Re: Established method to enable suid scripts?
Chris Telting christopher...@telting.org wrote: Seemed like I read that historically unix ran the #! command as the suid when it executed the file. Did Freebsd delete that functionality? (Otherwise how did suid scripts get the bad reputation if they could never execute suid.) There have indeed been Unix (or Unix-like) systems that have implemented suid #! scripts. It did not take very long for someone to discover -- and demonstrate -- the massive security hole that they opened, which led to the capability being removed. IIUC this happened fairly early in the Berkeley era, long before FreeBSD existed as such. Thus it was a predecessor of FreeBSD, and not FreeBSD itself, from which the functionality was deleted. It _is_ possible in principle to close that particular security hole while retaining the suid #! functionality, but it requires coordination between the kernel and the interpreter (and, in the variant I'm aware of, the introduction of a fourth standard file identifier similar to the well-known stdin, stdout, and stderr). However, even supposing that this fix is applied, how certain can we be that there are no _other_ exposures? I'm not exactly clear where the execute function is. I guessing that it's not the shell doing the #! interpretation but rather the execute function of the operating system. Correct. The exec function examines the first block of the file that is to be executed, and determines how to execute it by recognizing particular values in particular places. When the first two bytes are #!, the characters following the #! (up to the next whitespace) identify an interpreter which is executed, the name of the script being passed to the interpreter as a parameter. Presumably it would be possible for exec to recognize the suid bit on the script, and set the UID accordingly when executing the interpreter, but AFAIK there is no way to configure FreeBSD to do this; you would have to modify the kernel. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Maximum partition size
Hello. Sorry for the stupid questions, but Google only turns out very old answers which might be outdated (at least I hope so). What is the maximum partition size I can use on 7.3? I've used a 3TB gstripe on amd64, but now I'd like to gstripe two 2TB HDs on a i386. Will that work? bye Thanks av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Established method to enable suid scripts?
Here is some information on what perl does: http://www.washington.edu/perl5man/pod/perlsec.html Also there is an option (not chosen by default) in the perl port to enable setuid. Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Established method to enable suid scripts?
On Wednesday 11 May 2011 04:19:29 Devin Teske wrote: The reason that the suid bit doesn't work on scripts (shell, perl, or otherwise) is because these are essentially text files that are interpreted by their associated interpreter. It is the interpreter itself that must be suid. I'm pretty sure that's not the case, although I'm open to correction. The reason the system ignores the suid bit on a script is because of what would happen when it's executed: 1) the script is read from a file called filename and the system notices that it needs to be interpreted by another program. 2) that program is launched and told to re-open the file named filename and execute its contents with suid privilege. The problem is a race condition: there's no guarantee that the filename opened by the interpreter in step 2 is the same file the user executed in step 1. There are two common ways round this: ignore the suid bit; or arrange within the OS to pass a handle to the original file rather than a filename so that the script can't be changed out from under the interpreter. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: start X in background without it taking over the console?
On Wed, May 11, 2011 at 7:21 AM, Chris Telting christopher...@telting.org wrote: I know this isn't strictly a Freebsd question. I want to start up X in the background without it taking over the console. I want to switch over to it manually when I press alt-F9. Why not start if from another terminal? Say, press alt-F2, login there, and then startx. Then, alt-F1 remains free. Or perhaps use x11-servers/xorg-vfbserver. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: start X in background without it taking over the console?
On 05/11/2011 03:10, C. P. Ghost wrote: On Wed, May 11, 2011 at 7:21 AM, Chris Telting christopher...@telting.org wrote: I know this isn't strictly a Freebsd question. I want to start up X in the background without it taking over the console. I want to switch over to it manually when I press alt-F9. Why not start if from another terminal? Say, press alt-F2, login there, and then startx. Then, alt-F1 remains free. Or perhaps use x11-servers/xorg-vfbserver. I already do... I'm want to automate it. Every other virtual screen terminal can start without grabbing the console, I don't want X to either. I do development and I suffer crashes. I want to do work while it boots up for a couple minutes and I'm tired of manually switching back to text mode. It's gets annoying the 200th time. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: start X in background without it taking over the console?
