Re: sudo and globbing
There are so many differences between Linux and every other flavour of UNIX; like OpenBSD, AIX, Solaris, etc, that WTF is your point?? Really? What about Gnu's Not UNIX don't you get? This crap is just trolling, IMHO. On Fri, Jan 8, 2016, at 09:27 AM, Alexander Hall wrote: > On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B wrote: > >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: > >> And what about difference? Explain please. > >> > >> > > I discovered an article about sudo and globbing[1] and > >> > > there's difference how it does work on Linux and OpenBSD. > >> > > >> > http://zurlinux.com/?p=2244 > >> > > >> > > - openbsd > >> > > > >> > > # su -s /usr/local/bin/bash - nobody > >> > > No home directory /nonexistent! > >> > > Logging in with home = "/". > >> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" > >> > > -rw--- 1 _tor _tor20442 Dec 10 11:32 > >/var/tor/cached-certs > >> > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 > >> > /var/tor/cached-microdesc-consensus > >> > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 > >/var/tor/cached-microdescs > >> > > -rw--- 1 _tor _tor0 Jan 7 17:23 > >> > /var/tor/cached-microdescs.new > >> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" > >> > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp > >dev > >> > etc home mnt root sbin sys tftpboot tmp > >> > usr var > > > >^^^ here '*' gets expanded inside original user's shell. > > I see no way that glob would result in the contents of the root > directory. > > Here's my guess: everything after -s is concatenated and whitespace > separated, effectively turning the example into > > bash -c ls -l /var/tor/cache* > > Thus, start bash and ask it to run "ls". Also pass "-l" and > /var/tor/cache* as $0, $1... The latter of which is pretty pointless. > > Thus could be a matter of different default configurations between $LINUX > and openbsd. > > /Alexander > > > > >> > > - linux > >> > > > >> > > [root@slot-1 ~]# su -s /bin/bash nobody > >> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" > >> > > -rw---. 1 root root 26470 Dec 22 17:52 > >/var/cache/ldconfig/aux-cache > >> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" > >> > > -rw---. 1 root root 26470 Dec 22 17:52 > >/var/cache/ldconfig/aux-cache > > > >^^^ here '*' gets expanded probably later, as original user does > >not have access to /var/cache/ldconfig at all. > > > >In both cases original user does not have access to /var/tor, > >respecively > >to /var/cache/ldconfig. > > > >So the question is: why does same command on equally "restricted" dir > >path gets different output - why on openbsd does '*' get expanded > >immediatelly but on linux is it taken into account somehow by sudo > >(?)... > > > >j.
Re: Alt key doesn't work
If it changes console with Alt then it is getting the keypress. You might try out getting its keycode with xev and mapping it to proper Alt with xmodmap. On 2016-01-09 03:54, Teng Zhang wrote: hi, the Alt key doesn't work on my machine in most cases except for changing console(Crtl+Alt+F_number). So, what key i can use to replace Alt.
Alt key doesn't work
hi, the Alt key doesn't work on my machine in most cases except for changing console(Crtl+Alt+F_number). So, what key i can use to replace Alt.
Re: PF: can't make queueing and priority work as expected
On Fri, 8 Jan 2016 11:13:08 -0500 sven falempin wrote: > You will need to forward the all rule set i think, maybe the set prio > 0 is erased by a further rules, try to pass in quick those p2p > traffic before maybe ? I had the luxury of ditching the complete ruleset for very simple one: ---pf.conf-start--- # RUNTIME OPTIONS set skip on lo0 # INTERFACES if_int = "re2" if_ext = "pppoe0" # HOSTS & NETWORKS localnet = "{ 192.168.33.0/24 }" # PORTS both_p2p = "{ 1000:65535 }" # NAT match in all scrub ( no-df random-id max-mss 1440 ) match out on $if_ext inet from $localnet to any nat-to ($if_ext:0) # RULES block drop log all pass inet from ($if_ext:0) to any pass inet from $localnet to any pass inet proto tcp from ($if_ext:0) to any port $both_p2p \ set ( prio 0 ) pass inet proto tcp from $localnet to any port $both_p2p \ set ( prio 0 ) pass inet proto udp from ($if_ext:0) to any port $both_p2p \ set ( prio 0 ) pass inet proto udp from $localnet to any port $both_p2p \ set ( prio 0 ) ---pf.conf-end--- Actual ruleset (as seen by pfctl -sr output) is