Re: route entries after ICMP redirect

2005-04-10 Thread Uwe Doering
Sergey Matveychuk wrote:
I've got some problem with route entries that was created after ICMP 
redirect messages. They are never expired.

Our default gateway (it's a HP switch) send ICMP redirect messages if it 
see a short path to destination. It's makes it not so overloaded. But 
pathes sometime changed. There is no problem with Windows workstations, 
they are rebooted daily. But my FreeBSD boxes hold dinamic route entries 
forever.

I've looked through RFCs and Stevens' books and found no answer on what 
TTL for this entries.
Now I just add route flush as cron job. But may be there is another way?
This has been fixed in CVS in MAIN (rev. 1.52) and MFC'ed to RELENG_4 
(rev. 1.37.2.5) and RELENG_5 (rev. 1.51.4.2) a couple of weeks ago:

  http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in_rmx.c
So either syncing to one of these branches or applying the relevant 
patch manually to your kernel sources ought to solve the problem.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Fast and reliable /tmp partition.

2005-03-12 Thread Uwe Doering
ÑÐÐÐÑ ÐÐÑÐÐÑÐÐÐ wrote:
Hello Freebsd Questions,
I'm using DVD-R to back up our Perforce SCM server.
The size of backup data is 13Gb now and increase ~ 1Gb in two months.
The full backups was made every week, incrementary - every day.
I have made a custom script to start archiver, split on the fly results 
to adequate sized files (< 1Gb),
evaluate checksum and burn it onto DVD.
The script also verify burned DVD by using stored checksums, and burn 
DVD again if needed.
The problem is: i can't compose DVD's on the fly, i need to save them 
somewhere.

I need to have a big, fast and reliable temporary filesystem.
It doesn't needed to survive reboots.
It must be fast writing. (RAID5 vinum array which i have is slow 
performs writes)
And even if one of the disks in server computer will broke (i have a 
vinum on them),
the backup procedure must still works.

Does anybody have expirience with temporary fast filesystems ?
You could use striping and mirroring (RAID 0+1).  This is both fast with 
writes and fail-safe.  And if the partition doesn't have to be crash 
resilient you could mount a UFS/UFS2 filesystem asynchronously.  With 
hard disk drives that's about as fast as it gets, I'd guess.

Of course, a RAM disk would be even faster, but the data volume you're 
dealing with is way too high for normal system memory.  There are RAM 
disks on the market that you can add to the system as a physical 
(hardware) device, in the form of a hard disk drive or a PCI card, but 
these are usually pretty expensive.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Help Renaming Multple Files

2005-03-07 Thread Uwe Doering
Phusion wrote:
I need help figuring out how to rename multple files. The files are
named like reports_abcdef_MMDD.dat, reports_hijklm_MMDD.dat,
and reports_nopqrs_MMDD.dat. Here is an example.
Original Filename: reports_abcdef_MMDD.dat
New Filename: abcdef_MMDD.dat
Let me know how I can do this. Thanks.
You may want to take a look at the 'mmv' package (ports/misc/mmv).
   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD 4.9 - clearing local DNS cache

2005-02-22 Thread Uwe Doering
Danny wrote:
How does one go about clearing local DNS cache?
In case you don't have a 'named' process running on that very machine 
there is no local DNS cache.  Applications (DNS clients) just query the 
DNS server every time, and if it is remote and out of your reach there 
is nothing you can do about it, short of using a different DNS server.

However, if there is a local 'named' process you can get rid of its 
cache contents only by restarting it (AFAIK).  As user 'root', try

  ndc restart
and check '/var/log/messages' for the new startup message.  That should 
do the trick.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Good rentable servers?

2005-02-21 Thread Uwe Doering
bsdnooby wrote:
Instead of getting a fixed IP address at my house, and having a noisy 
machine running all the time - I think I might want to try renting a 
dedicated FreeBSD server.  It would be used for running Apache, phpBB, 
email, listserv, and a few other services.  I found several places that 
have dedicated FreeBSD machines to rent, their prices seems to all be 
$99 a month.

Is there a cheaper or better option?  Maybe a virtualized server or a jail?
There are indeed less expensive solutions available.  For instance, you 
may want to take a look at my signature below. ;-)

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unexpected resolver behavior

2005-02-18 Thread Uwe Doering
Jamie Ostrowski wrote:
I'm running 4.10-p5 on my workstation at home, and I can't understand
why I cannot get www.foo.com to resolve to an IP I am specifying in
/etc/hosts (I want to over-ride the IP returned by the nameserver I query
by default).
in /etc/hosts:
199.xx.xx.24www.foo.com.
in /etc/host.conf:
# $FreeBSD: src/etc/host.conf,v 1.6 1999/08/27 23:23:41 peter Exp $
# First try the /etc/hosts file
/etc/hosts
# Now try the nameserver next.
bind
# If you have YP/NIS configured, uncom
(I have no nsswitch.conf file in /etc)
But when I try to resolve www.foo.com from the command line, I am getting
the IP address from the nameserver from the outside world rather than the
IP from /etc/hosts. I am not running a local named on this machine,
either. Any ideas?
Only programs that use gethostbyname(3) and friends (system library 
functions) can be expected to take heed of '/etc/host.conf', and 
therefore '/etc/hosts'.

Now, the utility commands that are part of the Bind package, like 
'host', 'nslookup' etc., talk to the DNS server directly and ignore what 
you have in '/etc/hosts'.  This can also be true for some applications 
(MTAs come to mind) that have their own DNS query code because they need 
DNS information that is not available through system library functions.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: log viewer

2005-02-12 Thread Uwe Doering
[EMAIL PROTECTED] wrote:
Hello,
I am looking for a good log viewer. It would be a plus if it comes with a gui but not a must. Do any of you guys use or have heard of a good log viewer tool for FreeBSD?
In case you mean a program for monitoring log files, possibly several of 
them on one screen, you may want to take a look at 'multitail'.  It's a 
curses application, but with 'xterm' you can use it on a GUI as well.

