init(8) not executing everything cron, getty on some hosts
Hi, I've been experiencing a strange problem with one of my hosts (I think, since upgrading to 9.1-RELEASE). The host does not start several services after booting, especially no getty(8)s and no cron(8). When starting these services manually, it does so without flaw (you can login via ssh). I thought about that maybe being a hardware failure, as this host also refuses to boot 9.2-RELEASE because of something timer-specific. Now, upgrading two other hosts to 9.2-RELEASE, one of them with the same hardware, they suddenly show the same behaviour: No getty(8)s are started (though by hand, it works), no cron (by hand, again, it works), and on one host no kdc (again, by hand you can start it). On the other hand, another host upgraded to 9.2-RELEASE behaves as it should, starting all services. On the console, there are no errors, there is just no further message after the last service (ntpd or sshd) is started. I don't think it's a hardware issue, as one of the three machines runs on different hardware than the other two (which are identical). Everything is as standard as possible. My ttys(5) is the standard one (comments and serial line left out): console noneunknown off secure ttyv0 /usr/libexec/getty Pc xterm on secure ttyv1 /usr/libexec/getty Pc xterm on secure ttyv2 /usr/libexec/getty Pc xterm on secure ttyv3 /usr/libexec/getty Pc xterm on secure ttyv4 /usr/libexec/getty Pc xterm on secure ttyv5 /usr/libexec/getty Pc xterm on secure ttyv6 /usr/libexec/getty Pc xterm on secure ttyv7 /usr/libexec/getty Pc xterm on secure ttyv8 /usr/local/bin/xdm -nodaemon xterm off secure My rc.conf(5) (this should not affect starting gettys), the second host does not even have jails: fsck_y_enable=YES dumpdev=AUTO ip_kerberos2=XXX ip_ldap1=XXX hostname=XXX ipv4_addrs_bge0=XXX $ip_ldap1 $ip_kerberos2 defaultrouter=XXX ezjail_enable=YES jail_flags=-s 3 nfs_client_enable=YES rpcbind_enable=YES rpc_statd_enable=YES rpc_lockd_enable=YES kerberos5_server_enable=YES saslauthd_enable=YES saslauthd_flags=-a kerberos5 slapd_enable=YES slapd_flags='-c 147 -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap:/// ldaps:///' slapd_sockets=/var/run/openldap/ldapi slapd_sockets_mode=666 nrpe2_enable=YES nut_upsmon_enable=YES munin_node_enable=YES sshd_enable=YES ntpd_enable=YES ntpd_sync_on_start=YES fscd_enable=YES bsdstats_enable=YES Do you have any clues what could have gone wrong? freebsd-update's IDS does not show any wrong checksums. Regards, Julian signature.asc Description: PGP signature
Re: init(8) not executing everything cron, getty on some hosts
Hi, On Mon, 7 Oct 2013 10:47:09 +0200 Julian Fagir wrote: I don't think it's a hardware issue, as one of the three machines runs on different hardware than the other two (which are identical). I have to update on that: The two servers with the identical hardware are the ones with the real issue. It's about a Proliant DL385 G1. The other one just got into an inconsistent state with the update, thinking it's with 9.2-RELEASE, but apparently not having upgraded anything. Regards, Julian signature.asc Description: PGP signature
Re: icons
Hi, where are located icons of apps such as browsers,etc? that depends on the software itself and the wm you are using. For Gnome, KDE and Xfce at least you can look at /usr/share/icons (/usr/local/share/icons resp.), but menu entries as Freedesktop defines can also have absolute paths. Regards, Julian signature.asc Description: PGP signature
Re: xscreensaver
Hi, what contents should be placed into /etc/pam.d/xscreensaver ? that depends solely on your system's configuration. You should say what your window manager is, how you authenticate, etc. If you have only a single-user system, taking the authentication-part should be sufficient. I don't know about the generic pam-scripts of FreeBSD, but e.g. `grep ^auth /etc/pam.d/login /etc/pam.d/xscreensaver` could already do the job. Regards, Julian signature.asc Description: PGP signature
Re: hello
Hi, can you help me, i will freebsd 8.1 32bit downgraden to freebsd 7.1 or 7.2 as ? I think you ask on one of the regional mailing lists in your mother tongue. According to your errors (German, Dutch?), your language has a regional mailing list, just have a look at: http://www.freebsd.org/community/mailinglists.html Anyway, you should define your problem more precisely and read the netiquette, probably some more conservative people will be offended by your post (name, subject, language). Regards, Julian signature.asc Description: PGP signature
Re: hello
