Re: nss_ldap and openldap on the same server.
On Tuesday 13 March 2007 10:26, Gerhard Schmidt wrote: It's a well-known problem rather than a bug, and it arises when looking up group information for a user. The system needs a list of all the groups the user is a member of. Since it's a list, not a single answer, you can't short-circuit the process with ``success'' after finding a single result: initgroups(3) must work through all possible sources of group information to build the list. I think its still a bug. You are right that all groups should be found so the default for groups should be success=continue to have this done. But when I explicily specify that on success the process should abort, it should be done exacly this way. You've now had responses from me and Joerg Pulz, and given us essentially the same reply. I'm not sure success means what you think it means: group information is a complete list, not ``first item found'' like a user account. You have told the system to check for group information in files and ldap. You have, therefore, not succeeded in listing all groups until you have both searched the files *and* received a response from nss_ldap, either group information or NSS_STATUS_NOTFOUND. It looks as though you can instruct nss_ldap to unconditionally return NSS_STATUS_NOTFOUND for a user, by adding nss_initgroups_ignoreusers user in nss_ldap.conf. I'd be interested to hear whether it works, having not tested it myself, but at the moment you're banging your head against the wall and shouting about how much it hurts. It will hurt less if you stop. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nss_ldap and openldap on the same server.
On Tuesday 13 March 2007 14:21, Gerhard Schmidt wrote: On Tue, Mar 13, 2007 at 11:13:00AM +0200, Jonathan McKeown wrote: On Tuesday 13 March 2007 10:26, Gerhard Schmidt wrote: [setting group: files ldap in nsswitch.conf] It looks as though you can instruct nss_ldap to unconditionally return NSS_STATUS_NOTFOUND for a user, by adding nss_initgroups_ignoreusers user in nss_ldap.conf. It's not. added nss_initgroups_ignoreusers ldap but it still blockes for 2 Min. I have found a solution that work for me. The problem is not that nsswitch asks nss_ldap but that nss_ldap take so long to realise the ldap isn't running. I have changed the bind_policy setting of nss_ldap from hard to soft and nss_ldap fails without delay. So it's working for me for now. But still there is a problem with that. Right now there is no way we could prevent any source from adding users to any group (e.g wheel). I think thats a security problem in envoriments where you don't have control over all sources used for authentication und usermanagement. If there was a way you could tell the nss to stop wenn a group definition is found in a module we had a way to stop this. That shouldn't be the default way but it schould be possible. Basically you're saying you want to take the first list of groups you find in the same way that you can take the first username you find: and with respect, you seem to be finding increasingly strident reasons why things should be the way you want them. You're still banging your head against the wall. It's easy to ``prevent any source from adding users to any group'': just don't give the whole world write access to your groups database - whether it's in the system files, NIS, LDAP, or on tablets of stone on a small hill in your server room. If you don't want to look up group information in LDAP, don't put ldap in the group line in nsswitch.conf. If you do, secure it properly and accept that it will always do an LDAP lookup, because group information is additive - unlike user information which has to be unique. Accept, too, that if you only have a single LDAP server, there will be a bootstrap problem reading the groups list for the ldap user to start up the LDAP server: but the only cost of this is an extra two minutes or so on each boot, which you seem to have solved in any case. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
puc and uart as modules with FreeBSD6.2-REL
I have a two-port PCI serial card. I'm running FreeBSD 6.2-RELEASE on i386 and trying to get the card working using kernel modules puc and uart (after much Googling this seems like a viable option). With the GENERIC kernel, the boot process recognises my card as simple comms, UART but can't find the driver for it. When I kldload puc, the card is recognised as NetMos NM9835: puc0: NetMos NM9835 Dual UART and 1284 Printer port port 0x6c00-0x6c07,0x7000-0x7007,0x7400-0x7407,0x7800-0x7807,0x7c00-0x7c07,0x8000-0x800f irq 12 at device 11.0 on pci0 but when I kldload uart, whether before or after puc, I don't see any new devices appear, nor do I get any dev.uart.* sysctls. Am I missing something obvious, or do I need to compile yet another custom kernel to get this card working? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mirror without destroying existing contents
On Friday 16 March 2007 21:48, Steve Franks wrote: On 3/16/07, John Nielsen [EMAIL PROTECTED] wrote: On Friday 16 March 2007 11:18, Steve Franks wrote: I get the following: #gmirror label -v -b split -s 1024 data ad0 can't store metadata on ad0: operation not permitted. That most likely means that you currently have a filesystem on ad0 mounted. If that's the case you should be glad that the OS was smarter than you. What steps had you taken prior to this? It appears to say in the manpage that you can do this on a disk with an existing filesys - would you expect it to work if the disk is unmounted first, then? The way to do this is potentially a little risky but I haven't had a problem with it yet after setting up several mirrors on live fileservers. There is a sysctl called kern.geom.debugflags: if you set this to 16 it will allow you to change the mounted filesystem. Bear in mind that since the metadata for the mirror is written to the last sector of the disk, there is a small risk of data loss: if that sector contains data it will be overwritten. There's a thorough howto by Ralph Engelschall, and an OnLamp article by Dru Lavigne, with more details: http://people.freebsd.org/~rse/mirror/ http://www.onlamp.com/pub/a/bsd/2005/11/10/FreeBSD_Basics.html Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: puc and uart as modules with FreeBSD6.2-REL
On Sunday 18 March 2007 08:32, Brian A. Seklecki wrote: [Jonathan wanted to use puc(4) and uart(4) as kernel modules to get a PCI 2-port serial card working] Am I missing something obvious, or do I need to compile yet another custom kernel to get this card working? The man page I see says that you need sio(4) as well. iso* at puc? port ? Or in the fbsd case, the iso module or option in the kernel. sio(4) is part of the generic kernel. It doesn't appear to have puc/sio compiled in - I did find a reference to this problem and the solution suggested was that puc(4) and sio(4) had to be either both compiled in or both loaded as modules - since either involves a new custom kernel, which I'm trying to avoid as I prefer to run as few different kernels as possible, this solution is not ideal. I did see some suggestion that puc had been modified to register itself with uart(4) if it failed to do so with sio(4) - this may have been on 7-current, and I don't know whether it has been MFC'd to 6.2. kldstat -v -n uart gives me: Id Refs AddressSize Name 41 0xc2568000 b000 uart.ko Contains modules: Id Name 377 acpi/uart 378 isa/uart 379 pccard/uart 380 cardbus/uart 381 pci/uart 382 puc/uart and man uart tells me: The primary support for devices that con- tain multiple serial interfaces or that contain other functionality besides one or more serial interfaces is provided by the puc(4) device driver. However, the serial interfaces of those devices that are managed by the puc(4) driver are controlled by the uart driver. If this is the case, how can I get the ports on my card recognised by the uart(4) driver? Or am I going about this wrongly? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems with burncd - cannot mount result on unix or windows
On Thursday 22 March 2007 23:42, Jerry McAllister wrote: On Thu, Mar 22, 2007 at 12:31:32PM -0700, UCTC Sysadmin wrote: [broken CDs under burncd] The main thing I did was take out the '-s max' speed parameter Just as a further point of reference, I also found that -s max caused the DVD+RW drive in my laptop (6.1), and the CD writer in my desktop PC at home (5.4), to make shiny coasters. Setting an actual speed worked fine, except for a further odd problem on the DVD+RW laptop drive. burncd data image.iso works fine, but burncd data image.iso fixate causes an I/O error at the fixate stage - exactly as though the drive (or utiliy, or OS) has memorised the fact that the drive contains a blank CD and continues to treat it as empty media even after writing to it. In the end the only way I found to close off a disc and write a ToC is: burncd data image.iso take CD out and put it back in burncd fixate Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
passwd(1) and LDAP (was Re: FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto?)
On Friday 28 September 2007 16:29, Brian A. Seklecki wrote: FreeBSD 5.x and 6.x work fine with both PAM and NSS - LDAP w/ TLS (PKI). All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP, interactive shell, SFTP, etc.) can be tied into LDAP either directly or via PAM. As for password change, I don't know if anyone has a passwd(1) binary that properly changes the LDAP password attribute -- if there is and its out there, it requires ACL insanity. The passwd(1) program was rewritten some time ago to use PAM, but a test was left in which prevents it doing so. I have asked, both on this list and on freebsd-hackers in the last few weeks, whether there is any reason other than historical to leave this test in, and been deafened by the silence. There are a couple of PRs either open or suspended regarding this issue. I diked out the whole switch statement and replaced it with a single printf, and it works for changing LDAP passwords. I haven't thoroughly tested to see if it causes any other problems. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: usb serial convertor
On Monday 01 October 2007 03:41, The Longs wrote: I'm trying to get Gregs temperature controlled fridge to work, but the catch is that the laptop I'm using doesn't have a serial port. I'm hoping I can use a usb to serial convertor and tell the program to look at the usb port for the temperature probes, but I am lost as to how to do this. A supported USB-to-serial converter will appear as a serial port. For example I use a Bafo BF-810 converter which is driven by uplcom(4), and in turn ucom(4) which presents /dev/cuaU0 and /dev/ttyU0. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: passwd(1) and LDAP (was Re: FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto?)
On Monday 01 October 2007 20:29, Brian A. Seklecki wrote: On Mon, 1 Oct 2007, Jonathan McKeown wrote: The passwd(1) program was rewritten some time ago to use PAM, but a test was left in which prevents it doing so. I have asked, both on this list and on freebsd-hackers in the last few weeks, whether there is any reason other than historical to leave this test in, and been deafened by the silence. There are a couple of PRs either open or suspended regarding this issue. I diked out the whole switch statement and replaced it with a single printf, and it works for changing LDAP passwords. I haven't thoroughly tested to see if it causes any other problems. Does it log in as the LDAP user or the PAM super-user to do the attribute change? I'll check out the source...but that's great news. ~BAS From what I remember you have to add some additional configuration in the pam_ldap config file - pam_password exop seems to ring a bell - which tells pam_ldap to use the RFC3062 Password Modify extended operation. I think it does it as the user who owns the password so you need something like access to attrs=userPassword by self write by * auth in slapd.conf. I was actually fiddling with this to try and get pam_pGINA working: if anyone has had any joy with that I'd be interested to hear about it. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Separating Mail from Security Output and Daily Run Output
On Friday 19 October 2007 03:24, Michael K. Smith - Adhost wrote: Hello All: Is there a way on the server side to have the output from the Security Run and the Daily Run to go to separate email addresses? We have a gihugic number of servers sending everything to a single address and I'd like to be able to parse out the Security reports by from address rather than using other, less reliable filters in my various email clients. Set daily_output=daily_user daily_status_security_output=security_user in /etc/periodic.conf (replacing daily_user and security_user with the respective email addresses). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tar Ignoring out-of-order file What Does that Mean?
On Tuesday 30 October 2007 16:02, Martin McCormick wrote: I need to modify the first installation image for a headless installation of Freebsd6.2. The file in question is: 6.2-RELEASE-i386-disc1.iso Thanks to a helpful member of the list [that was me - I'm glad I was of some help] I found out that tar works on unpacking these images and it mostly does on this one, but there is a complaint I get from tar that I haven't found on other images. If I do a tar tvf 6.2-RELEASE-i386-disc1.iso Here is what happens while looking at the contents list: 0 44232 Jan 12 2007 RELNOTES.HTM lr-xr-xr-x 1 0 0 0 Jan 12 2007 stand - /rescue lr-xr-xr-x 1 0 0 0 Jan 12 2007 sys - usr/src/systar: Ignoring out-of-order file -r--r--r-- 1 0 0 22916 Jan 12 2007 RELNOTES.TXT I haven't taken any steps at all to verify this, but just looking at the error message it would appear that it's ignoring sys, which is a symlink to usr/src/sys. I wonder if it's encountering sys, trying to create the soft link and finding that usr/src/sys doesn't exist to be linked to because it hasn't been unpacked yet? That may be the meaning of the message about an out-of-order file. It appears that the entire image unpacks except for the ignored file. If one tries the extraction with tar xf 6.2-RELEASE-i386-disc1.iso The complaint about the out-of-order file is the only indication that anything is wrong. If it is indeed sys that's not being created, it's a symlink to a directory rather than a file or link to a file. If the root of the CD doesn't contain a directory called sys which softlinks to usr/src/sys, it should be possible to correct the error by doing ln -s usr/src/sys sys in the root of the unpacked CD filesystem. In looking at the man page for tar, nothing jumps out at me as to how to end up with the proper file structure that mkisofs can put back in to an image to put on a CDROM. My thanks for any suggestions as I may be needing to do one of these installs in a day or so and it would be nice to know that all the image is there. I may have missed your deadline in that case - sorry, I've been on holiday. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: shell programming
On Friday 09 November 2007 20:02, Eric Crist wrote: On Nov 9, 2007, at 11:46 AM, Bill Banks wrote: I'm writing a backup script. I need to get the day of the week into a variable. How can I do it? Well, it depends on what you're using. If you're using sh, see `man date`. If you're using perl, it's quite complicated. Not really: use POSIX 'strftime'; my $day_of_week = strftime '%A', localtime; POSIX has always been a core module. To see this in action from a commandline, perl -MPOSIX=strftime -le 'print strftime q/%A/, localtime' Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ports with GUI configs
On Monday 12 November 2007 17:48, Erik Trulsson wrote: On Mon, Nov 12, 2007 at 03:26:00PM +, Ashley Moran wrote: I've lost count of the number of times I've come back to a big install to find it hanging on a config screen. Possibly I'm missing something. [snip] What is the best way to pre-configure GUI-configured ports? For example, if I want to script an installation of several ports. 'make config-recursive' to pop up all the config-dialogs before you start building[...] I discovered this recently. My big irritation, having decent bandwidth at work and a dialup at home, was fetching ``all'' the required sources for an overnight build on my laptop, finding in the morning that a dialog had popped up during the night and stopped the build, selecting a non-standard option and restarting only to find that it brought in a bunch more dependencies - over my phone line. I now run make config-recursive repeatedly until dialogs stop appearing, then fetch, then build. This recently cut down a build of X.org and KDE from a week (wall time) to less than 24 hours - from memory I ran make config-recursive three or four times on x11/kde3 alone. (Oh, I also got ADSL which helped with the downloads). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
apache port knobs - WITH_APACHE2 deprecated?
This is (I hope) a quick and easy question. I want to ensure that any ports which depend on Apache will depend on 2.0 rather than try to bring in 1.3. I used to do this by putting WITH_APACHE2 in /etc/make.conf. bsd.apache.mk says WITH_APACHE2 is deprecated. What is it deprecated in favour of, or is that a secret? (Sorry for the snarky tone but I've spent most of today trying to find a clear answer). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apache port knobs - WITH_APACHE2 deprecated?