Regards,
   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: identifying and fixing server I/O slowdowns

2004-08-06 Thread Uwe Doering
Jeff Kramer wrote:
Oh great and wise FreeBSD gurus,
I've been running FreeBSD boxes for about five years with great results 
(up to 6 at the moment), but recently one of my machines has started to 
seriously act up.  Every time a heavy disk operation (say, tar'ing a 1 
gig directory) occurs the system slows to a crawl, and requests to 
apache/php/mysql sites hosted on it just hang.

The system is a dual p3 1.13ghz box with a gig of ram and mirrored 80 
gig WD800BB drives on a Promise TX2 controller.  The raid isn't 
degraded.  There's a dedicated 1.5 gig swap partition and a swap file on 
the /usr partition.  We had some apache processes go nuts one time, 
which is why I added the swap file.
[...]
This problem could be due to a disk drive that is about to fail.  If 
there are (still recoverable) disk errors, retrying the affected I/O 
operations can keep a disk controller occupied for serveral seconds.  Of 
course, all processes trying to do disk I/O during this time span will 
block.

Since the errors are (eventually) recoverable the raid array is likely 
to _not_ drop into degraded mode by itself.  After you've found out 
which of the disks it is you would have to force that disk into failed 
mode and would then replace it.  The exact details depend on your raid 
controller.

Of course, your mileage may vary, but I've experienced disk failures 
like these several times in the past, with the effect you've described.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD Hosting

2004-07-17 Thread Uwe Doering
Joseph Koenig wrote:
Hi,
I'm sure this question comes up, but I am looking at switching hosting
companies and am considering going with a dedicated server or co-locating
some servers somewhere. Regardless of which way I go, I want to make sure
the hosting facility has technicians who have experience with FreeBSD, in
especially with jails. If I go with a co-location set-up, I'd like to find
somewhere that will manage security patches, OS updates, etc - whether it is
through the hosting facility or through a 3rd party consultant. We are a
small firm and do not have the time to effectively manage all aspects of the
system, yet we are more than capable of handling the day-to-day basics of
the system (installing software, supporting web, db, and e-mail, etc). I'd
appreciate any recommendations anyone has on hosting facilities /
consultants that would be able to effectively handle these issues for us.
While I can't tell from your posting what exactly you would like to do 
with the server, going by your general requirements you may be 
interested in what we (EscapeBox) do.  Please consider following the 
link in my signature.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: UsersFiles and Quota

2004-05-25 Thread Uwe Doering
Chris Collins wrote:
Hello All
Is there a way to list files on my system that belong to a certain user. I
have quotas enabled and cannot find out where all the space is being used. 
With quotas enabled this should be easy.  Use 'repquota' and sort the 
list by allocated disk space:

  repquota -u /path/to/filesystem | sort -rn +2 -3
That's less taxing on the system than using 'find', and it also takes 
into account files that a user might have deleted but still holds open 
and therefore allocated.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Security run question

2004-05-25 Thread Uwe Doering
Edd wrote:
I recieved my security run today (as usual) and an error which I have
never seen before appeared:
hitbox.monsternet.lan kernel log messages:
tabase /etc/aliases.db: No such file or directory
A quick locate shows that there is no such command as tabase! Any ideas
what this might be?
That should probably read "database", and the message just got clipped 
for some reason.  Some program apparently tried to access 
'/etc/aliases.db', failed to do so and logged an error message, which 
the security run scripts subsequently reported to you.

You may want to investigate which of your software expects 'aliases.db' 
directly under '/etc'.  Normally, this file lives under '/etc/mail' in 
FreeBSD, or at least in 4.x, and all software ported to FreeBSD properly 
should know about that.  Did you install some programs directly from 
their original source, that is, not from the FreeBSD ports/packages 
collection?

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: How To Copy A Group of Files To Different Name?

2004-05-18 Thread Uwe Doering
Drew Tomlinson wrote:
How can I copy a group of files to a different name.  I want to copy all 
files starting with 'bacula*' to 'bacula*.old'.  So I have these four 
files:

blacklamb# ll bac*
-r--r--r--  1 root  wheel   949 Apr 22 09:13 bacula-barcodes
-rw-r-  1 root  wheel  5792 May 17 16:52 bacula-dir.conf
-rw-r-  1 root  wheel   763 Apr 22 09:13 bacula-fd.conf
-rw-r-  1 root  wheel  1909 May 17 16:31 bacula-sd.conf
I want to have copies of these files with '.old' appended to their 
names.  I've tried 'cp -pv bac* bac*.old' but cp complains.  Because 
it's only 4 files, I'll do each one independently but I'd like to know 
how to do this "right" for future reference.
You may want to take a look at the utility 'mmv' in the ports tree 
('ports/misc/mmv' in CVS).  For copying you would use the 'mcp' variant:

  mcp -v 'bacula*' 'bacula=1.old'
It automatically preserves permissions and modification time.  For a 
test run in order to verify in advance what would happen, use the '-n' 
option.

Great tool IMHO.
   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: advice sought on tape backups with cyrus-imap

2004-04-24 Thread Uwe Doering
Ed Budd wrote:
Hi, all:

Hoping for a "reality check" from anyone on the list with experience
in doing tape backups with cyrus-imap:
I've got FBSD 5.2.1REL acting as a mail server running cyrus-imap and
wondering what the best (read: safest) method of backing up user
mailboxes to tape might be. Can I just dump/restore everything
under /var/imap or is there more to it than this, considering the
mailboxes are stored in cyrus db format? Does this matter when it comes
time to restore?
Well, doing on-the-fly backups is always risky, though unfortunately 
hard to avoid at 24x7 operations.  However, Cyrus IMAP stores the email 
messages in separate files.  So all that can become inconsistent are the 
data structures in the DB files used for management and performance 
purposes.