as follows: ---pfctl-sr-start--- match in all scrub (no-df random-id max-mss 1440) match out on pppoe0 inet from 192.168.33.0/24 to any nat-to (pppoe0:0) block drop log all pass inet from (pppoe0:0) to any flags S/SA pass inet from 192.168.33.0/24 to any flags S/SA pass inet proto tcp from (pppoe0:0) to any port 1000:65535 \ flags S/SA set ( prio 0 ) pass inet proto tcp from 192.168.33.0/24 to any port 1000:65535 \ flags S/SA set ( prio 0 ) pass inet proto udp from (pppoe0:0) to any port 1000:65535 \ set ( prio 0 ) pass inet proto udp from 192.168.33.0/24 to any port 1000:65535 \ set ( prio 0 ) ---pfctl-sr-end--- Situation is still the same: torrents being downloaded at full speed (~8Mbit/s), simultaneous download of install59.fs from ftp.openbsd.org averages at ~6Kbit/s. Can anyone reproduce this? -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: PF: can't make queueing and priority work as expected
On 8 януари 2016 г. 17:51:21 Marko Cupać wrote: I am completely confused. It seems that everything I've known about queueing in PF does not apply any more, while at the same time there are no reliable sources to learn new stuff. Let's follow this paragraph from 'Book of PF': ---quote--- Shaping by Setting Traffic Priorities If you’re mainly interested in pushing certain kinds of traffic ahead of others, you may be able to achieve what you want by simply setting priorities: assigning a higher priority to some items so that they receive attention before others. ---quote--- This is _exactly_ what I'm mainly interested in. As I want to throttle just p2p traffic, I should be able to accomplish my goal with the following relevant lines: p2p = "{ 1:65535 }" match proto { tcp udp } to port $p2p set prio 0 pass in on $if_int inet proto { tcp udp } from $if_int:network \ to any port $p2p pass out on $if_ext inet proto { tcp udp } from $if_int:network \ to any port $p2p But, at least on my hardware, this does nothing. Torrents are still being downloaded at max speed (~8Mbit/s), while simultaneous download of install59.fs from ftp.obenbsd.org goes at at ~6Kbit/s. Any comment? Suggestion? Instruction how to troubleshoot? Thank you in advance. http://marc.info/?l=openbsd-misc&m=141085207225887&w=2 Please read the whole thread. You have to set both min and max bw for every queue. I think that this is a bug in amd64 - i386 works as it should. Sent with AquaMail for Android http://www.aqua-mail.com
Re: problem mounting ext4 filesystem
On Tue, Jan 5, 2016 at 5:05 PM, Remi Locherer wrote: > Hi, > > I tried to mount an ext4 filesystem on OpenBSD which was created on > CentOS7. I get this: > > remi@mistral:~% doas mount -t ext2fs /dev/sd0m /mnt > mount_ext2fs: /dev/sd0m on /mnt: specified device does not match mounted > device > remi@mistral:~% dmesg | grep incomp > ext2fs: unsupported incompat features 0x2c2 > remi@mistral:~% > > Which feature is 0x2c2? Maybe I can disable this or re-create the filesystem > on Linux without this feature? It's a bitmask combination of features, see https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout#The_Super_Block (entry 0x60, s_feature_incompat). Features supported in OpenBSD are described in src/sys/ufs/ext2fs/ext2fs.h, specifically the #define EXT2F_INCOMPAT_SUPP bit. It appears that there is some read-only ext4 support in OpenBSD, but not for your particular FS -- yours contains the bit 0x80 (INCOMPAT_64BIT, not even listed in OpenBSD, let alone in EXT4F_RO_INCOMPAT_SUPP). If you want to share the FS read/write between OpenBSD and Linux, it's probably easier to create it as ext2 rather than tracking down which ext4 features to disable. -Andrew
Re: sVLAN and IPv6 duplicates
I tried to duplicate the configuration on a machine with rl(4) interface and I cannot reproduce... em(4) issue perhaps ? On Fri, Jan 08, 2016 at 07:08:26PM +0100, Denis Fondras wrote: > Hello, > > I am using svlan(4) and when I add a new svlan(4) interface after the system > has > booted I always get a duplicated IPv6 and the new interface is not usable. If > I > add a /etc/hostname.svlan file and I reboot, everything is fine. > Any idea why ? > > Thanks, > Denis > > Example (after boot) : > # ifconfig > [...] > svlan1001: flags=8843 mtu 1500 > lladdr 00:15:17:c1:71:fc > priority: 0 > vlan: 1001 parent interface: em0 > groups: svlan > status: active > inet 100.67.233.1 netmask 0xfffc broadcast 100.67.233.3 > inet6 