Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«694 »
  • Post
  • Reply
Alpha Mayo
Jan 15, 2007

You can't kill the Bitcoin.
The Bitcoin will live on.

I tried to kill the Bitcoin.
BUT I FAILED! As I was smite to the ground.


I tried fallocate but swapon would fail with "swap file has holes". Though that was with CentOS which uses XFS, not Ubuntu. Also I forgot I'd have to chmod the file 0600 each time I make it.

From googling it looks like my best bet would be to create a systemd service that does this.

Adbot
ADBOT LOVES YOU

SoftNum
Mar 31, 2011



Is there a available, decently-secure way to control a given systemd process/server/whatever from the web.

I want to host a game server but I want to allow others to turn it off and on without A) command line access. B) training them on command line access. Obviously I don't want such a thing to root my server and I know enough to write a dumb applet to do it but I'd rather use something that's already been hardened instead of rolling my own. Surely someone has solved this but googling has been somewhat fruitless.

I'm also open to other, non-web-centric ideas if they are reasonably easy / secure.'

EDIT: vvv Yeah thanks for the suggestions. Thinking about it I could restrict the web user's access to sudo specific commands/scripts. And run on a non-standard port.

SoftNum fucked around with this message at Feb 14, 2018 around 16:45

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

The risk you have to account for is giving your web server root privileges.. I'm sure you understand why that's a dangerous thing.

sudo access to a script that accepts no input is probably the easiest way to do it semi-safely, but this assumes your web server is hardened against intrusion.. that is, your admins have good passwords not available in pastebin, your web server doesn't get owned, stuff like that. You'll probably want your sudo-calling web server script to be smart enough to not allow spamming commands, logging, and an easy way to lock accounts too.

It's definitely not best practice but if you develop a list of the risks and a plan to mitigate them, it's not the worst idea in the history of mankind.

Alpha Mayo
Jan 15, 2007

You can't kill the Bitcoin.
The Bitcoin will live on.

I tried to kill the Bitcoin.
BUT I FAILED! As I was smite to the ground.


I think you'd want to use sudo to do this, you don't have to give the www user full root/sudo access but predefined commands by using a Cmnd_Alias.

Something like in /etc/sudoers

Cmnd_Alias Game_service = /usr/bin/systemctl start gameserver, /usr/bin/systemctl stop gameserver
www-data ALL = (root) NOPASSWD: Game_service
Defaults!Game_service !requiretty

this would give www-data the ability to run as root the commands defined in Game_service and nothing else

then you could use NGINX or whatever to define two URLS that run the commands when accessed, I'd probably add some random hash to the end of the URLs so they aren't just easily guessed. Like /STARTcf1e8c14e54505f60aa10ceb8d5d8ab3 and /STOPcf1e8c14e54505f60aa10ceb8d5d8ab3

also don't listen to me because I am still pretty rusty with Linux, but I think sudo the heart of what you are looking to do.

Docjowles
Apr 9, 2009

COME ON WORK!


Alpha Mayo posted:

I tried fallocate but swapon would fail with "swap file has holes". Though that was with CentOS which uses XFS, not Ubuntu. Also I forgot I'd have to chmod the file 0600 each time I make it.

From googling it looks like my best bet would be to create a systemd service that does this.

Yeah, in olden times you'd just dump the commands in /etc/rc.local. But that's deprecated with systemd and you should write a small service that is configured to run after everything else.

Volguus
Mar 3, 2009


SoftNum posted:

EDIT: vvv Yeah thanks for the suggestions. Thinking about it I could restrict the web user's access to sudo specific commands/scripts. And run on a non-standard port.

Running on non-standard port does nothing towards security, but it does help with flyby wannabe hackers. Allowing to run commands from the web (via sudo, and potentially selinux) is opening a security hole on that machine large enough to fit a truck and there's nothing you can do about it. The only thing you can do is run said game server in a VM and be prepared to replace the image with a known good one on a moment's notice. It will get pwned. There's no "if" only a "when".

jaegerx
Sep 10, 2012



Grimey Drawer

Alpha Mayo posted:

How would I delete the swapfile on shutdown, then automate the creation of it on startup (with dd if=/dev/zero)?

The reason is, I am using DigitalOcean droplets and I don't want to include the swapfile of the droplet during snapshots because I get charged for it.

Essentially somewhere in the startup, after drives are mounted, I need to run
dd if=/dev/zero of=/swapfile bs=1M count=1024
mkswap /swapfile
swapon /swapfile


then on shutdown:
rm -f swapfile

Just not sure where these commands should go on Ubuntu Linux 16.04

Why are you using swap?

iospace
Apr 20, 2020




Grimey Drawer

I'm debating switching this laptop to Linux, but I have two things to ask.