Now, Cyrus IMAP comes with repair tools for these DB files which can 
restore missing/inconsistent data from the actual message files.  So 
backup/restore induced inconsistencies are normally no problem.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: SOLVED: Re: openssl port not over-writing the base

2004-04-14 Thread Uwe Doering
Jamie wrote:
On Mon, 12 Apr 2004, Jamie wrote:
   Tried upgrading openssl this morning on a 4.9REL machine with ports.

  I went into /usr/ports/security/openssl and ran:

  make -DOPENSSL_OVERWRITE_BASE=yes install

 When it was through building, it didn't over-write the /usr/bin/openssl
binary, but it did install the new openssl in /usr/local/bin.
 What am I missing here? The makefile has this line in it:

.if defined(OPENSSL_OVERWRITE_BASE)

 I can't understand why it would put it in /usr/local.
   I was able to get it built correctly without the =yes appended to the
option.
The correct syntax for assigning a value to a make variable would be

  make OPENSSL_OVERWRITE_BASE=yes install

This can be important in cases where just defining the variable with 
'-D' is not enough.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: FreeBSD router: Can my internet provider detect my home network?

2004-04-11 Thread Uwe Doering
Rob wrote:
I plan to have a FreeBSD (4.9 stable) system serving as a router
between my provider and a set of my home computers connected
via a home network.
My provider does not really like this, but I don't care so much,
as long as s/he cannot detect (too easily) my home network.
[...]
Is it correct, that the combination of firewall and natd divert
all requests and thus hide the home network for my provider?
Are requests from all other networked home PC's done on behalf of
the router, so that my provider will only see requests from my router?
If they want to, they can detect that there's more than one computer 
using that link.  They just need to look at the TCP sequence numbers. 
This way they can associate TCP packets with their individual 
originating hosts.  If they see more than one group of sequentially 
increasing TCP sequence numbers they know that you're cheating.

Whether they really care about it as long as you're not causing 
excessive network traffic or other trouble is a different matter.

The only way to really hide your computers is to block direct Internet 
connections and instead use proxy software on a gateway server for each 
and every service.  IMHO, quite an effort for probably just a couple of 
bucks saved.  Larger companies do this, but for security reasons and 
also to control what their employees do on the Internet.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: changing directory permissions recursively

2004-04-09 Thread Uwe Doering
Cory Petkovsek wrote:
On Fri, Apr 09, 2004 at 08:47:07AM +0200, Uwe Doering wrote:

cd $topdir
find . -type d | xargs chmod 755
In case (potentially) untrusted users have had write permission in this 
directory tree in the past, a safer alternative would be

 find /path/to/tree/root -type d -print0 | xargs -0 chmod 755
Please explain the "safer" difference in your eyes, Uwe.  Are you thinking the
admin might have ./ in their path?
No, but specially crafted file names can contain spaces and newlines. 
Since xargs(1) by default considers whitespace to be argument separators 
users can easily inject absolute paths to files somewhere else in the 
filesystem and wreak havoc this way.  They just have to wait until 
'root' traverses over their files with 'find' and 'xargs'.

The '0' options for find(1) and xargs(1) have been introduced to counter 
these attacks.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: How to get memory usage for process?

2004-04-09 Thread Uwe Doering
Artem Koutchine wrote:
Hi!

I need to figure out how much memory process really takes.
For example, i am running 100 perl scripts, they are all the
same source and i guess some memory is shared among them
(mostly perl interperter i guess). So, i need to know how much
memory is shared and how much memory is used for each new
running script (including buffers, e.t.c.). What command shoud
do the trick and with what options?
In case you have the PROCFS mounted (usually under /proc) you can get a 
detailed listing of the memory map of a process, together with the 
relevant flags for the various memory segments that indicate memory 
sharing etc.  Try this:

  cat /proc//map

'' is of course to be replaced by the PID of the process you want 
to examine.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: enabling S.M.A.R.T on drives attached to Adaptec 2400A RAID controller

2004-04-09 Thread Uwe Doering
Guido Kollerie wrote:
In my server I have four 40GB IBM Deskstar 120GXP drives attached
to an Adaptec 2400A RAID controller in a RAID-5 configuration
with one of the drives configured as a hot spare.
According to Adaptec's raidutil utility the four drives do not
have the S.M.A.R.T. capability for detecting potential problems.
However according to the IBM/Hitachi datasheet for these drive
they _do_ have this capability:
http://ssddom01.hgst.com/tech/techlib.nsf/techdocs/E0B26749E1A7728C87256B290055ECA5/$file/D120GXP_ds.PDF

Is there a way to convince the 2400A that these drives do support
S.M.A.R.T, and if so how do I enable it?
In my experience the fact that 'raidutil -L all' doesn't flag the 
S.M.A.R.T capability is not really relevant.  I've seen 2400A 
controllers in the past that didn't flag that capability, either, and 
still disk drives (IBM) failed because of excessive S.M.A.R.T errors, 
according to the controller's event log.

I have no idea, though, how to check in advance whether S.M.A.R.T is 
enabled by default in a specific disk drive.  However, there is a check 
box for S.M.A.R.T in the controller's BIOS setup (if I remember 
correctly), and it was selected by default in all cases I've seen.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: changing directory permissions recursively

2004-04-08 Thread Uwe Doering
Bill Campbell wrote:
On Fri, Apr 09, 2004, dave wrote:

Hello,
  I've got a problem, a directory area has the wrong permissions, occurred

from a dump restore. Now my user's can't get to the files within the area. I

could go around and do chmod permissions directoryname, but i was wondering
if there was a perl or shell script that would do this?
cd $topdir
find . -type d | xargs chmod 755
In case (potentially) untrusted users have had write permission in this 
directory tree in the past, a safer alternative would be

  find /path/to/tree/root -type d -print0 | xargs -0 chmod 755

Better safe than sorry.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Problem with ncurses install