fe80::215:17ff:fec1:71fc%svlan1001 prefixlen 64 scopeid 0x9 > inet6 2001:db8:::1001:ff01 prefixlen 126 > svlan1002: flags=8843 mtu 1500 > lladdr 00:15:17:c1:71:fc > priority: 0 > vlan: 1002 parent interface: em0 > groups: svlan > status: active > inet 100.67.234.1 netmask 0xfffc broadcast 100.67.234.3 > inet6 fe80::215:17ff:fec1:71fc%svlan1002 prefixlen 64 scopeid 0xa > inet6 2001:db8:::1002:ff01 prefixlen 126 > svlan1003: flags=8843 mtu 1500 > lladdr 00:15:17:c1:71:fc > priority: 0 > vlan: 1003 parent interface: em0 > groups: svlan > status: active > inet 100.67.235.1 netmask 0xfffc broadcast 100.67.235.3 > inet6 fe80::215:17ff:fec1:71fc%svlan1003 prefixlen 64 scopeid 0xb > inet6 2001:db8:::1003:ff01 prefixlen 126 > [...] > # ifconfig svlan1000 vlandev em0 > # ifconfig svlan1000 inet6 2001:db8:::1000:ff01/126 > # ifconfig > [...] > svlan1000: flags=8843 mtu 1500 > lladdr 00:15:17:c1:71:fc > priority: 0 > vlan: 1000 parent interface: em0 > groups: svlan > status: active > inet 100.67.230.1 netmask 0xfffc broadcast 100.67.230.3 > inet6 fe80::215:17ff:fec1:71fc%svlan1000 prefixlen 64 duplicated > scopeid > 0xf > inet6 2001:db8:::1000:ff01 prefixlen 126 duplicated > [...] > > # uname -a > OpenBSD rt-net 5.9 GENERIC.MP#1783 amd64 > > OpenBSD 5.9-beta (GENERIC.MP) #1783: Sun Dec 27 17:08:42 MST 2015 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > RTC BIOS diagnostic error 9 > real mem = 8565923840 (8169MB) > avail mem = 8302190592 (7917MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9fa32000 (67 entries) > bios0: vendor Intel Corporation version "S5000.86B.15.00.0101.110920101604" > date 11/09/2010 > bios0: Rackable Systems Inc. S5000PSL > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S1 S4 S5 > acpi0: tables DSDT FACP APIC SPCR HPET MCFG SSDT SSDT SSDT HEST BERT ERST > EINJ > acpi0: wakeup devices SLPB(S5) PEX0(S5) PS2M(S1) PS2K(S1) UAR1(S5) UAR2(S5) > UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) PCIX(S5) PCIO(S5) PCIP(S5) > PCIQ(S5) > PCIF(S5) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2494.11 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR > cpu0: 6MB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges > cpu0: apic clock running at 332MHz > cpu0: mwait min=64, max=64, C-substates=0.2.2.2, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR > cpu1: 6MB 64b/line 16-way L2 cache > cpu1: smt 0, core 2, package 0 > cpu2 at mainbus0: apid 1 (application processor) > cpu2: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR > cpu2: 6MB 64b/line 16-way L2 cache > cpu2: smt 0, core 1, package 0 > cpu3 at mainbus0: apid 3 (application processor) > cpu3: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR > cpu3: 6MB 64b/line 16-way L2 cache > cpu3:
sVLAN and IPv6 duplicates
Hello, I am using svlan(4) and when I add a new svlan(4) interface after the system has booted I always get a duplicated IPv6 and the new interface is not usable. If I add a /etc/hostname.svlan file and I reboot, everything is fine. Any idea why ? Thanks, Denis Example (after boot) : # ifconfig [...] svlan1001: flags=8843 mtu 1500 lladdr 00:15:17:c1:71:fc priority: 0 vlan: 1001 parent interface: em0 groups: svlan status: active inet 100.67.233.1 netmask 0xfffc broadcast 100.67.233.3 inet6 fe80::215:17ff:fec1:71fc%svlan1001 prefixlen 64 scopeid 0x9 inet6 2001:db8:::1001:ff01 prefixlen 126 svlan1002: flags=8843 mtu 1500 lladdr 00:15:17:c1:71:fc priority: 0 vlan: 1002 parent interface: em0 groups: svlan status: active inet 100.67.234.1 netmask 0xfffc broadcast 100.67.234.3 inet6 fe80::215:17ff:fec1:71fc%svlan1002 prefixlen 64 scopeid 0xa inet6 2001:db8:::1002:ff01 prefixlen 126 svlan1003: flags=8843 mtu 1500 lladdr 00:15:17:c1:71:fc priority: 0 vlan: 1003 parent interface: em0 groups: svlan status: active inet 100.67.235.1 netmask 0xfffc broadcast 100.67.235.3 inet6 fe80::215:17ff:fec1:71fc%svlan1003 prefixlen 64 scopeid 0xb inet6 2001:db8:::1003:ff01 prefixlen 126 [...] # ifconfig svlan1000 vlandev em0 # ifconfig svlan1000 inet6 2001:db8:::1000:ff01/126 # ifconfig [...] svlan1000: flags=8843 mtu 1500 lladdr 00:15:17:c1:71:fc priority: 0 vlan: 1000 parent interface: em0 groups: svlan status: active inet 100.67.230.1 netmask 0xfffc broadcast 100.67.230.3 inet6 fe80::215:17ff:fec1:71fc%svlan1000 prefixlen 64 duplicated scopeid 0xf inet6 2001:db8:::1000:ff01 prefixlen 126 duplicated [...] # uname -a OpenBSD rt-net 5.9 GENERIC.MP#1783 