On 05/11/2011 05:36 AM, Chris Telting wrote: I already do... I'm want to automate it. Every other virtual screen terminal can start without grabbing the console, I don't want X to either. I do development and I suffer crashes. I want to do work while it boots up for a couple minutes and I'm tired of manually switching back to text mode. It's gets annoying the 200th time. You could script it right after X starts, as such: vidcontrol -s 1 # Equivalent to Alt-F1 I don't think X is currently designed to start without initializing the graphics hardware, though, so the initial vt change is probably unavoidable. Perhaps once KMS trickles down? -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net cyber...@cyberleo.net Furry Peace! - http://.fur.com/peace/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Wal-Mart Secret Shopper Needed! Apply Now!!!
Hello Dear, How are you doing, This is an awareness to let the public know that One of America's largest, discount department outlet is re-branding.The retail industry is a competitive world, with each retailer vying for the attention of consumers in an increasingly cluttered market. We do not want to rely on proprietary data collection processes and technology alone, we need appraisers to collect specific data about their experience and opinion when they visit this retail outlet, in a time efficient and cost effective manner. Closed book consumer is a tool used by market research companies to measure quality of retail service or gather specific information about products and services. Your ability to pose as normal customers perform specific tasks such as purchasing a product, asking questions, registering complaints or behaving in a certain way and then providing precise feedback about your exploit . The purpose of Mystery Shoppers is to help businesses increase sales and improve employee customer service awareness. We provide businesses with more information than other mystery shopping companies through the use of questionnaires and detailed narratives. Once we have a contract to do so, you will be directed to the company or outlet and you will be given funds to either purchase things or require services, after which you would write a comment on the staffs activities and give a detailed report of your experience.Some of the common details and information points shoppers: The name of the store. The date and time of the visit. The names of the employee that attended to you. Were you greeted friendly. The questions asked by the employee(s) Were you told to drop by again. Cleanliness of store and store employees Speed of service. We need compliance with company standards relating to services rendered and store appearanceby employees to be up to standard. We turn the information over to the company executives so they will carry out their own duties in improving there services. When we need someone in your area for the assignment, we'll give you a call/email and describe the project to see if you are interested.Sometimes we will arrange for a mini-interview on phone. Fill out the resume below. On appointment for an assignment, payment will be sent to you at the address you provide us with. First Name: Last Name: Street Address(No Po Box Accpeptable) : City : State : Zip Code : Cell Phone Number/Home Phone Number : Age: Current Occupation: Alternate Email Address : AVAILABILITY: Days/Hours Available : Monday: Tuesday: Wednesday: Thursday: Friday: Saturday: Sunday: Hours Available: from ___ to __ Through extensive background check, your information will be reviewed and processed. Immediately this is done we will give a phone call/email will be sent to let you know your placement with our company. Shane McClein Task Co-ordinator Wal- Mart Rebranding Wal-Mart Inc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: start X in background without it taking over the console?
From: CyberLeo Kitsana cyber...@cyberleo.net To: Chris Telting christopher...@telting.org Cc: freebsd-questions@freebsd.org Sent: Wed, May 11, 2011 7:07:01 AM Subject: Re: start X in background without it taking over the console? On 05/11/2011 05:36 AM, Chris Telting wrote: I already do... I'm want to automate it. Every other virtual screen terminal can start without grabbing the console, I don't want X to either. I do development and I suffer crashes. I want to do work while it boots up for a couple minutes and I'm tired of manually switching back to text mode. It's gets annoying the 200th time. You could script it right after X starts, as such: vidcontrol -s 1 # Equivalent to Alt-F1 I don't think X is currently designed to start without initializing the graphics hardware, though, so the initial vt change is probably unavoidable. Perhaps once KMS trickles down? -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net cyber...@cyberleo.net Furry Peace! - http://.fur.com/peace/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I'm watching this thread with interest. First, I don't run X that much and what I seem to know about it is that once you start X is grabs your video hardware and that's that. I have never been able to get a text console back once I do startx. But I'm a simpleton and only run the normal standard windows manager which installs with X. I've tried all the others and while they are great I just don't see the need for all the overhead since my FreeBSD servers are just that...servers. Once in X I can open as many Xterm windows as I want and I have access to the text console. Still I would be interested to know if there is a resolution to his poster's question. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
OpenVPN Setup
Thanks to everyone for the replies yesterday on OpenVPN. I'd like to report a few interesting things: 1. In doing some google searches on this last night, believe it or not some of the search results were the exact questions I asked in this group, only yesterday afternoon. And this was while I was watching Fox News make reports on how Google is watching and recording everything these days...Sheesh I didn't know their spiders ran that fast. 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: start X in background without it taking over the console?