Hi, Huh?? The only thing wrong is missing a meaningful subject -- which can cause people to ignore the post. I don't feel offended myself... But I read several times people (though mostly news) who would feel so by the subject, the name (translated to don't care don't care) and the lack of information, and of not having tried everything else one can think of before mailing. And I know I'm contributing now myself by placing off-topic posts on (n)etiquette when it wasn't asked for nor even necessary to give that advice... ;) But, the question is quite clear, though I have no idea why [s]he wants to do that downgrade and might want to explore that before encouraging that move. That was what I was looking for, and for what was already done and how the system is usually updated (binary, sources) or if it was ever updated, and what the system does, i.e. which software is installed. And even why it shall be 7.2 or 7.1 and nothing newer. Regards, Julian signature.asc Description: PGP signature
Re: New to FreeBsd
Hi, I am new to the Free BSD and i have a question on how to install a packet.What i have to type to download a python editor?I cant find the right packet name.Thank you very much. there are mainly two ways to install packages - via ports (i.e. you compile it yourself) or via pkg_add. The first is usually the preferred way, but you need to have the ports-collection installed. You can read about the packages system in the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html Regards, Julian signature.asc Description: PGP signature
Re: How long laptop battery should live ?
Hi, I just looked into a batt for my daughters dell, her li-on lasted 14 months, now on full charge it only lasts 40 mins... Terrible. If you can get 2 years out of a batt ur lucky. I read some tech docs on li-on cells; if you can store at 50% charge in the fridge and when in use don't let it run down 100%. in my opinion, there's just one rule: Don't trust anybody. There are so many people who claim do be professionals, who say totally contrary things. On the one hand, there are many 'facts' which are falsely applied to LiIon-batteries which don't apply. On the other hand, there are many stories people remember from years long ago or from cheap notebooks without an 'intelligent' battery. Just to add another story from me: I have two batteries in my notebook, the one is always drowned to zero before the other one is being used (no, there are no possibilities to control that in my case). The one being drowned first, though not that often used that hard (appr once a week) was nearly dead after 1 1/2 years (6/23Wh), while the other one still has 23/27Wh. Regards, Julian signature.asc Description: PGP signature
Escaping from shell-scripts
Hi, I'm planning a service with a login-user-interface. Thus, I want to restrict the user somehow to this script and to do nothing else. The straight-forward way would be to write this script, have all input parsed by read and then let the script act according to this input (let's assume that these tools are secure, it's just cp'ing and writing to non-sensitive files. Are there possibilities to escape from such a script down to a prompt? On the other hand, if I would take python for this, so a python-script is executed, are there ways to get to a generic python-prompt? The restriction to that script would be done by either setting the login-shell to that script, setting the ssh-command for that account/key (and ensuring that it can't be altered), or both. All in all, this is a more general question I have for quite a time: Can you use shell-scripts for security-relevant environments? Does an attacker have the possibility to escape from a script down to a prompt? I'm not that into shell-programming and there are too many legacies about terminals (some time ago, I had to cope with termcap...) and shells which one just can't all know. E.g., it was just a few days ago I found out what a terminal-stop means and that it is still interpreted by screen, though using it for several years now. Regards, Julian signature.asc Description: PGP signature
Re: how to generate pi in c
Hi, just to get more off-topic... ;-) On Mon, 8 Nov 2010 20:01:19 +1100 (EST) Ian Smith smi...@nimnet.asn.au wrote: And while a square enclosing a circle, it's hardly squaring the circle: http://en.wikipedia.org/wiki/Squaring_the_circle .. but an interesting read nonetheless for unrequited seekers of pi-foo :) In our case, it is as possible/exact as computing pi. When computing pi, you resolve to the same problem as you have when 'squaring' a circle: Transcendental numbers over the given field. Just having rational numbers, you can just approximate pi, and as a human or computer, one doesn't have the power to imagine pi or give it an exact value. And I don't know, but doubt there's someone who can imagine anything else than rational or at least over Q algebraic numbers. The same with the squared circle: You can approximate it, but over the the field of the constructible numbers, the length is transcendental, so you cannot exactly draw it without further assumptions. Regards, Julian signature.asc Description: PGP signature