amd64 OpenBSD 5.9-beta (GENERIC.MP) #1783: Sun Dec 27 17:08:42 MST 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 9 real mem = 8565923840 (8169MB) avail mem = 8302190592 (7917MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9fa32000 (67 entries) bios0: vendor Intel Corporation version "S5000.86B.15.00.0101.110920101604" date 11/09/2010 bios0: Rackable Systems Inc. S5000PSL acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET MCFG SSDT SSDT SSDT HEST BERT ERST EINJ acpi0: wakeup devices SLPB(S5) PEX0(S5) PS2M(S1) PS2K(S1) UAR1(S5) UAR2(S5) UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) PCIX(S5) PCIO(S5) PCIP(S5) PCIQ(S5) PCIF(S5) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2494.11 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR cpu0: 6MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges cpu0: apic clock running at 332MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR cpu1: 6MB 64b/line 16-way L2 cache cpu1: smt 0, core 2, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR cpu2: 6MB 64b/line 16-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR cpu3: 6MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins acpihpet0 at acpi0: 14318179 Hz acpimcfg0 at acpi0 addr 0xa000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 12 (PC32) acpiprt2 at acpi0: bus 11 (PEX0) acpiprt3 at acpi0: bus -1 (PEX1) acpiprt4 at acpi0: bus -1 (PEX2) acpiprt5 a
Re: sudo and globbing
You are comparing two very different versions of sudo. The sudo that used to ship with OpenBSD is version 1.7.2p8 which is rather ancient. On Linux you probably have some variant of sudo 1.8.x. Newer versions of sudo escape spaces in the command run via "sudo -s" whereas the ancient 1.7.2p8 does not. That probably explains the difference. If you install sudo from ports you will get the same behavior you see on linux. - todd
Re: PF: can't make queueing and priority work as expected
I am completely confused. It seems that everything I've known about queueing in PF does not apply any more, while at the same time there are no reliable sources to learn new stuff. Let's follow this paragraph from 'Book of PF': ---quote--- Shaping by Setting Traffic Priorities If you’re mainly interested in pushing certain kinds of traffic ahead of others, you may be able to achieve what you want by simply setting priorities: assigning a higher priority to some items so that they receive attention before others. ---quote--- This is _exactly_ what I'm mainly interested in. As I want to throttle just p2p traffic, I should be able to accomplish my goal with the following relevant lines: p2p = "{ 1:65535 }" match proto { tcp udp } to port $p2p set prio 0 pass in on $if_int inet proto { tcp udp } from $if_int:network \ to any port $p2p pass out on $if_ext inet proto { tcp udp } from $if_int:network \ to any port $p2p But, at least on my hardware, this does nothing. Torrents are still being downloaded at max speed (~8Mbit/s), while simultaneous download of install59.fs from ftp.obenbsd.org goes at at ~6Kbit/s. Any comment? Suggestion? Instruction how to troubleshoot? Thank you in advance. -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: sudo and globbing
On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B wrote: >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: >> And what about difference? Explain please. >> >> > > I discovered an article about sudo and globbing[1] and >> > > there's difference how it does work on Linux and OpenBSD. >> > >> > http://zurlinux.com/?p=2244 >> > >> > > - openbsd >> > > >> > > # su -s /usr/local/bin/bash - nobody >> > > No home directory /nonexistent! >> > > Logging in with home = "/". >> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" >> > > -rw--- 1 _tor _tor20442 Dec 10 11:32 >/var/tor/cached-certs >> > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 >> > /var/tor/cached-microdesc-consensus >> > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 >/var/tor/cached-microdescs >> > > -rw--- 1 _tor _tor0 Jan 7 17:23 >> > /var/tor/cached-microdescs.new >> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" >> > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp >dev >> > etc home mnt root sbin sys tftpboot tmp >> > usr var > >^^^ here '*' gets expanded inside original user's shell. I see no way that glob would result in the contents of the root directory. Here's my guess: everything after -s is concatenated and whitespace separated, effectively turning the example into bash -c ls -l /var/tor/cache* Thus, start bash and ask it to run "ls". Also pass "-l" and /var/tor/cache* as $0, $1... The latter of which is pretty pointless. Thus could be a matter of different default configurations between $LINUX and openbsd. /Alexander > >> > > - linux >> > > >> > > [root@slot-1 ~]# su -s /bin/bash nobody >> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" >> > > -rw---. 