God love is hard to find. You got lucky freebsd-questions! 2011/05/11 05:37:56 -0700 Bill Tillman btillma...@yahoo.com = To freebsd-questions@freebsd.org : BT I already do... I'm want to automate it. Every other virtual screen BT I'm watching this thread with interest. Me too. But I have another kind of interest. I use to run X like this: https://gist.github.com/651700 This means fork process, wait X server to start and then run client(s). In certain situations the terminal processes start to consume all the CPU while doing nothing. I'd like to have a way to start X without respawn from a line on a /etc/ttys in a background fork and then start its clients from another jail(s). I can do this currently only without ttys to start, blocking /etc/rc to proceed before ttys to start. But I'd like to have Alt+Fn functionality among with my X11, too. I can get that only by means of switching to ttyv0 and then interrupting that perl script by ^C. And losing my X session thereafter. CPU consumption situation in question can happen here and there, and not always can be solved by mean of 'script -qt0 dev/null cmd' hack. This includes tmux/screen first of all. Of course I use this script(1) feature on both ssh client and ssh server side. ( ssh is not about X11 forwarding but about to set DISPLAY and run X client app ). Thanks much for any clue. 73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB 12F8 0CE1 4AAC A0E2 6627) -- http://vereshagin.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
You can still test it from home... do pings through a specific interface. Or change your routing table information. Also you can communicate from the server itself to the client to test. On May 11, 2011, at 8:11 AM, Bill Tillman wrote: Thanks to everyone for the replies yesterday on OpenVPN. I'd like to report a few interesting things: 1. In doing some google searches on this last night, believe it or not some of the search results were the exact questions I asked in this group, only yesterday afternoon. And this was while I was watching Fox News make reports on how Google is watching and recording everything these days...Sheesh I didn't know their spiders ran that fast. 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
On Wed, May 11, 2011 at 09:11, Bill Tillman btillma...@yahoo.com wrote: 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. It's not uncommon for guest/visitor/unsponsored/portal wireless to only have ports 80 and 443 (sometimes only port 80) open. You can modify your server's config to use port 80 instead of 1194 (assuming you aren't running a webserver on that machine). Keep in mind that if you do that then before you can connect you'll have to: o change the config on the server o restart openvpn on the server o change the config on the client kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
how to diagnose server freeze with ddb?
Hello, I have a server that freezes under high load sometimes. It is on FreeBSD 7.3. It does not respond neither by network nor to keyboard. In the same time I can hit Ctrl-Alt-ESC and go to debugger - it works. What can I try to do in DDB to find out the reason of server freezing? Thanks in advance! -- // cronfy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Established method to enable suid scripts?
On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote: I've googled for over an hour. I'm not looking to get into a discussion on security or previous bugs that are currently fixed. Suid in and of itself is a security issue. But if you are using suid it it should work; I don't want to use a kludge and I don't want to use sudo. I'm hoping it's a setting that is just disabled by default. My understanding is that in general the system does not allow SUID on scripts. The way I have gotten around that (a long time ago) was to create a small binary that exec's the script and making the binary SUID. Security cautions apply. jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
From: Kevin Wilcox kevin.wil...@gmail.com To: Bill Tillman btillma...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Wed, May 11, 2011 9:28:08 AM Subject: Re: OpenVPN Setup On Wed, May 11, 2011 at 09:11, Bill Tillman btillma...@yahoo.com wrote: 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. It's not uncommon for guest/visitor/unsponsored/portal wireless to only have ports 80 and 443 (sometimes only port 80) open. You can modify your server's config to use port 80 instead of 1194 (assuming you aren't running a webserver on that machine). Keep in mind that if you do that then before you can connect you'll have to: o change the config on the server o restart openvpn on the server o change the config on the client kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Thanks again. Setting the proto to tcp, port 443 is working at least. I'm sitting comfortably in a Starbucks with a cup of java and smooth jazz playing and with a powered connection so I won't have to worry about battery in this laptop which only lasts about 20 minutes these days. So I can run the VPN client here and it makes connection and grabs an IP address 10.8.0.6, and I can ping the tunnel device on the other end 10.8.0.1 but I cannot access the other side of the VPN server at home, 10.0.0.0/24. Nothing will reply to pings and my attempts to do remote desktop with one of my windows machines fails and I cannot access the Samba shares on the VPN server. I guess this must be a routing issue but I thought the OpenVPN server set this up when it started. Any additional advice will be appreciated. I'm going to stay here and hack at it until they run me off. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: (8.2) amd64 + linuxulator + nvidia driver is it stable ?
