From mtearle at ucc.gu.uwa.edu.au Tue Apr 12 18:36:23 2011 From: mtearle at ucc.gu.uwa.edu.au (Mark Tearle) Date: Tue, 12 Apr 2011 18:36:23 +0800 (WST) Subject: [tech] [ucc] New Door/Dispense Server In-Reply-To: References: Message-ID: Dear Dr Zanchey [1], Found a feature in the new merlo arrangement for users dispensing from the snack machine. Currently it requires the users shell to exist on merlo. As I'm counter-revolutionary tcsh user mine did not until moments ago. This is probably worth fixing so we don't depend on users shells and also so users can't do anything nasty. Mark [1] Bob suggested this! :) On Mon, 11 Apr 2011, Bob Adamson wrote: > Hi everyone, > > I'm sending this to pretty much everyone, since I'm not 100% sure the coke > and door lists are working at the moment. > > We have a new server, its name is merlo. It's a small, low power box that > was built for the express purpose of replacing mermaid, and having one > machine that could run all of snack, coke and door. It has eight (yes, > eight!) serial ports for this purpose. Currently wheel logins only, but > this should change once some strict ulimits are put in place. > > Last weekend, [TPG] and myself moved dispense2 (aka vendserver) and > opendispense2 (aka dispense, confused yet?) onto merlo. Everything appears > to work, and cokelogs have been restored to their usual place in > /home/other/coke/cokelog on most ucc user servers. Snacklogs are also > available in that directory, but aren't all that interesting really. > > The details for merlo are available at > http://lists.ucc.gu.uwa.edu.au/pipermail/tech/2011-March/004002.html > > During the build we found that the VIA board clashes with the 60G OCZ > Vertex 2 we bought for the job (a SMART problem). Unfortunately, the low > power bling of the ssd had to be replaced with an old fashioned hdd. Total > power usage now ~16W. > > Stuff that still needs doing: > -db daily backup scripts > -fix ucc.asn.au/dispense > -fix door/coke mail list > -rewire snack/mifare harness > -fix vendserver to look at the new config file > -finger coke at ucc.gu.uwa.edu.au > -we still need 3 more small (1mm?) pitch jumpers to set the correct serial > voltage on the remaining ports. Has anyone got a couple spare? These are > smaller than the standard ones you find on mobo's, usually found on scsi > disks. > -man file for opendispense client > -update the ucc wiki/website > -plug serial terminals in the corridor into merlo > -anything else? > -volunteers? > > Bob Adamson > UCC President > > |"Bureaucracy is a challenge to the be conquered with a righteous | > |attitude, an intolerance for stupidity, and a bulldozer when necessary" | > | ---Peter's Laws | > -- Mark Tearle - mtearle at ucc.gu.uwa.edu.au Fish! From zanchey at ucc.gu.uwa.edu.au Tue Apr 12 20:03:49 2011 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Tue, 12 Apr 2011 20:03:49 +0800 (WST) Subject: [tech] [ucc] New Door/Dispense Server In-Reply-To: References: Message-ID: On Tue, 12 Apr 2011, Mark Tearle wrote: > Found a feature in the new merlo arrangement for users dispensing from the > snack machine. Currently it requires the users shell to exist on merlo. As > I'm counter-revolutionary tcsh > user mine did not until moments ago. > > This is probably worth fixing so we don't depend on users shells and also so > users can't do anything nasty. > > Mark Mr Tearle, $ cvs annotate VendServer.py | grep su Annotations for VendServer.py *************** 1.77 (mtearle 09-Apr-05): # should use sudo here 1.77 (mtearle 09-Apr-05): ret = os.system('su - "%s" -c "dispense door"'%vstatus.username) 1.77 (mtearle 09-Apr-05): if ((os.system('su - "%s" -c "dispense %s"'%(vstatus.username, vstatus.cur_selection[0])) >> 8) != 0): I'm not hugely convinced that users can do anything nasty with this but I agree that it should probably be replaced. In the short term, perhaps it could just be replaced with ret = subprocess.call(('dispense', '-u', vstatus.username, 'door')) and something similar for the second call. although that would change the logs from odispense2: dispense 'Open Door' (door:0) for zanchey by zanchey to odispense2: dispense 'Open Door' (door:0) for zanchey by root In the long term I wonder if it is worth skipping the client binary altogether and just talking over the network to the dispense server; I was thinking about writing a Python library to do just that anyway as I abhor C. (This message should not be taken as an acceptance of the maintainership of the snack machine server code.) David Adam UCC Wheel Member zanchey@ From bob at ucc.gu.uwa.edu.au Tue Apr 12 22:25:44 2011 From: bob at ucc.gu.uwa.edu.au (Bob Adamson) Date: Tue, 12 Apr 2011 22:25:44 +0800 (WST) Subject: [tech] [ucc] New Door/Dispense Server In-Reply-To: References: Message-ID: On Tue, 12 Apr 2011, David Adam wrote: > On Tue, 12 Apr 2011, Mark Tearle wrote: > > Found a feature in the new merlo arrangement for users dispensing from the > > snack machine. Currently it requires the users shell to exist on merlo. As > > I'm counter-revolutionary tcsh > > user mine did not until