1 root root 26470 Dec 22 17:52 >/var/cache/ldconfig/aux-cache >> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" >> > > -rw---. 1 root root 26470 Dec 22 17:52 >/var/cache/ldconfig/aux-cache > >^^^ here '*' gets expanded probably later, as original user does >not have access to /var/cache/ldconfig at all. > >In both cases original user does not have access to /var/tor, >respecively >to /var/cache/ldconfig. > >So the question is: why does same command on equally "restricted" dir >path gets different output - why on openbsd does '*' get expanded >immediatelly but on linux is it taken into account somehow by sudo >(?)... > >j.
Re: PF: can't make queueing and priority work as expected
On Fri, Jan 8, 2016 at 12:44 PM, Marko Cupać wrote: > Should I conclude my goal of throttling smaller priority traffic to > minimum when higher priority traffic arrives can't be achieved with > current PF? If I haven't gone senile, I did this successfully on dozens > of firewalls back in altq/HFSC age. > > Any good soul out there to point me in the right direction to achieve > my goal? Or at least confirm it is not possible? Could the problem be > related to hardware and not software? This is 5.8 with all errata > patches on pcengines' apu1d. Maybe is the "old" problem of queues with the default HZ value of 100? See: http://marc.info/?l=openbsd-misc&m=140863695214420 Ciao! David > dmesg: > OpenBSD 5.8 (GENERIC.MP) #2: Thu Nov 26 10:23:47 CET 2015 > pacija@kerber.mimar.local:/usr/src/sys/arch/amd64/compile/GENERIC.MP > RTC BIOS diagnostic error > ff > real mem = 2098511872 (2001MB) > avail mem = 2031079424 (1936MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e16d820 (7 entries) > bios0: vendor coreboot version "4.0" date 09/08/2014 > bios0: PC Engines APU > acpi0 at bios0: rev 0 > acpi0: sleep states S0 S1 S3 S4 S5 > acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT > acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4) > PBR7(S4) PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3) > UOH3(S3) UOH4(S3) UOH5(S3) [...] > acpitimer0 at acpi0: 3579545 Hz, 32 bits > acpihpet0 at acpi0: 14318180 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: AMD G-T40E Processor, 1000.15 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS > H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,L > ONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC > cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB > 64b/line 16-way L2 cache > cpu0: 8 4MB entries fully associative > cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully > associative > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 199MHz > cpu0: mwait min=64, max=64, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: AMD G-T40E Processor, 1000.00 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS > H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,L > ONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC > cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB > 64b/line 16-way L2 cache > cpu1: 8 4MB entries fully associative > cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully > associative > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins > acpiprt0 at acpi0: bus -1 (AGPB) > acpiprt1 at acpi0: bus -1 (HDMI) > acpiprt2 at acpi0: bus 1 (PBR4) > acpiprt3 at acpi0: bus 2 (PBR5) > acpiprt4 at acpi0: bus 3 (PBR6) > acpiprt5 at acpi0: bus -1 (PBR7) > acpiprt6 at acpi0: bus 5 (PE20) > acpiprt7 at acpi0: bus -1 (PE21) > acpiprt8 at acpi0: bus -1 (PE22) > acpiprt9 at acpi0: bus -1 (PE23) > acpiprt10 at acpi0: bus 0 (PCI0) > acpiprt11 at acpi0: bus 4 (PIBR) > acpicpu0 at acpi0: !C2(0@100 io@0x841), C1(@1 halt!), PSS > acpicpu1 at acpi0: !C2(0@100 io@0x841), C1(@1 halt!), PSS > acpibtn0 at acpi0: PWRB > cpu0: 1000 MHz: speeds: 1000 800 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "AMD AMD64 14h Host" rev 0x00 > ppb0 at pci0 dev 4 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi > pci1 at ppb0 bus 1 > re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:0d:b9:3e:84:9c > rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 > ppb1 at pci0 dev 5 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi > pci2 at ppb1 bus 2 > re1 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:0d:b9:3e:84:9d > rgephy1 at re1 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 > ppb2 at pci0 dev 6 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi > pci3 at ppb2 bus 3 > re2 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:0d:b9:3e:84:9e > rgephy2 at re2 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 > ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x40: apic 2 int > 19, AHCI 1.2 > scsibus1 at ahci0: 32 targets > ohci0 at pci0 dev 18 function 0 "ATI SB700 USB" rev 0x00: apic 2 int > 18, version 1.0, legacy support > ehci0 at pci0 dev 18 function 2 "ATI SB700 USB2" rev 0x00: apic 2 int 17 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1 > ohci1 at pci0 dev 19 function 0 "ATI SB700 USB" rev 0x00: apic 2 int > 18, version 1.0, legacy support > ehci1 at pci0 dev 19 function 2 "ATI SB700 USB2" rev 0x00: apic 2 int 17 > usb1 at ehci1: U
Re: PF: can't make queueing and priority work as expected
On Thu, 7 Jan 2016 22:41:47 + (UTC) Stuart Henderson wrote: > On 2016-01-07, Marko Cupać wrote: > > # QUEUES > > queue upload on $if_ext bandwidth 860K > >queue ack parent upload qlimit 50 bandwidth 10K > >queue fast parent upload qlimit 50 bandwidth 20K > >queue bulk parent upload qlimit 50 bandwidth 800K default > >queue slow parent upload qlimit 50 bandwidth 30K > > queue download on $if_intbandwidth 8800K > >queue ack parent download qlimit 50 bandwidth 100K > >queue fast parent download qlimit 50 bandwidth 200K > >queue bulk parent download qlimit 50 bandwidth 8000K default > >queue slow parent download qlimit 50 bandwidth 500K > > While the manual suggests it works like this, I've only got it working > close to how I expect when I set "max" on the queues. I don't know > whether that's a bug or simply lack of fully understanding it on my > part, though. > I changed my configuration, it has 5 queues now. I also don't put ACKs into separate queue, and I don't give them higher priority. I've set "max" value on each queue. But http(s) traffic still doesn't get priority over p2p. Here's relevant part of pf.conf: # QUEUES queue upload on $if_ext bandwidth 860K max 860K queue fast parent upload qlimit 50 bandwidth 40K max 40K queue web parent upload qlimit 50 bandwidth 600K max 600K default queue bulk parent upload qlimit 50 bandwidth 20K max 20K queue slow parent upload qlimit 50 bandwidth 100K max 600K queue p2p parent upload qlimit 50 bandwidth 100K max 600K qeue download on $if_int bandwidth 8600K max 8600K queue fast parent download qlimit 50 bandwidth 400K max 400K queue web parent download qlimit 50 bandwidth 6000K max 6000K default queue bulk parent download qlimit 50 bandwidth 200K max 200K queue slow parent download qlimit 50 bandwidth 1000K max 6000K queue p2p parent download qlimit 50 bandwidth 1000K max 6000K # SHAPING match proto icmp set ( queue fast prio 6 ) match proto tcp to port 22set ( queue fast prio 5 ) match proto tcp to port 53set ( queue fast prio 5 ) match proto udp to port 53set ( queue fast prio 5 ) match proto tcp to port $xmpp set ( queue fast prio 5 ) match proto tcp to port $web set ( queue web prio 4 ) match proto tcp to port $mail set ( queue slow prio 2 ) match proto tcp to port $p2p set ( queue p2p prio 0 ) match proto udp to port $p2p set ( queue p2p prio 0 ) Should I conclude my goal of throttling smaller priority traffic to minimum when higher priority traffic arrives can't be achieved with current PF? If I haven't gone senile, I did this successfully on dozens of firewalls back in altq/HFSC age. Any good soul out there to point me in the right direction to achieve my goal? Or at least confirm it is not possible? Could the problem be related to hardware and not software? This is 5.8 with all errata patches on pcengines' apu1d. dmesg: OpenBSD 5.8 (GENERIC.MP) #2: Thu Nov 26 10:23:47 CET 2015 pacija@kerber.mimar.local:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error ff real mem = 2098511872 (2001MB) avail mem = 2031079424 (1936MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e16d820 (7 entries) bios0: vendor coreboot version "4.0" date 09/08/2014 bios0: PC Engines APU acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3) UOH3(S3) UOH4(S3) UOH5(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpihpet0 at acpi0: 14318180 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD G-T40E Processor, 1000.15 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,L ONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: 8 4MB entries fully associative cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD G-T40E Processor, 1000.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,L ONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: 8 4