On Tue, 10 May 2011 20:19:06 -0500, Mario Lobo l...@bsd.com.br wrote: You should try the devel version. I'll consider it, but I rarely use Firefox and furthermore Chromium and Opera don't use nspluginwrapper and have the same issue. This makes me think it has nothing to do with nspluginwrapper. Regards, Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN Setup
From: Kevin Wilcox kevin.wil...@gmail.com To: Bill Tillman btillma...@yahoo.com Cc: freebsd-questions@freebsd.org Sent: Wed, May 11, 2011 9:28:08 AM Subject: Re: OpenVPN Setup On Wed, May 11, 2011 at 09:11, Bill Tillman btillma...@yahoo.com wrote: 2. I have my OpenVPN process running on my FreeBSD server and wish to test it with the OpenVPN client for Windows on my laptop from an outside location. But the only outside locations I have access to right now are the local McDonalds and Starbucks which offer free WiFi via ATT's network. The trouble with this is they appear to be blocking almost everything at these locations with the exception of HTTP traffic. I can't make the connection and I cannot acces my LAN via SSH either. I don't think they are blocking any particular ports on these systems as much as they are just blocking everything except those ports which allow users to surf the web. The only thing which appears in the status window is that's it trying to make the handshake but then fails. I can ping my home server from these outside locations so I know my server is reachable. It's not uncommon for guest/visitor/unsponsored/portal wireless to only have ports 80 and 443 (sometimes only port 80) open. You can modify your server's config to use port 80 instead of 1194 (assuming you aren't running a webserver on that machine). Keep in mind that if you do that then before you can connect you'll have to: o change the config on the server o restart openvpn on the server o change the config on the client kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Thanks again. Setting the proto to tcp, port 443 is working at least. I'm sitting comfortably in a Starbucks with a cup of java and smooth jazz playing and with a powered connection so I won't have to worry about battery in this laptop which only lasts about 20 minutes these days. So I can run the VPN client here and it makes connection and grabs an IP address 10.8.0.6, and I can ping the tunnel device on the other end 10.8.0.1 but I cannot access the other side of the VPN server at home, 10.0.0.0/24. Nothing will reply to pings and my attempts to do remote desktop with one of my windows machines fails and I cannot access the Samba shares on the VPN server. I guess this must be a routing issue but I thought the OpenVPN server set this up when it started. Any additional advice will be appreciated. I'm going to stay here and hack at it until they run me off. Just cleared one more hurdle. Turns out the PUSH line in server.conf was still commented out. A quick change there and it's off and running. I can now ping inside my LAN from this remote connection and just completed a successful Remote Desktop session with one of the Windows clients inside as well. I'm still somewhat confused on the routes needed and several of my tests are still in place on the home LAN servers so I'm not sure what actually worked and what can be removed if any. The PUSH line though seemed to be all it needed but I think there is something on the inside which needs to be set as well. Sorry for all the traffic, but I have the time this week to hack at this until I get it right. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: (8.2) amd64 + linuxulator + nvidia driver is it stable ?
On Wed, 11 May 2011 10:14:47 -0500 Mark Felder f...@feld.me articulated: On Tue, 10 May 2011 20:19:06 -0500, Mario Lobo l...@bsd.com.br wrote: You should try the devel version. I'll consider it, but I rarely use Firefox and furthermore Chromium and Opera don't use nspluginwrapper and have the same issue. This makes me think it has nothing to do with nspluginwrapper. Does anyone know why the x11/nvidia-driver port has not been updated? The latest version is 270.41.06 according to the nVidia page: http://www.nvidia.com/object/unix.html http://www.nvidia.com/object/freebsd-x64-270.41.06-driver.html for 64 bit systems and http://www.nvidia.com/object/freebsd-x86-270.41.06-driver.html for 32 bit systems. -- Jerry ✌ jerry+f...@seibercom.net Disclaimer: off-list followups get on-list replies, ignored or reported as Spam. Do not CC this poster. Please do not ignore the Reply-To header. __ Pound for pound, the amoeba is the most vicious animal on earth. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ZFS promote failure
Hello, I'm seeing a strange problem trying to use zfs promote. [root@san2]# zfs snapshot san/sr@snap [root@san2]# zfs clone san/sr@snap san/sr5 [root@san2]# zfs promote san/sr5 cannot promote 'san/sr5': dataset is busy Being a freshly created dataset I'm not sure how it would be busy. Are there any caveats to using zfs promote on zvols? The snapshots are of ext3 formatted zvols. I don't really need to promote them but wanted to in case I needed to destroy the source for some reason. Thanks, -- Dave Cundiff System Administrator A2Hosting, Inc http://www.a2hosting.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Established method to enable suid scripts?