On Thursday 15 November 2007 19:39, Philip M. Gollucci wrote: Jonathan McKeown wrote: This is (I hope) a quick and easy question. I want to ensure that any ports which depend on Apache will depend on 2.0 rather than try to bring in 1.3. I used to do this by putting WITH_APACHE2 in /etc/make.conf. bsd.apache.mk says WITH_APACHE2 is deprecated. $ grep apache /etc/make.conf APACHE_PORT=www/apache22 Thanks. I wondered about that while looking through bsd.apache.mk but wasn't confident enough (nor did I have enough spare time) to experiment. I must offer a patch to the makefile/documentation. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ports with GUI configs
On Saturday 17 November 2007 02:06, Chad Perrin wrote: On Fri, Nov 16, 2007 at 02:11:57PM -0500, Chuck Robey wrote: prominently display the actual meaning of the word being set. The only reason to make the list binary is to force everyone to use the (basically database technology) tool to manipulate the keywords, thus stopping folks from misconstruing the meanings. That's my only reason for that, and there are certainly other ways to go about it, so as long as whatever is suggested requires folks to see the commonly accepted definition when they set the list, I don't care how it's done. The list could as easily be encrypted, I guess, that would also cause the same work flow, in somewhat the same reasoning as we use for forcing folks to use vipw to change the pasword list. I haven't read the discussion on -ports, but I hope the rest of your (Chuck Robey's) arguments are better founded than this one. No-one forces anyone to use vipw(8). You can, for example, edit /etc/master.passwd or a copy of it with any editor you like, and then run pwd_mkdb(8) to install your changes. vipw just gives you file locking (plus sanity checks and an automatic call to pwd_mkdb). I think forcing anyone to anything is a *bad idea*. Period. You're talking about placing arbitrary limits on what the user can see if he or she wants to understand what's going on under the hood. With that kind of treatment, I would never have learned as much about FreeBSD as I know as quickly as I did. I agree. I, for one, would probably refuse to use such a system once I learned enough about the basics to want to know what it's doing. The moment I figured out it was designed specifically to obscure some aspect of its operation from the user, I'd look for something else to use instead. There are very good reasons for this -- reasons like security, curiosity, and just plain good manners. Please consider that we'll get another chance to argue this out when I have the software ready, so we don't need to settle it now. I don't want this to continue to pollute the -questions list. I'm not at all sure what problem you're trying to solve here. If I know I need to change the defaults on a port, I generally know why and what the implications are; if I don't, the defaults are generally what I need anyway. As far as I can see, you want to remove a deal of flexibility from the ports system, in favour of introducing a compulsory scheme of configuration hints. You say you want to move ports configuration from port install time to system compile time - which in itself is, in my view, an unrealistic objective: it will break the first time a new port has an option which can't be determined on the basis of an existing keyword. Not only that, but it means that as soon as I install a single port (Perl, for example), I would have to run the complete ports-tree configuration routine. I'm sorry to leap on board and prolong the agony at this late stage, but I wanted to add another datum point, particularly given the rather dismissive I personally felt we'd sufficiently discussed this to death, but now there's 2 different folks who want to tear it apart some more. If you're bored of this, tell me, and I will drag these folks either into private discussions, or maybe onto the ports list. Tell me if you've heard enough of this . Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: One Laptop Per Child
[Ted Mittelstaedt's words, heavily edited for brevity. Ted, please shout if I haven't caught the sense of what you're saying] Well, I know it's been a week since this came up but I'll toss in my $0.02 here. I've been against this project since I heard about it. Fortunately, it appears to be failing. IMHO what these kids need are connections to the Internet and the knowledge store on the Internet, not a laptop. What a laptop that isn't networked to the Internet is going to do to help them I cannot guess. The idea of this project seems to have been to just dump a lot of laptops into these kids hands and trust that the network fairies will magically fly out and connect all of them to something they can use. The other problem of course is that laptops are more fragile than a desktop that is fixed, and very subject to theft, much more than a desktop. I suppose they figure ... the kid will be able to come up with the $10-$20 monthly equivalent to keep the internet connection to the thing going? Assuming they even have a phone at all? As I understand it, the OLPC project has produced an extremely robust laptop which can be human-powered. A group of these laptops will automatically form a wireless mesh network and make use, collectively, of any Internet connectivity that's available to any one of them. In sub-Saharan Africa, that may well be through cellular data. (Satellite is available too, but a lot more expensive). Look at http://www.digitaldividend.org/case/case_vodacom.htm to see a social project by a cellular provider in South Africa which is putting telephone access within reach (both geographically and financially) of traditional rural communities. Note the statistic that Vodacom's cellular network covers 93% of South Africa's population. Note also that this is being done, not as a free handout, but by creating a (slightly subsidised) business opportunity for local people, which is being seized with both hands. People don't need to be handed everything on a plate. Now consider what a community can do when it can pool the cost of Internet connectivity - or what a force multiplier this is for government, non-governmental or even business intervention: this potentially reduces the problem of providing decent bandwidth to every farm and hut in rural Africa (or any other developing area) to a much simpler matter of wiring a few central points and letting the mesh networks take over the distribution. It would have been better to try creating a project that would produce a turnkey Internet network deployment that would be able to be dropped into any school anywhere, even if such a school consisted of a hut in the middle of a desert with a hole out back as the bathroom, no electricity, no running water, no telephone lines within 100 miles. As far as I can see, the only bit of this equation OLPC isn't achieving is providing the Internet connectivity - and to be honest, I think that bit has to depend on local circumstances anyway. I think it deserves to succeed. Jonathan (a sysadmin in urban South Africa) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7/OpenLDAP: Howto change passwords
On Monday 26 November 2007 17:11, O. Hartmann wrote: Hello, trying to change passwords on a client machine for a LDAP authenticated user always fails due to the original passwd() command is not capable of changing passwords remotely. Their is a suggested patch, but is there an official way to do? Hi Oliver I've asked this question several times, here and on -hackers, with no very helpful response. I checked for PRs and several have been filed at various times and are in various different states. As far as I can tell, the changes necessary to make passwd(1) work with the PAM infrastructure were made some years ago, but were diked out by a switch statement which appears to prevent a change to anything but /etc/passwd or NIS/YP. This switch relies on a set of constants which are themselves commented in the source as being ``bogus''. The answer to our question may well be something like ``historical reasons'' or ``Principle of Least Astonishment'', but please, someone... Is there a sound reason not to remove this guard statement and allow passwd(1) to change passwords in accordance with a PAM policy, as it is coded to do? I've already offered to submit a patch if necessary: it hardly even needs a knowledge of C to fix this one - simply remove a switch statement and replace it with a simple printf. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: looking for online text editor
On Tuesday 04 December 2007 22:14, David Banning wrote: running the java filemanager - same goes for attempting to run mindterm-ssh. Is there some plain text editor program out there that will allow me to simply login and edit my files in plain text - (not a gui html editor) ? I use putty to ssh to remote servers and use vi to edit files once logged in to the server. But putty has be installed on the machine you are working on, right? Not necessarily. When you go to the download site for putty and click on the .exe (http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe), Windows will ask you whether you want to download the program or run it. Tell Windows to run it. It may give you the odd warning but eventually it should start up a putty window. (It's possible even this can be locked down tight on a Windows box - but usually it isn't blocked). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where is the next uid from adduser pulled from?
On Wednesday 12 December 2007 20:04, Andrew Pantyukhin wrote: On Wed, Dec 12, 2007 at 12:00:06PM -0500, Francisco Reyes wrote: I have scripts to add new users. However, after that any port that installs a user creates it with a UID after the ones I made. For example I want all employees to have uids starting at 5000, but I would like too port installed uids to be 2000 and up. After I add some users (ie say last user is 5008), the next port that installs a user and doesn't specify uid.. then will get 5009. Tried looking for the adduser program, but could not find adduser.c It's pw(8) that selects default uids and it just takes the last one (numerically) and uses the next one. Create a placeholder user with uid 5000 and let ports use uids 5000+, but when creating new users, specify uids manually (both pw and adduser allow that). Alternatively, create/edit /etc/pw.conf including minuid 2000 maxuid 4999 reuseuids yes This will cause automatic uses of pw(8) (such as port installations) to use uids between 2000 and 4999, and to ``fill in the gaps''. When adding a user by hand, use pw -C /dev/null to tell pw to ignore pw.conf(5) and get the default behaviour (which is to use the uid one higher than the highest ever used). adduser(8) should just DTRT, but you can make sure by adding to the flags -u uid_start which will use the next available uid after uid_start (which it identifies by testing each uid in turn for existence, not by just using pw usernext). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BIND9 won't start
On Monday 24 December 2007 02:15, Jonathan Horne wrote: otherwise, there is always 'forcestart' intead of 'start'. and Darren Spruell wrote: You can get around the need to activate the variable by prefixing your commands with the 'force' keyword (e.g. /etc/rc.d/named forcestart, etc.) To start a service which isn't enabled in rc.conf, it's better to use onestart From the rc.subr(8) manpage: force Skip the checks for rcvar being set to ``YES'', and sets rc_force=YES. This ignores argument_precmd returning non-zero, and ignores any of the required_* tests failing, and always returns a zero exit status. oneSkip the checks for rcvar being set to ``YES'', but performs all the other prerequisite tests. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: curious root find running
On Friday 17 August 2007 13:34, Derek Ragona wrote: At 05:19 AM 8/17/2007, brad clawsie wrote: hi while sitting at my computer tonight i noticed a great deal of disk activity. i found that this process was running: $ ps -auxwww 1463 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 1463 4.3 0.1 1876 1404 ?? D 3:01AM 0:07.26 find /usr -xdev -type f ( -perm -u+x -or -perm -g+x -or -perm -o+x ) ( -perm -u+s -or -perm -g+s ) -print0 any idea why this is running? is it part of a sanctioned background process? Check your cron jobs. It is likely part of a rebuild of the locate database. I don't want to be rude, and this just happens to be the message I'm responding to with a more general gripe, but there does seem to be quite a lot of guessing in answers on this list over the last few days, which isn't perhaps as helpful as it's intended to be. This is nothing to do with locate(1) - it's a find command looking in /usr for executable files (the first set of parens) which have the suid or sgid bits set (the second set of params). It's part of the daily security check carried out by periodic(8), as unexpected suid/sgid executables can be security holes. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: curious root find running
On Friday 17 August 2007 15:34, Derek Ragona wrote: At 06:59 AM 8/17/2007, Jonathan McKeown wrote: On Friday 17 August 2007 13:34, Derek Ragona wrote: At 05:19 AM 8/17/2007, brad clawsie wrote: hi while sitting at my computer tonight i noticed a great deal of disk activity. i found that this process was running: $ ps -auxwww 1463 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 1463 4.3 0.1 1876 1404 ?? D 3:01AM 0:07.26 find /usr -xdev -type f ( -perm -u+x -or -perm -g+x -or -perm -o+x ) ( -perm -u+s -or -perm -g+s ) -print0 any idea why this is running? is it part of a sanctioned background process? Check your cron jobs. It is likely part of a rebuild of the locate database. I don't want to be rude, and this just happens to be the message I'm responding to with a more general gripe, but there does seem to be quite a lot of guessing in answers on this list over the last few days, which isn't perhaps as helpful as it's intended to be. This is nothing to do with locate(1) - it's a find command looking in /usr for executable files (the first set of parens) which have the suid or sgid bits set (the second set of params). It's part of the daily security check carried out by periodic(8), as unexpected suid/sgid executables can be security holes. I hate to be an I told you so but if you look in the script that rebuilds the locate database: /usr/libexec/locate.updatedb You will see a number of find commands. In reality, you'd need to do: ps -al and follow the PID and PPID to determine what is running this find command. There has been some discussion off-list, but just for the archives, the find command in question is indeed part of the daily checks by periodic(8). Off-topic, on the subject of replies helpful or otherwise (I tried to be polite originally - I'm not trying as hard now): The original poster had a reasonable question, and got two correct answers, from Hugo Silva (who said ``man periodic'') and me. He also got one wrong answer from Derek Ragona, who then replied to one of the correct answers with the above I told you so, although in fact, looking at /usr/libexec/locate.updatedb as suggested would have made it immediately clear that this was the wrong answer (the command flags listed for the find command in the output of ps don't appear on any of the find commands in that script), and looking at /etc/crontab to check cronjobs (as originally suggested) around the start time of the command as listed in the OP's output (3:01am) would have suggested periodic daily (run at 0300 daily) as the culprit. grep -r find /etc/periodic/* would have shown one find command using the -xdev flag, in /etc/periodic/security/100.chksetuid which indeed turns out to invoke find with all the flags of the OP's mystery command. People come to this list for help: I know, because I'm often one of them. It would have taken a few seconds to verify the answer to this question rather than guess (the use of /likely/ in ``It is likely part of a rebuild'' is what made me suspect this was a guess), and certainly less time than it took to type a follow-up to a correct answer putting the OP back on the wrong track. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
passwd(1), pam_ldap and old PRs
I asked this on -hackers@ several weeks ago and the silence was deafening - what I have heard referred to as Warnock's Dilemma. I'm experimenting with OpenLDAP, pam_ldap, and pgina with the PAM plugin on Windows clients, for central authentication in a mixed network. passwd(1) won't allow me to change a password other than local or NIS. There are two relevant PRs, one open (bin/71290)and one suspended (bin/59638). Looking at the source, it appears passwd.c has been rewritten (some years since) to use the PAM infrastructure for password changes. This goes most of the way to addressing bin/59638. However, there is a switch statement at lines 112-126 of /usr/src/usr.bin/passwd/passwd.c (on 6.2-RELEASE) which prevents it from working except for files and nis, using constants defined in pwd.h and commented there as being ``bogus''. bin/71290 includes a patch which would fix this (although I do think it would be a shame to lose the comment about green men). Is there any reason other than historical that this PR and patch is being ignored and the old behaviour is being preserved? What would be the drawback to removing the switch statement as proposed, and allowing passwd(1) to change the user's password using PAM, wherever it might be stored? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: questions on setting up a mail server
