Re: suspending login
Ean Kingston wrote: If you change the password entry then, when you want to enable the user again, the user has to enter a new password. This way, the user keeps his/her old password. Note, the question asked for suspend, not remove. I read suspend as implying that the account may be used again. No, you don't replace the password, you just insert an invalid character - one which can never be the result of crypt(). That invalid character is typically an asterisk. To unlock the account, you remove the asterisk. It's how pw usermod -L and -U work. For the OP, it's important to use all three approaches if your victim is untrustworthy. If you change the password but nothing else he can still get in via SSH; if you change the shell but nothing else he can still get in via FTP (possibly); if you change the home directory but nothing else he can still get in via SSH (and mess with /tmp or /var/tmp). So if you are locking out the user to preserve evidence of some misdeed, be sure to do all three. If this is just a real-life buddy who's welching on some money he owes you, though, doing only one will probably be sufficient. (Well, doing one and saying things to him like "I bought a .45 last week" and "It turns out that if you do enough cocaine most juries won't convict you of murder.") ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: multiprocessors
Bill wrote: On Wed, 2005-04-06 at 21:16, FreeBSD Deamon wrote: Bill wrote: Is there a comand to use so as to see if freebsd is using both processors? sysctl hw.ncpu, I think. You can also look at /var/run/dmesg.boot and look for: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 1 cpu1 (AP): APIC ID: 0 BSP stands for bootstrap processor and AP for application processor. The BSP is the one used to load the system until this message comes up: SMP: AP CPU #1 Launched! which will happen right before the kernel launches init. try top(1) the output of top should contain a "C" column. if this column contains "0"s and "1"s both your CPUs are used There is a line for cpu put it only shows one. Im used to linux and when I do a top in Linux I see two lines for my cpus. You are looking in the wrong place. A C *column*, not a CPU *row*. FreeBSD will only ever show the total CPU time on the CPU row. This is something like what you will see on an SMP system: PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 89704 emccoy960 2484K 1660K CPU1 0 0:00 0.51% 0.05% top 97005 root 960 3092K 1248K select 1 29:28 0.00% 0.00% ntpd First, note the state for top: it's CPU1. Second, the "C" column is 0 for top, 1 for ntpd. The "C" column is the last CPU the process ran on. The WCPU and CPU columns, by the way, are both *per-CPU*, as you can see here: CPU states: 2.7% user, 0.0% nice, 47.5% system, 0.8% interrupt, 49.0% idle 89739 emccoy 1100 1324K 684K CPU0 0 0:43 99.00% 87.50% cat So another way to tell if SMP is working is if the summary row says 50% idle but you've got a process which shows 100% active. Is the stock kernel that gets installed when doing a new install smp enabled? No. Do i need to rebuild my kernel for smp? Yes. The good news is that it's very easy. The Handbook has information on how to do it. Basically all you need to do is add "options SMP" and make sure "device apic" is enabled (it is by default I believe, even for the GENERIC kernel). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DNS Names resolution in ipfw+nat ?
faisal gillani wrote: Well i read couple of how,to artical on the internet regarding setting up a ipfw firewall with nat to allow your private network client to setup internet access , but their isnt one thing clear to me , which was not present in any of the articals , which is how there internal clients gona resolve internet hosts names ? Generally speaking, a program looking to resolve a hostname to an IP will first consult /etc/hosts, which is a simple text file you can examine or edit as you wish. If the hostname which needs to be resolved isn't present in that file, the program will consult DNS via the network. DNS uses port 53 and it can use either TCP or UDP, though in practice a client will never use TCP. (TCP is used mainly for zone transfers and the like, which are server-to-server.) The rule of thumb for Unix is not to use hostnames in startup scripts, because it's possible that DNS will not be available when they are run. It can take over a minute for a DNS query to time out. Besides, it also makes you vulnerable to DNS hijacking. Instead, use IPs or put an entry in /etc/hosts if you must. Incidentally, the firewall rules to allow DNS would be ipfw add allow tcp from me to any 53 setup keep-state ipfw add allow udp from me to any 53 keep-state As a technical aside, the name resolution path I described above is not the way it has to work, just the way it is configured by default. will this be autoconfigured ? No, though the above rules should be in the sample ipfw script which comes with FreeBSD. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: quick timestamp question (ctime/mtime)
Emanuel Strobl wrote: is it possible that mtime of a file can be changed without also changing ctime? No. See stat(2), it shows what operations do what. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sFTP nologin
Grant Peel wrote: Is there a quick - secure way to allow the sshd sFTP subsystem to allows sftp connections without allowing shell accounts? Create the account and set its shell to /sbin/nologin. You can safely add that to /etc/shells: it does its name and just prints a terse message before booting the user if he tries to connect via vanilla SSH. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw and nmap
daniel quinn wrote: i've been experimenting with ipfw since moving some of my machines from linux to freebsd and i've run across an oddity wrt nmap and freebsd firewalls. it doesn't seem to work and the activity isn't logged either. the firewall is working though. ssh goes through, while other ports are being blocked (and logged). i've confirmed this with telnet. but nmap still comes up empty. i'd like to be able to do a proper portscan, but is this a feature with ipfw or a lack of feature in nmap? I am not entirely sure what problems you are seeing. It sounds like you are saying that the firewall works properly, and nmap correctly identifies open/closed/filtered ports, but you are getting nothing in your ipfw log indicating that a scan is happening. Is that correct? If so, the "problem" is that nmap has a variety of scans which are designed not to be caught by firewall logs. If you try a TCP connect() port scan (-sT I think) it will show up in the firewall's logs. If you want to catch all manner of port scans, you will have to use something like Snort. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: var/tmp
dick hoogendijk wrote: I'd like some info on: man 7 hier: "/var/tmp tempory files that are kept between system reboots" Can I safely delete this directory. Probabl not 'cause it's kept in between, but how can I weed some files then in a safe manner? What can and what cannot be deleted and why? some info poiters would be welcome ;-) The hierarchy rules apply to the system, not to you. You can ignore or honor them at your discretion. The promise that nothing in /var/tmp will be deleted between reboots only means that the system itself won't do it. It's a temporary directory; if there's a file in there that hasn't been touched in four weeks, by all means delete it. What I typically do with temp files of uncertain origin is move them into a subdirectory (and then reboot to make sure no processes are holding them open). If nothing bitches that Some Important File is missing, trash them. But if some program refuses to start or gives errors, then you have the originals to move back into place. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: chmod equivalent to find commands
Fafa Diliha Romanova wrote:
hello.