On Wed, May 11, 2011 at 10:14 AM, Jerry McAllister jerr...@msu.edu wrote: On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote: I've googled for over an hour. As other have said suiding on scripts is not allowed in modern versions of Unix. What I do for example, is create small C programs suid them and use those special suid execs to do special stuff. For example, if I need to erase some files created by the mysql daemon process I will create a C exec called suidrm and have it suid to the mysql owner so I can remove the temp files from an Apache CGI for example. Any suid exec should be carefully evaluated and meant for one specific thing, and avoid suiding to root if at all possible. If you must you can copy the exec with a different name and suid it for a specific purpose with a specific user, preferably not root. Anyway, with the simple C program wrapper approach I have solved many things like what you're trying to do. Best, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Established method to enable suid scripts?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5/11/11 12:31 PM, Alejandro Imass wrote: On Wed, May 11, 2011 at 10:14 AM, Jerry McAllister jerr...@msu.edu wrote: On Tue, May 10, 2011 at 05:54:04PM -0700, Chris Telting wrote: I've googled for over an hour. As other have said suiding on scripts is not allowed in modern versions of Unix. What I do for example, is create small C programs suid them and use those special suid execs to do special stuff. For example, if I need to erase some files created by the mysql daemon process I will create a C exec called suidrm and have it suid to the mysql owner so I can remove the temp files from an Apache CGI for example. Any suid exec should be carefully evaluated and meant for one specific thing, and avoid suiding to root if at all possible. If you must you can copy the exec with a different name and suid it for a specific purpose with a specific user, preferably not root. Anyway, with the simple C program wrapper approach I have solved many things like what you're trying to do. Best, -- Alejandro Imass To the OP and others - you'll find tons of hits for setuid wrapper in Google (http://www.google.com/search?q=setuid+wrapperie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-a), but be very careful if you decide to compile one of them for use in your environment. It might be worth checking out some of the Apache suEXEC documentation to understand all of the security checks they have implemented: http://httpd.apache.org/docs/2.2/suexec.html Hope that helps, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/cpucycle/ - Follow you, follow me -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3KveUACgkQ0sRouByUApBP6wCeOuMVod5erYOtYQqTDVmgcmaP fdsAoMUMrPkJWvs2ZZEOMMgmVBu2xlcv =h1f6 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.2 crash after 8 running hours ?
Frank Bonnet f.bon...@esiee.fr writes: I've experienced a strange problem at 8.2-release after a fresh install on three ( 3 ) differents machines ( all HP ) FreeBSD 8.2 stops running without any sound ( machines freezed ) after running well during approx 8 hours. It happened on 3 differents HP models ( proliant DL360G6 DL380G7 XW4200 ) which are running named (bind98 ) and postfix + postscreen. Any of you had some similar problems with 8.2 ? If they have, I don't think they mentioned it here on the lists. Try dropping into the kernel debugger... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: make the iso image
On 05/11/2011 04:50 AM, Polytropon wrote: On Tue, 10 May 2011 19:24:39 -0700, mohammad abedini abedini.erics...@gmail.com wrote: I plan to make the FreeBSD installation with facilities in my state This looks as if you want to create your own installation media. The make release operation is intended for that task. However I (not the original sender) would like to create just a LiveDVD from my install, because I upgraded to zpool version and didn't find any official release or snapshot which can mount that. It would be only a rescue DVD, not installer medium. Is there a shorter way than make release? I don't even need a gui on that DVD just some basic tools and zpool v28. Mage ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: thunderbird-3.1.10 build error
On Mon, 9 May 2011 18:52:12 +0100 Chris Rees utis...@gmail.com wrote: On 9 May 2011 18:38, Janos Dohanics w...@3dresearch.com wrote: On Sun, 8 May 2011 19:52:54 -0500 (CDT) Robert Bonomi bon...@mail.r-bonomi.com wrote: From [...] Are you trying to run a parallel build? Reading the full trace _DID_ show a parallel build. How can you tell? I'm pretty sure I did not use the -j flag... You're right about + =! Fetch this patchfile: http://www.bayofrum.net/~crees/patches/patch-mailnews-extensions-smime-build-Makefile-in and stick it in /usr/ports/mail/thunderbird/files make clean, and try making again. Chris Chris, I guess your reward for helping is more nagging... would you please take a look at http://wwwp.3dresearch.com/thunderbird2 -- Janos Dohanics ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.2 crash after 8 running hours ?