On Wednesday 05 September 2007 06:25, Ted Mittelstaedt wrote: [Jim Stapleton] I figured I'd try cyrus, I remember hearing that one is a good mail server. But I'm new to the mail server thing, and I'm not even sure where to look for some of this stuff if anyone can help. Also, I plan on just doing POP3, and only allowing secure connections - if anyone can reccomend a good, simple server for that, that they think is better than Cyrus, I won't object. My main question is on authentication. I was looking at authentication types in kmail to get an idea of what I can use, and I found: Clear text LOGIN PLAIN CRAM-MD5 Digest-MD5 NTLM GSSAPI APOP I know clear text is not what I want - if I remember, that's unencrypted. Does TLS/SSL make this a non-issue? What about the other methdods? Much of this depends on the mail clients that your going to be hitting the server with. The first group does encryption of the password only. Not sure what's meant by ``the first group'' here. The TLS/SSL stuff does encryption of everything - password, mail contents, etc. The TLS stuff requires you put a SSL cert into the client. Most people, not wanting to pay Verisign for this, make their own self-signed certs. There is a large amount of arcane magic to do this, and to get it accepted into Windows, so that an Outlook client will do SSL. This isn't true, in my experience. The first group is a different story. If you want to get Outlook to work with that, you can only use NTLM. This is also not true, in my experience. The honest to god truth of the matter is that encrypting your POP3 and SMTP auth passwords is difficult to do on a large scale no matter what road you pick to do it, so there is really not a lot of point to doing it unless your in a rather limited environment. I'm not sure I would agree with this statement either. I've just recently moved a network of 100 users scattered all over South Africa, about half of whom are highly mobile and using multiple forms of connectivity (6 office LANS, an OpenVPN, ADSL and cellular datacards), to an encrypted/authenticated email system. I'm using sendmail and cyrus. I set up a certificate authority (not hard - there are plenty of howtos all over the 'web) and gave the SMTP and IMAP/POP servers their own certificates. All the authentication options you mention after plain text (which is the standard method built in to the protocol) require Cyrus SASL. This isn't as scary to set up as the docs make it sound. PLAIN and LOGIN can both use your existing user passwords (which is what I do). GSSAPI requires Kerberos, and the digest methods (the -MD5 ones) need a separate file of passwords held in plain text - the sasldb. Of the passwd-based methods, PLAIN is the preferred protocol according to the docs and RFCs - LOGIN is the one Microsoft uses (go figure). I've configured sendmail and cyrus to use SASL, offering LOGIN and PLAIN, and to use TLS. sendmail uses STARTTLS on the submission port (587), and cyrus imapd/popd uses STARTTLS on imap and pop3 (143 and 110), plus SSL/TLS on pop3s (995). They are both configured not to offer LOGIN or PLAIN (or plain text login) without a TLS layer in place. Clients are kmail (me), Outlook 2003 (everyone else), and a webmail system using Squirrelmail with up-imapproxy (which is a caching proxy, and also does the STARTTLS stuff for Squirrelmail because Squirrelmail can't). Outlook 2003 uses LOGIN for authentication, and won't do STARTTLS on a pop3 connection (which is where you connect in clear and negotiate encryption, as opposed to connecting to pop3s which is encrypted from the start). The Outlook clients are configured to require authentication for SMTP using the same settings as POP, and to require encryption on both POP and SMTP, with ports 587 for SMTP and 995 for POP. The first time someone collects email with Outlook, they get a warning that the certificate isn't trusted, but also the option to install it. Half a dozen clicks later the certificate is in place. Granted, if you have clients using older versions of Outlook or dozens of different email clients, you may have issues finding working combinations of TLS/STARTTLS/port numbers and authentication methods, but by and large it's just putting a few slightly scary-sounding pieces together on the server - all of which are either in the base system (sendmail: most of the objections to sendmail haven't had any basis in reality for several years. It's now as easy to configure as Postfix, IMHO, and hooking Mimedefang in as a milter gives you the ability to reject a lot of junk during the connection rather than after the fact) or easily added from ports. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: questions on setting up a mail server
On Wednesday 05 September 2007 12:46, Jim Stapleton wrote: All the authentication options you mention after plain text (which is the standard method built in to the protocol) require Cyrus SASL. This isn't as scary to set up as the docs make it sound. PLAIN and LOGIN can both use your existing user passwords (which is what I do). GSSAPI requires Kerberos, and the digest methods (the -MD5 ones) need a separate file of passwords held in plain text - the sasldb. Of the passwd-based methods, PLAIN is the preferred protocol according to the docs and RFCs - LOGIN is the one Microsoft uses (go figure). Thanks, that's almost all of what I needed there. You insinuated (but I don't think explicitly stated) that LOGIN is in fact encrypted in some form? No, it's just obfuscated. Both PLAIN and LOGIN send the username and password base64-encoded, which doesn't provide any security - it just protects the mailserver from funny characters in passwords. The only difference between PLAIN and LOGIN is that PLAIN combines the username and password into a single string and sends that, whereas LOGIN waits for a prompt, sends the username, waits for another prompt and sends the password. If you enable the option to prevent plaintext methods except under a security layer, both methods will be disabled. If you do decide to use cyrus, there's a useful tool called imtest which connects to the server, negotiates a TLS connection and lets you type IMAP commands at it. You can see the actual exchange of authentication details, and you can use openssl base64 -d to decode the base64 string to see what's sent (man enc for details). You can also test a secured connection using openssl s_client, which has an option for doing STARTTLS against smtp and pop3 servers (man s_client for details). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: questions on setting up a mail server
I've edited ruthlessly to reduce the length of this message. On Wednesday 05 September 2007 11:07, you wrote: My main question is on authentication. I was looking at authentication types in kmail to get an idea of what I can use, and I found: [list of SASL methods plus question what to use] Much of this depends on the mail clients that your going to be hitting the server with. The first group does encryption of the password only. Not sure what's meant by ``the first group'' here. CRAM-MD5, Digest-MD5, NTLM, GSSAPI, and APOP are associated with password encryption on SMTP auth and POP3 as you well know, so please do not try to be deliberately stupid to make a point. Just make your point and get on with it. Most people won't understand anyway. I wasn't trying to be stupid: I saw a single list of SASL authc methods and wasn't sure where you had drawn the line to divide them into two groups. [...certificates] There is a large amount of arcane magic to do this, and to get it accepted into Windows, so that an Outlook client will do SSL. This isn't true, in my experience. Your experience is limited then. Yes, it is: but with Windows 2000/XP and Outlook 2003, it's not magic. In fact I was pleasantly surprised how easy it was. Sure it is simple - when ALL clients are running the same version of Windows, IE, and Outlook. Perhaps true in a small network. Very not true in a large network. I'll bow to your experience on that. All I can say is that my own view is that the bigger the network, the more important it is to get software standardised across the organisation to reduce your support costs, and the cheaper it is to do through volume licensing. We're a small, donor-funded, African NGO, and we have two versions of Windows (2000 and XP) and one version of Office (2003). We will use Microsoft's down-licensing provision to stick with what we have until we're ready to upgrade everyone. Everyone supports LOGIN and PLAIN. (at least I never met a mail program that didn't - perhaps there is one) But, you cannot get password encryption with Outlook Express unless you do NTLM. It supports nothing else, except for SSL which is encryption of the entire channel. If you know of a way to get OE to support CRAM-MD5 then do tell. No, Outlook 2003 doesn't support PLAIN - at least I couldn't get it to. That's why I enabled LOGIN. It's true that NTLM is the only encrypted password protocol supported by Microsoft - that's why I'm using an encryption layer with cleartext authentication. The honest to god truth of the matter is that encrypting your POP3 and SMTP auth passwords is difficult to do on a large scale no matter what road you pick to do it, so there is really not a lot of point to doing it unless your in a rather limited environment. I'm not sure I would agree with this statement either. I perhaps should have explained this more. Encryption of e-mail is absolutely pointless unless done from [end to end] It is only useful for protecting passwords from wire sniffing. True up to a point. It can also offer integrity - an assurance that the message is from the authenticated identity. Although that assurance is only valid at the first server (the MSA), that may be enough to prevent injection of a variety of kinds of junk with forged sender information. But in most cases, the wire isn't sniffable. Given that, certainly in my case, the ``wire'' may be cellular, radio, satellite, wireless LAN, or a government, academic or hotel/airport network providing temporary connectivity, I can't say that with confidence. password sniffing only becomes a concern when you have road warriors who are NOT connecting into the mailserver via a VPN Again true - but now you're talking about another method of protecting passwords, and another technology to master. In practice, even though I run a VPN as well, I still use TLS at the individual service level to protect passwords ``in flight''. And even if you have valid concerns on password sniffing well that's simple enough to address - don't be an idiot and use the same user name and password for your e-mail clients as you use for your network and windows logins. I would dispute that this is idiotic. You do need to protect the password much more carefully, but there are advantages to having a single password, easily changed by the user and easily cancelled when the user leaves. [certificate authority not hard] I didn't say doing that was hard. The problem is that the entire SSL picture is hard for a newbie. [...] It's only after digging for a long while will they come across some pointers that will shed the light. That's certainly true. The longest part of the design, implementation and rollout of our new mail system was finding all the bits and pieces and working out how to put them together. [of SASL authc methods] Of the passwd-based methods, PLAIN is the
(off-topic) Outlook 2003 msgids causing odd email problems
I'm raising this here in case anyone else has either seen this problem and has any thoughts, or alternatively has experienced the fallout and is wondering why. Over the last few weeks I've had complaints that email messages are going astray. This has happened in Cyrus imapd on delivery, and in Mailman, where archiving of posts is sometimes broken. After much scratching of head and tearing of hair, I have finally found two provable instances - one in Cyrus and one in Mailman - of replies to messages being sent using Microsoft Outlook Service Pack 2, where Outlook has given the reply the same message-id as the message it is replying to - in flat violation of RFC{2}822. (In one case the original message, the read-receipt automatically generated by Outlook, the reply, and the forward of the reply sent when the reply didn't arrive, all had the same msg-id). As far as I can tell this behaviour was introduced by SP2; the Web says Outlook 2003 before that didn't add message-ids at all. I've now set duplicatesuppression no in imapd.conf which seems to be addressing the problem of lmtpd discarding the ``duplicate'' messages. Mailman is another issue. I haven't seen any discussion of this problem on the Web: has anyone else encountered it? Better yet, does anyone have a fix (on the Microsoft side)? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (off-topic) Outlook 2003 msgids causing odd email problems
Replying to myself, On Tuesday 11 September 2007 12:20, Jonathan McKeown wrote: After much scratching of head and tearing of hair, I have finally found two provable instances - one in Cyrus and one in Mailman - of replies to messages being sent using Microsoft Outlook Service Pack 2, where Outlook has given the reply the same message-id as the message it is replying to - in flat violation of RFC{2}822. (In one case the original message, the read-receipt automatically generated by Outlook, the reply, and the forward of the reply sent when the reply didn't arrive, all had the same msg-id). After further investigation, it appears that the message-id generated by Outlook 2003 has the originating host name on the RHS (after the @), unless the sending machine is a member of a Server 2003 AD domain in which case the domain name is used which increases the risk of a collision (especially if the LHS is copied!). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fbsd sendmail as MTA
On Thursday 13 September 2007 03:46, Jack Stone wrote: We're switching our MTA from postfix to sendmail on a purely mail relay server and all is running just fine except for one minor essential. Is there any way to have sendmail perform the same service as the recipient_bcc.map and sender_bcc.map on postfix? Those using postfix know this is used to send bcc of certain emails in order to monitor things like users who might want to know what their kids are up to. I've spent several days going through sendmail docs and trying other tools like procmail to make extra copies from the sender and/or the recip -- but, no joy. [Wild answer off the top of my head] I have a feeling that sendmail very specifically *doesn't* have an easy way to do this because the sendmail people regard it as an invasion of privacy (this may even be a FAQ). I can't instantly think of a way round it, but if I do I'll let you know. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Scripting question
On Thursday 13 September 2007 20:19, Kurt Buff wrote: On 9/13/07, Jerry McAllister [EMAIL PROTECTED] wrote: The only space is the one separating the SMTP address from the OK or NO. Then you should be able to tell it to sort on the first token in the string with white space as a separator and to eliminate duplicates. It has been a long time since I had need of sort. I don't remember the arguments/flags but am sure that type of thing can be done. You can use uniq if the file is already sorted (if not, put a sort at the start of the pipe) - after using awk to pick the first field: awk '{print $1}' inputfile | uniq -u Ya know, it's really easy to get wrapped around the axle on this stuff. I think I may have a better solution. The file I'm trying to massage has a predecessor - the non-unique lines are the result of a concatenation of two files. Silly me, it's better to 'grep -v' with the one file vs. the second rather than trying to merge, sort and further massage the result. The fix will be to use sed against the first file to remove the ' NO', thus providing a clean argument for grepping the other file. If it's two files and you want to select or reject common lines, look at comm(1) as another technique. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Scripting question
On Thursday 13 September 2007 20:35, Roland Smith wrote: On Thu, Sep 13, 2007 at 10:16:40AM -0700, Kurt Buff wrote: I'm trying to do some text file manipulation, and it's driving me nuts. [snip] I've looked at sort and uniq, and I've googled a fair bit but can't seem to find anything that would do this. I don't have the perl skills, though that would be ideal. Any help out there? #!/usr/bin/perl while () { # Assuming no whitespace in addresses; kill everything after the first # space s/ .*$//; # Store the name count in a hash $names{$_}++; } # Go over the hash while (($name,$count) = each(%names)) { if ($count == 1) { # print unique names. print $name, \n; } } Another approach in Perl would be: #!/usr/bin/perl my (%names, %dups); while () { my ($key) = split; $dups{$key} = 1 if $names{$key}; $names{$key} = 1; } delete @names{keys %dups}; # # keys %names is now an unordered list of only non-repeated elements # keys %dups is an unordered list of only repeated elements split splits on whitespace, returning a list of fields which can be assigned to a list of variables. Here we only want to capture the first field: split is more efficient for this than using a regex. The first occurrence of $key is in parens because it's actually a list of one variable name. We build two hashes, one, %name, keyed by the original names (this is the classic way to reduce duplicates to single occurrences, since the duplicated keys overwrite the originals), and one, %dup, whose keys are names already appearing in %names - the duplicated entries. Having done that we use a hash slice to delete from %names all the keys of %dups, which leaves the keys of %names holding all the entries which only appear once (and the keys of %dups all the duplicated entries if that's useful). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Scripting question
On Friday 14 September 2007 09:42, Steve Bertrand wrote: I don't have the perl skills, though that would be ideal. -- snip -- Another approach in Perl would be: #!/usr/bin/perl my (%names, %dups); while () { my ($key) = split; $dups{$key} = 1 if $names{$key}; $names{$key} = 1; } delete @names{keys %dups}; I don't know if this is completely relevant, but it appears as though it may help. Bob Showalter once advised me on the Perl Beginners list as such, quoted, but snipped for clarity: see perldoc -q duplicate If the array elements can be compared with string semantics (as you are doing here), the following will work: my @array = do { my %seen; grep !$seen{$_}++, @clean }; The problem with this is that it leaves you with one copy of each duplicated item: the requirement was to remove all copies of duplicated items and return only the non-repeated items. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 6.2 Headless Installs Don't Seem to Work.