SAS2-controller for 64bit-FreeBSD
Hi, I'm going to buy a new storage-server and don't know yet which storage-controller to take. We found it the cheapest way to buy an external jbod-storage and a small server with an sas-controller. The chosen jbod will support SAS2, and as the system will have to last at least three years, we want something that can cope with growing disk-io - especially when using several raidzs and generating more and more overhead. Our vendor suggested us a LSI 9200-8e or 9280-4i4e [and a mainboard with onboard LSI2008]. But after searching a bit, I did not find anyone who uses this one in FreeBSD yet. There are 32bit-drivers directly from LSI, but we want to use the 64bit-port. New drivers were uploaded in September, but no reviews yet whether they work.u If you were to buy a sas2-controller, which one would you take? Or did anyone test these new drivers? Btw: The chassis will be a SuperMicro 847E-RJBOD1 - do you have any experience with that one? Is it recommendable? Regards, Julian signature.asc Description: PGP signature
Re: how to generate pi in c
Hi, Does anyone has a generate-pi.c source code? The solution of Ivan Klymenko is surely much more suffisticated, but as I wrote this down, I just want to publish it... ;-) 1 #include stdlib.h 2 #include string.h 3 #include stdio.h 4 5 // Change this for a more accurate result. 6 long max = 1; 7 double a, b; 8 double pi; 9 long counter; 10 long i; 11 12 int main() { 13 for (i = 0; i max; i++) { 14 a = drand48(); 15 b = drand48(); 16 if (a*a + b*b = 1) 17 counter++; 18 } 19 pi = 4*counter; 20 21 printf(%e\n, pi); 22 return(0); 23 } Note that the result must be shifted to the potence of the max-int. I didn't care for the problems with long-lengths now, but just dividing would not have done the job. Also, this implementations is stupid, as you see, no caring for the lengths of the variables in the computer, if you go too far with your max, you will surely become problems with the maximum number that can be represented. The detail of this approximation heavily depends on the pseudo-rng you are using, as does its correctness (e.g., when your 'rng' always returns 10, pi would be computed to be 10). But if you have a good prng, it can approximate pi to a fair amount of numbers. If you had *real* random numbers (whatever that might be), you could even be more approriate. This approximation is stupid, but I like the simplicity of it (we did it in uni last year). Just take 'random' numbers and look whether they are in a circle (that's the a*a + b*b = 1). Regards, Julian signature.asc Description: PGP signature
Re: version of slapd?
Hi, [r...@lbsd2:/usr/home/bluethundr]#/usr/local/etc/rc.d/slapd -V /usr/local/etc/rc.d/slapd: unknown directive '-V'. Usage: /usr/local/etc/rc.d/slapd [fast|force|one](start|stop|restart|rcvar|status|poll) [r...@lbsd2:/usr/home/bluethundr]#su - root Password: Last login: Thu Nov 4 18:44:15 on pts/0 LBSD2# slapd -V slapd: Command not found. slapd is located in libexec of your local directory, i.e. /usr/local/libexec/slapd which is usually not in your PATH. The rc.d-script is just the startfile, not the executable itself. Alternatively, you can look at the version of your installed package, e.g. pkg_info | grep openldap Regards, Julian signature.asc Description: PGP signature
Re: Clarification: Jail -vs- Chroot
Hi, 1.) FreeBSD has both chroot capability as well as jail capability. Yes, it has both of them. You still want to use chroot, also it is kind of 'part' of a jail (technically perhaps it's implemented separately). 2.) Only FreeBSD has true, jail functionality? Yes?...No? In Solaris, you have zones, and there are several projects to do the same thing with Linux (Linux-vserver etc). 