Well those are production machines ... I swtched back to 7.4 and everthing Works fine ... Envoyé de mon iPhone Le 11 mai 2011 à 19:08, Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org a écrit : Frank Bonnet f.bon...@esiee.fr writes: I've experienced a strange problem at 8.2-release after a fresh install on three ( 3 ) differents machines ( all HP ) FreeBSD 8.2 stops running without any sound ( machines freezed ) after running well during approx 8 hours. It happened on 3 differents HP models ( proliant DL360G6 DL380G7 XW4200 ) which are running named (bind98 ) and postfix + postscreen. Any of you had some similar problems with 8.2 ? If they have, I don't think they mentioned it here on the lists. Try dropping into the kernel debugger... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
OpenVPN Setup
Thanks again for all the great tips on OpenVPN setup. I think its about ready for real deployment but I have a couple of more questions. My OpenVPN server (10.0.0.254) is inside my LAN behind another FreeBSD router/gateway (10.0.0.253) which is running IPFW+NATD and handles the LAN's connection to the cable modem. All that is running fine. In the docs I read it told me to turn forwarding on at the OpenVPN server (10.0.0.254) as well, effectively turning it into another gateway. I was wondering if this could be avoided, assuming the docs I read were about a setup where the VPN server was right off the Internet and was needed as the gateway. I added this route to the FreeBSD router (10.0.0.253) which on my LAN is the machine right off the cable modem: route add -net 10.8.0.0/24 10.0.0.254 This made everything work but I'd like to ask if this is the most efficient way of setting up the routing table.on the router (10.0.0.253). When I check the routing tables on the OpenVPN server with netstat -nr I see this info: Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.253 UGS 0 31257 bge0 10.0.0.0/24 link#3 U 1 101587 bge0 10.0.0.254 link#3 UHS 0 0 lo0 10.8.0.0/24 10.8.0.2UGS 0 33716 tun0 10.8.0.1 link#5 UHS 0 2 lo0 10.8.0.2 link#5 UH 0 0 tun0 127.0.0.1 link#4 UH 0 472 lo0 I'm curious as to why the 3rd entry shows the route for 10.8.0.0/24 goes through 10.8.0.2 as it's gateway. 10.8.0.2 is not pingable in this setup. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Skyip? question
Hey Guys, What does the list think of XBill's buyout of Skype? i know there is probably a port for this for the BSD'S. ISn't it just a VOIP thing... maybe with some video glued on? (How hard/easy woold be be to hack out a better one...or do GOOG and YHOO already have their own versions of skyip?) Lastly, a few years ago, somebody on this list said that skype was free like free beer. Pretty sure they had that saying when i was a kind back in the twelfth century, but still have no ides what it means, so would appreciate it from my fellow geeks who get that 'free-beer' swipe. thanx, gary -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix The 7.98a release of Jottings: http://jottings.thought.org/index.php http://journey.thought.org ethic Ju ST released: http://transfinite.thought.org/17da.html Where's that bloody .357?! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Skyip? question
On 5/11/11 8:20 PM, Gary Kline wrote: (How hard/easy woold be be to hack out a better one...or do GOOG and YHOO already have their own versions of skyip?) Not all that trivial, really, but, frankly, rather beside the point. The value of communications networks is more than the technology, it's in whom you can communicate with using it. So even if you were to hack out something more elegant than Skype, the vast majority of the world wouldn't care in the slightest, as they want to talk to their friends, family, and business associates, and have no interest in talking to you and the 137 hacking buddies who built the better mousetrap. There's a reason the PSTN still does so well despite its 19th century, low-bandwidth, voice-only roots. Lastly, a few years ago, somebody on this list said that skype was free like free beer. Pretty sure they had that saying when i was a kind back in the twelfth century, but still have no ides what it means, so would appreciate it from my fellow geeks who get that 'free-beer' swipe. Free beer = you can use it without paying money, but the stuff behind the curtain is proprietary and you can't necessarily look, never mind play. Free speech = you can do as you wish with the bits behind the curtain (give or take various license terms that can start religious wars) I believe the term doesn't pre-date Linux; wasn't it first used when the unwashed masses started getting confused as to what it meant for Linux to be free? BTW, I believe this discussion belongs over in the discussion list, as it has nothing to do with FreeBSD, so I will sin no more after this. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Skyip? question
On Wed, 11 May 2011 21:23:14 -0400, Jon Radel j...@radel.com wrote: On 5/11/11 8:20 PM, Gary Kline wrote: (How hard/easy woold be be to hack out a better one...or do GOOG and YHOO already have their own versions of skyip?) Not all that trivial, really, but, frankly, rather beside the point. The value of communications networks is more than the technology, it's in whom you can communicate with using it. And keep in mind the data in the background: WHO communi- cates? WHERE does he communicate from, with WHOM, WHEN? Tech- nology allows answering questions even about WHAT has been spoken. Relations between individuals and there interests can be concluded from such communication profiles. They are of high value for advertising and industry propaganda mechanisms. So even if you were to hack out something more elegant than Skype, the vast majority of the world wouldn't care in the slightest, as they want to talk to their friends, family, and business associates, and have no interest in talking to you and the 137 hacking buddies who built the better mousetrap. I may say that there is already a high-quality alternative (among others), it's called Ekiga. It's not as widespread as Skype, I agree. And google also offers a similar tool, but as I've never used it, I can't recall the name. It's also not as well known as Skype which got a synonym for IP-based tele- phony utilizing a computer. With upcoming versions of Windows, I think MICROS~1 will integrate Skype technology into their system, while they make sure that this technology - due to the lack of inter- face program - can't be used on other systems (Mac OS X, Linux, BSD, but also Android). So I think they bought Skype, a company that _never_ made the big bucks in order to obtain their technology and their subscribers for their own land. They will surely do anything for further vendor lock-in - i. e. make sure nobody except them defines the terms of use of the former Skype infrastructures (in general, not in a technical sense). There's a reason the PSTN still does so well despite its 19th century, low-bandwidth, voice-only roots. Some people do not evolve the technology and service providers want them to. :-) BTW, I believe this discussion belongs over in the discussion list, as it has nothing to do with FreeBSD, so I will sin no more after this. I think it _will_ have impact to FreeBSD sooner or later in a form that Skype will be unusable at some point in time, or will be quite limited in what you can actually do with it. When MICROS~1 incorporates the Skype customer base... who knows, maybe you'll soon need a Hotmail account to call someone by phone, as soon as MICROS~1 got a real phone operator. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Best SATA/SAS controller for ZFS on FreeBSD 8.2 RELEASE?
My hardware: Dell 1950 with dual quad-core X5450 processors, 16GB RAM, boot drive connected to a SAS 6/iR controller (mpt0), pair of external ACARD 9010 RAMDisks (da3 da4) connected to an LSI SAS3801E controller (mpt1). The RAMdisks are configured in a ZFS mirror (Backbone) in hopes of both high IOPS and data integrity. Main purpose of the database is to run a small (4GB) PostgreSQL database. My problem: Twice in the last 3 weeks I see more and more errors from the mpt1 driver until it decides that it's lost the drives and Postgres hangs. I try a shutdown-h, which it can't complete, and eventually hold down the power button to shut the machine off. When I boot it it comes up fine, scrubs complete in seconds with zero