Hi Martin I often use the serial console for installs just to save digging out a screen and keyboard - especially on servers which are going to run headless anyway. What I do whenever I download release ISOs is unpack the disc-1 image to disk (tar now does this, I believe), add the line console=comconsole to boot/loader.conf in the directory which is the root of the CD, and then make a new ISO and burn a new serial install CD. Booting from this CD switches to the serial console sometime after the boot loader but before the boot menu, from which you can drop back down to the boot loader if needed. I've used this method to do a successful remote install: a technician on site linked the serial ports of two boxes with a null-modem cable, put the serial boot CD in one of them, and I logged into the other over ssh and used tip to see the serial port. He powered up the spare box with the CD in it and I did the rest from 1000 miles away - which for some reason impresses the heck out of a Windows technician. HTH Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw fwd not working in 6.2-release
On Thursday 05 April 2007 15:42, Terry Todd wrote: On Tue, Apr 03, 2007 at 10:58:41AM -0500, Terry Todd wrote: I have tried to get ipfw fwd to work in 6.2-release but it always barfs. I have recompiled and installed a custom kernel with options IPFIREWALL_FORWARD [adding a fwd rule] ipfw: getsockopt(IP_FW_ADD): Invalid argument [snip] Anyone else see this behaviour? I tried this on a second machine and it does the same thing. ipfw: getsockopt(IP_FW_ADD): Invalid argument Could someone try running this on a 6.2-RELEASE system and tell me what you get: # ipfw add forward 127.0.0.1,3128 tcp from not me to any 80 in via [interface device] I'm seeing the same thing having just upgraded a working 6.0-RELEASE box. Since the only kernel option I had set on either version of the OS was IPFIREWALL_FORWARD, the system is loading ipfw.ko, ipdivert.ko and dummynet.ko automatically. Has the way ipfw.ko is built changed? Do we need to compile ipfw into the kernel to use ipfw fwd rules now? Or can I force ipfw.ko to be rebuilt with forwarding included? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw fwd not working in 6.2-release
On Thursday 05 April 2007 16:01, Jonathan McKeown wrote: On Thursday 05 April 2007 15:42, Terry Todd wrote: [ipfw not accepting fwd rules when kernel built with options IPFIREWALL_FORWARD and I agreed, saying] Has the way ipfw.ko is built changed? Do we need to compile ipfw into the kernel to use ipfw fwd rules now? Or can I force ipfw.ko to be rebuilt with forwarding included? I'm on my way home now, but a quick look at the source suggests that unless ipfw.ko is built with this option set, rule-based forwarding is disabled - and indeed this message appears in my boot messages. Presumably the option is not fed to the module during a buildkernel. I'm going to try building just that module with the option set. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: command to inentify the process that is listening in a port.
On Monday 09 April 2007 17:37, Martin Hudec wrote: Siju George wrote: How Do you actually Identify what process is listening on a TCP/IP port? nmap does not usually give the right answer. There should be some command that can be run on the local host for identification right? man lsof 5:35pm [amber] ~# lsof -i @localhost:123 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ntpd552 root 10u IPv4 0xc4c46000 0t0 UDP localhost:ntp Just out of interest, why do so many people recommend lsof, which is a port, when sockstat/fstat are in the base system and seem to cover the same ground? Am I missing something about lsof? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Proper list server? (was Re: Automatic means for spinning down disks available?)
On Wednesday 11 April 2007 05:12, L Goodwin wrote: For starters, how about getting this mail group on a proper list server? I'll gladly help if there is anything I can do other than get in the way... I normally try not to be rude, but... what on Earth are you talking about? What is it about a Mailman installation on a host within the freebsd.org domain that renders it less than proper? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw fwd not working in 6.2-release
[Reordered, freebsd-questions re-added] On Thursday 12 April 2007 20:58, Terry Todd wrote: On Thu, Apr 05, 2007 at 04:20:22PM +0200, Jonathan McKeown wrote: On Thursday 05 April 2007 16:01, Jonathan McKeown wrote: On Thursday 05 April 2007 15:42, Terry Todd wrote: [ipfw not accepting fwd rules when kernel built with options IPFIREWALL_FORWARD and I agreed, saying] Has the way ipfw.ko is built changed? Do we need to compile ipfw into the kernel to use ipfw fwd rules now? Or can I force ipfw.ko to be rebuilt with forwarding included? I'm on my way home now, but a quick look at the source suggests that unless ipfw.ko is built with this option set, rule-based forwarding is disabled - and indeed this message appears in my boot messages. Presumably the option is not fed to the module during a buildkernel. I'm going to try building just that module with the option set. Have you made any progress on this? Thanks, I must admit I gave up on rebuilding the module. My rationale for using ipfw.ko rather than options IPFIREWALL was to reduce the number of custom kernels I run (I have several servers throughout South Africa and in London, with a central build system). It dawned on me that if I'm using options IPFIREWALL_FORWARD I'm already building a custom kernel anyway, so I might as well add options IPFIREWALL as well. That worked. The alternative seems to be to edit the Makefile for ipfw - which I didn't want to do as I'm building multiple kernels for multiple machines on my build box. If you're building one kernel on the box it's going to be installed on, it looks to me as though the place to start is /sys/modules/ipfw/Makefile, which I'm quoting in its entirety as it's a short file: # $FreeBSD: src/sys/modules/ipfw/Makefile,v 1.21.2.2 2006/09/19 15:45:21 csjp Exp $ .PATH: ${.CURDIR}/../../netinet KMOD= ipfw SRCS= ip_fw2.c ip_fw_pfil.c SRCS+= opt_inet6.h opt_ipsec.h opt_mac.h CFLAGS+= -DIPFIREWALL # #If you want it verbose #CFLAGS+= -DIPFIREWALL_VERBOSE #CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100 # #If you want it to pass all packets by default #CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT # .if !defined(KERNBUILDDIR) .if !defined(NO_INET6) opt_inet6.h: echo #define INET6 1 ${.TARGET} .endif .endif .include bsd.kmod.mk It looks as though you would need to add CFLAGS += -DIPFIREWALL_FORWARD to build an ipfw.ko which supports forward rules. You can see quickly whether you have succeeded, as ipfw (built-in or loaded as module) puts a line into your boot messages which tells you whether ``rule-based forwarding'' is enabled or disabled. This may be more of a question for -hackers than -questions, but I'd be interested to know why modules ignore kernel options and whether there's any way to change or override that. Jonathan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [OT] simpliest way to process this data file
On Thursday 26 April 2007 08:51, Zhang Weiwu wrote: On Thu, 2007-04-26 at 11:18 +0800, Zhang Weiwu wrote: [snip] I have a data file formatted like this each block of data consist of several lines; blocks are separated by empty lines like this This is a block of data with lines and another block of data The task is to move the last line of each block to the first line of the block. So the processed data look like this: with lines This is a block of data data and other block of [snip] I would use Perl, which can read in a paragraph at a time. Assuming you don't mind having multiple blank lines in the input replaced by a single blank line, this Perl commandline will do what you want: perl -l -00 -pe 's/(.*)^(.*)$/$2\n$1/ms' datafile Read perldoc perlrun for the flags, and perldoc perlre to understand the regex (in particular the m and s modifiers). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: purging old mail
On Friday 01 June 2007 14:11, Steve Bertrand wrote: [EMAIL PROTECTED] wrote: Hi all, I'm setting up a FreeBSD 5.4 system that need to run unattended for a year or more. I've noticed that the /var/mail/root file grows a bit over time. Do I need to configure the system in some way to prevent this file from growing indefinately, filling up the /var partition? Are you actually interested in reading root mail? Are you running sendmail? If so, in the /etc/mail/aliases file, change the root alias to an email address that someone actually POP's. If you don't want to read the email at all, change the root alias to point to /dev/null. What I've been caught by a couple of times is the periodic(8) routines, which quickly fill roots mailbox with daily, weekly and monthly status reports. If you're not going to forward these to a real user but still want to keep (some of) them available, put daily_output=/var/log/daily.log weekly_output=/var/log/weekly.log monthly_output=/var/log/monthly.log in /etc/periodic.conf. The relevant reports will be logged into the respective files, and newsyslog already knows to rotate these if they exist, so they won't grow endlessly (by default, /etc/newsyslog.conf keeps a week of dailys, 5 weeks of weeklys and a year of monthlys). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /var/preserve
On Thursday 07 June 2007 20:26, Richard Lynch wrote: Or some way to get periodic to only tell me stuff I *need* to know, instead of telling me every time it cleans the damn toilet. Have you looked at the manpage for periodic.conf(5)? As an example, daily_show_success=NO daily_show_info=NO in /etc/periodic.conf will cut the daily messages down to only what periodic(8) thinks you *have* to know - likewise for weekly and monthly. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: debugging pppoe
On Monday 11 June 2007 21:54, Michael P. Soulier wrote: On 04/06/07 Nikos Vassiliadis said: ppp does not write much on the console. And that is probably a decision made by the authors, since it is meant to be run mostly interactively. You can see its logs in /var/log/ppp.log Indeed. I turned up the logging and I had to turn it down before it filled /var. :) If I could get it to log like that to the console, then I could supervise it with runit, logging via svlogd. I guess there's no way to force that log level to stdout? It looks as though set log local ... does what you want: check the manpage for ppp. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba config problems
On Thursday 14 June 2007 18:51, Andrew Falanga wrote: On 6/14/07, Reid Linnemann [EMAIL PROTECTED] wrote: Don't forget to cc: freebsd-questions@freebsd.org Once again I apologize to the forum. I keep forgetting to do this. The rc script at /usr/local/etc/rc.d/samba follows the FreeBSD rcng scheme, if the rcvar 'samba_enable' is not set to 'yes', then the script will not start or stop the samba process. Run the script without any commands to see usage. To check the status of rcvars that control the script's behavior, run the script with the 'rcvar' argument; e.g. ~/ /usr/local/etc/rc.d/samba rcvar # samba $samba_enable=YES # nmbd $nmbd_enable=YES # smbd $smbd_enable=YES # winbindd $winbindd_enable=NO Note that nothign is stopping you from running smbd and nmbd manually, the rc control script simply automates the control of the daemon for you. Ah, thank you. Very enlightening. I guess I'll have to read through that section of the Handbook to make sure I understand how all that works together. I finally did get it working by starting the smbd manually. Thanks, Andy Just to add to this: if you want to start the service as a one-off without putting the enabling variable in /etc/rc.conf, use onestart instead of start (this also works with stop|onestop and status|onestatus). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
require pam_deny in auth chain causes logins to fail
pam.d/README says: Note that having a sufficient module as the last entry for a particular service and module type may result in surprising behaviour. To get the intended semantics, add a required entry listing the pam_deny module at the end of the chain. But in fact auth sufficient pam_unix.so auth required pam_deny.so always fails, because (from the PAM article): The second exception is that pam_setcred(3) treats binding and sufficient modules as if they were required which means the final decision drops through to pam_deny even if pam_unix succeeds. Other than the obvious (make pam_unix, or whatever is the last module in the auth chain, required rather than sufficient, and leave out the required pam_deny) is there another solution to this? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to change NIC IP when system is running FBSD 6.1
On Tuesday 18 July 2006 15:49, Erin Fortenberry wrote: But please, that's so, um, Windows-ish? #ifconfig xl0 down* #ifconfig xl0 192.168.0.2 netmask 255.255.255.0 Cake! Kevin Kinsey Don't forget to adjust the default route and save your changes for when the next windows-ish reboot does happen. And don't you also need to change /etc/hosts? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail: sub-domain masquerade as top level
On Thursday 03 January 2008 12:04, Jerahmy Pocott wrote: Hello, I'm having an issue with getting sendmail to masquerade as the top level domain when the host is a sub domain. For example I want server.exmaple.com to send mail as [EMAIL PROTECTED] rather than [EMAIL PROTECTED], how ever the masquerade options don't seem to work for this.. It works fine if the server is a different domain, but not when it's a sub domain.. How do I get this behavior? FEATURE(`masquerade_entire_domain') Check /usr/share/sendmail/cf/README for the details of the various masquerade options and features. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail: sub-domain masquerade as top level
On Friday 04 January 2008 01:11, Jerahmy Pocott wrote: On 04/01/2008, at 12:59 AM, Barry Byrne wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerahmy Pocott I'm having an issue with getting sendmail to masquerade as the top level domain when the host is a sub domain. You don't say what you've tried already. I use postfix these days, but from memory, something like the following should work for you: MASQUERADE_AS(`domain.com') MASQUERADE_DOMAIN(`sub.domain.com') Sorry, I should have mentioned what I had tried: I have tried the above and the above in combination with FEATURE(`masquerade_entire_domain') and pretty much every combination of those statements all to no effect. For some reason when the masquerade domain is the top level of the actual domain, it won't change it even with those options set.. This is from my live .mc file, which definitely works: MASQUERADE_AS(`hst.org.za')dnl MASQUERADE_DOMAIN(`hst.org.za')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`masquerade_entire_domain')dnl MASQUERADE_EXCEPTION(`lists.hst.org.za barley.hst.org.za akima.hst.org.za')dnl My understanding is this. First of all, bear in mind that a domain name may refer to a group of hosts (I'll call this a zone by analogy with BIND), or a single host (a FQDN). MASQUERADE_AS gives the FQDN to be used when masquerading. It is applied to the domain names of the local mail host only - so if the only change is on your mailserver to go from mailserver.example.com to example.com, this should be all you need. MASQUERADE_DOMAIN adds additional FQDNs to the list of domain names to be masqueraded - if you need to masquerade other hosts within your zone. FEATURE(`masquerade_entire_domain') switches MASQUERADE_DOMAIN to affect whole zones instead of FQDNs of single hosts. As I read cf/README, you need both these options to masquerade a whole zone, as well as the first option to specify what to masquerade as. The last of the five lines exempts some hosts from masquerading because they handle their own mail. Not doing this can cause some... interesting breakage. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd6 authenticating against openldap 2.4?
On Wednesday 09 January 2008 17:48, Dave wrote: Hello, Does anyone have their freebsd 6.x machines authenticating against ldap specifically openldap 2.3 or 2.4? I'd like to get all my bsd boxes to do this. I've read and googled and have found some items, but i'd rather hear about how from someone who has successfully done this, vs. making many first time mistakes that i'd have to go back later and correct. Yes - FreeBSD 6.2-RELEASE and openLDAP-2.3. It's not hard, although there are a few bits to get in the right places, but may I come back to you in a few hours (I've just started work)? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd6 authenticating against openldap 2.4?