2004-03-27 Thread Uwe Doering
Aleksander Rozman - Andy wrote:
Some time ago I did little experimenting on my FreeBSD box (I was trying 
to compile some programs and I installed new version of ceratain auto* 
and other programs) so after that I couldn't usee gcc anymore. I 
reinstalled gcc and some other tools, but now ncurses is of some older 
version.
I tried to reinstall ncurses and I succeed, but from is that dynamic 
library libncurses.so.5 is not reinstalled along with other programs, 
which means that most of software on my computer is now unusable... How 
can I force ncurses to install dynamic library (I run install from 
contrib directory)...
In FreeBSD's base system you are not supposed to install anything 
directly from the 'contrib' tree, and neither from 'crypto'. 
'libncurses', for instance, has to be built and installed from 
'/usr/src/lib/libncurses', like so:

  (clean up /usr/obj)
  make obj && make depend && make
  make install
  (clean up /usr/obj)
That's how it is in FreeBSD 4.x at least.  Can't tell, though, whether 
the path names are still the same in 5.x.

Hope it works for you, too.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Simple file count question

2004-03-15 Thread Uwe Doering
Craig Reyenga wrote:
find /path/to/dir -type f -name db\* -print | wc -l

would count the number of files that begin with 'db' in the name, under the
'/path/to/dir' directory. man find and man wc for more action.
Be careful in case that directory contains subdirectories, since 'find' 
will traverse them by default as well.  If you want to count files only 
in the directory level of '/path/to/dir' you may want to add '-maxdepth 
1', like so:

find /path/to/dir -type f -name db\* -maxdepth 1 -print | wc -l

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Kernel Questions

2004-03-11 Thread Uwe Doering
Loren M. Lang wrote:
On Thu, Mar 11, 2004 at 11:59:44AM +0100, Uwe Doering wrote:
Loren M. Lang wrote:
[...]

3.  The handbook seems to suggest to use the config, make, make install
procedure for installing the kernel if you have no other reason for not
using it, what is the reason for this?  (The paragraph immediately
following procedure 2)
This sequence takes care that all the modules get installed together 
with the matching kernel, that a backup of both the kernel and the 
modules is available (suffix '.old') in case the new kernel doesn't work 
properly, and it also deals with the system immutable flag ('schg') that 
protects '/kernel' from being deleted or clobbered by accident.  You 
would have to do all these things by hand if you didn't use the 
recommended sequence.
I mean why use that procedure over a make buildkernel installkernel, I
thought they both did all that.
Well, as far as the result is concerned, both methods are identical. 
However, if you use the step-by-step procedure the object files remain 
intact after a kernel build, or at least until you delete them 
deliberately.  So if you then have to make just a minor patch to one of 
the source files, possibly in the course of a security advisory, 'make' 
recompiles only the source file that changed.

With the 'buildkernel' target, on the other hand, a complete kernel 
build takes place, that is, it compiles all source files again, 
regardless of how small the change you made actually was.  This costs 
considerably more time.

That's why the (selectively executed) step-by-step method makes sense 
for kernel development work and even the occasional security patch.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: writing to specific block address

2004-03-11 Thread Uwe Doering
Erik Trulsson wrote:
On Thu, Mar 11, 2004 at 04:53:30PM +1100, eodyna wrote:

hello again,

I dont know if this is possible, but does anyone know
if you can write to a specific address in Freebsd?
Say, i want to write to block 7946848-7946879. Can i
do that, or is that something different?
Thanks in advance .
You should be able to do that using dd(1).
Right.  In case you would like access to the entire disk, regardless of 
the partitions and the various filesystems inside the partitions, use 
'of=/dev/da0', 'of=/dev/ad0' or whatever device node is appropriate on 
your system.

Offset and length would be set with 'seek=' and 'count='.  However, make 
sure that you understand their interaction with 'bs=' (block size), or 
you may be very sorry afterwards ...

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Kernel Questions

2004-03-11 Thread Uwe Doering
Loren M. Lang wrote:
A few questions on the FreeBSD kernel:

1.  If I specify a driver in the config file with a device command, does
that always mean that it's compiled in staticly and not as a module?
It will then be compiled in statically, but this doesn't affect the 
module (see below).

2.  How does make decide what to compile as a module?  Is it everything
not compiled into the kernel that it can compile as a module?  And how
would I tell what can only be compiled staticly and won't be compiled if
it's not included with a device entry?
Per default all devices get compiled and installed as modules, 
regardless of whether you compile some of the devices statically into 
the kernel or not.

You can use

  makeoptions MODULES_OVERRIDE="..."

to limit the modules to be compiled and installed to the list you 
provide with this option.  See the comments in the 'LINT' file.

3.  The handbook seems to suggest to use the config, make, make install
procedure for installing the kernel if you have no other reason for not
using it, what is the reason for this?  (The paragraph immediately
following procedure 2)
This sequence takes care that all the modules get installed together 
with the matching kernel, that a backup of both the kernel and the 
modules is available (suffix '.old') in case the new kernel doesn't work 
properly, and it also deals with the system immutable flag ('schg') that 
protects '/kernel' from being deleted or clobbered by accident.  You 
would have to do all these things by hand if you didn't use the 
recommended sequence.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: apache log files rotation

2004-03-05 Thread Uwe Doering
Dave McCammon wrote:
--- fbsd_user <[EMAIL PROTECTED]> wrote:
Can apache logs be rotated by /etc/newsyslog.conf?
If not, how is it normally done?
___
Here is the relevent portion of my newsyslog.conf

/var/log/httpd-access.log 640  14*$D0   Z 
 /var/run/httpd.pid
/var/log/httpd-error.log  640  14*$D0   Z 
 /var/run/httpd.pid

"man newsyslog" for more info on the fields.
Just a hint in case you plan on running a web statistics program over 
the access log: add 'B' to the flags column for 'httpd-access.log', 
resulting in 'BZ'.  This will omit the 'logfile turned over due to ...' 
lines generated by 'newsyslog', which the statistics program may 
otherwise complain about.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: mysql in a jail