errors found, and all is grand... Until the next time. I'm hesitant to blame the RAMdisks, because (1) I've got some of them working fine for me with other OSes and (2) zpool scrub consistently shows no errors. I've read some suggestions on the Net suggesting that the MPT driver in FreeBSD is sub-optimal, so that's one area I want to check-- is there another controller that would be better? Most of my ZFS experience has been in OpenSolaris, where LSI cards are pretty much the standard, but FreeBSD is not OpenSolaris Logfiles below: May 11 17:58:46 backbone kernel: mpt1: attempting to abort req 0xff800068b790:25990 function 0 May 11 17:58:46 backbone kernel: mpt1: mpt_cam_event: 0x16 May 11 17:58:46 backbone kernel: mpt1: mpt_cam_event: 0x16 May 11 17:58:47 backbone kernel: mpt1: abort of req 0xff800068b790:25990 completed May 11 17:58:47 backbone kernel: mpt1: attempting to abort req 0xff800068b790:25990 function 0 May 11 17:58:47 backbone kernel: mpt1: mpt_cam_event: 0x16 May 11 17:58:47 backbone kernel: mpt1: mpt_cam_event: 0x16 May 11 17:58:47 backbone kernel: mpt1: abort of req 0xff800068b790:25990 completed May 11 17:58:47 backbone kernel: mpt1: attempting to abort req 0xff800068b790:25990 function 0 May 11 17:58:48 backbone kernel: mpt1: abort of req 0xff800068b790:25990 completed May 11 17:58:48 backbone kernel: mpt1: attempting to abort req 0xff800068b790:25990 function 0 May 11 17:58:48 backbone kernel: mpt1: abort of req 0xff800068b790:25990 completed Eventually it tires of those entries and segues into: May 11 17:59:24 backbone kernel: mpt1: mpt_cam_event: 0x16 May 11 17:59:24 backbone last message repeated 2 times May 11 17:59:24 backbone kernel: (da3:mpt1:0:2:0): SYNCHRONIZE CACHE(10). CDB: 35 0 0 0 0 0 0 0 0 0 May 11 17:59:24 backbone kernel: (da3:mpt1:0:2:0): CAM status: SCSI Status Error May 11 17:59:24 backbone kernel: (da3:mpt1:0:2:0): SCSI status: Check Condition May 11 17:59:24 backbone kernel: (da3:mpt1:0:2:0): SCSI sense: UNIT ATTENTION asc:29,0 (Power on, reset, or bus device reset occurred) May 11 17:59:24 backbone kernel: (da4:mpt1:0:4:0): WRITE(10). CDB: 2a 0 0 40 53 39 0 0 18 0 May 11 17:59:24 backbone kernel: (da4:mpt1:0:4:0): CAM status: SCSI Status Error May 11 17:59:24 backbone kernel: (da4:mpt1:0:4:0): SCSI status: Check Condition May 11 17:59:24 backbone kernel: (da4:mpt1:0:4:0): SCSI sense: UNIT ATTENTION asc:29,0 (Power on, reset, or bus device reset occurred) And then it starts complaining about vdev I/O failures: May 11 17:59:58 backbone root: ZFS: vdev I/O failure, zpool=Backbone path=/dev/da3 offset=270336 size=8192 error=6 May 11 17:59:58 backbone kernel: (da3:mpt1:0:2:0): lost device May 11 17:59:58 backbone kernel: (da3:mpt1:0:2:0): Invalidating pack May 11 17:59:58 backbone last message repeated 3 times May 11 17:59:58 backbone kernel: (da4:mpt1:0:4:0): lost device May 11 17:59:58 backbone kernel: (da4:mpt1:0:4:0): Invalidating pack May 11 17:59:58 backbone last message repeated 3 times May 11 17:59:58 backbone kernel: (da3:mpt1:0:2:0): Synchronize cache failed, status == 0xa, scsi status == 0x0 May 11 17:59:58 backbone kernel: (da3:mpt1:0:2:0): removing device entry May 11 17:59:58 backbone kernel: (da4:mpt1:0:4:0): Synchronize cache failed, status == 0xa, scsi status == 0x0 May 11 17:59:58 backbone kernel: May 11 17:59:58 backbone kernel: (da4:mpt1:0:4:0): removing device entry May 11 17:59:58 backbone root: ZFS: vdev I/O failure, zpool=Backbone path=/dev/da3 offset=8589156352 size=8192 error=6 May 11 17:59:58 backbone root: ZFS: vdev I/O failure, zpool=Backbone path=/dev/da3 offset=8589418496 size=8192 error=6 May 11 17:59:58 backbone root: ZFS: vdev I/O failure, zpool=Backbone path=/dev/da4 offset=270336 size=8192 error=6 May 11 17:59:58 backbone root: ZFS: vdev I/O failure, zpool=Backbone path=/dev/da4 offset=8589156352 size=8192 error=6 May 11 17:59:58 backbone root: ZFS: vdev I/O failure, zpool=Backbone path=/dev/da4 offset=8589418496 size=8192 error=6 May 11 17:59:58 backbone root: ZFS: zpool I/O failure, zpool=Backbone error=6 May 11 17:59:58 backbone last message repeated 15 times May 11 17:59:58 backbone root: ZFS: zpool I/O failure, zpool=Backbone error=28 May 11 17:59:58 backbone last