Hi Dave If you don't mind I'm going to reply on-list in case anyone else has comments. I might also teach you to suck eggs, a bit, because, not knowing your setup or experience level, I'm going to start a bit further back than your initial question, and mention a few things that I either think are important, or found useful to have in place. This is a long message, but I think it covers most of the things that tripped me up. You're going to be installing a number of ports/packages on all your machines to get LDAP authentication working. When I took over my current post, every server had its own source tree, its own ports tree, and just in terms of base OS we were running everything from 4.7-RELEASE to 5.3-RELEASE, including a couple of boxes running STABLE snapshots. Every box was configured differently and ports trees had been installed/updated more or less at random. I now have a fast box with a ports tree and source tree, both initially created with cvsup/csup (otherwise you can run into trouble with cvsup not deleting files because it didn't create them). It builds every kernel configuration I need, and the source, object and ports trees are NFS-mountable on all my other servers. All machines are configured to look for packages on my build server only, and whenever I build a port for the first time, I build a package from it which is written back to the build server. I also have a standard ``base'' server buildout which includes portupgrade, lynx, bash, sudo, and the LDAP stuff, among others. If you've got something like this in place, you can start planning your LDAP migration. The first thing is to decide what else you're going to use LDAP for so you can plan your directory. The painful mistake to avoid is to do with the class of the objects in your directory. There are two types of objectClass, structural and auxiliary, and although an object can belong to several auxiliary classes, it can only be in one structural class: if you pick the wrong one it's a pain to recover. My user accounts have a structural objectClass of inetOrgPerson, and auxiliaries of posixAccount and extensibleObject (the last is to allow me to use the host: attribute, of which more later). I'm currently able to run shell accounts on different boxes on a per-user basis, SMTP AUTH with sendmail, and user authentication for Cyrus IMAP and squirrelmail, among other things, from the user account information, and I'm working on using LDAP for maps in sendmail. The other thing you need to watch out for, both before the migration and on an ongoing basis afterwards, is user account numbers. There are two problems. First of all, you have to make sure that each user is able to have the same uid number on every machine. The second and in some ways more difficult problem is what I call NPCs - accounts which don't correspond to a human user because they were created by ports. Some of these have reserved numbers but most simply use pw useradd to create a new user. If you haven't planned for this you can find that the same uid number represents one user on one host, a different user on another host, and an NPC account such as dhcpd on a third. I renumbered all my accounts, both user and NPC, so that real users start at 1100 for my primary site, 1200, 1300 and so on on my other sites, and NPC accounts are 1000-1099. To make sure this stays the case, I create /etc/pw.conf on every machine, containing: reuseuids yes reusegids yes to use the lowest currently-unused uid number. Otherwise each time you install a port, it picks a uid number one higher than the highest currently in use, which screws up your numbering again. It's seriously worth getting all this right before you start implementing LDAP - once you've done so, LDAP itself is relatively straightforward. You need OpenLDAP itself - I'm not sure what the differences are between 2.3 and 2.4 but 2.3 works for me - plus nss_ldap and pam_ldap, both of which are in the ports tree. Create your user accounts, configure pam_ldap and nss_ldap, and make a few changes in /etc/pam.d and /etc/nsswitch.conf. These are the easy bits! Some last considerations: you can use the host: attribute in user accounts to limit which hosts each user can log in to, and you can install an additional port, pam_mkhomedir, which will create the home directory on login on each host, if you want local homedirs rather than an NFS mount. You will also find that users can't change their LDAP password through the normal channels. Although passwd(1) was rewritten a few years ago to be able to use PAM, the necessary code is diked out. Another issue which has come up on the list a few times: your LDAP server(s) is/are going to need some tweaking because there is a chicken-and-egg problem during booting. Before the system can use an account, it has to enumerate every group that account belongs to to make sure the right privileges are available. If you're starting the LDAP server as user ldap, the system tries to
Re: Perl-5.10.0 in FBSD-7.0
On Wednesday 23 January 2008 21:19, Kris Kennaway wrote: Historically, new versions of perl are a recipe for large amounts of pain because of all the old perl code that stops working. I haven't used perl 5.10 yet, but looking at the changes (available at http://search.cpan.org/~rgarcia/perl-5.10.0/pod/perl5100delta.pod), and in particular the section headed ``incompatible changes'', it looks like a small number of odd corners (for example, chdir FOO - unquoted argument now treated as filehandle not directory name) rather than a wholesale change like perl 5.8, which was binary-incompatible with earlier perls and therefore required any modules using the XS interface to C code to be recompiled. Perl 5.10 does introduce a couple of new operators (defined-or, spelt //, and smart-match, spelt ~~), and a number of enhancements which have to be switched on using the ``feature'' pragma - most of these changes have filtered back from the Perl 6 effort. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Password file migration help
On Wednesday 30 January 2008 21:03, Sean Murphy wrote: I have a FreeBSD 5.4 system and would like to migrate users in the password file with UIDs 3000 through 5000 to a FreeBSD 6.3 system on a running on a separate box. Is there a way to export just those users? I'd probably sort /etc/master.passwd and pipe through awk: sort -t ':' -k3,3n /etc/master.passwd | \ awk -F ':' '$3 ~ /^3[0-9][0-9][0-9]/, $3 ~ /^5/ { print }' This will sort /etc/master.passwd numerically on the third field, uid, and then give you all the lines starting with the first one where the uid is a 3 followed by at least three digits, up to and including the first one after that where the first digit of the uid is a 5. If you capture the output you should be able to merge it on the new host. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: usb wifi
On Tuesday 05 February 2008 00:28, Peter Harrison wrote: I don't know about the adaptor you've mentioned, but I'm using an Asus WL-167g (a ralink chipset) without problem using the native ural driver. Check the manpage for other supported devices. But be wary. I've recently been in correspondence with someone (on a Linux Users' Group list) who bought an Asus WL-167G on the strength of the ural(4) manpage, and found it didn't work - apparently later versions use a different Ralink chipset which as far as we could tell is only supported in the rum(4) driver in 7.0. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cp -p
On Thursday 07 February 2008 20:07, Pietro Cerutti wrote: HostServer exports via NFS /www, which belongs to user:www (uid=1001, gid=80). The directory has the segid flag set: drwsr-xr-x 13 user www 512 Feb 7 00:58 www HostClient mounts the exported directory on /share/www. HostClient doesn't know anything about gid 80. Now, on HostClient, user copies aFile to /share/www using the -p flag of cp(1). cp -p aFile /share/www/ ls -l -rw--- 1 user user 2981888 Feb 7 01:09 /www/aFile As shown, the setgid flag of /www hasn't worked. Hang on - you asked cp to preserve the user and group ownership of the file (cp -p). As far as I can see, it's done what you asked it to. I would regard any other result as violating the Principle of Least Astonishment. and on Thursday 07 February 2008 20:48, Chuck Swiger wrote: On Feb 7, 2008, at 10:42 AM, Pietro Cerutti wrote: From HostClient: ls -al /share/ drwxr-sr-x 4 User www 512 Feb 7 19:23 www touch /share/www/foo ls -l /share/www/foo -rw-r- 1 user www 0 Feb 7 19:39 /share/www/foo (group id works) Right, this is the BSD setgid semantics one would expect. Surely the BSD way is always to inherit group ownership from the directory? setgid is only used on SYSV systems to emulate the BSD semantics on a per-directory basis - or have I got this completely wrong? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mv, cp, and sgid on directories (was: cp -p)
I think you may be getting too deep into the detail. Think of the bigger picture: when I move a file, I don't expect that to change its ownership or permissions - it would surprise me if it did; when I make a copy of a file, I expect to own the copy - after all, what use is a private copy I can't do anything with? FreeBSD generally tries hard not to behave in a surprising way. The bit that still worries me in this discussion is the sgid bit (pun not intended, but I'm not going to delete it now!): as I understand it, creating a file has different behaviour on SYSV-derived systems and Berkeley-derived systems. SYSV creates files group-owned by the creator's primary group. BSD creates files which inherit the group-ownership of the directory they are created in. SYSV behaviour can be changed to BSD behaviour per-directory, by using the sgid bit on the directory. BSD behaviour can't be changed and the sgid bit on a directory is ignored. Again, could someone confirm whether I'm talking nonsense here? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /usr/local/etc/rc.d/ scripts and non-root user
On Sunday 10 February 2008 11:13, Matthew Seaman wrote: [EMAIL PROTECTED] wrote: On Wed, 06 Feb 2008, Alex Zbyslaw wrote SNIP Setuid/gid bits on shell scripts aren't considered safe, however and may even be disabled. THERE IS NO REASON FOR THIS, JUST USE THE FILE-SYSTEM TO PROTECT THE FILES (MAKE THEM NOT WRITEABLE). Scripts are no more susceptible to sabotage and misuse than binary files, it is just that scripts can be more easily decoded and understood than binary files, and so management (that usually doesn't know much about a computer system) becomes frightened and issues orders to relieve their stress. There's no particular reason that setuid bits on scripts are dangerous nowadays. However in the dim and distant past (before the millenium) there used to be a race condition on opening files that meant it was trivial to use a setuid script to get a shell running under the target UID. The horror of this situation seems to have branded itself so deeply on the Unix psyche that even now, when that race condition has been eliminated for many years, there is still a lingering reflex response: setuid scripts bad. Specifically, the system would open the script to read the #! line and find out what interpreter to run, close the script and tell the specified interpreter to re-open it. If an attacker could change the file between the close and the re-open, you would end up running the attacker's script. I believe the fix was to hand the required interpreter an open file descriptor rather than a filename. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what happened to linuxflashplugin?
On Monday 11 February 2008 20:36, Jonathan McKeown wrote: Are we sure the licence still bans FreeBSD? And it turns out that everyone else is looking at the Macromedia Shockwave Player licence, and I'm looking at the Adobe Flash player licence. FWIW, Shockwave (which claims to include the Macromedia Flash Player) still has the restriction preventing the use of FreeBSD; the Adobe Flash player licence doesn't. I have no idea what the difference is or why. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what happened to linuxflashplugin?
On Monday 11 February 2008 22:26, Chuck Robey wrote: All you folks who are focussing on YouTube are (purposefully? Â I don't know) the fact that with just about half of the entire Web using flash in one way or antoehr, not using Flash is a huge problem, as anyone who browses without a flashplayer knows. Just to provide a counterpoint to this sweeping generalisation, I browse without a Flash player and it's never caused me any problem at all. There are a few sites which don't work without Flash. Having checked on a number of occasions, I've found (and I stress this is a personal opinion) that heavy use of Flash is a fairly reliable marker of a site I wouldn't be interested in whatever publishing techniques were used. It's rather like the old saying in the British advertising industry: only sing in an ad if you have nothing to say. How does Flash fit in with accessibility guidelines? In many countries, a commercial site which doesn't degrade gracefully when viewed with (eg) Lynx may fall foul of legislation protecting people with disabilities such as visual impairment. In short, I think ``half of the entire Web using Flash'' may be a bit of an overstatement even if you count Flash ad banners (which frankly I can do without), and the small number of Flash-only sites I encounter hasn't caused me temporary inconvenience, never mind ``a huge problem''. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what happened to linuxflashplugin?
On Monday 11 February 2008 16:40, Heiko Wundram (Beenic) wrote: Am Montag, 11. Februar 2008 15:32:26 schrieb Erich Dollansky: Hi, Reid Linnemann wrote: These ports have been removed because the End User License Agreement explicitly forbids to run the Flash Player on FreeBSD. For more details, see http://www.macromedia.com/shockwave/download/license/desktop/. I could not find the word FreeBSD in the license agreement. BSD also does not appear there. Read this (in the license agreement): ... For the avoidance of doubt, no embedded or device versions of the above operating systems, or any other operating systems, are included as Authorized Operating Systems. ... 2.1You may install and use the Software on a single desktop or laptop computer that runs an Authorized Operating System. A license for the Software may not be shared, installed or used concurrently on different computers. OK, I followed the link above and was redirected to http://www.adobe.com/products/eulas/players. I followed the link to Flash and found: 2.1 General Use. You may install and Use a copy of the Software on your compatible Computer, up to the Permitted Number of computers. The Software may not be shared, installed or used concurrently on different computers. See Section 3 for important restrictions on the Use of Adobe Reader and Web Players. and the restriction under section 3: 3.1 Web Player Prohibited Devices. You may not Use any Web Player on any non-PC device or with any embedded or device version of any operating system. I didn't wade through every word of the agreement, but as far as I can see, the licence everyone is talking about appears not to exist - and this, apparently the replacement, seems to be dated 20060607. Are we sure the licence still bans FreeBSD? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Handbook out-of-date after csup/buildworld
I have a machine which was initially installed from CD (including the source tree). It's subsequently been updated with cvsup, and latterly csup, and the make buildworld/make kernel/make installworld sequence described in the handbook. I noticed last week that the handbook on this machine ``covers the installation and day to day use of FreeBSD 4.10-RELEASE and FreeBSD 5.3-RELEASE'' (it's actually running 6.3-RELEASE). Should the handbook be updated as part of building and installing world? If so, what am I likely to have done wrong? If not, what do I need to do to get the handbook (and presumably the other documentation) updated? (I'm assuming, possibly wrongly, that there's a method of updating the installed documentation without grabbing the doc-all sup collection, installing the documentation tools package from the ports tree, and building it all from scratch). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what happened to linuxflashplugin?
On Tuesday 12 February 2008 21:50, Chuck Robey wrote: Jonathan McKeown wrote: [snip] There are a few sites which don't work without Flash. Having checked on a number of occasions, I've found (and I stress this is a personal opinion) that heavy use of Flash is a fairly reliable marker of a site I wouldn't be interested in whatever publishing techniques were used. It's rather like the old saying in the British advertising industry: only sing in an ad if you have nothing to say. How does Flash fit in with accessibility guidelines? In many countries, a commercial site which doesn't degrade gracefully when viewed with (eg) Lynx may fall foul of legislation protecting people with disabilities such as visual impairment. You know, there are some folks out there who are still using their old M32 TTY's, and they can't understand why any folks would need mouses. Those of us who have successfully made the move to the 21st century can tell them, but honestly, most of us are very tired of hearing the same hoary old excuses why things aren't necessary. The majority of folks doing browsing today aren't impressed that maybe some 3rd world country is unhappy with flash sites, they just want their flash sites to work, and ours don't. Why don't they? Because everytime someone comes up with a workable plan, all the real cave-men out there trot out there war-stories, and bore us all to death with their memoirs, and endlessly recursive arguments. Everytime they get proven wrong on one item, they just move the clock back a few months, grab the previous self-justification, and start the argument all back up again. You can't out-last them. I don't think there's any need for gratuitous rudeness. I did stress that this is a personal opinion. Just to reiterate: I **personally** have not found any site that I /need/ to visit which /requires/ Flash to operate, and I suspect that may well be because, under legislation such as the Americans with Disabilities Act and similar laws in other countries, this would amount to discrimination and is officially frowned upon. I still maintain that your claim that ``half the entire Web'' requires Flash is hugely overstated. Your comment about third world countries is one of the most narrow-minded, ignorant and arrogant statements I've heard in many years of listening to petty bigots - quite apart from the fact that you're extending what I stated was a personal opinion to an entire country and continent based on your personal prejudice. (Not that it's important, by the way, but I wasn't born here: I chose to move to Africa from Europe, and I didn't like Flash much before I got here. I still don't, and I have better - though more expensive - bandwidth available to me here than I would in many rural parts of the US). And finally: ``The majority of folks doing browsing today aren't impressed that maybe some 3rd world country is unhappy with flash sites, they just want their flash sites to work''. Stop press: since 90% of the world is using Microsoft operating systems and just want their .exes to work, the FreeBSD project is closing down - it's all been a huge mistake and we're just cavemen standing in the way of progress. Clown. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what happened to linuxflashplugin?