Re: sudo and globbing
On Thu, Jan 07, 2016 at 04:43:14PM GMT, Jiri B wrote: > I discovered an article about sudo and globbing[1] and > there's difference how it does work on Linux and OpenBSD. AFAIK, globbing is done by shell and sudo doesn't take part in it. > # su -s /usr/local/bin/bash - nobody ^ > [root@slot-1 ~]# su -s /bin/bash nobody > [...] > Could anybody explain the difference? One thing I can see is that on OpenBSD, you run bash as a login shell but not on Linux. My guess is that your bash login shell options, or globbing options between the systems in general, are the cause of the above. Regards, Raf
Re: sudo and globbing
2016-01-08 11:52 GMT+01:00 Jiri B : > > So the question is: why does same command on equally "restricted" dir > path gets different output - why on openbsd does '*' get expanded > immediatelly but on linux is it taken into account somehow by sudo (?)... > > j. > you put a dash between the shell and the user in the command on openbsd. You didn't put that dash on linux.
Re: sudo and globbing
On 2016 Jan 08 (Fri) at 05:52:32 -0500 (-0500), Jiri B wrote: :On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: :> And what about difference? Explain please. :> :> > > I discovered an article about sudo and globbing[1] and :> > > there's difference how it does work on Linux and OpenBSD. :> > :> > http://zurlinux.com/?p=2244 :> > :> > > - openbsd :> > > :> > > # su -s /usr/local/bin/bash - nobody :> > > No home directory /nonexistent! :> > > Logging in with home = "/". :> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" :> > > -rw--- 1 _tor _tor20442 Dec 10 11:32 /var/tor/cached-certs :> > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 :> > /var/tor/cached-microdesc-consensus :> > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 /var/tor/cached-microdescs :> > > -rw--- 1 _tor _tor0 Jan 7 17:23 :> > /var/tor/cached-microdescs.new :> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" :> > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp dev :> > etc home mnt root sbin sys tftpboot tmp :> > usr var : :^^^ here '*' gets expanded inside original user's shell. : :> > > - linux :> > > :> > > [root@slot-1 ~]# su -s /bin/bash nobody :> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" :> > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache :> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" :> > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache : :^^^ here '*' gets expanded probably later, as original user does :not have access to /var/cache/ldconfig at all. : :In both cases original user does not have access to /var/tor, respecively :to /var/cache/ldconfig. : :So the question is: why does same command on equally "restricted" dir :path gets different output - why on openbsd does '*' get expanded :immediatelly but on linux is it taken into account somehow by sudo (?)... : :j. : $ ls -l /var/spool/smtpd/* | head ls: /var/spool/smtpd/*: No such file or directory $ ls -l /var/spool/smtpd ls: smtpd: Permission denied $ doas bash -c "ls -l /var/spool/smtpd/*" | head /var/spool/smtpd/corrupt: /var/spool/smtpd/incoming: /var/spool/smtpd/offline: /var/spool/smtpd/purge: total 352 drwx-- 2 _smtpq wheel 512 Jan 14 2015 1040272804 drwx-- 2 _smtpq wheel 512 Jan 14 2015 1056615683 $ sudo bash -c "ls -l /var/spool/smtpd/*" | head /var/spool/smtpd/corrupt: /var/spool/smtpd/incoming: /var/spool/smtpd/offline: /var/spool/smtpd/purge: total 352 drwx-- 2 _smtpq wheel 512 Jan 14 2015 1040272804 drwx-- 2 _smtpq wheel 512 Jan 14 2015 1056615683 $ uname -a OpenBSD dante.berlin.hsgate.de 5.9 GENERIC.MP#2 amd64 I can't reproduce your failure on -current. I'm assuming there was some spaces or quotation failures when you generated your example. -- "A radioactive cat has eighteen half-lives."