1. Is it possible, on an unpartitioned drive, to partition it to allow both the Linux and Windows install to coexist (yes I know, some of you will not like this)? Figured this out, created a new partition already without disturbing the Windows install.
2. What distro is the best at the moment for general purpose? I'm decent with bash and CLI in general so one that primarily uses that is not necessarily out of the question, but one with a built-in desktop would be ideal. I went with arch because I'm A. a masochist, and B. have used it in the past and want to get back into it

iospace fucked around with this message at Feb 14, 2018 around 23:05

Alpha Mayo
Jan 15, 2007

You can't kill the Bitcoin.
The Bitcoin will live on.

I tried to kill the Bitcoin.
BUT I FAILED! As I was smite to the ground.


I just like giving the kernel the option to move barely-used pages to swap if it decides to. That and it gives a safety net that can buy time to prevent essential processes from being killed for consuming too much memory. I've always been taught that swap is never a drawback in any situation, besides the disk capacity lost

nem
Jan 4, 2003

Hostineer: Elevate Your Performance

The hosting provider formerly known as "Apis Networks". No relation to Prince.


jaegerx posted:

Why are you using swap?

Thereís utility...

Ryaath
Apr 8, 2003



SoftNum posted:

Is there a available, decently-secure way to control a given systemd process/server/whatever from the web.

I want to host a game server but I want to allow others to turn it off and on without A) command line access. B) training them on command line access. Obviously I don't want such a thing to root my server and I know enough to write a dumb applet to do it but I'd rather use something that's already been hardened instead of rolling my own. Surely someone has solved this but googling has been somewhat fruitless.

I'm also open to other, non-web-centric ideas if they are reasonably easy / secure.'

It's not exactly what you asked for, but supervisord (http://supervisord.org) came to mind, and has features like this. I've looked at it before, but never used myself. Looks cleaner than rolling your own solution to me...

Edit: I've also seen monit used, but didn't realize it had a webui as well... might be another option? (https://mmonit.com/monit/)

Ryaath fucked around with this message at Feb 15, 2018 around 01:55

BoyBlunder
Sep 16, 2008


BoyBlunder posted:

I'm having a weird issue, affecting only Linux installs on my Thinkpad x230.

Occasionally, the laptop will just turn off. Boom, click - off. No errors, nothing. I thought it was temperature related, but temperatures are normal (~40C) when the system boots back up. I thought it was the distro/kernel I was running, but no - it happens across Debian, Ubuntu, Fedora, etc. System journal doesn't say a thing - just that the system shutoff, and turned back on.

On a whim, I installed Windows on the laptop, and it worked a-OK for about a month until I went back to Linux. The week I was back, it happened again.

What the gently caress?

Bumping this from the previous page. Any ideas?

RFC2324
Jun 7, 2012



BoyBlunder posted:

Bumping this from the previous page. Any ideas?

journalctl -b -1 -n250

does this give you any info? that should provide the last 250 lines of the log for the last boot cycle(so hopefully will include why it shutdown)

Volguus
Mar 3, 2009


If you have absolutely nothing in the logs, then the only reasonable conclusion could be that the power somehow magically went out. Something like the internal battery died unexpectedly. But then it would happen in windows too. Unless the linux driver is lying and saying that the battery has more juice in it than it actually does.

This is just pure speculation though, with no basis in reality.

RFC2324
Jun 7, 2012



i keep thinking acpi fuckery

SoftNum
Mar 31, 2011



RFC2324 posted:

i keep thinking acpi fuckery

Yeah this seems like the most likely culprit. like Linux isn't telling IBM's lovely ACPI that anything is going on so it shuts the laptop down or something stupid. but eh.

RFC2324
Jun 7, 2012



SoftNum posted:

Yeah this seems like the most likely culprit. like Linux isn't telling IBM's lovely ACPI that anything is going on so it shuts the laptop down or something stupid. but eh.

Or linux isnt tracking usage correctly, and is sending a sleep signal that the ibms acpi is reading as a hard poweroff.

Try disabling acpi to see if that is the culprit to narrow things down?

BoyBlunder
Sep 16, 2008


Thanks guys, Iíll give all these a shot.

insularis
Sep 21, 2002



Could also try disabling the lower C States in BIOS in case one of those is being mishandled. I had a laptop that did that when it picked up a C6 state.

