[01:40:32] Hi. [01:40:57] After creating a new tool, and doing `become TOOL`, I cloned the source code. [01:41:21] Which files do I need to `take` now? [01:52:44] Do I need to `become TOOL` before xor after I have cloned the code? [01:53:05] doing it before [01:53:15] means that the code will be owned by the tool account [01:53:26] which is generally what you would want [01:53:48] Okay. [01:53:49] unless you were trying to separate tool privileges to files for increased security [01:54:04] in which case you probably knew exactly what your were doing [01:54:32] No, I didn't want to do the latter. [01:55:00] Since this is a NodeJS too, I would have to clone it in `$HOME/www/js`, right? [01:55:58] not sure about that [01:56:06] maybe? :) [01:57:34] Okay. I was looking at this -- https://wikitech.wikimedia.org/wiki/Help:Toolforge/Web#node.js_web_services [01:57:51] Any idea is someone has a NodeJS tool? [02:25:43] *if someone has [02:39:31] Hi :) I'm seeing various mentions of login.toolforge.org but I'm not able to connect to that using the config from https://wikitech.wikimedia.org/wiki/Help:Accessing_Cloud_VPS_instances#ProxyJump_(recommended) [02:39:46] what is the recommended ssh config for this new bastion? [02:40:02] can/should it proxy through bastion.wmflabs.org? [03:08:05] Krinkle: login.toolforge.org is a DNS name pointing to the external IP of the bastion, so it doesn't go through ProxyJump [03:08:59] 'the bastion' referring to toolforge's tools-sgebastion-07 [03:11:13] though, I just checked and within toolforge the DNS name points to the internal IP, so ProxyJump should work in theory. what's the issue you are hitting? [03:12:31] (yeah confirming ProxyJump through bastion.wmflabs.org works via `ssh -vvv -J bastion.wmflabs.org login.toolforge.org`) [03:13:10] so it can be ProxyJump'ed but it's needless) [03:21:48] acagastya: I got a nodejs tool [03:24:39] zhuyifei1999_: can you help me set up mine? [03:28:53] what is the issue you are getting? [03:29:32] I am not sure how to proceed. [03:30:05] are you following some instructions? are you getting error messages? what is the status? [03:33:23] though, I haven't written nodejs in quite a while. I'm a C & Python main [03:33:39] zhuyifei1999_ what I have created is just a react app -- really does not need backend -- but if I understand correctly, the task on toolforge must be an http server. [03:33:48] Did I get that part correct? [03:34:17] by 'really does not need backend' do you mean that it's static? [03:34:28] what do you mean by 'the task on toolforge'? [03:35:47] you mean what is running on toolforge? if you are running a nodejs tool then pretty much your code is the http server [03:36:01] I have never used react so don't know how it works [03:36:59] however, if the webservice only serves static pre-generated html pages then you don't need to have a nodejs http server [03:37:40] Are you aware of the `serve` module? [03:37:56] no [03:38:13] I used `express` [03:38:25] Here is the blunder that is happening. [03:38:42] serve is a module which creates server on the specified directory. [03:38:48] ok [03:38:57] If I `serve build`, it works fine. [03:39:31] `build` is the directory containing build files. [03:39:41] But if I sendFile the `build/index.js`, it does not show anything. [03:39:52] ok so looking at https://www.npmjs.com/package/serve it serves only static files? [03:41:10] Yes. [03:41:33] zhuyifei1999_: Do you mind if I PM? [03:42:05] is there anything private that you need PM? I prefer not PM [03:43:33] (It was re v2c tool, not essential to this discussion anyways) [03:43:43] ok [03:44:04] (I mean ok PM) [03:44:07] So, I can use `serve -l PORT -s DIR` to serve these static files. [03:44:35] Which port do I need to specify for toolforge tools? [03:44:51] are you running serve on kubernetes? [03:45:39] as in https://wikitech.wikimedia.org/wiki/Help:Toolforge/Web#node.js_web_services, it says to read an env var of 'PORT' [03:46:11] I am using kubernetes because it has newer version of Node. [03:48:09] ok, so read the port from the environment variable, with a package.json such that `npm start` runs serve [03:49:28] https://docs.npmjs.com/cli/start.html [03:52:07] I am wondering if I should just set start to `build-command && serve -l 80 -s build-dir`? [03:52:30] That is hard coding the port in package.json. Is that a good idea? [03:52:31] it's not port 80 [03:53:28] kubernetes has mostly a fixed port. I think it's 8080 or something, don't remember. however, I can move at ant time without notice [03:53:42] so why not just `-l $PORT`? [03:54:12] *it can [03:54:15] *any [03:54:41] So, it runs on 8080 -- hmm, in that case the tool would be accessible via `toolforge.wmflabs.org/MY-TOOL:8080`, right? [03:55:07] no [03:55:19] tools.wmflabs.org/MY-TOOL [03:55:22] no port [03:55:28] or tool.toolforge.org [03:55:33] Despite port being set to 8080? [03:55:45] In that case, phew, less to worry. [03:55:46] yes [03:56:51] Let me try. [03:57:06] Is this the best time to find you on IRC, zhuyifei1999_? [03:57:42] (brb) [03:59:17] Wit. [03:59:20] *Wait. [03:59:53] `serve foo` works because I did `npm i serve -g`. [04:00:18] Can I do global npm install for my tool? [04:01:50] back [04:03:29] so the reason other ports works is because toolforge has insane internal routing mechanisms. you can read about it in https://wikitech.wikimedia.org/wiki/Portal:Toolforge/Admin/Kubernetes/Networking_and_ingress [04:03:54] but tl;dr is that the port that is given to you is used for internal routing [04:04:06] it has nothing to do with what the outside sees [04:04:31] it's just if you listen on the wrong port, the routing won't reach you [04:05:14] zhuyifei1999_: It should be okay to run `npm i -g serve`? [04:05:26] 23:00:19 Can I do global npm install for my tool? <= if I understand correctly, global npm install is installing for all users right? [04:05:41] doesn't that require sudo? [04:06:00] if so then no that won't work [04:06:07] why do you need global? [04:06:25] I use nvm on my local machine, so I didn't need to do a sudo. [04:06:44] oh, well, toolforge isn't using nvm [04:07:36] you probably can use nvm if you really want to, but that might be unexplored territory :P [04:07:44] https://wikitech.wikimedia.org/wiki/Help:Node.js [04:07:52] It says we /can/ use. [04:08:34] ok then [04:08:49] By any chance, can we have yarn? [04:08:59] (Just asking.) [04:09:09] idk, file a ticket? [04:09:30] Okay. [04:09:35] I'm not a JS main so I've never even used yarn before [04:10:08] the projects I used nodejs for are only using it for websockets [04:10:20] LOL. [04:10:52] writing async code in python is much less fun than in JS [04:17:42] [telegram] Fun and undocumented fact: the ruby25 Kubernetes container has yarn installed. We should document that! And probably add yarn to the node10 container [04:19:47] wait but what does yarn has anything to do with ruby? [04:20:45] [telegram] It’s a common tool for rails apps [04:21:10] We are definitely talking about two different yarn then. [04:21:23] I meant yarnpkg.com's yarn [04:21:53] [telegram] Me too acagastya [04:22:10] ok [04:22:20] Why does rails require yarn? [04:23:38] [telegram] T141388 — more details there [04:23:38] T141388: Add a easy way to run a ruby webservice on tools - https://phabricator.wikimedia.org/T141388 [04:25:08] Kewl. [04:25:55] Finally, zhuyifei1999_, the thing works locally. [04:26:07] Now I will deploy it. [04:26:19] k [05:01:05] zhuyifei1999_: still there? [05:01:15] yes [05:02:23] So I logged in to ssh, did `become TOOL`, cloned the code, did `webservice --backend=kubernetes node10 shell`, went to code dir and `npm install`ed. [05:02:57] ok [05:03:08] which tool is it? [05:03:08] But I can't `npm run start` because $PORT does not seem to be defined. [05:03:24] time-convertor [05:03:25] yes, you have to `webservice --backend=kubernetes node10 start` [05:03:57] Okay. Then? [05:04:15] the webservice should start [05:04:34] the package.json is in ~/www/js right [05:04:35] ? [05:05:03] Yes. [05:05:22] I think it might just work. [05:06:07] there are a lot of dark magic between running `webservice [...] start` and something invokes `npm start` :) [05:06:54] I don't see your pod [05:07:02] Every time I log in to this ssh, I feel dumb. [05:07:08] what is the output of `webservice --backend=kubernetes node10 start`? [05:07:21] Yeah, I stopped the service: building the project before starting it. [05:07:50] oh it's fine I don't understand most of what is going on anyways. every time I debug something I find something new [05:08:22] Epic flop. [05:08:23] I just have a general idea of what is going on, mostly [05:08:56] but not the specifics, too much to keep up and keeps changing all the time [05:16:39] Do I need to do anything after `https://tools.wmflabs.org/time-convertor/`? [05:17:00] Not