i know there's an equivalent to these two find commands that
can be summed up in one chmod command:
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
it fixes my permissions ...
i haven't tested this yet but i think it's wrong: chmod -R u+rwX,a+rX
what would be the best solution here?
I would do it the same way you do, but with xargs instead:
find . -type X -print0 | xargs -0 chmod XXX
If you were feeling crazy and use sh:
find . | while read path; do \
if [ -d "$path" ]; then chmod 755;
else chmod 644; fi; \
done
The latter is overkill, but the approach can be useful for nontrivial
operations on systems that don't support -print0. It also has the
benefit that you can do it over ssh without having to copy over a
script, e.g.
ssh [EMAIL PROTECTED] sh -s
(No nightmares from having to double- or triple-escape special
characters, either.)
Sorry, I don't know how to do it all with chmod. I assume you've
consulted the excellent FreeBSD man pages?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache exits on signal 4
dave wrote: Hello, Fbsd 5.3-RELEASE, apache 2.53, php4 installed. Everything was working than i got a report of site's being down. I investigated and learned that apache was not starting. I tried a restart, which did not produce an error, however checking for an http process ID didn't show anything. I then checked /var/log/messages and /var/log/httpd-access.log and found that the apache startup was dying on a signal 4. Googling on this did not tell me what it was or more importantly how to fix it. Signal 4 is SIGILL, illegal instruction. (man 3 signal) If you've been able to run the same httpd+modules successfully this is probably indicative of a hardware failure. Usually memory, but it could be your CPU or motherboard or a variety of other things. If this is your hardware and you can afford the downtime, put memtest86 on a boot disk or CD and run it overnight to see if it spots anything. You could also try running Apache through truss and seeing if it gets the error in the same place every time. You could recompile Apache with debugging code, but that will probably make this error go away (by changing the code just enough to obscure the underlying problem). If you are running in a jail, get your hosting company to look at the host system's dmesg/logs since they may see warnings about memory parity errors which might otherwise not be passed to your jail. Linux folks also say that compiling the kernel is a good "stress test." Usually if there's a memory or other hardware problem it will cause gcc to die. I expect that doing a make world would have similar effects. You could try that if all else fails. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Disk Error
Doug Hardie wrote: I doubt that its dying. There is only one bad sector. The drive is in constant use. Its ran at 100% for almost 12 hours while copying the files and no errors were detected. Its always the same sector with the error. Just as a note, hard drives now come with a number of "spare sectors" which they map automatically to replace dead sectors. This is done because all drives ship with a few bad sectors. Usually when errors like this show up, it is because the drive is out of spares. Since problems like these tend to accelerate, it is a good idea at least to consider replacing the disk before you start losing data more than a sector at a time. You might consider getting smartmontools and seeing what the drive's diagnostics have to say. Usually that will tell you if this is a fluke or a symptom of a failing drive. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Swapping hard drives
Ralph wrote: Hello folks I'm looking to do a quick swap on a hard disk I currently have in my FreeBSD file-server. It's an old 30Gb disk, and I've bought a nice, new big one to replace it. The problem is, I'm not sure what the best way to do this is. I have Samba shares on there, and other things, and as far as I'm concerned it's better if the system doesn't know [or care] that the disk is being swapped out, does that make sense? I guess what I'm asking is this, what's the best way to do a swap like this? Put the new disk in your server, partition it "similarly" to the old disk, format, and copy over your data. Then remove the old disk and reuse its connectors for your new disk (or just update /etc/fstab). The idea is that your old filesystem is, say, /dev/ad2s1e. That's what you want your new one to be. All you need to do, really, is juggle IDE cables or SCSI IDs to make that happen. You can also do an over-the-network copy, but that will obviously be much slower and requires two FreeBSD computers besides. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Potential dangers with big arrays
I'm planning to build a fairly large - somewhere from 1TB to 1.75TB in size - array behind a hardware RAID controller and put FreeBSD on it. But after being a good boy and Googling for information before laying out a couple grand, I discovered that FreeBSD might not have such great support for large filesystems. The last bit of useful information I found was from July 2004, so the situation might have changed since then and I figured I'd ask. What sort of problems can I expect to see? Aesthetic problems, like negative numbers in df, are not a worry. The vast majority of files will be 1GB or smaller, so that's not a concern either. But the guy who did those tests in July got "no space left on device" after using up only 800GB or so, and that obviously would be a problem. Naturally I can, and will, test this myself when I get the hardware, but I'm concerned that there may be creeping invisible problems which might result in frequent panics or loss of data - problems which might not become apparent until after I've reached the point where I no longer have enough room to play musical chairs with my data (which will be about 400GB in). Any information anyone has, even if it's just a pointer to who or where I should be asking instead, will be greatly appreciated. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
