[00:15:00] there is some attempt at TLS configuration there, but it looks like things are not setup quite right [00:20:49] bd808, ok... [00:21:00] lemme see [00:32:26] bd808, allellujah, that was it. Thank you! [00:33:11] :) nice. I suppose I should file a bug about the tls setup being broken. It looks like it may just be a matter of fixing the path to the certificate [20:36:54] happy new year. I am trying set up http://vmext-demo.wmflabs.org/ as web proxy for http://172.16.6.140:8081 Therefore I added a new security rule that opens port 8081. However, currently it does not seem to have any effect. Is there something I need to do in order to reload the security group config [21:44:52] physikerwelt: hmmm... they should be immediate. [21:45:00] it looks like maybe you figured it out? [22:35:11] !help Hi, why I get message at MobaXterm when I want to open /mnt/nfs/labstore-secondary-tools-project/zoranzoki21wiki/.ssh directory via option for SFTP. I get error related to denied permission [22:35:11] Zoranzoki21: If you don't get a response in 15-30 minutes, please create a phabricator task -- https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?projects=wmcs-team [22:36:30] See https://snag.gy/NHgThQ.jpg [22:37:34] I can work at my user directory without problems [22:37:40] Zoranzoki21: that directory is owned by tools.zoranzoki21wiki and not readable or writable by any other user or group [22:37:52] I am logged as tool [22:38:00] (zoranzoki21wiki) [22:38:07] Zoranzoki21: I think it's because you're logged in as your personal user and trying to modify a directory owned by your tool's user [22:38:35] This happening and when I am logged in as zoranzoki21 and when I am logged in as tool (via become zoranzoki21wiki) [22:38:40] Zoranzoki21: you are using a "become zoranzoki21wiki" somehow as part of the sftp? [22:38:43] No [22:38:50] Even if you ran 'become tool'.. moba is probably opening a new connection with your personal id [22:39:06] bd808: When I am already logged in [22:39:31] And as user and as tool [22:39:56] I can open everything [22:40:00] But, I can`t open .ssh [22:41:00] this works for me: sudo become zoranzoki21wiki; cd .ssh; ls [22:41:12] * bd808 has magic sudo powers [22:41:38] abusing sudo power! :P [22:41:44] but sftp would normally be done as a maintainer, not a tool so I would expect that to fail [22:42:27] bd808: I talk about GUI [22:42:30] rxy: actually less "abusive" than logging in as root which has a weaker audit trail [22:42:40] rxy: No worry [22:42:53] bd808: When I use GUI option at my MobaXterm ssh client [22:42:55] Zoranzoki21: right, and I'm saying that will fail because of the directory permissions [22:44:04] bd808: I can open everything, but I can`t open .ssh directory via GUI.. But, I found this https://snag.gy/B9Mc8y.jpg [22:44:53] .ssh dir is drwx--S--- [22:45:08] Zoranzoki21: file permissions. See https://wikitech.wikimedia.org/wiki/Help:Access_to_Toolforge_instances_with_PuTTY_and_WinSCP#Troubleshooting_permissions_errors for a small explanation [22:45:38] it means you should access with owner account "tools.zoranzoki21wiki" not your personal zoranzoki21 [22:45:42] also... I'm not sure why a tool would have a $HOME/.ssh diretory at all [22:46:09] bd808: When I clone repository from gerrit [22:47:21] you should be cloning from gerrit as the anonymous http user generally. Having ssh keys inside toolforge that are hooked to your Wikimedia developer account is a pretty bad idea from a security point of view [22:48:19] with one file permissions mistake you would be exposing that ssh key all 1500 people who also have Toolforge access [22:48:48] and even without that you are exposing it to the ~15 people who have root in Toolforge [22:48:55] bd808: Ok, I will do it and try to remove .ssh [22:49:14] bd808: I no worry for these 15 people because I believe to these ~15 people will not abuse me [22:49:42] we hope that we trust the right people, but that's just a hope [22:49:50] Do not trust anythins. including yourself! [22:49:58] bd808: Ok, can you delete .ssh directory because I can`t [22:50:59] !log tools.zoranzoki21wiki Deleted ~/.ssh at request of Zoranzoki21 in #wikimedia-cloud irc channel [22:51:00] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zoranzoki21wiki/SAL [22:51:14] bd808: Tnx [22:52:31] bd808: Can you delete it from my tool zoranzoki21bot too (optionally you can delete tool as per T212048) [22:52:32] T212048: Delete tool zoranzoki21bot - https://phabricator.wikimedia.org/T212048 [22:53:51] Too please reflect change requested at T212333 [22:53:52] T212333: Drop several views from ptwikipedia - https://phabricator.wikimedia.org/T212333 [22:53:58] !log tools.zoranzoki21bot Deleted ~/.ssh at request of Zoranzoki21 in #wikimedia-cloud irc channel [22:53:58] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zoranzoki21bot/SAL [22:54:46] Zoranzoki21: I'm not really 'working' today, so I don't want to mess with that wiki replica views. If something went wrong I might not have folks around to help fix them [22:55:02] but I will try to get the views fixed tomorrow [22:55:13] !log tools.zoranzoki21bot Deleted public_html directory [22:55:13] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zoranzoki21bot/SAL [22:55:34] bd808: Ok, tnx [22:57:31] !log tools.zoranzoki21wiki Executed webservice stop by Zoranzoki21 [22:57:32] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.zoranzoki21wiki/SAL [23:05:56] !help How I can see all databases made by me or my tool(s)? [23:05:56] Zoranzoki21: If you don't get a response in 15-30 minutes, please create a phabricator task -- https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?projects=wmcs-team [23:06:17] Zoranzoki21: https://tools.wmflabs.org/tool-db-usage/ [23:07:50] bd808: Tnx