only I am getting cors errors, this does not seem to be working. [05:17:30] that's csp issue [05:17:47] use https://cdnjs.toolforge.org/ [05:18:08] Didn't know this existed. [05:18:35] also, you are loading https://tools.wmflabs.org/static/js/2.9f9264b7.chunk.js [05:18:49] where's "time-convertor/" [05:20:11] oh you know what? don't bother with prefixing. won't be worth your time [05:20:12] https://time-convertor.toolforge.org/ [05:20:35] though, plase use our local cdnjs [05:20:44] we will enforce CSP eventually [05:21:41] Good. Something works. [05:22:37] Finally I can convert the time across different time zones for better collab editing and meeting planning. [05:22:56] yeah, can you add arbitrary timezones? [05:23:16] Ah, no -- only the ones defined in the list. [05:23:23] * zhuyifei1999_ usually converts between CDT and PDT [05:23:39] You can do that, yes. [05:23:51] https://time-convertor.toolforge.org/from-to [05:24:08] Here, enter the time zones in from to -- does not matter in which order. [05:24:20] ah ok [05:24:38] Thank you so much for helping me out. [05:24:43] np [05:24:50] and thanks for the tool [05:25:13] I made a blunder on Sunday. [05:25:52] I was supposed to interview an archæologist from California. [05:26:58] I thought I had scheduled the interview for 5:30 AM, local time -- CA has almost 12 hour difference right now. And I set for 6 PM, their time. [05:27:22] That was one hour off from the scheduled time -- fortunately, noone will make that blunder now. [05:29:58] We didn't have any JavaScript-based GSoC projects this time, @zhuyifei1999_? [05:31:11] * acagastya heads to figure out how to use the CDN. [05:31:37] idk, I didn't look at the GSoC projects in detail [05:35:44] Ah, I can't search on the CDN. [05:41:58] ctrl-f? [05:43:31] Too many bootstrap results. [05:48:22] it's 'twitter-bootstrap' [05:51:44] Okay. [05:56:58] I don't need to mention crossorigin when using this CDN, right? [06:12:03] it shouldn't have CORS issues [06:12:21] sorry I'm looking at other stuffs right now, not really watching IRC [06:13:01] I am also afk. :p [09:59:15] pavithraes: welcome to Toolforge! [10:18:22] !log toolsbeta `aborrero@toolsbeta-puppetdb-02:~$ sudo systemctl restart puppetdb` [10:18:23] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Toolsbeta/SAL [12:20:44] !log toolsbeta trying to install tesseract 4.1.0 in toolsbeta-sgebastion-04 (T247422) [12:20:51] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Toolsbeta/SAL [12:20:51] T247422: Update Tesseract on Toolforge to v4.1.0 - https://phabricator.wikimedia.org/T247422 [12:36:55] zhuyifei1999_: the problem is that with the recommended config it is not possible to connect to login toolforge. The config either needs to whitelist it as a bastion or as a proxied hostname. I wasn't sure whether it's official yet or which way it is intended to be used [12:37:15] https://wikitech.wikimedia.org/wiki/Help:Accessing_Cloud_VPS_instances#ProxyJump_(recommended) [12:38:07] I think 'Cloud VPS instances' mre of refers to the general non-toolforge cloud VPS [12:38:21] *more [12:39:02] or toolforge infrastructure instances, but most toolforge users don't ssh into them anyways [12:40:19] one of the goals, afaik, is to make toolforge easier to use for newcomers and proxyjump definitely adds the complexity, so we would keep toolforge's bastion proxyjump-less for as long as possible / necessary [12:40:23] There is only one ssh config page. Toolforge is part of cloud. The previous tools login was *wmflabs [12:40:48] the previous login was login.tools.wmflabs.org [12:40:54] Is there another ssh config page for toolforge? [12:41:18] it still won't match 'Host *.wmflabs *.wikimedia.cloud' [12:41:54] it's tools-login.wmflabs.org [12:42:04] That's the publicly advertised one [12:42:33] that's the previous to previous :) [12:42:45] Until recently when it was changed to login toolforge, which means people's config no longer works [12:42:49] though, the argument still stands [12:42:53] why not? [12:43:09] 'tools-login.wmflabs.org' won't match 'Host *.wmflabs *.wikimedia.cloud' [12:43:31] One like up look again [12:43:35] line higher [12:43:43] 07:40:55 Is there another ssh config page for toolforge? <= good question, why is the access link all about putty and winscp :/ [12:43:59] *.wmflabs.org [12:44:05] That's the current config [12:44:12] that only sets username. no