On Thursday 14 February 2008 00:14, Erik Osterholm wrote: IMHO, for an individual to state that Flash is not a relevant issue simply because they choose not to employ it, is similar to patient claiming that cancer research is a waste of time simply because they are not afflicted with the condition. Bad analogies are like a leaky screwdriver. All throughout this thread, there have been people mixing up issues. It's true that Flash is used on many, many websites, but one of the earliest complaints I saw regarded Flash-only sites--sites which require Flash in order to navigate. Â These sites seem fairly rare. Â It is manipulative and misleading to argue that because so many sites /make use of Flash/, then /Flash has become an integral part of the web/. Â I browse with Flash disabled all of the time, only enabling it specifically when I need it to use the web site. Â It certainly happens--but it's not a constant thing. Â I'm aware that Flash content exists on the pages I view, but most of the time it's supplemental, and the page degrades quite nicely without it. This is the best summary of the issues I've seen in this thread. One last time, because we're going round in circles: I don't have a problem with people putting in the effort to get Flash working: I'd be even happier if Adobe would do it themselves; but there's not much that Flash is essential for, and to claim that ``half the entire Web'' is unusable without Flash, seems somewhat overstated. There are many sites which degrade, more or less gracefully, in the absence of Flash, but, like Erik, I don't come across many that are completely unusable. In fact, browsing with Konqueror, I have more problem with Java, faulty Javascript and AJAX than with Flash. I still haven't seen any comeback on the accessibility issue: is it really the case that banks in the USA (for example) have websites that are not accessible to a section of the population, and that this isn't covered by the ADA? (I'm not trying to score points here: I'm genuinely interested). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
fdisk from fixit CD: geom not found
As part of our disaster recovery planning, I'm working up a bare-metal recovery sequence that can be followed by someone who's used Linux (easier to find here than a FreeBSD admin). My initial outline sequence was along the lines of: Boot install CD and choose Fixit fdisk -BI extract saved disklabel from tape and install with bsdlabel Initialise filesystems using stored output of dumpfs -m (from tape) Restore filesystems from tape I'm tripping up on the first step, which although it appears to create the slice, throws a ``Geom not found'' message - which is potentially worrying to someone blindly following a recovery script. Is there a way to avoid this message, or would I be better off using the Configure option of sysinstall (and the W option to write the new slice table) before switching to Fixit mode to recover the disklabel (which is the next bit I need to test ``under lab conditions'')? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fdisk from fixit CD: geom not found
On Sunday 17 February 2008 21:51, Wojciech Puchar wrote: Boot install CD and choose Fixit get live CD, it's better for this. To be honest, if I'm not using an install CD (which will do the job) I may as well look at making a custom recovery disk which just needs to be booted - but see below. fdisk -BI extract saved disklabel from tape and install with bsdlabel Initialise filesystems using stored output of dumpfs -m (from tape) Restore filesystems from tape good you have such i plan. this is rare case today;) I'm tripping up on the first step, which although it appears to create the you forgot to bsdlabel -B ad0a (or da0s1a whatever you have) after restore Well spotted. I did say I hadn't tested this bit yet! slice, throws a ``Geom not found'' message - which is potentially worrying to someone blindly following a recovery script. no idea, i don't use slices (just disklabel) maybe kernel module not loaded? is slice actually created? Yes. as far as i remember i've got this message with bsdlabel -B, but i ignored it as everything worked fine. I'd still rather there wasn't an ``error'' message at all unless there's a genuine error: I'm planning for the case of an operator with limited skills doing a ``monkey see, monkey do'' restore (not trying to be rude, but experienced FreeBSD admins seem to be hard to come by here and I'd rather insult someone's intelligence than give them instructions which don't make sense without years of FreeBSD experience). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fdisk from fixit CD: geom not found
On Sunday 17 February 2008 23:55, Wojciech Puchar wrote: I'd still rather there wasn't an ``error'' message at all unless there's a genuine error: I'm planning for the case of an operator with limited skills doing a ``monkey see, monkey do'' restore (not trying to be rude, but monkey can do ifconfig, route and /etc/rc.d/sshd start then you do the rest Except this is a disaster recovery plan: it must not rely on me being available. I'm looking at a scenario in which the survivors of the disaster have bought replacement hardware, hired someone who's done a bit of Linux, and handed them a set of offsite backup tapes and a ring-binder. (I can get most sites tapes offsite by 60+km on a daily basis: if a disaster simultaneously takes out, for example, the city of Durban - at sea level, population 3.5 million - and Pietermaritzburg, 80km inland and 750 metres above sea level, I'm not sure restoring our backups is going to be the biggest worry.) Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Linux distro
On Thursday 21 February 2008 23:03, D G Teed wrote: For example, no where in this have I heard a peep about backup software. Anyone serious about IT is serious about backup. Yet there is no support for EMC (Legato) Networker in FreeBSD, and this is why our organization is migrating away from this FreeBSD. Petty quibble: I suspect that you mean ``there is no support for FreeBSD in EMC Networker'' rather than the other way round. Picking a backup solution that can't back up some of your servers, and opting to fix the problem by getting rid of the servers, seems to me to be doing things the wrong way round - irrespective of which OS you're forcing yourself to get rid of. Of course, EMC Networker may be so much better than any other backup solution as to justify the work involved in moving working services to a different platform - I don't know Networker so I can't really comment, although I agree with most of what you said about making sure you pick a platform which supports what you're trying to do. I say most because my own feeling as a sysadmin is that you must have a very good reason to run more than the bare minimum range of operating systems you can - which is an argument for moving away from some platforms if you're already running several. I am in the process of moving from multiple platforms, ranging from Windows NT4, through e-smith (server-in-a-box based on Red Hat), Debian, and FreeBSD, from 4.8 up to date. We are aiming to end up with a bunch of FreeBSD boxes, all using a standard build from a central buildserver, plus one or two boxes running Windows Server 2003 supporting users, who are all running Windows desktops and applications, including apps which run on the server, with clients connecting over the network. It's taken a while but every time we get rid of an old box my workload in supporting the rest of the system drops a little. Note: I'm not saying everyone should standardise on FreeBSD - that's just what I'm most familiar with at the moment, and when I started to move things round we had more FreeBSD servers than anything else, so it made sense to pick that and bring the rest into line, where we were able to, especially because the other OSes were mainly running on hardware which was due for replacement soon anyway, so that the migration could be seen as being in the ordinary course of maintenance and not extra load on busy systems staff. (Sorry: when I realised I'd started my reply with a few lines which by accident were tapering off at the ends I couldn't resist trying to see how long I could keep it up. It's foolish, I know, but it is a fun exercise in picking your words carefully and yet still trying to make sense. If you aren't reading with a fixed width font, you may not be getting the effect of the layout anyway: so if you can't see it, I'm sorry for taking up yet more of your time, just to play about with line lengths and make up pretty patterns in your mail reader. I'll stop now or at least once I can taper down to the length of the given name I sign off with). Jonathan (Whew!) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing FreeBSD remotely via serial console
On Tuesday 04 March 2008 17:37, Jesse Sheidlower wrote: I'm getting a new Dell server delivered to our corporate datacenter. There is a serial console available there. What is the process for installing FreeBSD remotely by logging in to the serial console? I'm assuming that I can get a tech in the datacenter to put a FreeBSD install disc into the CD drive, and take it from there, but I've never used a serial console and don't know what the process is. Not sure whether Dell hardware has any special management features, but on generic server hardware, I always make sure BIOS console redirection is enabled (gives you BIOS access), and that it's set to stop redirecting once the OS boots. Generally you will have network access (ssh or so) to a console server in the datacentre which presents the FreeBSD system's console. It's much easier to make sure you have an install CD which has the serial console enabled - download an ISO image, unpack it, add console=comconsole to loader.conf and rebuild the ISO image, making it bootable. There was a thread about this a few months ago when Martin McCormick asked the question - there are a couple of tricky issues with getting the ISO unpacked and rebuilt without it doubling in size. If you do this, you'll see the boot process from the Beastie menu onwards (from which you can drop back to the loader if you need to), and it'll boot into sysinstall. Do the install normally. At the end, before exiting, I normally go to the config menu to edit /etc/ttys - to make sure I get a login on the serial console even if networking is stuffed for some reason. Feel free to give me a shout if you want more details. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using Install CD To Prepare Hard Disk
On Friday 14 March 2008 00:49, Tim Daneliuk wrote: Chuck Swiger wrote: On Mar 13, 2008, at 3:28 PM, Tim Daneliuk wrote: I would like to use the CD install menus to only prepare the hard disk (Partition, Label, Format) without actually installing anything on the drive. Can this be done? There should be a (W)rite option on the various pages which let you at least partition the drive without installing the software. Yup that was the magic - I missed it entirely. The option appears in the label editor menu... Thanks! From memory, isn't it also possible to do this by going into the Configuration menu rather than entering the Standard installation? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: List replies
On Saturday 22 March 2008 06:33, Da Rock wrote: On Fri, 2008-03-21 at 22:38 -0500, Paul Schmehl wrote: --On March 22, 2008 1:10:40 PM +1000 Da Rock [EMAIL PROTECTED] wrote: On Sat, 2008-03-22 at 02:58 +0100, Erik Trulsson wrote: On Sat, Mar 22, 2008 at 10:35:57AM +1000, Da Rock wrote: This may have been suggested or discussed before, but is there a reason why the reply-to on this list isn't the list itself instead of the person who posted? Ie reply-to: freebsd-questions@freebsd.org Because many people who ask questions here are not subscribed to the list and thus would not see any answers that were sent only to the list. Well that certainly explains it, but it does surprise me. I thought you'd have to subscribe to post. And *I* thought it was proper etiquette to only reply to the list. Me too. This discussion takes place regularly on every mailing list in existence. The main arguments against it seem to be that a) it might trash an existing reply-to header and make it impossible to send an individual reply; b) in the event of user error it fails safely - list reply ends up going to an individual - rather than the potentially catastrophic private-reply-to-publically-archived-mailing-list failure. Google for reply-to munging considered harmful for more argument on both sides. As regards copying the original recipients, this list specifically requests it: check the regular posting titled ``how to get best results from freebsd-questions'', particularly para VII.6. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Install Linux in FreeBSD
On Wednesday 09 July 2008 08:46, Ruel Luchavez wrote: Hi again list, Is it possible to run a VM machine in your freebsd server in which inside that VM you are running on it a Linux environment? coul it be? You would rather want to know why do I want that set up? Simply because I want to install a Quickbooks Enterprise solutions Database manager in Linux, further, Freebsd doesn't support the Quickbooks (also vice versa) it only runs or support in Linux..thats the reason guys.. Could some one give me some idea how will I do that? Did you read section 10 of the Handbook - Linux Binary Compatibility? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Install Linux in FreeBSD
On Friday 11 July 2008 05:29, Ruel Luchavez wrote: [running Linux in a VM on FreeBSD] Did you read section 10 of the Handbook - Linux Binary Compatibility? Yes I read it Jonathan, Im newbie in BSD...regarding on my post is it possible? or Do you have any link so that i could much understand it aside from freebsd handbook? I haven't played with it at all - others (who have) may be able to help you more than I can: I'm just going by the documentation. As I understand it, FreeBSD will run most Linux binaries natively, as long as you install a suitable Linux environment (libraries etc). The easiest way to do this is to install a Linux version from ports (probably emulators/linux_base-f8 which will install a basic Fedora 8) which will create /compat/linux. You then install your Linux software in the usual way. I suspect you'll receive better offers of help if you start this process and then let the list know where you break down. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Install Linux in FreeBSD
On Friday 11 July 2008 12:36, Roberto Nunnari wrote: I believe the OP question is: How to run a Full blown linux OS on a Virtual Machine on FreeBSD, and not how to run linux binaries on FreeBSD via emulation.. Not in context: the original question was Is it possible to run Linux in a VM on FreeBSD so as to run the Linux version of QuickBooks. I don't know if it's possible to run QuickBooks through Linux compatibility, but personally I would try it first before trying to set up a VM. In any case it's not clear whether the OP was aware that this might be an option. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to divide up?