2004-03-05 Thread Uwe Doering
[EMAIL PROTECTED] wrote:
I have a system running four jails. MySQL is running in two of the jails and I
am trying to add it to a 3rd jail. Starting the server gets the message:
  040302 19:34:15  mysql started
  040302 19:34:15  Can't start server : Bind on unix socket: Permission denied
  040302 19:34:15  Do you already have another mysqld server running on socket:
   /tmp/mysql.sock ?
  040302 19:34:15  Aborting
  040302 19:34:15  /usr/local/libexec/mysqld: Shutdown Complete
  040302 19:34:15  mysqld ended
The new jail was created by copying the file tree from a jail that had the
desired configuration and then doing clean-up as required. In response to the
error I tried configuring mysqld to use a different port and socket file. That
did not fix the problem. I had forgotten the other two mysql's are using port
3306 and /tmp/mysql.sock.
[...]
Are you sure that each jail runs on its own, unique IP address?  If not, 
port binding conflicts are to be expected.  You cannot have multiple 
MySQL daemons on the same IP address/port combination, regardless of 
whether they run inside jails or not.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: MySQL and FreeBSD 4.x.. problems, problems with server

2004-03-02 Thread Uwe Doering
dap wrote:
This has happened with enough servers at different locations that I have to
believe there is a relationship here. I have servers running the latest
release of MySQL. I've run the servers on FreeBSD 4.4., 4.7, and 4.8. I am
not using the threaded version.
MySQL always uses threads.  It's just that you have the choice which 
implementation to use, native or Linux threads.

On all three versions, on different servers
at different sites, I have seen MySQL just go wacky after a while.
Two types of symptoms:

1. mysqld just decides to consume as much of the CPU as possible.
2. new connections to mysql fail
It will usually take 1-3 weeks between occurances.
[...]
Yes, this is a mysql problem probably, and not a FreeBSD problem. However,
I'm hoping to get some help or hope here as well as with the mysql people.
:)
There have been some fixes lately to 'libc_r', the threads lib MySQL 
uses by default on FreeBSD 4.x.  They deal with EOF conditions in 
connection with write(2) which may very well cause process looping. 
This programming error could be the cause of your problem as well, so it 
might be worthwhile to take a look at the latest CVS commits to 
'uthread_write.c':

http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc_r/uthread/uthread_write.c?sortby=date&only_with_tag=RELENG_4

BTW, a potentially serious problem with signals in 'uthread_join.c' has 
been fixed recently, too.

Hope it helps in your case.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: portsdb: Warning: Duplicate INDEX entry

2004-02-26 Thread Uwe Doering
Bernard El-Hagin wrote:
Uwe Doering wrote:
Bernard El-Hagin wrote:
Kris Kennaway <[EMAIL PROTECTED]> wrote:
[...]
I think there's something in one of the included makefiles that relies
on a change to make(1) that happened after 5.1-RELEASE.  Note that
only the most recent release is supported by the ports collection
(http://www.freebsd.org/ports); try updating to 5.2 or 4.9, which
should fix the problem.
Wow, that really sucks, since I've had zero luck updating to 5.2 the two
times I tried, and going with 4.9 from 5.1R means a reinstall, rather
than an upgrade (I'm led to believe).
If you have the OS sources installed you could selectively upgrade the 
source files of make(1) via cvsup(1) and just install it.  No need to 
upgrade the whole OS only because make(1) got an additional command line 
option.  We recently did this for our 4.5 based systems.
Could you please explain how that's done? I've never selectively
upgraded the source and I'm afraid of screwing something up.
If you haven't already done so, install the port 'cvsup', preferably the 
precompiled package in order to avoid having to install Modula (which 
'cvsup' is written in).

Then you need an appropriate supfile, '/etc/cvsup-src-5.2' in this 
example, which should look like this:

- cut here 
*default  host=cvsup.FreeBSD.org
*default  base=/usr
*default  prefix=/usr
*default  release=cvs
*default  tag=RELENG_5_2
*default  delete use-rel-suffix
src-all
- cut here 
Now do

  cvsup -g -i src/usr.bin/make /etc/cvsup-src-5.2

Once this went through successfully, build and install the new version:

  cd /usr/src/usr.bin/make
  make obj && make depend && make
  make install
  (clean up /usr/obj afterwards if desired)
That's it.  You can selectively upgrade other programs the same way if 
necessary, provided of course there are no incompatibilities in the 
respective areas between the OS releases.  A look at the CVS commit 
comments is always a good idea in this context.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: portsdb: Warning: Duplicate INDEX entry

2004-02-24 Thread Uwe Doering
Bernard El-Hagin wrote:
Kris Kennaway <[EMAIL PROTECTED]> wrote:

On Tue, Feb 24, 2004 at 07:44:45AM +0100, Bernard El-Hagin wrote:

Since I have this same problem I ran 'make describe' and here's the
result:
-
===> devel/sparc-rtems-gdb
*** Error code 1
Stop in /usr/ports/devel.
*** Error code 1
Stop in /usr/ports.
-
What version of FreeBSD are you running?
Sorry, I should have mentioned that. I'm running 5.1-Release.
I think there's something in one of the included makefiles that relies
on a change to make(1) that happened after 5.1-RELEASE.  Note that
only the most recent release is supported by the ports collection
(http://www.freebsd.org/ports); try updating to 5.2 or 4.9, which
should fix the problem.
Wow, that really sucks, since I've had zero luck updating to 5.2 the two
times I tried, and going with 4.9 from 5.1R means a reinstall, rather
than an upgrade (I'm led to believe).
If you have the OS sources installed you could selectively upgrade the 
source files of make(1) via cvsup(1) and just install it.  No need to 
upgrade the whole OS only because make(1) got an additional command line 
option.  We recently did this for our 4.5 based systems.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: a sysctl machdep.tsc_freq problem

2004-02-21 Thread Uwe Doering
ouyang kai wrote:
> Uwe wrote:
> 
>>Is the P4-1.6G machine a multi-processor system, that is, was the kernel 
>>compiled with the SMP option?  If so, there is currently no TSC support 
>>on multi-processor systems, for technical reasons I understand.  So in 
>>this case 'machdep.tsc.freq' is omitted from the kernel and therefore 
>>cannot be queried.
> 
> No, there are all UP system.
> [...]