proxyjump [12:44:24] It doesn't need proxy [12:45:30] correct. so login.toolforge.org is the same category [12:45:35] tools-login still works. It wasn't old. login.tools is full/internal name. Not the documented/recommended one. Now that we recommend login.toolforge this needs updating :) [12:47:06] Krinkle: https://wikitech.wikimedia.org/w/index.php?title=Portal:Toolforge/About_Toolforge&diff=1862044&oldid=1858890 [12:48:13] *wmflabs.org matches login.tools.wmflabs.org as well I guess. It's not using one level wildcards [12:49:08] Anyone the simple version is: all existing users that follow new docs cannot login anymore. New uses that follow docs also cannot login. This is a problem :) [12:49:41] I don't know the intended security settings so I'll wait the decision there [12:49:41] though, feel free to update that page on the ssh config. I personally think having the general-cloud-vps docs talk abut toolforge special cases is more confusing [12:50:34] IMO how the access link in https://wikitech.wikimedia.org/wiki/Help:Getting_Started#Get_started_with_Toolforge talks only about putty and winscp is a bad idea [12:50:54] I don't think people read what they copy paste. Having more doc pages for the same purpose generally does more harm than good. It's just one line :) [12:51:13] I still don't understand why you say 'cannot login'? a lot of docs says ssh username@host anyways [12:51:32] ok you have a point [12:55:28] Hmm it's not just the username. Mine is identical already. [12:56:06] I have extended this section to also control and limit exposure of identity keys. It's in the same first section as bastion [12:56:07] same, so idk... why can't you ssh? [12:57:41] you don't need to set username, you don't need to set proxyjump, so, direct ssh... so where's "all existing users that follow new docs cannot login anymore" coming from? [12:59:13] My assumption is that until recently. All configurations documented link in some way to *.wmflabs.org which this no longer matches. [12:59:44] What I did not see is that my setup is more secure than the default. It is based on WMF production. [12:59:49] ok [13:01:09] If you have identifyFile config in the *.wmflabs.org bastion line and configure ssh to require explicit identify file to be selected then it no longer works unless the new hostname is added. [13:01:44] So I imagine other staff is maybe affected. And also any volunteers who have a different username or who have also used more secure SSH. [13:01:46] ah yeah that [13:03:20] I use explicit identify file because of having too many keys and avoid sending them (which sshd would think I'm bruteforcing the key) [13:04:03] though, I do think when people look up on a new config whey would merge rather than replace :) [13:05:06] and nowhere in https://wikitech.wikimedia.org/wiki/Help:Accessing_Cloud_VPS_instances#ProxyJump_(recommended) has the IdentityFile clause [13:05:21] so it's pretty much only a matter of username [13:42:19] Cleaning up stuff from 4y ago, could someone with CLI access tell if https://phabricator.wikimedia.org/T136201 is still an issue? If yes, the task should be open. If not, the task should be declined. TIA! [14:01:33] * Reedy looks [14:03:11] andre__: It looks like it's definitely not small [14:03:14] taking a while [14:03:19] * Reedy waits for the actual number [14:03:40] Reedy: Nah just wanted to know if still valid because in that case I'll reopen. Thanks! [14:03:53] Too many "stalled" tickets that should not be stalled [14:08:18] andre__: lol. They're using exactly the same amount of space [14:08:28] :D [14:38:08] Krinkle: I can go look at the docs on wikitech, but in general the Toolforge bastions have never needed ProxyJump. They have always had public IPs exactly so that Toolforge users would not have to learn about and deal with jumping through other bastions. [14:39:30] It is possible to jump from the general Cloud VPS bastions to the Toolforge bastions, but doing so provides no additional security and would also likely slow things down slightly (extra hop in the routes) [15:06:48] I'm so used to setting up identify files and such, I don't really think of ssh as something you can "just" run directly. But I guess for a lot of people that does just work. So long as they @ their shell make and/or have that set up locally in a way that matches. [15:07:08] shell name * [15:08:08] Yeah, I wouldn't use the proxy