3.) When reading something (book, article, etc.), is there a way to determine if the author is, in fact, talking about truly a jail or are they really just referring to a chroot environment? For example, I have a book (Preventing web attacks with Apache) that says: Chroot is short for change root and essentially allows you to run programs in a protected or jailed environment. The main benefit of a chroot jail is that the jail will limit the portion of the file system the daemon can see to the root directory of the jail. Additionally, since the jail only needs to support Apache, the programs available in the jail can be extremely limited. Usually, only FreeBSD-specific books will talk about jails, as chroot is the generic Unix-way for that. Anyway, in many cases you can use a jail for the same things a chroot-environment is talked about. In this case, I think he's really talking about a chroot, as he's only talking about the file system, not the network etc. 4.) Jail is the more secure of the two options? I cannot really answer this, but a jail is the more separated way. So, I would say, a jail is more secure. If the extras of a jail are not needed, it is perhaps more insecure, as there are more points to break into theu system. But, don't rely on my answer, I never looked at the kernel-side of jails the very technical way. 5.) When would you typically use a jail -vs- a chroot? The new, 2nd edition of Absolute FreeBSD says: Chrooting is useful for web servers that have multiple clients on one machine—that is, web servers with many virtual hosts. On the FreeBSD-machines I manage, I use chroot for the services that are not that security-relevant or can easily be separated, i.e. on some distributions you can put your apache or bind easily into a chroot-environment. Also, a chroot-environment can have other targets than a jail, e.g. if you only want to have another file system-visibility instead of a new jail as you do when you have to start with a live-cd into a non-booting system. Sorry for my English. :) Regards, Julian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SSH root login with keys only
Hi, Is it possible to configure sshd such that both conditions are met: 1. Root will be able to login only by using keys 2. Normal users will still be able to use pam/keyboard-interactive perhaps the sshd-option PermitRootLogin does match your requirements. To be found in sshd_config (5). Regards, Julian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SunFire X2100 fails
Hello, I recently got a SunFire X2100 to play with (first version, not M2). Linux (Debian) and 7.2-RELEASE works without problems, just installs straight-away and runs fine (currently 31 days uptime). But 8.0-RELEASE does not work, neither when being upgraded nor when installing from CD or memstick. The problem is: The kernel does not recognize the slices and partitions. When installing it, the installer shows me a single slice on each of the two hard disks though there are more. It also shows a warning about a GPT-label, no matter whether there is a GPT or MBR on it. After reslicing and -partitioning them, the installer fails when creating a filesystem on them, saying the devices (in this case the partitions) are not configured. Looking at the disk with Linux shows me that the partitions and slices were created properly at this point. When upgrading from 7.2 to 8.0, I'll be dropped to the mount-shell when restarting after doing the freebsd-update of the kernel. The possible mount-options the kernel recognizes are two labels (mbr/hdds, I think), the disks themselves and one slice on each disk, no partitions nor the other slices. Nothing capable of booting is found on the disks/slices anyway when I try to boot from them. As I currently have 7.2 on it, I can only show you the information I'll get from that one. # lspci 00:00.0 Memory controller: nVidia Corporation CK804 Memory Controller (rev a3) 00:01.0 ISA bridge: nVidia Corporation CK804 ISA Bridge (rev a3) 00:01.1 SMBus: nVidia Corporation CK804 SMBus (rev a2) 00:02.0 USB Controller: nVidia Corporation CK804 USB Controller (rev a2) 00:02.1 USB Controller: nVidia Corporation CK804 USB Controller (rev a3) 00:06.0 IDE interface: nVidia Corporation CK804 IDE (rev f2) 00:07.0 IDE interface: nVidia Corporation CK804 Serial ATA Controller (rev f3) 00:08.0 IDE interface: nVidia Corporation CK804 Serial ATA Controller (rev f3) 00:09.0 PCI bridge: nVidia Corporation CK804 PCI Bridge (rev a2) 00:0b.0 PCI bridge: nVidia Corporation CK804 PCIE Bridge (rev a3) 00:0c.0 PCI bridge: nVidia Corporation CK804 PCIE Bridge (rev a3) 00:0d.0 PCI bridge: nVidia Corporation CK804 PCIE Bridge (rev a3) 00:0e.0 PCI bridge: nVidia Corporation CK804 PCIE Bridge (rev a3) 00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration 00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map 00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control 01:05.0 VGA compatible controller: ATI Technologies Inc Rage XL (rev 27) 04:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express (rev 11) 05:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (rev 06) 05:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (rev 06) Regards, Julian Fagir ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org