Ivan's questions

This works:

location /someplace/ {
  auth_basic "Restricted Access";
  auth_basic_user_file /etc/nginx/.htpasswd;
}

I go to /someplace/ and I get prompted for the user and password and can authenticate successfuly. However, moving those exact lines to the root, or even location / then produces strange behavior:

Chrome keeps asking to authenticate again and again, and nginx' debug output shows no user/password was provided for basic authentication.

Server config:

   server {
        listen       443 ssl;
        server_name  some_domain;

        root /some_path;

        passenger_enabled on;
        passenger_ruby /usr/lib/fullstaq-ruby/versions/2.6.6-jemalloc/bin/ruby;
        passenger_env_var RAILS_ENV staging;

        # This causes the issue:
        #auth_basic "Restricted";
        #auth_basic_user_file /etc/nginx/.htpasswd;

        location / {
            index  index.html index.htm;
            # This also causes the same issue:
            #auth_basic "Restricted";
            #auth_basic_user_file /etc/nginx/.htpasswd;
        }

        error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        location /some_path { return 301 /some_path/; }
        location /some_path/ {
            # This works as expected on some_path:
            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/.htpasswd;
            if (!-e $request_filename){
                rewrite ^/some_path(/|$) /some_path/index.html break;
            }
        }
    }

ufw insert 1 deny to any
ufw enable
ufw status

Status output:

Status: active
Logging: on (high)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
Anywhere                   DENY IN     Anywhere
Anywhere (v6)              DENY IN     Anywhere (v6)

And yet I can pretty much rape the server from anywhere I want... what gives?

This is on a stock Ubuntu 14.04 server with nothing else installed. This is the /etc/network/interfaces file in case it helps:

auto lo
iface lo inet loopback

auto eth0

iface eth0 inet static
    address x.x.x.x/24
    gateway x.x.x.x

# Private network
iface eth0 inet static
  address 192.168.133.174/17

And here's iptables -L: http://pastie.org/9432829

I'm configuring a transparent proxy for my home, and I want certain URLs to go through an upstream proxy.

I'm currently using Squid, but I'm open to other suggestions.

I've looked at Squid's cache_peer options, but none seems to serve my purposes.

Is this even possible?

Edit: I also have nginx on the proxy machine, so maybe I can use that?

Having a file on /GET-cache/contact.html and requesting the URI /contact, with this directive, it works as expected:

if (-f $document_root/$request_method-cache$uri.html) {
  rewrite (.*) /GET-cache/$1.html break;
}

This one doesn't:

try_files $request_method-cache$uri.html @backend;

Using $document_root in the try_files directive doesn't work either (what I mean when I say it doesn't work is that the request gets passed up to the backend instead of nginx serving the static file).

Am I missing something?

Is there a way to do a query on PostgreSQL that will ignore accents on the columns?

SELECT * FROM people WHERE name ILIKE 'ivan'

I want a query like the one above to return records whose name is 'Iván', for example.

I know they're defined in /etc/resolv.conf, but what if it's not there? And more specifically, how do you find the DNS server returned by DHCP?

In GNOME you can use the NetworkManager applet to see the primary DNS for any connection, so how would you do the same from the command line?

I have a PC with two NICs, one is connected to a LAN (eth0, static IP 192.168.0.254), another to a DSL modem in DMZ mode (eth1, receives public IP from modem).

Yesterday, it suddenly stopped working for accessing the Internet.

I've narrowed down the problem to this (or maybe this is just a side-effect, I'm not sure):

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.0.0     U     1      0        0 eth0
link-local      *               255.255.0.0     U     1000   0        0 eth0
default         <public_ip>     0.0.0.0         UG    0      0        0 eth1

Edit: By public_ip I don't mean the actual public IP assigned to this machine, but another public IP, which I guess it's the one assigned to the modem.

With the default routes as above, I can ping to IPs but I cannot resolve domains, so it seems DNS is blocked somehow or maybe it's trying to use the DNS server from eth0.

If I delete route 192.168.0.0, then instead of the public_ip it shows the FQDN. And then I can resolve domains and access the Internet just fine.

If I assign another computer as the DMZ node in the modem, it works just fine, so it has to be something with this PC. I even tried another NIC for eth0, but no dice.

Any ideas?

I know this is bordering outside the topic of this site, but this is driving me mad... and it's memory for a server anyway, so allow me to cheat a bit, hehe.

Can anyone spot the difference between this DDR module and this one?

Other than the heat spreader, both seem to have the same specs: DDR2 5300 ECC 240pin, but oddly, the pins and the locator slot don't match.

Here's the relevant smb.conf section:

[someshare]
        path = /somewhere
        read only = No
        writeable = Yes
        guest ok = Yes
        create mask = 0777
        security mask = 0777
        directory mask = 0777
        force create mode = 0777
        directory security mask = 0777

Say user1 creates a directory on that share. It's permissions will be: drwxr-xr-x and the owner will be user1.

While user2 can access the directory created by user1, he receives a permission error when trying to create a file on that directory.

To me it seems weird that the permissions of the dir created by user1 aren't 777 as specified in smb.conf...

Edit: I forgot to mention a weird error that pops up in the client log when the permission is denied:

[2009/06/24 03:02:18,  0] smbd/trans2.c:unix_filetype(1130)
  unix_filetype: unknown filetype 0

What am I missing?

Currently you have to login to the VMware Infrastructure Web Access GUI, select the VM, and then open the console.

Is it possible to open a console with one click or one command?

Is it possible to prevent users from running certain programs on their Linux computers? Is there a whitelist method? A blacklist?

In a Linux network, is it possible to manage permissions from a central location?

If I have an LDAP server where users can authenticate, can I manage permissions from there?

I'm talking about permissions to servers (like Samba), but also inside their own machines.

What are other ways to manage them?

For example, how does mount decide if the current user has permissions to mount a filesystem? From what I know, it checks the fstab file and the group the user belongs to (I think plugdev, at least on Ubuntu).

Are those settings hard-coded into the program, or where does it get them? For example, say I wanted to give users in another group the ability to mount a filesystem, how does one do that?

EDIT: I'm looking for a general description of how security works. mount is just an example. I know more or less how filesystem permissions work, but clearly there's something else going on. I'm specially interested in knowing if there's a standard way in which programs implement security or if each does it differently.

We have an IPCop firewall/proxy installed in our network, and although I can use iftop to somewhat take a look at how the clients are using the Internet, is it possible to monitor it from outside the proxy with something like ntop?

Note that I'm not interested in LAN traffic, only traffic that goes to/from the Internet.

Sometimes when the power goes out and the UPS dies before it goes back on, some services on our servers don't come back up. Namely some VMware virtual machines.

I was thinking of setting up a monitoring service that will attempt to start the VMs each five minutes if they aren't running, but since the vmrun command from VMware requires a username and a password, how can I make this secure?

Does anyone know if you can setup a Skype-to-SIP gateway on your network?

I tried Uplink, which works wonders, but only on Windows and with Skype on the same machine... It would be awesome if you could put that program on any machine and then use it as a gateway for Skype, from another machine. With port forwarding maybe?

Basically I'm trying to use Skype in Linux as a softphone for our Asterisk PBX. Are there any other solutions? Without going into Asterisk maybe?

Does anyone know how to configure Gizmo5 for use on an Asterisk PBX? Specifically Trixbox if possible.

For the life of me I just can't get this to work...

We use an Asterisk based solution as our PBX, and although we've found hardphones work flawlessly, we have yet to find a reliable softphone.

The basic requirement is that it allows multiple calls and transfers.

I don't have a comprehensive list, but most of what we've tried adds delay to the voice (echo), garbles the sound, doesn't allow more than one call at a time, or just plain won't work.

On Windows we're fine (SJPhone), and although I'd prefer to use the same softphone for both OSes, I will settle for a good Linux-only one.

Any recommendations?

Well, pretty much what the subject says, is it possible to forbid users from using the "Switch User" feature when the screen is locked by an administrator?

I'm not sure if user switching is a GNOME or X feature.

I've been trying to make a Dell 5110cn printer to work from Linux, to no avail.

I've tried sharing the printer from both a Linux and a Windows machine, and in either case, Windows clients can always print fine.

When a Linux client sends a print job that's larger than a few hundred KBs, the printer chokes and prints pages with what appear to be PostScript errors, like:

ERROR: ioerror
OFFENDING COMMAND: image
STACK:
  lot's of characters

I've been struggling with this for weeks now, and nowhere have I found an answer or a pointer.