On Sunday 20 July 2008 08:37, Gary Kline wrote: On Sun, Jul 20, 2008 at 05:03:15AM +0300, Giorgos Keramidas wrote: On Sun, 20 Jul 2008 03:44:07 +0300, Giorgos Keramidas [EMAIL PROTECTED] wrote: Now, if you want to merely hack something quick and dirty, a short Perl script can probably do regexp substitution similar to # # WARNING: THIS HAS NOT BEEN TESTED :P # my $foo = STDIN; $foo = s:([^]+[^]*/[^]+):$1\n:ge; print $foo; but you shouldn't trust the output of such a quick hack too much. As I wrote in reply to the personal email, this was untested and a bit wrong in places, but now I've tried something like: $ echo 'helloworld/hellohellonext world/hello' | \ perl -e '$foo = STDIN; $foo =~ s:([^]+[^]*/[^]+):$1\n:g; print $foo;' and it does seem to sort of work. The output is: helloworld/hello hellonext world/hello Maybe that's good enough? They say `the perfect is the enemy of good enough', so if this works for your data set, it's probably ok to use it :-) Have fun, Giorgos Fun?! welll, but yes, anything that can save me from hand-editing ~~70 files will be a riot;) I haven't tried it, but I suspect if the simple approach fails, HTML::Tidy may well have an option which would help. It can be installed from CPAN or ports, where it is textproc/p5-HTML-Tidy. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Building modules distributed with Apache, using ports
This may be a daft question. I freely admit it's a lazy one - I'm hoping someone has a quick answer that'll save me a couple of hours building a test server and experimenting. I built apache 2.0 from ports, using WITH_LDAP - but not WITH_LDAP_MODULES, as the Makefile.doc says it's implied by WITH_LDAP. As far as I can tell it's actually the other way round, that WITH_LDAP_MODULES triggers the WITH_LDAP options (either that or I didn't set it properly). Be that as it may, I now have an installation of Apache to which I need to add mod_auth_ldap and mod_ldap from the Apache 2.0 distribution. Is it possible to use the www/apache20 port to build these, or additional modules generally, without rebuilding/reinstalling Apache itself? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Having some problems with a FreeBSD mail server (SMTP)
On Thursday 31 July 2008 02:35, Andrew Falanga wrote: Hi, I run a mail server for my church. Today I was called that folks are able to receive, but not send their mail. They are all currently configured for POP3 (I use dovecot). At home I tried to send mail to two different e-mail accounts of mine using the church e-mail server and was successful. I used KMail for this. As I look through /var/log/maillog I do not even see authid=their_user_ids in the mail log (I'm using TLS with sendmail). One of the pastor's told me the error he's seeing is timeout. They are using Outlook, I'm not sure of the version. What problems do people here usually encounter with Outlook mail clients and their SMTP servers? At this point, I'd just like to have some leads. Any ideas what might be keeping them from sending? They can all log in and receive e-mail POP3. I'm using TLS and SMTP AUTH with sendmail - all my users are on Microsoft Outlook 2003 (bar one on Thunderbird and me on KMail). Outlook didn't do TLS properly until Outlook 2003 Service Pack 2 or 3 - the symptom was repeated timeouts on trying to send mail. Even after upgrading all the users to SP3, we still occasionally have a similar problem. A user will try to send mail, the TLS negotiation will time out, and from that point on mail will just accumulate in the outbox. Outlook has to be closed down and restarted before it will correctly try the TLS connection again. We also encountered another issue, which may or may not be related to using a Windows AD domain, which was that Outlook will reuse message-IDs - generally by copying the message-ID of an original message and using it as the message-ID for the reply. This one bit me twice: once when a user (quite correctly) complained that she was losing email. On investigation, it turned out that her manager had sent three or four different messages in reply to messages of hers, and Cyrus imapd had binned them all as duplicates based on the copied message-ID. I had to switch off duplicate suppression in imapd. The second time - which I haven't found a solution for - is in Mailman. The HTML pages for archives are built using the assumption that message-IDs are unique: the result is that when two messages have the same message-ID, only one of them will appear in the archive. (Which one is random, so I suspect Mailman is using the message ID as a hash key internally). I get the feeling that Microsoft pay lip-service to the standards, but don't really carry out proper testing against anything other than Microsoft Exchange (after all, why would you use anything else?!). Outlook doesn't support IMAP well. Worst, from my point of view, I have regular complaints that people using POP3 are losing email. By using telemetry in Cyrus imapd, I've been able to establish that there's no problem server-side: Outlook is downloading the mail, and then throwing it away. Try telling a user that Microsoft stuffed up, though. (Sorry - this turned into an Outlook rant. I hope you find some benefit in the early paragraphs, before I started frothing at the mouth and throwing my toys). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Handling of daily and weekly mails
On Thursday 31 July 2008 09:03, Maximillian Dornseif wrote: I administer about a dozen FreeBSD Servers. This results in me getting about 100 mails a week from the PERIODIC(8) scripts. Obviously this is to much to read with care. I wonder what the canonical approach is to handling hundreds of status mails like the ons generated by periodic. Depends how much you want to read them. man periodic.conf You can have the results put in a log file rather than emailed to you, if you prefer. You can also control the verbosity of the reports, so if you're very interested in some stats and not at all in others, you can suppress the boring ones. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: shutdown/reboot suggestion
On Sunday 10 August 2008 07:11, Michael Grant wrote: I have such a script, I put it in /bin/require_hostname and symlinked shutdown, halt, reboot, fastboot, and fasthalt to this script: #!/bin/sh if [ $1 = `hostname` ]; then shift exec /sbin/`basename $0` $@ else echo For your protection, use: $0 hostname ... fi I realize a lot of people have their own tricks and habits for avoiding such stupidity, but what is the problem of fixing the problem globally by getting these commands to take a hostname argument? The extra typing imposed on every admin in the world? Here's a trick or habit for avoiding the ohnosecond (``As your life flashes before your eyes, in the unit of time known as an ohnosecond...'' [Usenet, author unknown]): Pause to check the command before executing. The more dangerous or potentially disastrous the command, the longer the pause. What you're proposing is to enforce the thinking time by making the admin pause to type the fully-qualified hostname. Granted, you could change every command to enforce thinking time (to take this to the absurd, you could arrange that if you hit Enter less than five seconds after another key, the shell would give you a ``stop and think'' warning). It's safer just to develop the habit yourself. I recently saw a colleague take an install CD, put it into a machine, and power-cycle the box to start the install. I can't think of a technical measure that would have enforced thinking time on him. (And yes, it was the wrong box. Five seconds of thought would have saved five weeks of work). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Regular Expression Trouble
On Wednesday 27 August 2008 15:25:02 Martin McCormick wrote: The sed pattern matching system is interesting because I can think of several similar situations in which the data are there but there is no guarantee where on a given line it sits and grep or sed usually will pull in the whole line containing the desired data which means that one must further parse things to get what is wanted. Hi Martin Look at grep -o which only outputs the bit that matched the regexp. Using egrep, you can look for exactly two hex digits and a colon, repeated exactly five times, and followed by exactly two hex digits: egrep -o '([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}' inputfile will parse inputfile and output all the MAC addresses it finds, one per line (if it finds more than one on an input line, it'll match them and print them on separate output lines), and nothing else. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: LDAP and Account Management
On Monday 01 September 2008 23:33:11 Chris wrote: I've toyed with LDAP accounts before to get them to work. But now I'm going to put it into production. I'm wondering though about user and group management. When ports are installed on individual servers, users and groups are sometimes added for daemons. It would be nice to receive notification and possibly block and or redirect actions to appropriate scripts and the LDAP server. Are there any ports or mechanisms for hooking into the scripts and programs that handle account modification (chpass, adduser and pw) or does everyone typically do this sort of thing by hand? I take a fairly relaxed approach to this, with the following basic rules: uids/gids for real users must be in LDAP, and unique across the whole network; uids/gids for users created by ports are in /etc/passwd and are only unique per-server - I don't mind if two different servers have different uids/gids for the same daemon user, or the same uid/gid for two different daemon users. The problem is that some ports (isc-dhcp3-server springs to mind) simply add their user as the next available uid - which by default is one more than the highest uid currently in use. I deal with this by having two blocks of uids: 1000-1099 for daemons, and 1100 and up for LDAP users. I also create /etc/pw.conf containing the two lines reuseuids yes reusegids yes which means that pw(8) takes the lowest available uid, rather than the default. My biggest gripe with LDAP user management is that passwd(1) has the hooks to allow it to use PAM (which with appropriate modules and configuration would allow changing the LDAP password) but the code is diked out. HTH Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question on bind page
On Tuesday 02 September 2008 08:12:13 Richard Yang wrote: [snip] To start named is pretty much the first step before going to configure BIND. I have to reinstall it and it still doesn't work. Personally, I would have said it's exactly the other way round: you shouldn't start named until after you've configured it. Are you seeing any messages in the log files (I'm fairly sure BIND logs in /var/log/messages)? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kde3 build problems
On Wednesday 10 September 2008 06:55:18 joeb wrote: I believe kde3 is obsolete. I Just did kde4 and it worked. That's most definitely not the case. KDE4 is still for early adopters, and KDE3 will continue to be supported as the ``conservative'' stable version for a while, according to http://www.kde.org/download/. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Netprint perl script from Handbook doesn't work
On Wednesday 24 September 2008 17:12:36 Dan Nelson wrote: In the last episode (Sep 24), Andy Kosela said: The netprint perl script provided in the Handbook (9.4.3.2) is not working.. or am I missing something: plotinus:~ cat new.txt | lp.sh Can't contact 10.10.21.12: Address family not supported by protocol family at /usr/local/libexec/netprint line 21. Can you telnet to that ip address (telnet 10.10.21.12 9100, or whatever port you're using)? plotinus: cat /usr/local/libexec/netprint #!/usr/bin/perl # # netprint - Text filter for printer attached to network # Installed in /usr/local/libexec/netprint # $#ARGV eq 1 || die Usage: $0 printer-hostname port-number; $printer_host = $ARGV[0]; $printer_port = $ARGV[1]; require 'sys/socket.ph'; ($ignore, $ignore, $protocol) = getprotobyname('tcp'); ($ignore, $ignore, $ignore, $ignore, $address) = gethostbyname($printer_host); $sockaddr = pack('S n a4 x8', AF_INET, $printer_port, $address); socket(PRINTER, PF_INET, SOCK_STREAM, $protocol) || die Can't create TCP/IP stream socket: $!; connect(PRINTER, $sockaddr) || die Can't contact $printer_host: $!; while (STDIN) { print PRINTER; } exit 0; Wow. That's a really complicated way to say #! /bin/sh nc $1 $2 It's also ugly (and very old-fashioned) Perl. Starting at (and replacing) the require 'sys/socket.ph' line (which is Perl 4, I think), it should look more like this (with appropriate error-checking added): use Socket; my $proto = getprotobyname('tcp'); socket(my $socket, PF_INET, SOCK_STREAM, $proto); my $sock_in = sockaddr_in($printer_port, inet_aton($printer_host)); connect($socket, $sock_in); Although this rewrite removes the need, if you want in general to ignore some of the return values of a function returning a list, the usual way is to assign to undef: (undef, undef, undef, undef, $address) = gethostbyname($printer_host); Although when you're throwing away that many, it makes more sense to index the returned list in the same way you would index an array: $address = (gethostbyname($printer_host))[4] # returns 5th element I really should submit a doc patch for this (incorporating Dan's sterling suggestion of nc $1 $2). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cannot create custom FreeBSD 7.0 install CD for serial console
On Wednesday 01 October 2008 22:25:21 Carl wrote: Jeremy Chadwick wrote: On Wed, Oct 01, 2008 at 02:41:03AM -0700, Carl wrote: I've been trying to create a modified FreeBSD 7.0 install CD that will allow me to do installations entirely via the serial console on a headless system. Lots of digging on the Internet, reading the handbook, and I've gotten nowhere fast. Try this: http://jdc.parodius.com/freebsd/pxeboot_serial_install.html I was already aware of that solution, but it's not for me. There are times when I need to do the install and setting up a DHCP server et al is not viable. Installing FreeBSD via the network has no benefits for me and I will not be trying to install remotely. All I need is to be able to do a simple install using the local serial console because a keyboard and monitor is not practical in the situation. Can anyone tell me where the mistake is in my process? Look back through the list archives: Martin McCormick and I had a long discussion about this about a year ago (I think at least some of it ended up on this list). Here's an extract from one of the messages: On a system running 6.2-RELEASE, with a 6.2-RELEASE Disc 1 in the CD drive but not mounted: mkdir serialcd tar xvfC /dev/acd0 serialcd These two commands created a directory tree in serialcd containing most of the contents of the CD. There was a ``tar ignoring out-of-order file'' error, and when I mounted the CD and ran diff -qr /cdrom serialcd it reported that RELNOTES.TXT differed - in fact the version in the serialcd directory turned out to have zero length. [I suspect you could probably do this comparison quicker with mtree, and I never did bother to fix it or find out why it was happening] I edited serialcd/boot/loader.conf to include the line console=comconsole I then ran mkisofs -J -r -b boot/cdboot -no-emul-boot -o serialcd.iso serialcd and got an ISO image, serial.iso, which is about 600MB. The only drawback with this method is that the serial console only cuts in just before the boot menu. I suspect that if you wanted to have a serial console for every stage of the boot you would need to mess about with the ramdisk image on the CD. HTH Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mysql rc script failure - correction: most installed rc scripts not running manually
On Thursday 02 October 2008 01:59:18 Da Rock wrote: On Wed, 2008-10-01 at 12:53 +0200, Erik Trulsson wrote: On Wed, Oct 01, 2008 at 08:39:47PM +1000, Da Rock wrote: So are you saying I can't start a script manually without enabling it in rc.conf? I was not under that impression... I thought it could be started manually for testing before setting it for automatic startup- based on my reading in the handbook and man pages. Yes, you can. Use forcestart/forcestop instead of start/stop when running the rc script if you do not have it enabled in rc.conf. This is documented in rc(8) (and is very easily overlooked if you don't know what you are looking for.) Well thank you both for that piece of information, I had overlooked that. I did end up using it that way, but I was still unaware that it was mandatory. The problem with forcestart is that it ignores any errors that may occur. The better option for a manual start is onestart, which simply bypasses the test for the option being enabled but still fails on any other error (missing dependencies, startup problems etc). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mimedefang with LDAP-enabled sendmail
On Monday 16 October 2006 16:54, Jonathan McKeown wrote: On Sunday 15 October 2006 22:19, Jonathan McKeown wrote: sendmail -d0.1 -bt /dev/null gives me Version 8.13.6 Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT XDEBUG When I try to build and install mail/mimedefang from ports (version is 2.57), I get (modulo wrapping) cc -O2 -fno-strict-aliasing -pipe -pthread -o mimedefang mimedefang.o drop_privs_threaded.o utils.o rm_r.o syslog-fac.o /usr/lib/libmilter.a -lpthread /usr/lib/libmilter.a(errstring.o)(.text+0xd6): In function `sm_errstring': : undefined reference to `ldap_err2string' The undefined reference is apparently in libmilter.a and it seems (Google again) that the ldap_err2string symbol comes from the openldap library. Is it possible that the build of libmilter is not picking up libldap from /usr/local/lib? OK, this seems to be the same problem that was reported in (at least) PR ports/95646 http://www.freebsd.org/cgi/query-pr.cgi?pr=95646 and PR ports/95647 (both ports which would not build with an LDAP-enabled core sendmail). The solution proposed in ports/95646 was to make the various Sendmail LDAP options in /etc/make.conf invisible to libmilter. This certainly works - it prevents a build of libmilter passing the LDAP flags through to libsm at this line in the build of /usr/src/lib/libmilter: cc -O2 -fno-strict-aliasing -pipe -I/usr/src/lib/libmilter/../../contrib/sendmail/src -I/usr/src/lib/libmilter/../../contrib/sendmail/include -I. -DNOT_SENDMAIL -Dsm_snprintf=snprintf -D_THREAD_SAFE -DNETINET6 -I/usr/local/include -DSASL=2 -c /usr/src/lib/libmilter/../../contrib/sendmail/libsm/errstring.c libsm/errstring.c refers to ldap_err2string in a conditional testing on LDAPMAP. ldap_err2string is declared in the #included /usr/local/lib/ldap.h. (I didn't search for where it's defined). It looks as though the problem is less with ports, and more with a subtle breakage of the core sendmail when built with LDAP - specifically in building libsm/errstring.c as part of the libmilter build. Is pretending that LDAPMAP is not set while compiling libmilter the right solution? Should the necessary changes to /etc/make.conf be documented somewhere or even automated in some way? I have spent five days trying to solve this. I have rewritten my /etc/make.conf as follows: WANT_OPENLDAP_SASL=true SENDMAIL_CFLAGS = -I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS = -L/usr/local/lib SENDMAIL_LDADD = -lsasl2 .if ${.CURDIR} != /usr/src/lib/libmilter SENDMAIL_CFLAGS += -DLDAPMAP SENDMAIL_LDADD += -lldap -llber .endif This works but it Just Feels Wrong. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Base sendmail: undefined symbol in libmilter when -DLDAPMAP set in make.conf