jump. It's just general ssh config to add toolforge to list of host to connect to directly with username and any other cloud related preferences for bastions [15:10:25] !log wm-bot did @system-rejoin-all and @restart from #MacFan4000, as the bot wasn't responding in #wm-bot [15:10:26] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Wm-bot/SAL [15:11:19] Krinkle: The assumption from long ago, and I think it holds today, is that the majority of Toolforge maintainers have never used ssh for anything other than Toolforge. ssh power users are not our core market :) [15:12:49] Yeah that's fair [15:13:31] I know that of course. I didn't realize that my "identities only" flag was making it refuse to connect [15:27:24] Krinkle: I made some edits -- https://wikitech.wikimedia.org/w/index.php?title=Help%3AAccessing_Cloud_VPS_instances&type=revision&diff=1866719&oldid=1862750 -- hopefully less confusing for users like you without being more confusing for the average user [15:31:45] bd808: Thanks :) Also kudos for keeping tools-login, I imagine that'll help with a longer tail of scripts and other misc docs (for now). [15:32:09] yeah, retiring bad old hostnames is hard :) [15:32:27] I think I have most of them setup as CNAME records now [15:33:02] at one point we had something like 5 A records all pointing to the same floating IP that could change anytime we rebuild the bastions :/ [17:00:24] !log tools deleting/restarting the paws db-proxy pod because it cannot connect to the replicas...and I'm hoping that's due to depooling and such [17:00:26] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL [17:03:55] That fixed it [17:17:32] uff, that db-proxy was deprecated when I first set it up... [17:17:54] * yuvipanda waves to bstorm_ [17:18:01] am grateful y'all are keeping PAWS up and maintained! [17:18:16] * bstorm_ waves [17:18:30] Yeah, currently poking around looking for replacements :) [17:18:47] Hoping to get paws up and running on a shinier new cluster soon [17:19:02] actually wanted to sync with you bstorm_ on this [17:19:12] Definitely! [17:19:20] yay! :) [17:19:54] arturo: want to talk online tomorrow (since I figure you are logging out soon) or maybe in a meeting? [17:20:30] yeah, tomorrow we have the team meeting. Whatever works for you [17:20:53] basically I wanted to double check next steps [17:21:26] yuvipanda: if you had only stuck around for 3 more years you would be finally working on PAWS for a bit too :) :( [17:21:28] I was thinking about that this morning as well. Will talk then! [17:22:20] bstorm_: also, feel free to send me an email anytime (or use phab) in case you can think on something interesting for me to look tomorrow in my morning [17:22:43] Sure! I can actually scribble some notes and context down today for that in general. [17:23:13] I guess basically we need to start thinking on upgrading k8s next, right? [17:23:23] * chicocvenancio waves to cloud people working on paws [17:23:49] * arturo waves back to chicocvenancio [17:24:27] chicocvenancio: we want to keep you in the loop. Either brooke or me will send you an email at some point to summarize our plans in case you are not following phab [17:24:45] bd808: :D I'm glad everyone pitched in and made sure it was up! [17:25:39] I'm following phab a bit. But I'll be glad to help. [17:28:38] ACK [17:29:38] T253134 <-- considering it an aside to the current upgrade work [17:29:39] T253134: Find an alternative solution for the mysql-proxy in PAWS - https://phabricator.wikimedia.org/T253134 [21:12:53] !log admin Migrating wcdo.wcdo.eqiad.wmflabs to cloudvirt1023 (T251065) [21:12:56] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL [21:12:56] T251065: Reading Wikidatadump at NFS share instance from the wcdo Cloud VPS project is too slow - https://phabricator.wikimedia.org/T251065 [22:09:05] is there an recommended way to watch/monitor a grid job? or to use an exec node manually? [22:15:44] Betacommand: what exactly do you want to see? Log messages should be emitted relatively quickly (NFS lag and any buffering the command itself does for stdout/stderr being the only slowdown) [22:16:11] `qstat` should show you if the command is still running or not [22:17:34] it is technically possible to ssh from the Toolforge bastions to any grid exec node as the tool. That is not a good way to run something like an interactive command, but it can sometimes be useful to debug a job