moments ago. > > > > This is probably worth fixing so we don't depend on users shells and also so > > users can't do anything nasty. > > > > Mark > > Mr Tearle, > > $ cvs annotate VendServer.py | grep su > > Annotations for VendServer.py > *************** > 1.77 (mtearle 09-Apr-05): # should use sudo here > 1.77 (mtearle 09-Apr-05): ret = os.system('su - "%s" -c "dispense door"'%vstatus.username) > 1.77 (mtearle 09-Apr-05): if ((os.system('su - "%s" -c "dispense %s"'%(vstatus.username, vstatus.cur_selection[0])) >> 8) != 0): > > I'm not hugely convinced that users can do anything nasty with this but I > agree that it should probably be replaced. > > In the short term, perhaps it could just be replaced with > > ret = subprocess.call(('dispense', '-u', vstatus.username, 'door')) > and something similar for the second call. > > although that would change the logs from > odispense2: dispense 'Open Door' (door:0) for zanchey by zanchey > to > odispense2: dispense 'Open Door' (door:0) for zanchey by root > > In the long term I wonder if it is worth skipping the client binary > altogether and just talking over the network to the dispense server; I was > thinking about writing a Python library to do just that anyway as I abhor > C. > > (This message should not be taken as an acceptance of the maintainership > of the snack machine server code.) > > David Adam > UCC Wheel Member > zanchey@ > Couldn't we just set the shell explicitly when we su to the user, by using --shell=/bin/sh ? Bob Adamson UCC President |"Bureaucracy is a challenge to the be conquered with a righteous | |attitude, an intolerance for stupidity, and a bulldozer when necessary" | | ---Peter's Laws | From grahame at angrygoats.net Tue Apr 12 23:49:41 2011 From: grahame at angrygoats.net (Grahame Bowland) Date: Tue, 12 Apr 2011 23:49:41 +0800 Subject: [tech] [ucc] New Door/Dispense Server In-Reply-To: References: Message-ID: Gentlepersons, > $ cvs annotate VendServer.py | grep su > > Annotations for VendServer.py > *************** > 1.77 ? ? ? ? (mtearle ?09-Apr-05): ? ? ?# should use sudo here > 1.77 ? ? ? ? (mtearle ?09-Apr-05): ? ? ? ? ? ? ? ? ? ? ?ret = os.system('su - "%s" -c "dispense door"'%vstatus.username) > 1.77 ? ? ? ? (mtearle ?09-Apr-05): ? ? ? ? ? ? ?if ((os.system('su - "%s" -c "dispense %s"'%(vstatus.username, vstatus.cur_selection[0])) >> 8) != 0): > > I'm not hugely convinced that users can do anything nasty with this but I > agree that it should probably be replaced. Instead of "%s" you probably want just %s and pipes.quote(vstatus.username). That call takes care of making sure the argument is properly escaped. From trs80 at ucc.gu.uwa.edu.au Thu Apr 14 20:06:26 2011 From: trs80 at ucc.gu.uwa.edu.au (James Andrewartha) Date: Thu, 14 Apr 2011 20:06:26 +0800 (WST) Subject: [tech] [ucc-announce] Downtime - Friday, April 15 2011 - Lunchtime In-Reply-To: References: Message-ID: On Thu, 14 Apr 2011, Matt Didcoe wrote: > For the safety of both our servers and the contractors, we will be > shutting down equipment for approximately 30 minutes to allow them to > complete the work. This is the perfect time to turn motsugo's network interface into a bridge, for KVM networking goodnes. Any volunteers? -- # TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \ # UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best | [ "There's nobody getting rich writing ]| -- Collect and hide your | [ software that I know of" -- Bill Gates, 1980 ]\ nuts." -- Acid Reflux #231 / From matt at ucc.asn.au Thu Apr 14 22:17:37 2011 From: matt at ucc.asn.au (Matt Johnston) Date: Thu, 14 Apr 2011 22:17:37 +0800 Subject: [tech] hgweb at ucc Message-ID: <20110414141737.GX32523@ucc.gu.uwa.edu.au> Hi, I've set up http://hg.ucc.asn.au as a Mercurial hgweb server if anyone wants to put a repository on the web. You'll need to get someone in wheel to add your repository directory to /services/hg/cgi-bin/hgweb.config . If anyone has an idea of how to let anyone reference their own repository in ~/public-html I'd be interested to hear (it's using WSGI). Note that DNS mightn't have updated with the domain yet, I stuffed it up initially, give it a few hours. Cheers, Matt From bob at ucc.gu.uwa.edu.au Thu Apr 14 23:29:55 2011 From: bob at ucc.gu.uwa.edu.au (Bob Adamson) Date: Thu, 14 Apr 2011 23:29:55 +0800 (WST) Subject: [tech] hgweb at ucc In-Reply-To: <20110414141737.GX32523@ucc.gu.uwa.edu.au> References: <20110414141737.GX32523@ucc.gu.uwa.edu.au> Message-ID: On Thu, 14 Apr 2011, Matt Johnston wrote: > Hi, > > I've set up http://hg.ucc.asn.au as a Mercurial hgweb server if > anyone wants to put a repository on the web. You'll need to > get someone in wheel to add your repository directory to > /services/hg/cgi-bin/hgweb.config . If anyone has an idea of > how to let anyone reference their own repository in > ~/public-html I'd be interested to hear (it's using WSGI). > > Note that DNS mightn't have updated with the domain yet, I > stuffed it up initially, give it a few hours. > > Cheers, > Matt > Sweet, care to update http://www.ucc.asn.au/services/vcs.ucc as well? [BOB]