logs archiveIRC Archive / Oftc / #tor / 2010 / March / 31 / 1
arma
your vidalia isn't supposed to complain to you if some other relay has the wrong time. only if the directory authorities have the wrong time.
control_event_general_status(trusted ? LOG_WARN : LOG_NOTICE,
"CLOCK_SKEW SKEW=%ld SOURCE=DIRSERV:%s:%d",
delta, conn->_base.address, conn->_base.port);
looks like we send the controller status event, and hope vidalia doesn't freak the user out if it's just a 'notice' event
perhaps vidalia should be handling it differently
jiso
arma: you think there was one, or none? -> i think there was none, but I am not sure.
ilter_
karsten: Java6-jdk downlading has finished. Then i've just tried to run ./compile.sh under ernie/ directory but it doesn't work: "javac: directory not found: bin/"
karsten
ilter_: hrm, ok. mkdir bin
ilter_
karsten: Then should i put all java files in it?
arma
jiso: i think you're right
karsten
no, should work then.
java source files are in src/, compiled class files in bin/
ilter_
karsten: Yes now it compiled all java files to class.
karsten
ok
ilter_: did you prepare everything else? if yes, try ./run.sh
         

ilter_
karsten: Not yet. Now i'm preparing tables of database then config file or ernie.
karsten
ok
ilter_
karsten: I'm using "createuser ernie" command but it gives: "createuser: could not connect to database postgres: FATAL: Ident authentication failed for user "root"" even i logged as root. Any suggest?
karsten
ilter_: ah well, database security fun. i worked around that by editing pg_hba.conf to say that local users are trusted.
Ident authentication means that postgres requires db usernames and operating system user names to match.
alternatives are password-based authentication (md5, ..) or just "trust".
or do you have a user postgres? you could try running all postgres commands with -U postgres
and by -U i mean sudo -u postgres. i think.
ilter_
karsten: No i've just installed postgresSql 8.4 also.
karsten: Which statement did you change to say local users are trusted?
karsten
(Action) looks
"local all all md5" -> "local all all trust"
or "local all all ident" in your case
to ... trust
ilter_
karsten: Yes it was "local all all ident" then i made it "local all all trust", right?
karsten
yes
(and restart postgres, of course.)
atari
bug or feature: if Nickname is not set in torrc the hostname is set as "default"
(0.2.1.25)
ilter_
karsten: :) It looks there're 5 postgres process on system now. Do i need restart all?
karsten
ilter_: try /etc/init.d/postgres restart (or something like that, can't check right now)
ilter_
karsten: "/etc/init.d/postgresql-8.4 restart" did it.
karsten: Bad postgres. Now it gives another error: "createuser: could not connect to database postgres: FATAL: role "root" does not exist". Do you know how can i put a role?
BarkerJr
so, with 0.2.0 going away, does that mean there will be no one left to use my dirport?
karsten
ilter_: try "createuser -U postgres" to run the command with role/user postgres.
ilter_
karsten: :( This time it gave: "FATAL: Ident authentication failed for user "postgres""
karsten
(Action) tries
ilter_
karsten: You shouldn't assume ernie database user was created in document :)
karsten
yeah, my assumption was that everyone would know databases better than i, so that i can leave out those details. ;)
did you set a password for the postgres user while installing postgres? did it ask you for one?
ilter_
karsten: no.
(Action) should learn some for db also
weasel
sudo -u postgres psql?
sudo -u postgres createuser
...
(also, that implies the postgres user already exists in unix and in the DB. both of these are quite likely)
         

ilter_
weasel: I did it as root.
weasel
so?
do it as postgres.
ilter_
weasel: it gave fatal error.
weasel
as postgres?
ilter_
weasel: I used ""createuser -U postgres" command as root.
weasel: It gave also fatal error.
weasel
don't.
karsten
ilter_: that's the db user postgres, not the OS user postgres, i think.
ilter_: it might be that you'll have to change pg_hba.conf back to do what weasel suggests.
weasel
no, he probably doesn't.
karsten
should work? ok.
weasel
he just needs to run the stuff, whatever it is, as postgres.
(that's not -U postgres. that's sudo -u postgres. as I said.)
karsten
yup
ilter_
weasel: Ok i'm trying it.
weasel
Tue 23:23:09 <ilter_> karsten: Yes it was "local all all ident" then i made it "local all all trust", right?