that is 'stuck' somehow [22:21:28] bd808: Id like to use a manual script, but it will use more resources than probably should be used on a login host. [22:24:19] Betacommand: is the command something that had to run on the job grid, or could it also be run on the Kubernetes cluster? `webservice --backend=kubernetes [type] shell` will get you an interactive prompt on a Kubernetes pod. [22:29:08] Ive not screwed around with Kubernetes recently, last time I tried it was a lot of fail [22:29:50] fair enough. it is a very different environment for folks who are used the grid having all the software packages installed. [22:30:42] Yeah had a couple issues about cgi and virtenv not playing nice too [22:32:28] Betacommand: doing this a lot will cause problems, but you can try going to https://sge-status.toolforge.org/, find an exec host that has plenty of free space, and then from a bastion as your tool do `ssh tools-sgeexec-09` [22:33:14] Thanks, This should be fairly rare maybe 4 times a year [22:33:16] the way this can cause problems is that the grid scheduler won't know that you are running things there and so it may over subscribe the host [22:33:37] so try to use this sparingly or you will anger the other users :) [22:35:05] cgi and a python venv are not good friends at all. Porting your cgi scripts to flask or some other Python uwsgi app is more likely to work [22:59:27] !log admin `apt-get install mariadb-client` on cloudcontrol1003 [22:59:30] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL [23:06:39] !log wcdo Migrated wcdo.wcdo.eqiad.wmflabs to cloudvirt1023 (T251065) [23:06:42] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Wcdo/SAL [23:06:43] T251065: Reading Wikidatadump at NFS share instance from the wcdo Cloud VPS project is too slow - https://phabricator.wikimedia.org/T251065 [23:27:22] Should I report it (and where) when someone unsuccessfully tried to "hack" one of my tools on toolforge? [23:32:01] bd808, ^ [23:32:55] Nudin: https://phabricator.wikimedia.org/maniphest/task/edit/form/75/ would be a reasonable way to submit a report [23:33:35] Nudin: please do add me (@bd808) as a subscriber [23:39:09] !log tools.indic-wsstats Migrate indic-wsstats to new toolforge URL (T253170) [23:39:11] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.indic-wsstats/SAL [23:39:11] T253170: Migrate indic-wsstats to new toolforge URL - https://phabricator.wikimedia.org/T253170 [23:41:37] it's not a security issue, just someone scanned the tools domain for well known sites [23:42:02] but I can create a ticket, so you can see it for yourself. [23:42:03] Nudin: oh. that's not really "scary" [23:42:59] a targeted attack on your tool would be worth reporting, but not just noticing that an attack bot did a drive-by problem for well known exploits [23:43:32] *drive-by probe [23:45:13] yeah, that's what I thought, therefore I asked here instead of creating a ticket right away ;) [23:45:24] the entire internet gets scanned with that many times a day [23:45:31] well, ipv4 internet [23:46:58] is it possible to make one file readable on toolforge? (I want to do sudo chmod 666, but can't). @ bd808 [23:47:01] *writeable [23:47:44] I havn't seen these kinds of scans in my other servers logs – but maybe they got blocked soon already by my provider [23:48:09] Jhs: can you explain what failed for you? `chmod 0666 $filename`? [23:48:17] yes [23:48:26] on a file that you are the owner of? [23:48:29] i need to sudo, but can't sudo obvs [23:48:29] yeah [23:48:46] what file? If you are owner you should be able to chmod [23:48:50] i have become the tool though – should i try un-becoming it? [23:49:17] Jhs: oh! have you tried `take $filename` to make the tool the owner of the file? [23:50:04] bd808, that worked! thanks [23:50:49] * bd808 now wonders where that is documented on wikitech [23:51:48] https://wikitech.wikimedia.org/wiki/Portal:Toolforge/Tool_Accounts#Take_ownership_of_files [23:52:39] thanks AntiComposite [23:53:12] that content that was moved out of the Help: namespace is hidden to my brain. :/ [23:53:26] I thought it would be in https://wikitech.wikimedia.org/wiki/Help:Access_to_Toolforge_instances_with_PuTTY_and_WinSCP#How_to_set_up_WinSCP_for_direct_access_to_your_Toolforge_account too but that uses chown [23:54:20] er, not even [23:56:48] bd808, it's probably documented somewhere obvious, but i just didn't even think to look for it :P