Re: Missing files in etc
On Thu, Jan 07, 2016 at 11:42:32PM +, Roderich wrote: > On Thu, 7 Jan 2016, Philip Guenther wrote: > > >>Unpacking base58.tgz with "tar xvzpf" is not enough to serve a diskless > >>machine, the missing files are necessary. > >> > >>What can I do? > > > >You could USE THE INSTALLER, instead of creating problems for yourself > >and wasting other people's time. > > I thank Ingo very much for his time writing one line. The diskless machine > is now running. > > Please, Guenther, tell me, how to use the installer to populate > a directory to serve a diskless machine. Please! > > Perhaps you help a lot of people, that like me, want to ocassionally > set up quickly a diskless machine only to make a test without risk > for a working machine. Or do you think, one must read the installer > script to do that? > > BTW, it seems, now is /etc/fstab necessary. > > And something like telnetd or sshd in the installers shell > can be very helpfull for making the kernel panic and save > the result of trace and ps. > > Regards > Rodrigo. > What I've done in the past is to follow the FAQ for "Building a Release" (http://www.openbsd.org/faq/faq5.html#Release). It will leave DESTDIR with a base system that you can move to the correct location and modify for your diskless host. It's an alternative at least, if you are ok with building it yourself from sources. Cheers, -- Andreas Kusalananda Kähäri, Bioinformatics Developer, Uppsala, Sweden OpenPGP: url=https://db.tt/2zaB1E7y; id=46082BDF
Re: sudo and globbing
On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: > And what about difference? Explain please. > > > > I discovered an article about sudo and globbing[1] and > > > there's difference how it does work on Linux and OpenBSD. > > > > http://zurlinux.com/?p=2244 > > > > > - openbsd > > > > > > # su -s /usr/local/bin/bash - nobody > > > No home directory /nonexistent! > > > Logging in with home = "/". > > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" > > > -rw--- 1 _tor _tor20442 Dec 10 11:32 /var/tor/cached-certs > > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 > > /var/tor/cached-microdesc-consensus > > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 /var/tor/cached-microdescs > > > -rw--- 1 _tor _tor0 Jan 7 17:23 > > /var/tor/cached-microdescs.new > > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" > > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp dev > > etc home mnt root sbin sys tftpboot tmp > > usr var ^^^ here '*' gets expanded inside original user's shell. > > > - linux > > > > > > [root@slot-1 ~]# su -s /bin/bash nobody > > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" > > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache > > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" > > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache ^^^ here '*' gets expanded probably later, as original user does not have access to /var/cache/ldconfig at all. In both cases original user does not have access to /var/tor, respecively to /var/cache/ldconfig. So the question is: why does same command on equally "restricted" dir path gets different output - why on openbsd does '*' get expanded immediatelly but on linux is it taken into account somehow by sudo (?)... j.
Re: sudo and globbing
And what about difference? Explain please. On Thu, Jan 7, 2016 at 7:03 PM, Jiri B wrote: > On Thu, Jan 07, 2016 at 11:43:14AM -0500, Jiri B wrote: > > I discovered an article about sudo and globbing[1] and > > there's difference how it does work on Linux and OpenBSD. > > I forgot to put the url > > http://zurlinux.com/?p=2244 > > > - openbsd > > > > # su -s /usr/local/bin/bash - nobody > > No home directory /nonexistent! > > Logging in with home = "/". > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" > > -rw--- 1 _tor _tor20442 Dec 10 11:32 /var/tor/cached-certs > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 > /var/tor/cached-microdesc-consensus > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 /var/tor/cached-microdescs > > -rw--- 1 _tor _tor0 Jan 7 17:23 > /var/tor/cached-microdescs.new > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp dev > etc home mnt root sbin sys tftpboot tmp > usr var > > > > - linux > > > > [root@slot-1 ~]# su -s /bin/bash nobody > > bash-4.2$ exit > > [root@slot-1 ~]# visudo > > [root@slot-1 ~]# su -s /bin/bash nobody > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache