Re: Mount SMB share on bootup

[Edward Epstein]

Lines prefixed with ">" are what Chirhart, Brian wrote.

>Ed - that worked great... Thanks!!
>
>I am not sure what I did, but it worked.
>
>What language is that script in?  It isn't perl - is it C?

No, it's a simple bourne script. If you put "bourne shell scripting" into 
Google, you will get tutorials and information.

You could write an rc.d script in perl if you wanted to. The scripts in /usr/
local/etc/rc.d need to match the following rules in order to be executed at 
system startup/shutdown:

(taken from the rc man page)

o   Scripts are only executed if their basename(1) matches the shell
 globbing pattern *.sh, and they are executable.  Any other files or
 directories present within the directory are silently ignored.
 o   When a script is executed at boot time, it is passed the string
 ``start'' as its first and only argument.  At shutdown time, it is
 passed the string ``stop'' as its first and only argument.  All rc.d
 scripts are expected to handle these arguments appropriately.  If no
 action needs to be taken at a given time (either boot time or shut-
 down time) the script should exit successfully and without producing
 an error message.
 o   The scripts within each directory are executed in lexicographical
 order.  If a specific order is required, numbers may be used as a
 prefix to the existing filenames, so for example 100.foo would be
 executed before 200.bar; without the numeric prefixes the opposite
     would be true.


>-Original Message-
From: Edward Epstein [mailto:[EMAIL PROTECTED]
>Sent: Monday, November 10, 2003 5:43 PM
>To: Chirhart, Brian; [EMAIL PROTECTED]
>Subject: Re: Mount SMB share on bootup
>
>
>Lines prefixed with ">" are what Chirhart, Brian wrote.
>
>>>> point is password protected (on the XP side) so I am prompted for a
>>>> password.  How can I automate that?  Or should I create the share
>
>without
>
>>a
>>
>>>> password?  I am not too worried about internal security so the share
>>
>>could
>>
>>>> have no password and that would be fine.
>>>
>>>Create a script called whatever.sh, chmod +x 755 whatever.sh and put that
>>>script in a /usr/local/etc/rc.d.
>>>
>>>Put the following lines in that script
>>>
>>>#!/bin/sh
>>>smbmount username=user password=pass and the rest of the parametars that
>>
>>you
>>
>>>are normaly using when mounting smb partition.
>>>
>>>Mind that if your startup script for samba is samba.sh your mounting
>
>script
>
>>>must start with a letter after the letter s otherwise you would mounting a
>>>samba share without smb daemon started.
>>
>>
>>
>>When I try the smbmount I get a "command not Found"
>>
>>I checked the man pages on mount and found mount_smbfs, but I can not find
>>any options that would allow me to specify a username and password.
>>
>>I am not using Samba (at least I didn't load it... may be there by
>>default???) - To map the drive I have a line in my /etc/fstab file that
>>reads:
>>
>># Device  #Mountpoint FSType  OPtion
>>//[EMAIL PROTECTED]/share /ftprootsmbfs   rw.nosuto   0   0
>>
>>Once the server boots, I type "mount /ftproot" and then it asks me for the
>>password for User.  After the password is entered, /ftproot contains the
>>contents of the share on my XP system.  It was one of the things that I
>
>fell
>
>>in love with about BSD - the ability to "see" XP shares with no special
>>"magic".
>>
>>So anyway - I think there are several different approaches to this.  Can I
>>modify my fstab file so that "auto" would work by somehow specifing a
>>password?  Or is there a password option that I am missing in the mount or
>>mount_smbfs commands?  OR...  is there a reason I don't have the smbmount
>>command?
>
>You are on the right track; it took me a while to figure this one out too.
>
>You've got your /etc/fstab file set up correctly. This is how the line for
>me
>looks, it's just like yours.
>
>//[EMAIL PROTECTED]/SHARE  /mnt/chaos  smbfs   rw,noauto   0   0
>
>To specify your username and password for the mount, you should create
>/etc/nsmb.conf  the syntax for this file is shown in
>/usr/share/examples/smbfs/dot.nsmbrc
>
>Here is an example from my machine:
>
>#nsmb.conf
>[CHAOS]
>addr=10.0.3.3
>
>[CH

Re: sftp and ftp servers access only

[Edward Epstein]

Lines prefixed with ">" are what [EMAIL PROTECTED] wrote.

>Hello all,
>
>Here is our environment:
>
>1. FreeBSD 5.1-RELEASE
>1. proftpd running and a user account called 'sandy' is chrooted and working
> fine. 2. sshd version OpenSSH_3.6.1p1 FreeBSD-20030423 with DenyUsers for
> user account 'sandy'. Tested, sandy can not ssh to the system. This is also
> desired.
>
># grep DenyUsers /etc/ssh/sshd_config
>
>DenyUsers sandy
>
>The setup we want is to have the followings:
>
>A. User can ftp.
>B. User can sftp but on ssh.
>C. User can only sftpd to the same chroot'ed directory which is also used
>   for ftp.
>
>Here A is fine. B is not as DenyUsers does not let 'sandy' to user
>sftp-server defined in /etc/ssh/sshd_config as follows:
>
>Subsystem   sftp/usr/libexec/sftp-server
>
>If I remove the user 'sandy' against the DenyUsers, it does let him to
>use both ssh and sftp sessions. This is working as designed.
>
>To make things more complicated, I cp the /sbin/nologin to
>/sbin/ftponly and placed in /etc/shells and removed against DenyUsers
>for 'sandy'. He initialize a ssh session and ends up in getting
>"This account is currently not available." which is good and also verified
> in the /var/log/auth.log file as:
>
>Dec 10 04:41:11 ftp sshd[783]: Accepted password for sandy from x.x.x.x port
> 1287 ssh2 Dec 10 04:41:11 ftp sshd[785]: session_input_channel_req: no
> session 0 req window-change
>
>and when starting a sftp session, no success either and /var/log/auth.log
> indicates:
>
>Dec 10 04:44:07 ftp sshd[789]: Accepted password for sandy from x.x.x.x port
> 1296 ssh2 Dec 10 04:44:07 ftp sshd[791]: subsystem request for sftp
>
>Moral of the story: Is it possible with the above environment that a system
> can act as an ftp and sftp servers only at the same time. If possibly it
> does, how some one chroot the environment like in proftpd for the
> DefaultRoot set to same in sftp session.


Check out /usr/ports/shells/scponly. Make sure to compile it with chroot 
support, if that's what you want.

>Thank you for reading my first letter to this list!
>
>|===|
>|___|
>
> ).(
> \|/   S. Mohammad[EMAIL PROTECTED]
>  '--- Who taught by the pen [96.04 Qur'an]
>
>___
>[EMAIL PROTECTED] mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "[EMAIL PROTECTED]"

-- 

"There are people who cheat on their spouse but not at cards, and vice versa, 
and both and neither. Reputation is not necessarily portable from one 
situation to another, and it's not easily expressed."
--Clay Shirkey. (http://www.shirky.com/writings/group_enemy.html)

"It has been said that man is a rational animal.  All my life I have
been searching for evidence which could support this."
--Bertrand Russell.

"The American empire is ideological, not territorial. We are the most 
ideological people in the world, and we are so united in our view that we 
don't understand there can be other views."
--Lt. Gen. William Odom, ret. (Former Director of NSA).

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Mount SMB share on bootup

[Edward Epstein]

Lines prefixed with ">" are what C. Ulrich wrote.

>On Mon, 2003-11-10 at 15:21, Chirhart, Brian wrote:
>> >> point is password protected (on the XP side) so I am prompted for a
>> >> password.  How can I automate that?  Or should I create the share
>> >> without
>>
>> a
>>
>> >> password?  I am not too worried about internal security so the share
>>
>> could
>>
>> >> have no password and that would be fine.
>> >
>> >Create a script called whatever.sh, chmod +x 755 whatever.sh and put that
>> >script in a /usr/local/etc/rc.d.
>> >
>> >Put the following lines in that script
>> >
>> >#!/bin/sh
>> >smbmount username=user password=pass and the rest of the parametars that
>>
>> you
>>
>> >are normaly using when mounting smb partition.
>> >
>> >Mind that if your startup script for samba is samba.sh your mounting
>> > script must start with a letter after the letter s otherwise you would
>> > mounting a samba share without smb daemon started.
>>
>> 
>>
>> When I try the smbmount I get a "command not Found"
>>
>> I checked the man pages on mount and found mount_smbfs, but I can not find
>> any options that would allow me to specify a username and password.
>>
>> I am not using Samba (at least I didn't load it... may be there by
>> default???) - To map the drive I have a line in my /etc/fstab file that
>> reads:
>>
>> # Device #Mountpoint FSType  OPtion
>> //[EMAIL PROTECTED]/share/ftprootsmbfs   rw.nosuto   0   0
>>
>> Once the server boots, I type "mount /ftproot" and then it asks me for the
>> password for User.  After the password is entered, /ftproot contains the
>> contents of the share on my XP system.  It was one of the things that I
>> fell in love with about BSD - the ability to "see" XP shares with no
>> special "magic".
>>
>> So anyway - I think there are several different approaches to this.  Can I
>> modify my fstab file so that "auto" would work by somehow specifing a
>> password?  Or is there a password option that I am missing in the mount or
>> mount_smbfs commands?  OR...  is there a reason I don't have the smbmount
>> command?
>>
>> Thank you for all your help!
>
>I saw that you got a couple responses to this, but they were just a bit
>off from the "correct" way to do it. Edward came very close, so I'm just
>going to expand upon what he said. First, If I recall correctly, the
>smbfs.sh that goes in /usr/local/etc/rc.d was somehow accidentally left
>out of the release. If you don't have it, you can get it here:
>
>http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/smbfs/examples/smbfs.sh.sa
>mple
>
>Click on the "Download" link for the newest version. It's probably
>better to use this version instead of a home-made one so that you don't
>run into problems down the road. (Don't forget to nuke the "sample"
>extension.)

It never even occured to me to parse fstab to get a list of mountpoints and 
then just do them all automatically. If you've got lots of Samba shares, it 
comes in really handy.

>Your /etc/fstab is fine, but you should move /etc/nsmb.conf to
>/root/.nsmbrc. If you consult mount_smbfs(8), you'll see that this is
>where mount_smbfs expects it to be. Plus, keeping it here affords you a
>little bit better security. (Double-check that it's readable/writable by
>root ONLY!)

When I was setting up my share, I tried putting .nsmbrc in /root initially, 
but IIRC it didn't work. Now that I look at the correct rc.d script, it 
probably didn't work because $HOME wasn't set. Does that make sense?

>Finally, you should obfuscate the password with "smbutil crypt". This is
>NOT encryption, it will only protect the password from being discovered
>by casual observation. You should still treat it as plaintext, even in
>obfuscated form, as the "encryption" is almost as trivial to crack as
>rot13.

Also great info, thanks very much!

>Good luck!
>
>Charles Ulrich
>
>___
>[EMAIL PROTECTED] mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "[EMAIL PROTECTED]"

-- 

"There are people who cheat on their spouse but not at cards, and vice versa, 
and both and neither. Reputation is not necessarily portable from one 
situation to another, and it's not easily expressed."
--Clay Shirkey. (http://www.shirky.com/writings/group_enemy.html)

"It has been said that man is a rational animal.  All my life I have
been searching for evidence which could support this."
--Bertrand Russell.

"The American empire is ideological, not territorial. We are the most 
ideological people in the world, and we are so united in our view that we 
don't understand there can be other views."
--Lt. Gen. William Odom, ret. (Former Director of NSA).

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Mount SMB share on bootup

[Edward Epstein]

Lines prefixed with ">" are what Chirhart, Brian wrote.

>Ed - that worked great... Thanks!!
>
>I am not sure what I did, but it worked.
>
>What language is that script in?  It isn't perl - is it C?

No, it's a simple bourne script. If you put "bourne shell scripting" into
Google, you will get tutorials and information.

You could write an rc.d script in perl if you wanted to. The scripts in /usr/
local/etc/rc.d need to match the following rules in order to be executed at
system startup/shutdown:

(taken from the rc man page)

o   Scripts are only executed if their basename(1) matches the shell
 globbing pattern *.sh, and they are executable.  Any other files or
 directories present within the directory are silently ignored.
 o   When a script is executed at boot time, it is passed the string
 ``start'' as its first and only argument.  At shutdown time, it is
 passed the string ``stop'' as its first and only argument.  All rc.d
 scripts are expected to handle these arguments appropriately.  If no
 action needs to be taken at a given time (either boot time or shut-
 down time) the script should exit successfully and without producing
 an error message.
 o   The scripts within each directory are executed in lexicographical
 order.  If a specific order is required, numbers may be used as a
 prefix to the existing filenames, so for example 100.foo would be
 executed before 200.bar; without the numeric prefixes the opposite
     would be true.

-Ed

>-Original Message-

From: Edward Epstein [mailto:[EMAIL PROTECTED]

>Sent: Monday, November 10, 2003 5:43 PM
>To: Chirhart, Brian; [EMAIL PROTECTED]
>Subject: Re: Mount SMB share on bootup
>
>
>Lines prefixed with ">" are what Chirhart, Brian wrote.
>
>>>> point is password protected (on the XP side) so I am prompted for a
>>>> password.  How can I automate that?  Or should I create the share
>
>without
>
>>a
>>
>>>> password?  I am not too worried about internal security so the share
>>
>>could
>>
>>>> have no password and that would be fine.
>>>
>>>Create a script called whatever.sh, chmod +x 755 whatever.sh and put that
>>>script in a /usr/local/etc/rc.d.
>>>
>>>Put the following lines in that script
>>>
>>>#!/bin/sh
>>>smbmount username=user password=pass and the rest of the parametars that
>>
>>you
>>
>>>are normaly using when mounting smb partition.
>>>
>>>Mind that if your startup script for samba is samba.sh your mounting
>
>script
>
>>>must start with a letter after the letter s otherwise you would mounting a
>>>samba share without smb daemon started.
>>
>>
>>
>>When I try the smbmount I get a "command not Found"
>>
>>I checked the man pages on mount and found mount_smbfs, but I can not find
>>any options that would allow me to specify a username and password.
>>
>>I am not using Samba (at least I didn't load it... may be there by
>>default???) - To map the drive I have a line in my /etc/fstab file that
>>reads:
>>
>># Device  #Mountpoint FSType  OPtion
>>//[EMAIL PROTECTED]/share /ftprootsmbfs   rw.nosuto   0   0
>>
>>Once the server boots, I type "mount /ftproot" and then it asks me for the
>>password for User.  After the password is entered, /ftproot contains the
>>contents of the share on my XP system.  It was one of the things that I
>
>fell
>
>>in love with about BSD - the ability to "see" XP shares with no special
>>"magic".
>>
>>So anyway - I think there are several different approaches to this.  Can I
>>modify my fstab file so that "auto" would work by somehow specifing a
>>password?  Or is there a password option that I am missing in the mount or
>>mount_smbfs commands?  OR...  is there a reason I don't have the smbmount
>>command?
>
>You are on the right track; it took me a while to figure this one out too.
>
>You've got your /etc/fstab file set up correctly. This is how the line for
>me
>looks, it's just like yours.
>
>//[EMAIL PROTECTED]/SHARE  /mnt/chaos  smbfs   rw,noauto   0   0
>
>To specify your username and password for the mount, you should create
>/etc/nsmb.conf  the syntax for this file is shown in
>/usr/share/examples/smbfs/dot.nsmbrc
>
>Here is an example from my machine:
>
>#nsmb.conf
>[CHAOS]
>addr=10.0.3.3
>
>[CH

Re: Mount SMB share on bootup

[Edward Epstein]

Lines prefixed with ">" are what Chirhart, Brian wrote.

>>> point is password protected (on the XP side) so I am prompted for a
>>> password.  How can I automate that?  Or should I create the share without
>
>a
>
>>> password?  I am not too worried about internal security so the share
>
>could
>
>>> have no password and that would be fine.
>>
>>Create a script called whatever.sh, chmod +x 755 whatever.sh and put that
>>script in a /usr/local/etc/rc.d.
>>
>>Put the following lines in that script
>>
>>#!/bin/sh
>>smbmount username=user password=pass and the rest of the parametars that
>
>you
>
>>are normaly using when mounting smb partition.
>>
>>Mind that if your startup script for samba is samba.sh your mounting script
>>must start with a letter after the letter s otherwise you would mounting a
>>samba share without smb daemon started.
>
>
>
>When I try the smbmount I get a "command not Found"
>
>I checked the man pages on mount and found mount_smbfs, but I can not find
>any options that would allow me to specify a username and password.
>
>I am not using Samba (at least I didn't load it... may be there by
>default???) - To map the drive I have a line in my /etc/fstab file that
>reads:
>
># Device   #Mountpoint FSType  OPtion
>//[EMAIL PROTECTED]/share  /ftprootsmbfs   rw.nosuto   0   0
>
>Once the server boots, I type "mount /ftproot" and then it asks me for the
>password for User.  After the password is entered, /ftproot contains the
>contents of the share on my XP system.  It was one of the things that I fell
>in love with about BSD - the ability to "see" XP shares with no special
>"magic".
>
>So anyway - I think there are several different approaches to this.  Can I
>modify my fstab file so that "auto" would work by somehow specifing a
>password?  Or is there a password option that I am missing in the mount or
>mount_smbfs commands?  OR...  is there a reason I don't have the smbmount
>command?

You are on the right track; it took me a while to figure this one out too. 

You've got your /etc/fstab file set up correctly. This is how the line for me 
looks, it's just like yours.

//[EMAIL PROTECTED]/SHARE   /mnt/chaos  smbfs   rw,noauto   0   0

To specify your username and password for the mount, you should create
/etc/nsmb.conf  the syntax for this file is shown in 
/usr/share/examples/smbfs/dot.nsmbrc

Here is an example from my machine:

#nsmb.conf
[CHAOS]
addr=10.0.3.3

[CHAOS:EDWARD]
password=X


Finally, to mount on bootup, create a file in /usr/local/etc/rc.d with the 
following contents (or something similar; you probably didn't name your share 
CHAOS):

[EMAIL PROTECTED] more /usr/local/etc/rc.d/010.chaos.sh
#! /bin/sh


case "$1" in

start)
echo "  Mounting CHAOS..."
mount /mnt/CHAOS &>2
;;

stop)
echo "  Unmounting CHAOS..."
umount /mnt/CHAOS &>2
;;

esac


Also, I make sure my /etc/nsmb.conf file is owned by root and chmod'ed 600 
because it contains a password in plaintext.

Don't forget to make sure that your file in /usr/local/etc/rc.d is chmodded at 
least 700 so that it's executable by, at the very least, the owner (should be 
root).

I hope this is clear enough to make some sense to you.

Regards,
Ed

>Thank you for all your help!
>___
>[EMAIL PROTECTED] mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "[EMAIL PROTECTED]"

-- 

"There are people who cheat on their spouse but not at cards, and vice versa, 
and both and neither. Reputation is not necessarily portable from one 
situation to another, and it's not easily expressed."
--Clay Shirkey. (http://www.shirky.com/writings/group_enemy.html)

"It has been said that man is a rational animal.  All my life I have
been searching for evidence which could support this."
--Bertrand Russell.

"The American empire is ideological, not territorial. We are the most 
ideological people in the world, and we are so united in our view that we 
don't understand there can be other views."
--Lt. Gen. William Odom, ret. (Former Director of NSA).

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: chmod after installworld

[Edward Epstein]

On October 28, 2003 5:56 am, Jim wrote:

>New to FreeBSD.  Version 4.8 stable.  Fresh install.
>
>Why am I allowed to chmod 000 a file after installation (ex: /usr/bin/rsh,
>or /usr/bin/yppasswd), but cannot following a cvsup and installworld?  I get
>an "Operation not allowed" message after updating.

On my system, those files have the immutable bit set. "man chflags" will tell 
you how to get rid of that flag so you can chmod the file. It's probably a 
good idea to set the flag back once you're done.

I don't know why the behaviour is different between a fresh install and an 
installworld, though. Now I'm interested to find out. Hopefully someone will 
explain.

Hopefully this is your problem.

-Ed

>A listing of the file shows "-r-sr-xr-x root wheel" as the permissions and
>ownership.  The "s" is common to all the files I cannot change (I believe
>this indicates the suid bit (which is why I'm trying to chmod this in the
>first place)), but chmod  produces the same results (not allowed).
>
>I am logged in as root on the console, am not running ACL, yellow pages, or
>anything else for authentication beyond master.passwd at this stage (fresh
>install).
>
>I have looked at the man page for chmod, and searched google, with no
>results.
>
>Please help.
>
>
>
>
>
>___
>This message was scanned and certified Virus Free by Alexssa | HNet.
>www.alexssa.net
>www.hnet.net
>___
>[EMAIL PROTECTED] mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "[EMAIL PROTECTED]"

-- 

"There are people who cheat on their spouse but not at cards, and vice versa, 
and both and neither. Reputation is not necessarily portable from one 
situation to another, and it's not easily expressed."
--Clay Shirkey. (http://www.shirky.com/writings/group_enemy.html)

"It has been said that man is a rational animal.  All my life I have
been searching for evidence which could support this."
--Bertrand Russell.

"The American empire is ideological, not territorial. We are the most 
ideological people in the world, and we are so united in our view that we 
don't understand there can be other views."
--Lt. Gen. William Odom, ret. (Former Director of NSA).

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: FreeBSD security ....

[Edward Epstein]

On October 28, 2003 4:34 am, Shrikant wrote:

>Dear All ,
>
>Is it possible that i give a Normal (without  wheel rights) user to  access 
> my server using ftp ,and he can only browse thru his home directory not
> above that .If it is possbile pls reply me .

If you create the file /etc/ftpchroot and put the name of the user in that 
file (one name per line), the ftp daemon in the base install will chroot the 
user to their home directory. For exact details and more options, read the 
ftpchroot manual page by typing "man ftpchroot" at a shell prompt.

Regards,
Ed

-- 

"There are people who cheat on their spouse but not at cards, and vice versa, 
and both and neither. Reputation is not necessarily portable from one 
situation to another, and it's not easily expressed."
--Clay Shirkey. (http://www.shirky.com/writings/group_enemy.html)

"It has been said that man is a rational animal.  All my life I have
been searching for evidence which could support this."
--Bertrand Russell.

"The American empire is ideological, not territorial. We are the most 
ideological people in the world, and we are so united in our view that we 
don't understand there can be other views."
--Lt. Gen. William Odom, ret. (Former Director of NSA).

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"