Tue 23:23:15 <karsten> yes
Tue 23:23:34 <karsten> (and restart postgres, of course.)
probably a very bad idea
local all all ident is most likely what he wants. and it's the Right Thing too
(also, that's why it's default)
ilter_
weasel: "sudo -U postgres createuser" doesn't work. Could you say complete command to create a db user which called ernie?
karsten
agreed. trust was just a workaround to get it running when having no weasel around. :)
weasel
ilter_: sudo -u postgres createuser ernie
karsten: usually a unix user named Foo has access to the postgresql role Foo by default, through ident auth.
karsten: also, usually the postgres unix user owns the databasefiles, and the postgres database role is the superuser of a postgresql cluster
karsten: hence, sudo -u postgres create{user,db} etc is a good way to run stuff as the database superuser.
ilter_
weasel: Thanks so much. I've created it. Is there a command to see all db users on system?
weasel
select * from pg_users
;
karsten
(Action) tries all of this on a clean debian system tomorrow and puts it in the user's guide.
ilter_
weasel: it gives syntax error.
weasel: "select * from pg_users;" i mean.
weasel
define "it".
ilter_
weasel: define what? ernie db user which i created?
weasel
Wed 00:00:39 <ilter_> weasel: it gives syntax error.
ilter_
weasel: here: "bash: syntax error near unexpected token `from'"
weasel
that would be because it's not a shell command.
it's SQL.
run "psql"
type it there
(oh, and the table is probably called pg_user, not pg_users)
karsten
"psql" would be "sudo -u postgres psql", right?
weasel
he can run it as ernie,
if that's the unix username
karsten
weasel: i think i know what confused me. postgres on mac os x has a different pg_hba.conf than debian.
there's no unix username ernie in this case. i wonder if ilter_ should create a db user for his own unix username.
ilter_
weasel: No. ernie isn't unix username on my system. It seems "sudo -u postgres psql" ok.
weasel
that runs stuff as postgres.
karsten: so how are you going to connect to pg as ernie?
karsten
in my case using a password. in ilter_'s case that's difficult then.
weasel
a working approach would be to give the ernie pg user a password
then connt to pg not via the unix socket but via tcp to localhost,
i.e. psql -h localhost -U ernie ...
s/connt/connect/
ilter_
weasel: It shows 2 username on pg_user table. postgres and ernie ..
weasel
ilter_: good. also not unexpectedly
karsten
weasel: host-based connections are md5 by default, or what?
weasel
http://asteria.noreply.org/~weasel/volatile/2010-03-31-eZcBLmo4miM/fileomQiQK
karsten: default pg_hba
(on debian that is)
karsten
ok, makes sense.
ilter_: did you set a password when creating db user ernie?
ilter_
weasel: Yes thanks for your help. What about trust conf. on pg_hba.conf? Should i change it?
karsten: No it didn't ask me password.
weasel
ilter_: hm?
ilter_: you should not change pg_hba. you should leave it at the default settings.
if you didn't so when creating the ernie user you might want to give it a password
ilter_
weasel: Ok i got it. Finally i understand that postgres is a default database user :)
weasel
as postgresl, run ALTER ROLE ernie WITH PASSWORD 'fjbeqsvfu';
ilter_
weasel: Is it for giving a password to ernie user? If yes could you give complete command?
karsten
ilter_: "sudo -u postgres psql", "ALTER ROLE ernie WITH PASSWORD 'fjbeqsvfu';", "\q"
and then try "createdb -h localhost -U ernie tordir" and "psql -h localhost -U ernie tordir"
ilter_
karsten: Ok i did it. It didn't give any error. How can i try the password?
karsten
the two commands i just pasted should ask for the password.
weasel
(that assumes we gave ernie either superuser privileges or privs to create databases. did we?)
karsten
ah, didn't we give ernie privs to create databases? shouldn't we?
ilter_
weasel: Yes i gave superuser privileges for ernie database user.
karsten: These two commands don't ask for the pass.
karsten
i'm trying to make these instructions as simple as possible without fine-grained privs. nothing confidential in the data, no big harm if someone gets into the database.
weasel
karsten: if ernie is the user that will write to the database as a service or similar it probably shouldn't be superuser or be allowed to create anything
karsten: you can just create the database as postgres and have it owned by ernie
karsten
sounds good. how?
weasel
createdb has an owner parameter
karsten
ah
yeah, i'm using that in the manual...
:)
weasel
it also has an encoding switch (possibly starting with 8.4 only)
you might want to set that to SQLASCII
karsten
hmm, what for?
weasel
(which is code for 'I don't care what you give me, I'll just return it as I got it')
else it might use whatever your currently locale is when you either create the cluster or the database
which results in psql actually enforcing the validity of input
ilter_
weasel: I'm not sure that i could put a password for ernie. How can i try this pass?
weasel
say if your database is set to UTF-8 you *cannot* insert non-valid utf-8
karsten
weasel: ok. makes sense.
weasel
ilter_: I am not sure I understand the question.
ilter_
weasel: I mean that i tried to put password for ernie database user by "ALTER ROLE ernie WITH PASSWORD 'xxx'". Then how can i try it?
weasel
Wed 00:21:51 <karsten> and then try "createdb -h localhost -U ernie tordir" and "psql -h localhost -U ernie tordir"
both these command should require your password.
ilter_
weasel: Ok i'm trying it.
karsten: In your document it says "createdb -U ernie -O ernie tordir". Do you change it by "createdb -h localhost -U ernie tordir" ?
karsten
ilter_: not quite. right now i have "createdb -h localhost -U postgres -O ernie tordir". trying the encoding stuff right now..
ilter_
karsten: Ok i'm doing it.
karsten
wait
try "createdb -h localhost -U postgres -O ernie -T template0 -E SQLASCII tordir"
weasel
that won't work
karsten
bah
worked here for some reason.
ilter_
karsten: :) I tried it but it asks postgres pass. And i don't have any pass for postgres user ... ?
weasel
either he uses his super ernie powers to create the database, in which case it's createdb -h localhost -U ernie ...,
karsten
uhm, yeah.....
weasel
or he does it as pg, in which case he should do sudo -u postgres createdb -O ernie...
also, is there a particular reason you insist on going off template0?
karsten
createdb: database creation failed: ERROR: new encoding (SQL_ASCII) is incompatible with the encoding of the template database (UTF8)
HINT: Use the same encoding as in the template database, or use template0 as template.
weasel
good point
ilter_
weasel: Is there a default pass for postgres user? Because i didn't give any pass for it before.
karsten
ilter_: you don't have to. use ident auth.
weasel
no. it doesn't have a password.
karsten
because you have a postgres unix user.
bnr
can your history compromise your anonymity? i.e. can anyone read it?
weasel
you can't authenticate as pg using a password
karsten
(Action) another try: "sudo -u postgres createdb -O ernie -T template0 -E SQLASCII tordir"
arma
bnr: yes. https://www.torproject.org/torbutton/design/#id2505464 and https://www.torproject.org/torbutton/design/#id2505548
bnr: "use torbutton and be sure the history stuff is using the default choices"
bnr
thanks arma!
karsten
ilter_: did you try that last command?
ilter_
weasel: Ok i'm doing it "local all all ident". karsten: is it ok for document?
karsten: Yes but as i told it asked a pass for postgres user.
karsten
ilter_: yes, change it back.
it shouldn't. it should run as postgres unix user without password.
sudo asks for a password.
ilter_
karsten: here: "createdb: could not connect to database postgres: FATAL: password authentication failed for user "postgres". FATAL: password authentication failed for user "postgres""
weasel
what was the command you ran?
(I'm tempted to think you didn't read what I wrote)
ilter_
weasel: " createdb -h localhost -U postgres -O ernie tordir"
weasel
I rest my case.
ilter_
(Action) changes pg_hba.conf to default.
weasel
anyway, I'm going to read some heinlein, good luck.
karsten: if you're done with your docs and want a second pair of eyes to look over things let me know?
karsten
weasel: thanks!
weasel: absolutely. will let you know.
weasel
karsten: (It might make sense to split the create user/database depending on how a pg instance is set up. i.e. if your pg_hba looks like that ("you are on osx") use this, else if it looks like ... )
karsten
ilter_: after changing pg_hba.conf to default, try running "sudo -u postgres createdb -O ernie -T template0 -E SQLASCII tordir"
weasel
karsten: (changing pg_hba requires restarting pg, or at least reloading)
ilter_
weasel: I've read all of your message. Therefore i'm changing pg_hba.conf to default. Thank you so much for your helps.
« prev 1 2 3 4 5 next »