SnatchRabbit
Feb 23, 2006


Isn't change supposed to make things different?

Anyone have a preferred iso for a live version of ubuntu? I just need to boot into ubuntu on my desktop to do some testing and I dont wanna mess around with partitions. I tried the regular ubuntu server 16.04 iso but it doesnt seem to have a boot from USB option. I used to use knoppix in the past but id prefer some flavor of ubuntu. Edit: i don't wanna use a VM because I need to have access to the GPU.

Paul MaudDib
May 2, 2006

"Tell me of your home world, Usul"


Get the regular desktop version of Ubuntu, not Ubuntu Server.

SnatchRabbit
Feb 23, 2006


Isn't change supposed to make things different?

Paul MaudDib posted:

Get the regular desktop version of Ubuntu, not Ubuntu Server.

I'm testing out bash scripts etc. Those scripts will work on either version later on correct?

SnatchRabbit fucked around with this message at Feb 16, 2018 around 18:16

Volguus
Mar 3, 2009


SnatchRabbit posted:

I'm testing out bash scripts etc. Those scripts will work on either version later on correct?

Bash scripts will work on any linux distribution provided that:

- bash version is sufficiently high that whatever features those scripts are using bash actually supports them
- the programs those bash-scripts invoke (assuming they call other programs not only built-in commands) are installed and of new-enough version to be able to do whatever the script expects them to do.

That's all there is to it. Bash and programs version. The magic of linux distributions.

Boris Galerkin
Dec 17, 2011


I have a laptop with a discrete Nvidia GPU and an integrated Intel GPU, and I connect a monitor to it via MiniDP. It's my understanding that Fedora 27 is capable of switching and turning on/off the Nvidia GPU when it's not needed (see here, I am using the "OSS Stack" with the nouveau/intel drivers).

Anyway, I think one of the caveats for this to work out of the box is that I need to know whether or not the MiniDP port is wired to the Nvidia GPU or the Intel iGPU. From another post I found:

quote:

Optimus laptops have two video chips: an integrated Intel and a discrete nVidia one. If the port (DisplayPort / HDMI / VGA) is wired to the Intel chip, you do not need to do anything special to get external monitors to work.

I've seen this posted and repeated on various other guides as well but what I can't find is how do I find out which GPU the MiniDP port is wired to?

e: For what it's worth I can just plug in the monitor into the MiniDP port and it just works. I can unplug it right now with this laptop turned on and plug it back it and it automatically detects it. If I just start up Paraview (the only program I have installed I could think of that tells me information about the GPU it's rendering on) it says "OpenGL Renderer: Mesa DRI Intel Haswell Mobile", but if I start up Paraview with "DRI_PRIME=1" then it now shows "OpenGL Renderer: NVE7" ad "OpenGL Vendor" says "nouveau."

But all this tells me is that the GPU offloading works fine. It doesn't tell me if the Nvidia GPU is disabled when I don't need it.

Boris Galerkin fucked around with this message at Feb 17, 2018 around 12:43

Alpha Mayo
Jan 15, 2007

You can't kill the Bitcoin.
The Bitcoin will live on.

I tried to kill the Bitcoin.
BUT I FAILED! As I was smite to the ground.


So I just learned about containers/Docker. That is some seriously cool poo poo. I don't know how Linux is so advanced and capable from an OS-perspective, and yet we still have to use X11 on the front-end.

Happy_Misanthrope
Aug 3, 2007

"I wanted to kill you, go to your funeral, and anyone who showed up to mourn you, I wanted to kill them too."

Finally using a desktop distro for at least a substantial portion of my day. Have Ubuntu 17.10 up and running decently, a couple of issues I haven't been able to get around yet though:

1) Flatpaks. Is there an issue with Ubuntu Aardvark and flatpak installs not installing an app menu icon? I've installed several flatpak installs - Discord, Lollypop and Vocal - none of them install an icon. The install seems fine, I can launch them from the terminal with flatpack run fine, but from what I'm reading I should see the icon in the Ubuntu app list.

edit: They showed up after a reboot. Any command I can use to force this?

2) Contrast/brightness/color temp. Using a Radeon 7770 with the default drivers that come with 17.10 - how can I adjust either? Reason being my TV through HDMI has a slight red tinge to it and whacked out contrast with black crush, it's immediately apparent when jumping back into Win10.

Happy_Misanthrope fucked around with this message at Feb 19, 2018 around 02:44

jaegerx
Sep 10, 2012



Grimey Drawer

Alpha Mayo posted:

So I just learned about containers/Docker. That is some seriously cool poo poo. I don't know how Linux is so advanced and capable from an OS-perspective, and yet we still have to use X11 on the front-end.

Xorg

mystes
May 31, 2006



Alpha Mayo posted:

So I just learned about containers/Docker. That is some seriously cool poo poo. I don't know how Linux is so advanced and capable from an OS-perspective, and yet we still have to use X11 on the front-end.
Yeah it's pretty awesome that in 2018 operating systems now have this ability to run different pieces of software in their own isolated environment almost as if they have the whole computer to themselves.

jaegerx
Sep 10, 2012



Grimey Drawer

mystes posted:

Yeah it's pretty awesome that in 2018 operating systems now have this ability to run different pieces of software in their own isolated environment almost as if they have the whole computer to themselves.

Itís almost like jails and zones never existed until docker.

Alpha Mayo
Jan 15, 2007

You can't kill the Bitcoin.
The Bitcoin will live on.

I tried to kill the Bitcoin.
BUT I FAILED! As I was smite to the ground.


yeah there's a little bit of difference between chroot and CoreOS who knew

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Containers are cool and good. Run a redhat shop but someone needs to compile for ubuntu and you refuse to support it? Have the developer fire up a container and make it their problem.

I also much prefer deploying a service with a compose over setting it up in puppet, mostly because the module scene around puppet is extremely hit or miss. So much software has an entry in the docker registry getting it running is like 5 minutes of effort.

It ain't perfect but it ain't poo poo either.

Boris Galerkin
Dec 17, 2011


jaegerx posted:

Itís almost like jails and zones never existed until docker.

I keep seeing people make smug posts like this but isnít it true that more people than ever now use containers because of Docker?

Volguus
Mar 3, 2009


Boris Galerkin posted:

I keep seeing people make smug posts like this but isnít it true that more people than ever now use containers because of Docker?

True. Jails are superior to docker in every way, but for some reason they didn't become that popular. Maybe it was because of FreeBSD, maybe docker people really invested in marketing ...

kujeger
Feb 19, 2004

OH YES HA HA

Fun Shoe

Happy_Misanthrope posted:

Finally using a desktop distro for at least a substantial portion of my day. Have Ubuntu 17.10 up and running decently, a couple of issues I haven't been able to get around yet though:

1) Flatpaks. Is there an issue with Ubuntu Aardvark and flatpak installs not installing an app menu icon? I've installed several flatpak installs - Discord, Lollypop and Vocal - none of them install an icon. The install seems fine, I can launch them from the terminal with flatpack run fine, but from what I'm reading I should see the icon in the Ubuntu app list.

edit: They showed up after a reboot. Any command I can use to force this?

The reboot (technically only logging in again) is only necessary once after installing flatpak, as the menu stuff needs to be aware of a new place to look for icons.

Alpha Mayo
Jan 15, 2007

You can't kill the Bitcoin.
The Bitcoin will live on.

I tried to kill the Bitcoin.
BUT I FAILED! As I was smite to the ground.


Volguus posted:

True. Jails are superior to docker in every way, but for some reason they didn't become that popular. Maybe it was because of FreeBSD, maybe docker people really invested in marketing ...

Isn't Docker not a low-level technology itself, but uses libcontainer (or other drivers) that makes use of available OS container functionality? In other words, can't Docker actually use FreeBSD jails? Or LXC, or Windows Containers, or some hand-written code I write where a "container" does nothing but serve hello.jpg on every interface?

What makes Docker so impressive to me its usability. The low-level technology of containers isn't new, and maybe FreeBSD Jails are superior to everything else, but being able to get deploy a preconfigured container from a public repository, designed for one specific application with one command is relatively new.

Adbot
ADBOT LOVES YOU

evol262
Nov 30, 2010
#!/usr/bin/perl

Alpha Mayo posted:

Isn't Docker not a low-level technology itself, but uses libcontainer (or other drivers) that makes use of available OS container functionality? In other words, can't Docker actually use FreeBSD jails? Or LXC, or Windows Containers, or some hand-written code I write where a "container" does nothing but serve hello.jpg on every interface?

What makes Docker so impressive to me its usability. The low-level technology of containers isn't new, and maybe FreeBSD Jails are superior to everything else, but being able to get deploy a preconfigured container from a public repository, designed for one specific application with one command is relatively new.

Yes/no.

libcontainer is great as an abstraction, but you an actually spawn a container just with a couple of cgroup commands. docker/containers are cgroup isolation+network namespacing.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«694 »