Okay, then there are apparently more reasons for its ommission than just
SMP.  After all, 'machdep' means "machine dependent". ;-)

> I think the difference is the P4-1.6G machine enable APM-BIOS, if so, how can I get 
> the CPU speed?
> Because the CPU speed info in the 'kern.msgbuf' will be rushed after the machine run 
> a long time and a lot of kernel msg.

Did you consider parsing '/var/run/dmesg.boot'?  That one won't change
over time.

   Uwe
-- 
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: a sysctl machdep.tsc_freq problem

2004-02-21 Thread Uwe Doering
ouyang kai wrote:
  i found a strange case, i have tested the three machines(PIII 800 & 
FreeBSD4.9-stable,
P4-1.6G & FreeBSD4.8-release, P4-2.0G & FreeBSD5.2.1).
  I use "sysctl -a | grep machdep.tsc.freq" to get the CUP speed. But, I 
failed on the P4-1.6G machine. Nothing appears.
 Should I set some additional stuff on the P4-1.6G machine? I have do 
nothing specailly for the other two machines, but it works.
Is the P4-1.6G machine a multi-processor system, that is, was the kernel 
compiled with the SMP option?  If so, there is currently no TSC support 
on multi-processor systems, for technical reasons I understand.  So in 
this case 'machdep.tsc.freq' is omitted from the kernel and therefore 
cannot be queried.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: quick mozilla question

2004-02-20 Thread Uwe Doering
Chris Meyers wrote:
On Fri, 2004-02-20 at 10:29, jr315 wrote:

running freeBSD 5.2 release.
installed mozilla from packages. When I try to run I
get the following message:
sh# mozilla
/libexec/ld-elf.so.1: Shared object "libintl.so.5" not
found
/libexec/ld-elf.so.1: Shared object "libintl.so.5" not
found
any ideas
Someone here had the exact same error the other day. The problem was
gettext had been updated, but the ports/packages that depended on it
(pretty much everything) hadn't. So gettext updated libintl.so.5 to
libintl.so.6 so mozilla and gvim and evolution and almost everything
complained with the same error you are seeing.
I'm not sure if this is your problem. Since you installed mozilla from
packages rather than ports it may be. The package may have been built
with the older version of gettext. A portupgrade mozilla may solve the
problem.
The 'gettext' transition period is over by now (in the ports tree).  So 
it's basically a matter of waiting until all the binary packages have 
been rebuilt with the new 'gettext'.  Or maybe this has happened already.

When exactly did you download the Mozilla package?  If it's fresh and 
apparently not updated yet, just wait a couple of days and download 
again.  The problem will eventually go away by itself.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: startup daemon as unpriviliged user

2004-02-14 Thread Uwe Doering
matthew wrote:
On Fri, 13 Feb 2004, Louis LeBlanc wrote:
[...]
So, how can I get a process to run automatically on startup for an
unprivileged user?
cd /usr/local/etc/rc.d

make a small sh script like so:

#!/bin/sh
su username -c "command"
For scripts in '/usr/local/etc/rc.d' one should stick to the required 
semantics.  That is, in this particular case you need to make sure that 
it only runs on startup and not a second time on shutdown.  Like so:

 cut here 
#!/bin/sh
case "$1" in
start)
su username -c "command"
;;
stop)
;;
esac
 cut here 
Also, keep in mind that the script's name requires a suffix of '.sh', or 
else the system won't execute it automatically.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Determining free memory on FreeBSD 4.8-REL

2004-02-13 Thread Uwe Doering
Erik Trulsson wrote:
On Fri, Feb 13, 2004 at 03:28:34PM -0600, dap wrote:
How do I determine if my FreeBSD is actually low on memory not? And what is
Inact? I did read the manpages, but even they seem to skirt how I should
view Inact vs. Free. (I did read the tuning manpage.)
Let's say I have this:
[...]
So I have 82MB of free memory, 35MB of memory being used by the OS as disk
IO, cache is different from Buf in some way or another (the top manpage
doesn't quite go into details here). I don't quite get Inact and Wired.
You can view all of Inactive, Cache and Free as free memory. The
difference is if the memory might be "dirty" and need to be flushed to
swap before being reused. (Free is completely free and ready to be used
at once, Cache is probably not dirty, while Inactive is probably
dirty.)
Let me rephrase this a little.  Pages in Inactive _can_ be dirty (if 
they have been written to) while pages in Cache are already clean 
(laundered), that is, can be used for other purposes without delay, but 
can also be reactivated (moved to Active) if their current contents is 
needed again.  Inactive, on the other hand, has to be laundered before 
the pages move on to Cache, which they eventually do.

It works like this: If the kernel's laundry routine finds a dirty page 
in Inactive for the first time it marks and skips it, in the hopes that 
the page is ephemeral and will be gone next time around.  If it's not 
gone and the launderer finds it for the second time it schedules it for 
flushing to disk and skips it again.  If it later finds the page for the 
third time it is hopefully clean by then and can be moved to Cache.

Pages that are clean right from the start (that only have been read) 
will be moved to Cache without further ado, whenever (Cache+Free) falls 
below its lower hysteresis level.  That is, the move will be in chunks.

And yes, I agree that it's a little complicated. ;-)

If I see ANY swapping going on should I worry? I don't think so. Some
swapping is normal in UNIX in general.
As you note a little bit of swapping is perfectly normal.
If you start to see a lot of swapping you probably want more memory.
The slow increase in swapped-out pages you see over time even if the 
system is not short of memory is caused by the laundry procedure I 
described above, and is perfectly normal.  It's kind of a preemptive 
strategy in order to have enough clean pages available without delay 
when you need them.