This summarises the conversation I have had with myself on the list over the last few days: I'm not sure whether this is really a question or a potential PR. I am running FreeBSD-6.1-RELEASE-p5 (cvsup on 6 September). One of the source files for a rebuild of /usr/src/contrib/sendmail/libmilter is /usr/src/contrib/sendmail/libsm/errstring.c. If SENDMAIL_CFLAGS in /etc/make.conf contains -DLDAPMAP (and SENDMAIL_LDADD contains -lldap -llber) when libmilter is rebuilt, LDAPMAP enables a conditional compilation in errstring.c of a call to ldap_err2string. The resulting libmilter.a contains an undefined reference to that symbol, which prevents building some ports which use milters (at least mail/mimedefang as per my experience, mail/sentinel as per PR ports/95647 and security/amavisd-milter as per PR ports/95646). There is a suggested fix under ports/95646, which is to ensure that when building libmilter, the SENDMAIL_CFLAGS and SENDMAIL_LDADD do *not* contain -DLDAPMAP and -lldap -llber respectively. I have used the following in /etc/make.conf to do this: SENDMAIL_CFLAGS = -I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS = -L/usr/local/lib SENDMAIL_LDADD = -lsasl2 .if ${.CURDIR} != /usr/src/lib/libmilter SENDMAIL_CFLAGS += -DLDAPMAP SENDMAIL_LDADD += -lldap -llber .endif It appears to work but it does seem... less than elegant. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Auto Create home directory
On Friday 27 October 2006 14:19, Ansar Mohammed wrote: Hello, I have a network based on FreeBSD and I have a centralized ldap server running OpenLDAP. I am using ldapeditor (http://www.ldapeditor.com http://www.ldapeditor.com/ ) to manage the accounts. However, ldapeditor is a Windows program and it does not have a way to auto create user home directories. How can I auto create home directories? I installed security/pam_mkhomedir from ports and added sessionrequired/usr/local/lib/pam_mkhomedir.so to the session stanzas of the relevant files in /etc/pam.d Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fetchmail: Error message in maillog
On Saturday 04 November 2006 20:08, Gerard Seibert wrote: FreeBSD 6.1 Fetchmail release 6.3.5+RPA+SDPS+SSL+OPIE+NLS. I had been running fetchmail without incident for over a year. I then did something stupid; I updated it. Now, it produces this error message in the /var/maillog file: Nov 4 12:57:52 scorpio fetchmail[734]: connection to localhost:smtp [::1/25] failed: Connection refused. Possibly silly question: it's failing to connect to the IPv6 loopback. Is it possible that something changed as regards IPv6/IPv4 as part of the update? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portupgrade wishlist (was Re: portupgrade forget package options)
On Tuesday 07 November 2006 01:26, Josh Carroll wrote: [snip: portupgrade waiting in config dialogs] Some ports have a config make target which will save options. For ports that do not, you can use pkgtools.conf and set MAKE_ARGS for that port. I know the answer is probably going to be one of: a) you have the source; b) it's too hard; c) you can already do it by ; but I would very much like to see an option added to portupgrade like the -F/--fetch-only option for fetching distfiles, which would run any config target (recursing to required/dependent packages according to flags), and then stop. It could be called something like --configure, and abbreviated -j (mnemonic jumpstart: I'm reaching, since portupgrade is running out of meaningful single-letter options), and used like: portupgrade -Nj # jumpstart config dialogs for port and requirements portupgrade -F # fetch distfile(s) portupgrade -NR # install/upgrade ports and requirements, unattended This would allow ports and their requirements/dependents to be configured interactively at the first step, and compiled/installed unattended at the last step. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cacti -vs- mrtg
On Tuesday 07 November 2006 09:48, Jeff Mohler wrote: I can use MRTG, and have MRTG do what I want it to do. Id like to try cacti, but..am I alone in finding that it's a PITA? Im not trying to be negative, just looking for a reality check. I like the simplicity of mrtg, but I like the go back in time of cacti to view performance data. I wasn't keen on cacti just because I have an irrational dislike of PHP. I installed cricket (written in Perl), which ISTR also takes a bit of wrestling to configure, but seems to work well enough. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: multiple ports trees
On Wednesday 15 November 2006 01:24, Greg 'groggy' Lehey wrote: On Thursday, 9 November 2006 at 8:46:00 -0600, Christopher M. Hobbs wrote: [sharing ports tree] Also, what about user accounts between machines? With NFS you typically have the same user ID on all related machines. I got to thinking that because some of the servers have the same user accounts, would it be possible to share a password file or home directories? Yes, again with some caveats. The biggest ones are configuration files in the home directory that contain references to the system you're working on. My biggest problem is the .emacs file: it refers to packages that I have installed on some systems only. The issue which bit me when doing this was that many ports add a user using pw(8) (as indeed the Porter's handbook advises them to), and this uses the ``next available'' uid. In my case, on one server I added net/isc-dhcp3-server from ports before setting up LDAP: the result was a uid clash between the dhcpd user created by the port, and a human user in LDAP. Even if LDAP had been set up, I would still have had to note, the next time I needed to add a human user, that the ``next available'' uid was being used by a port on one particular server. I'm now in the process of creating two ranges of user numbers: one available to pw(1) and ports (through pw.conf(5) settings) and a separate range for human users - see my earlier post to this list (12 Oct 2006) for more. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: It's time to bite the bullet and do a major upgrade from 4.11 to 6.0
On Tuesday 14 November 2006 18:13, Scott Schappell wrote: The writing is on the wall and all that stuff. I've put this off long enough. What needs to be done to upgrade from 4.11 to 6.x? I have an extensive amount of ports installed and in googling and searching the list, it seems I need to make a jump to 5.2 then from there to 6. I'm about to do this, but I've opted for a clean install, as others have suggested - but with a twist. I've installed an additional drive the same size as the original (80GB) - I'm going to install on the new drive, transplant data as needed from the old drive, and when I'm happy with everything, use gmirror to turn both drives into a little RAID-1 plex. I'm also trying to do it remotely, with ssh access to the distant box and one right next to it, and a null-modem cable between them to give me serial console access during the upgrade. If it works I'll detail the steps here, as I wasn't able to find a quick and easy guide to this process anywhere. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
gmirror (was Re: It's time to bite the bullet and do a major upgrade...)
On Wednesday 15 November 2006 16:58, John Nielsen wrote: It is possible to convert regular devices into gmirror members after they have data on them, but unless you're extremely careful there's a small risk of the gmirror metadata sector overlapping a data sector. OK, I see the warning in the gmirror(8) manpage that gmirror metadata overwrites the last sector of the provider. Is that sector more likely, or less likely, to be in use than any other sector on a non-full disk? If it's equally or less likely the risk is extremely small - which I know is no consolation when it happens! In this case, I'm doing something of a ``stunt upgrade'' anyway: I have two remote boxes to upgrade to 6.1, one of which is running 5.4-RELEASE and one 4.8-RELEASE. Both boxes have 80GB drives, and on my last flying visit I added to each box a blank 80GB drive and a null-modem serial link to a neighbouring ssh-accessible box. The plan is to ssh to the neighbour box, establish a serial console on the upgrade target, install 6.1 from scratch over the network on the blank drive and then make it the only drive in a gmirror. Once that's done, data can be migrated from the original drive, which can then be added to the mirror. I have successfully carried out the procedure on a box in my office (so that I could intervene when it all went horribly wrong, several times) and am in the process of documenting it: as I said earlier, I couldn't find an easy guide to all this anywhere - perhaps not surprising as it's an odd thing to want to do. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gmirror (was Re: It's time to bite the bullet and do a major upgrade...)
On Wednesday 15 November 2006 18:52, John Nielsen wrote: [risk that last sector of geom(4) provider is already in use] It's generally significantly less likely to even be available for use due to device sizes not dividing evenly into the block sizes used by the filesystem, etc. Depending on what type of device you actually pass to gmirror as a consumer (raw disk, slice, or partition), it should be possible to manually ensure that there are a couple unused sectors at the end. It just depends on how paranoid (or possibly other more reasonable terms) you are. I've always maintained that the correct question to ask a sysadmin is not Are you paranoid? but rather Are you paranoid *enough*? grin / Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Remote upgrade 4.8 to 6.0
OK, I said I was intending to try this. I've carried out the following procedure on a test box in my office: before I do it with a live server 400 miles away, can anyone see any problems I've overlooked? I have two boxes on the remote site - call them server and gateway. I have ssh access to both boxes and a null-modem serial cable linking their serial ports. server is running FreeBSD 4.8 on an 80GB hard drive (ad0), and has a second brand-new 80GB hard drive (ad2). gateway is effectively acting as a serial terminal server. Copy the following files from a FreeBSD 6.0-RELEASE CD to ~root on server (I'm sure it works with 6.1 too, but 6.0 was what I had to hand for testing): boot/boot1 boot/boot2 boot/loader boot/mfsroot.gz boot/device.hints boot/kernel/kernel and edit device.hints to add set to the start of each line (that's ``setspace''). (I couldn't find another way to include the device hints when we get to that part of the loader sequence). Use disklabel to upgrade the boot blocks on the FreeBSD slice: disklabel -B -b /root/boot1 -s /root/boot2 ad0s1 This is so the bootloader will be able to read the UFS2 filesystem you are about to create. (Is it a problem to change the label on the slice rather than the root `a' partition within the slice - which you can't do with / mounted?) Establish the serial console link from gateway to server and echo ``/boot/loader -h'' /boot.config on server. Reboot server, get past the initial bootblock prompt, and interrupt kernel booting to get to a loader prompt. Enter the following: unload load /root/kernel include /root/device.hints load -t mfs_root /root/mfsroot set vfs.root.mountfrom=ufs:/dev/md0c boot You are now running FreeBSD 6.0 sysinstall from a memory disk on a serial console. Carry out the installation on ad2 (in theory, you could actually do this on ad0 if you wanted to blow away your original installation and didn't have a spare drive installed), remembering to visit the configuration menu and edit /etc/ttys to enable serial console login. Because the install was done over a serial link, the installed system should be configured for serial console. Reboot. At the bootblock prompt, enter 1:ad(0,a) to boot from the new drive. You should now be running FreeBSD6 multiuser, with a serial console for login, off ad2, and you can configure it, copy data from the old installation on ad0, etc. (My intention is to set up ad2 as a gmirror drive at this point - there is the extremely unlikely, but possible, risk of loss of data from adding the metadata to the last sector. I want to take the risk early before transferring too much data!). If you reboot the box it will drop to a bootblock prompt from the 4.8 installation: if you want to change that, put 1:ad(0,a) -h in /boot.config. The BIOS will still start the boot process from ad0, the lowest-numbered drive, but the bootblock will switch over to the other drive. Once that's done, and the 4.8 installation is no longer needed, ad0 can be added to the mirror. Comments, anyone? Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pb installing P5-BerkeleyDB
On Thursday 07 December 2006 15:06, Len Conrad wrote: Checksum mismatch for bdb/db-4.1.25.tar.gz. Checksum OK for bdb/patch.4.1.25.1. === Refetch for 1 more times files: bdb/db-4.1.25.tar.gz === Vulnerability check disabled db-4.1.25.tar.gz doesn't seem to exist in /usr/ports/distfiles/bdb. Attempting to fetch from http://www.sleepycat.com/update/snapshot/. fetch: http://www.sleepycat.com/update/snapshot/db-4.1.25.tar.gz: Moved Permanently Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/bdb/. fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/bdb/db-4.1.25.tar.gz: size mismatch: expected 3080234, actual 2901161 The problem is that Sleepycat repackaged their tarball at some point this year, changing the filesize and checksum without changing the version number. I have a feeling I got round this on one box by upgrading the ports tree (which of course adds its own problems with newer ports, dependencies etc), and on another box by copying the checksum and file size from http://www.freshports.org/ into the port's distinfo. It is an extremely irritating problem: in an ideal world no-one would ever change the size/checksum of their main distfile without also changing the filename/version number, even if only slightly. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd
On Sunday 30 March 2008 14:25, computer tech wrote: Secondly I am currently doing my systems page on my website and currently doing network based systems and the operating system would be FreeBSD and a few other distributions of linux This is the second time I've seen this misunderstanding (FreeBSD and other distributions of Linux) on this list in a matter of hours. FreeBSD is not a distribution of Linux: it's a separate operating system, descended from one of the branches of Unix - the OS, originally from Bell Labs, which has sired many others and inspired many more, including Linux. There is a lot more to Unix and Unix-like operating systems - even just the freely-available ones - than only Linux. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: building a distribution server
On Saturday 05 April 2008 04:23, Steel City Phantom wrote: i have about 10 production servers that i want to upgrade to bsd 7 and update all their ports in one shot. the problem is the down time. im wrapping up upgrading a 6.3 to 7 and its taken over 7 hours so far. thats way too long for our machines to be down. the biggest slow down is the downloading of files. just sitting watching things i would say 70% of the time is downloading files. is there a way where i can build a distribution server that has everything i could possibly need to upgrade a machine from any 6.x to 7.0 and redo all the ports on that machine and have a cron job keep everything up to date on that server and when i upgrade a new machine, it simply goes to my internal distribution server to get the files. I have a fast machine which has the source and ports trees on it. It also has the kernel configurations for all the machines I use (GENERIC, SMP, and two others, IPFWD for a firewall which does IP forwarding and SERIAL for a box which has a multiport serial card in it). That box doesn't do anything else. In its /etc/make.conf is the line KERNCONF=GENERIC SMP IPFWD SERIAL which has the effect of building all four kernels but installing the first-mentioned. Other boxes have their KERNCONF set in make.conf and only need to make installkernel after the build box has finished to get the appropriate one. It also has a full ports tree and I have created the directory /usr/ports/packages (it gets messy if you don't). All the other boxes mount /usr/src, /usr/obj and /usr/ports over NFS. They all use portupgrade which is configured to use /usr/bin/false to fetch packages instead of /usr/bin/fetch. They are also configured to build ports locally but store distfiles and packages on the NFS server. When I build and install a port, I use portupgrade -NRPp which upgrades ports, installing if necessary and building requirements as well (-N -R). It checks for a package in /usr/ports/packages (-P); if it can't find it it checks the 'Net using /usr/bin/false (which of course fails immediately) and then builds from source, creating a package at the end (-p). This means each port gets downloaded once, and then built once if it can be packaged - but it also deals with ports that can't be packaged, like sysutils/screen. By not using -P you can also build the port separately with different options on different machines. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [7.0] Openldap client
On Friday 11 April 2008 16:03, Konrad Heuer wrote: On Fri, 11 Apr 2008, [EMAIL PROTECTED] wrote: fetch: http://www.padl.com/download/nss_ldap-257.tar.gz: size mismatch: expected 229242, actual 229299 Anyone, can tell me, how to install openldap client on Freebsd 7-Stable ? I do not know why /usr/ports/net/nss_ldap/distinfo contains a different file size (and probably inappropriate checksums), but you can just edit /usr/ports/net/nss_ldap/distinfo and put in what you find (start with size only, later by using md5 and sha256 utilities in /sbin to calculate checksums after the file has been fetched /usr/ports/distfiles). Check http://www.freshports.org/net/nss_ldap - the most recent checkin message (2007-12-16) states that the original author rerolled the distfile without making any changes. There are at least a couple of ports where distributors sometimes repackage the source tarball and don't bother to change the version number because they haven't changed anything else. You can either choose to ignore, or manually change, the filesize and checksum, or just bring the ports tree up to date and try again. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: useradd adduser
On Thursday 17 April 2008 08:35, Ruel Luchavez wrote: Hello, I keep on thinking guys what is the difference between useradd adduser command? Ruel You really need to start reading the documentation. FreeBSD is about the best documented operating system and environment there is, and the Handbook will tell you just about everything you need to know. If you keep coming to freebsd-questions and expecting to be spoon-fed answers you've obviously made no effort to look for, people will start to lose patience. The main difference between useradd and adduser is that useradd doesn't exist (at least, not on any of the FreeBSD boxes I'm running which range from 4.9 (hideous legacy cruft) to 6.3). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]