb 14, 2018 22:12
|
|
|
jaegerx posted:Why are you using swap? There’s utility...
|
|
#
?
Feb 14, 2018 23:14
|
|
|
SoftNum posted:Is there a available, decently-secure way to control a given systemd process/server/whatever from the web. It's not exactly what you asked for, but supervisord (http://supervisord.org) came to mind, and has features like this. I've looked at it before, but never used myself. Looks cleaner than rolling your own solution to me... Edit: I've also seen monit used, but didn't realize it had a webui as well... might be another option? (https://mmonit.com/monit/) Ryaath fucked around with this message at 02:55 on Feb 15, 2018 |
|
#
?
Feb 15, 2018 02:48
|
|
|
BoyBlunder posted:I'm having a weird issue, affecting only Linux installs on my Thinkpad x230. Bumping this from the previous page. Any ideas?
|
|
#
?
Feb 15, 2018 03:29
|
|
|
BoyBlunder posted:Bumping this from the previous page. Any ideas? journalctl -b -1 -n250 does this give you any info? that should provide the last 250 lines of the log for the last boot cycle(so hopefully will include why it shutdown)
|
|
#
?
Feb 15, 2018 19:53
|
|
|
If you have absolutely nothing in the logs, then the only reasonable conclusion could be that the power somehow magically went out. Something like the internal battery died unexpectedly. But then it would happen in windows too. Unless the linux driver is lying and saying that the battery has more juice in it than it actually does. This is just pure speculation though, with no basis in reality.
|
|
#
?
Feb 15, 2018 21:23
|
|
|
i keep thinking acpi fuckery
|
|
#
?
Feb 15, 2018 21:44
|
|
|
RFC2324 posted:i keep thinking acpi fuckery Yeah this seems like the most likely culprit. like Linux isn't telling IBM's lovely ACPI that anything is going on so it shuts the laptop down or something stupid. but eh.
|
|
#
?
Feb 15, 2018 22:42
|
|
|
SoftNum posted:Yeah this seems like the most likely culprit. like Linux isn't telling IBM's lovely ACPI that anything is going on so it shuts the laptop down or something stupid. but eh. Or linux isnt tracking usage correctly, and is sending a sleep signal that the ibms acpi is reading as a hard poweroff. Try disabling acpi to see if that is the culprit to narrow things down?
|
|
#
?
Feb 15, 2018 23:13
|
|
|
Thanks guys, I’ll give all these a shot.
|
|
#
?
Feb 16, 2018 00:39
|
|
|
Could also try disabling the lower C States in BIOS in case one of those is being mishandled. I had a laptop that did that when it picked up a C6 state.
|
|
#
?
Feb 16, 2018 02:02
|
|
|
Anyone have a preferred iso for a live version of ubuntu? I just need to boot into ubuntu on my desktop to do some testing and I dont wanna mess around with partitions. I tried the regular ubuntu server 16.04 iso but it doesnt seem to have a boot from USB option. I used to use knoppix in the past but id prefer some flavor of ubuntu. Edit: i don't wanna use a VM because I need to have access to the GPU.
|
|
#
?
Feb 16, 2018 19:03
|
|
|
Get the regular desktop version of Ubuntu, not Ubuntu Server.
|
|
#
?
Feb 16, 2018 19:10
|
|
|
Paul MaudDib posted:Get the regular desktop version of Ubuntu, not Ubuntu Server. I'm testing out bash scripts etc. Those scripts will work on either version later on correct? SnatchRabbit fucked around with this message at 19:16 on Feb 16, 2018 |
|
#
?
Feb 16, 2018 19:11
|
|
|
SnatchRabbit posted:I'm testing out bash scripts etc. Those scripts will work on either version later on correct? Bash scripts will work on any linux distribution provided that: - bash version is sufficiently high that whatever features those scripts are using bash actually supports them - the programs those bash-scripts invoke (assuming they call other programs not only built-in commands) are installed and of new-enough version to be able to do whatever the script expects them to do. That's all there is to it. Bash and programs version. The magic of linux distributions.
|
|
#
?
Feb 17, 2018 03:04
|
|
|
I have a laptop with a discrete Nvidia GPU and an integrated Intel GPU, and I connect a monitor to it via MiniDP. It's my understanding that Fedora 27 is capable of switching and turning on/off the Nvidia GPU when it's not needed (see here, I am using the "OSS Stack" with the nouveau/intel drivers). Anyway, I think one of the caveats for this to work out of the box is that I need to know whether or not the MiniDP port is wired to the Nvidia GPU or the Intel iGPU. From another post I found: quote:Optimus laptops have two video chips: an integrated Intel and a discrete nVidia one. If the port (DisplayPort / HDMI / VGA) is wired to the Intel chip, you do not need to do anything special to get external monitors to work. I've seen this posted and repeated on various other guides as well but what I can't find is how do I find out which GPU the MiniDP port is wired to? e: For what it's worth I can just plug in the monitor into the MiniDP port and it just works. I can unplug it right now with this laptop turned on and plug it back it and it automatically detects it. If I just start up Paraview (the only program I have installed I could think of that tells me information about the GPU it's rendering on) it says "OpenGL Renderer: Mesa DRI Intel Haswell Mobile", but if I start up Paraview with "DRI_PRIME=1" then it now shows "OpenGL Renderer: NVE7" ad "OpenGL Vendor" says "nouveau." But all this tells me is that the GPU offloading works fine. It doesn't tell me if the Nvidia GPU is disabled when I don't need it. Boris Galerkin fucked around with this message at 13:43 on Feb 17, 2018 |
|
#
?
Feb 17, 2018 13:38
|
|
|
So I just learned about containers/Docker. That is some seriously cool poo poo. I don't know how Linux is so advanced and capable from an OS-perspective, and yet we still have to use X11 on the front-end.
|
|
#
?
Feb 19, 2018 03:17
|
|
|
Finally using a desktop distro for at least a substantial portion of my day. Have Ubuntu 17.10 up and running decently, a couple of issues I haven't been able to get around yet though: 1) Flatpaks. Is there an issue with Ubuntu Aardvark and flatpak installs not installing an app menu icon? I've installed several flatpak installs - Discord, Lollypop and Vocal - none of them install an icon. The install seems fine, I can launch them from the terminal with flatpack run fine, but from what I'm reading I should see the icon in the Ubuntu app list. edit: They showed up after a reboot. Any command I can use to force this? 2) Contrast/brightness/color temp. Using a Radeon 7770 with the default drivers that come with 17.10 - how can I adjust either? Reason being my TV through HDMI has a slight red tinge to it and whacked out contrast with black crush, it's immediately apparent when jumping back into Win10. Happy_Misanthrope fucked around with this message at 03:44 on Feb 19, 2018 |
|
#
?
Feb 19, 2018 03:36
|
|
|
Alpha Mayo posted:So I just learned about containers/Docker. That is some seriously cool poo poo. I don't know how Linux is so advanced and capable from an OS-perspective, and yet we still have to use X11 on the front-end. Xorg
|
|
#
?
Feb 19, 2018 04:07
|
|
|
Alpha Mayo posted:So I just learned about containers/Docker. That is some seriously cool poo poo. I don't know how Linux is so advanced and capable from an OS-perspective, and yet we still have to use X11 on the front-end.
|
|
#
?
Feb 19, 2018 04:16
|
|
|
mystes posted:Yeah it's pretty awesome that in 2018 operating systems now have this ability to run different pieces of software in their own isolated environment almost as if they have the whole computer to themselves. It’s almost like jails and zones never existed until docker.
|
|
#
?
Feb 19, 2018 04:56
|
|
|
yeah there's a little bit of difference between chroot and CoreOS who knew
|
|
#
?
Feb 19, 2018 06:48
|
|
|
Containers are cool and good. Run a redhat shop but someone needs to compile for ubuntu and you refuse to support it? Have the developer fire up a container and make it their problem. I also much prefer deploying a service with a compose over setting it up in puppet, mostly because the module scene around puppet is extremely hit or miss. So much software has an entry in the docker registry getting it running is like 5 minutes of effort. It ain't perfect but it ain't poo poo either.
|
|
#
?
Feb 19, 2018 06:50
|
|
|
jaegerx posted:It’s almost like jails and zones never existed until docker. I keep seeing people make smug posts like this but isn’t it true that more people than ever now use containers because of Docker?
|
|
#
?
Feb 19, 2018 07:16
|
|
|
Boris Galerkin posted:I keep seeing people make smug posts like this but isn’t it true that more people than ever now use containers because of Docker? True. Jails are superior to docker in every way, but for some reason they didn't become that popular. Maybe it was because of FreeBSD, maybe docker people really invested in marketing ...
|
|
#
?
Feb 19, 2018 07:38
|
|
|
Happy_Misanthrope posted:Finally using a desktop distro for at least a substantial portion of my day. Have Ubuntu 17.10 up and running decently, a couple of issues I haven't been able to get around yet though: The reboot (technically only logging in again) is only necessary once after installing flatpak, as the menu stuff needs to be aware of a new place to look for icons.
|
|
#
?
Feb 19, 2018 10:50
|
|
|
Volguus posted:True. Jails are superior to docker in every way, but for some reason they didn't become that popular. Maybe it was because of FreeBSD, maybe docker people really invested in marketing ... Isn't Docker not a low-level technology itself, but uses libcontainer (or other drivers) that makes use of available OS container functionality? In other words, can't Docker actually use FreeBSD jails? Or LXC, or Windows Containers, or some hand-written code I write where a "container" does nothing but serve hello.jpg on every interface? What makes Docker so impressive to me its usability. The low-level technology of containers isn't new, and maybe FreeBSD Jails are superior to everything else, but being able to get deploy a preconfigured container from a public repository, designed for one specific application with one command is relatively new.
|
|
#
?
Feb 20, 2018 08:48
|
|
|
Alpha Mayo posted:Isn't Docker not a low-level technology itself, but uses libcontainer (or other drivers) that makes use of available OS container functionality? In other words, can't Docker actually use FreeBSD jails? Or LXC, or Windows Containers, or some hand-written code I write where a "container" does nothing but serve hello.jpg on every interface? Yes/no. libcontainer is great as an abstraction, but you an actually spawn a container just with a couple of cgroup commands. docker/containers are cgroup isolation+network namespacing.
|
|
#
?
Feb 20, 2018 11:50
|
|
|
I am on Solus 3.26.2 and would like to automate a backup script for Duplicity that I have made (read a tutorial and copied from the Internet). Now, trying to use cron and it not working (and then googling to discover cron isn't packaged in Solus), I have discovered I need to use systemd. I also saw that I can install cron if needed, but I figure if systemd is the way to go in Solus, then why not? Can anyone guide me on how to make this very simple bash script in my home directory run daily at a time I choose using systemd?
|
|
#
?
Feb 22, 2018 14:18
|
|
|
Volguus posted:True. Jails are superior to docker in every way, but for some reason they didn't become that popular. Maybe it was because of FreeBSD, maybe docker people really invested in marketing ... 
|
|
#
?
Feb 24, 2018 03:51
|
|
|
points 2 and 3 are still valid imo especially since dropbox continually loses money year after year
|
|
#
?
Feb 24, 2018 05:39
|
|
|
|
| # ? Apr 23, 2024 09:14 |
|
|
That's probably why they just announced their ipo and want to bring in $500 million with it. Time to migrate to onedrive, right? 
|
|
#
?
Feb 24, 2018 06:24
|
|