Hope to have shed some light on the subject.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Out of memory and inactive memory

2004-02-10 Thread Uwe Doering
Douwe Osinga wrote:
Do you happen to have a per-process data size limit?  What does
Hey, thanks, that could be it. It says datasize limit = 130 Mbyte
sort of where the process stopped working.
Is there a way to change this setting on a global scale? I.e. if
I limit datasize unlimited, it seems that only works for the
current session.
Provided it doesn't get set explicitly by a 'ulimit' or 'limit' command 
in some shell start-up script the datasize limit could be set in 
'/etc/login.conf'.  If you change anything in there don't forget to run 
'cap_mkdb /etc/login.conf' in order to re-generate the corresponding 
database file.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Out of memory and inactive memory

2004-02-10 Thread Uwe Doering
Douwe Osinga wrote:
I'm running Zope under FreeBSD 4. Zope keeps getting memory errors, i.e.
malloc() fails. But top reports lots of inactive memory available. I'm new
to BSD, but I did search around in archives and I think I learned that
inactive memory is only kept around in case it is needed again and should be
given to a process needing it. So why does Zope fail here?
Do you happen to have a per-process data size limit?  What does

  ulimit -a

or

  limit

show?  The former is for sh or bash, the latter for csh or tcsh.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: documentation on FreeBSD kernel

2004-02-06 Thread Uwe Doering
LACOSTE Thierry wrote:
Are there books equivalent to e.g. "Understanding the Linux kernel"
concerning FreeBSD ?
More precisely, books (or other sources) discussing thoroughly the
implementation
of the FreeBSD kernel on ia32 computers.
I usually refer to

  The Design and Implementation of the 4.4 BSD Operating System
  (Addison Weslay)
As with all these books about operating systems under development, they 
can never be completely up to date.  The OS is a moving target.  So the 
book I recommend above is a good start, but it certainly doesn't cover 
the latest design decisions of the various BSD development teams.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: tcp blackhole and ident

2004-02-05 Thread Uwe Doering
J.D. Bronson wrote:
At 07:39 AM 1/31/2004, Matthew Seaman wrote:

On Sat, Jan 31, 2004 at 07:32:36AM -0600, J.D. Bronson wrote:
> I have a question. I setup the following in sysctl.conf:
>
> net.inet.tcp.blackhole=2
> net.inet.udp.blackhole=1
>
> ..Well this works, but now I have a new issue.
> I run sendmail and as such, need to allow TCP 113 into this machine
> and yet get CONNECTION REFUSED. - I dont want to run IDENT, but
> need to still get the CONNECTION REFUSED...
Run ipfw(8) or a similar firewall and set up a rule that sends an ICMP
reject whenever it detects an incoming connection on port 113 as part
of your firewall configuration.  Eg. something like:
01600 reset tcp from any to me dst-port 113 setup
Thanks...but I have quite a robust Cisco firewall in place ahead of the 
freebsd machines...so I dont -need- to run ipfw...Hmmm...
You can achieve this rejection on the application level as well.  Here's 
how:

1. Run inetd with command line options '-wW' to enable libwrap support.

2. Enable inetd's internal auth service with
 authstream  tcp nowait  rootinternal
3. Deny auth connections in libwrap's /etc/hosts.allow, like so:
 auth : ALL : severity debug : deny
 ALL : ALL : allow
Now you have something (inetd) bound to port 113, so a connection can be 
established, but it gets dropped immediately due to the libwrap setup. 
This is sufficient to prevent timeouts on the remote end but at the same 
time leaks as little information as possible for an application level 
solution.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Unexpected soft update inconsistency

2004-01-20 Thread Uwe Doering
Peter Schuller wrote:
Hello,

What's the deal with soft updates and guaranteed consistency? Every time 
journaling is brought up by someone, he/she is promptly told about how soft 
updates does the job at least as well.  I never had a problem with this based 
on what I have read about soft updates. However:

I *very* quickly ran into a case where I got an "unexpected soft update 
inconsistency" after crashing the machine by doing something naughty with 
Vinum while there was disk activity (note: the filesystem which exhibited the 
problem was not on a vinum volume).

So my question is:

Do soft updates, or do they not, algorithmically guarantee filesystem 
meta-data consistency in the event of a crash?
The design goal for Soft Updates, apart from the performance gain, was 
to keep the disk image in a recoverable state at all times and to limit 
data loss to the last couple of seconds.  This does not mean, however, 
that it guarantees that after a crash fsck(8) will never ask any questions.

Normally, the right thing to do is to answer with 'yes' when it offers 
to remove the file, since that file can be expected to be incomplete. 
This way you are kind of turning back the clock by a couple of seconds, 
from the file system's point of view, until it gets into the time range 
again where all files were still consistent (payload and meta data).

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Other ways than quotas to limit mail files size ??

2004-01-12 Thread Uwe Doering
Greg Bernard wrote:
Is there another way to limit the amount of space occupied by mail files on
a per user basis using another method than quotas ?
I would like to limit the amount of space available for each user's e.mail
so e.mail file size will not go crazy.
You could switch to Cyrus IMAP, which is a complete IMAP4/POP3 email 
storage subsystem with file system independent quotas.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Can't traceroute to my box

2003-12-27 Thread Uwe Doering
Frank DeChellis wrote:
Hi.

I am new to FreeBSD.  I have been using NetBSD for about 9 years.  I have
FreeBSD v. 4.8 Release #1 running.  Everything is smooth expect for one
thing.
I can't traceroute to the box.  I can do a traceroute -I to it, but not a
regular traceroute, which tells me something about UDP, but I don't know
where to look.
IS there a file somewhere that is closing certain UDP ports that respond to
traceroute?
Apart from the usual suspect (firewall filtering out the incoming UDP 
and/or outgoing ICMP packets), what does

  sysctl net.inet.udp.blackhole

show?  If it is _not_ 0 it means that UDP ports that are not in use 
don't generate a response, which implies that the normal 'traceroute' 
won't work.  This feature is intended to make the life of (port 
scanning) hackers even more miserable than it must be already.  There is 
a related variable for TCP as well (net.inet.tcp.blackhole).

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: group members can't modify files even though 775 set

2003-12-24 Thread Uwe Doering
Seamus Abshere wrote:
Dear freebsd-questions,

I want all members of the "webmasters" group to be able to modify my web 
documents directory /www.

Here's my user, a webmaster:
[...]
But this happens when I am logged in as sabshere:

$echo "whatev" > index.html
-bash: index.html: cannot overwrite existing file
I think this has nothing to do with file permissions.  Instead, the 
'noclobber' option is probably enabled in your bash settings, so the 
shell refuses to overwrite existing files.  Find the directive 'set -o 
noclobber' in your shell's startup files and comment it out, or if this 
behaviour is the default, try to override it with 'set +o noclobber'.

Hope this helps.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: bash bug or something else?

2003-12-16 Thread Uwe Doering
hugle wrote:
Hello all.
I have a little problem in here.
Actulay i think, that bash doesn't caount good, look:
cat bin/users | wc -l
1877
so the file contains 1877 lines
cat bin/users:
#!/bin/sh
/sbin/ipfw -q delete 2001 >/dev/null 2>&1 &
/sbin/ipfw -q add 2001 count ip from 192.168.0.1 to not me in via fxp0 >/dev/null 2>&1 
&
/sbin/ipfw -q delete 2002 >/dev/null 2>&1 &
/sbin/ipfw -q add 2002 count ip from not me to 192.168.0.1 out via fxp0 >/dev/null 2>&1 
&
[...]
so I should have 938 rules in my firewall.
938 * 2=1876 + 1 = 1877 lines in the script (1 rule for delete rule
and one for add rule + rule at the top '#!/bin/sh')
but when adding this rules to the ipfw ruleset i have:
ipfw show 2000-2938 | wc -l
 809
so somehere my 938-809=129 rules had just gone somewhere.
I'm using bash in here.. could that be a bug in bash ?
No, it's not a bash bug.  In your script the order of commands is 
relevant.  'delete' has to be executed prior to 'add' for the same rule 
number.  If you send each line into background separately there is no 
guaranteed execution order.

To fix this you need to remove the trailing ampersands from all the 
lines.  And if you have to run this in background, send the whole script 
into background where you call it.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: cpu load

2003-12-13 Thread Uwe Doering
Eric Olsson wrote:
I'v got FreeBSD 4.9 installed on my laptop and all is working fine 
except one
thing and that is to be able to see how much my cpu is working. When i use
'top' it's all at 0% even tho i'm currently running alot of programs and 
doing
a make install from the ports. I'v installed wmcpuload dockapp and that one
allso allways shows 0%. Considering i'm on an old PII 300 Mhz with 64 Mb 
ram
one would think it should use some atleast :)
It could mean that your kernel and user world got out of sync due to an 
incomplete upgrade procedure, so 'top' does no longer understand the 
data it gets from the kernel, or it could be an indicator that the stat 
clock isn't working.

The stat clock is driven by the Real Time Clock (RTC) chip on the 
mainboard, which could be either broken or incompatible with the kernel 
driver.  Does 'systat -v 1' complain that the stat clock died?  We had 
this problem once when a lead of the tiny RTC quartz came loose (due to 
bad soldering) and the chip stopped working.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Strange errors "swap..."

2003-12-12 Thread Uwe Doering
Martin Schweizer wrote:
I've got some strange errors but don't no what they realy mean:

[snip]
Dec  8 09:47:52 saturn /kernel: swap_pager: indefinite wait buffer: device: 
#ad/0x30001, blkno: 52232, size: 4096
[snip]
Dec  9 09:40:27 saturn /kernel: swap_pager: indefinite wait buffer: device: 
#ad/0x30001, blkno: 3464, size: 4096
Dec  9 09:40:39 saturn /kernel: swap_pager: indefinite wait buffer: device: 
#ad/0x30001, blkno: 3464, size: 4096
Dec  9 09:40:39 saturn /kernel: swap_pager: indefinite wait buffer: device: 
#ad/0x30001, blkno: 14952, size: 8192
[snip]
Do you have some ideas?
This can mean that the hard disk the swap pager tried to access has a 
problem.  This message doesn't necessarily mean that the operation 
failed, but that it took longer than 20 seconds to complete the swap 
request for a buffer, which is unusual for a healthy hard disk.

We had this once in conjunction with a dying hard disk which was 
fortunately part of a raid array, so it was sufficiently easy to replace 
the disk.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: sync delay and consitency

2003-11-27 Thread Uwe Doering
Ion-Mihai Tetcu wrote:
I have a machine that randomly crashes. I wonder if lowering 

Variable Default  Description
kern.filedelay   30   time to delay syncing files
kern.dirdelay29   time to delay syncing directories
kern.metadelay   28   time to delay syncing metadata
would help having a more up-to-date fs (using soft-updates). 
You can reduce these settings in order to narrow the window which you 
would lose data in if the system crashed.  However, it is important that 
you keep the numerical order of these variables.

Also is there a reason for the 30-29-28 (the 1 differece between)
sequence ?
It gives a FS w/soft-updates its crash resilience, by ensuring the order 
of disk updates for these three data types.  Meta data first, then 
directory data, and finally the actual file contents.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Multiple CPU Performance

2003-11-27 Thread Uwe Doering
Gerard Samuel wrote:
I was fortunate to acquire a dual Slot one motherboard.
I currently only have one PIII 450 in there, and its working without any 
problems so far.
This box is primarily for www/samba/cvs.
I was wondering if my PHP apps would benefit (run faster) if I 
introduced a 2nd CPU.
Just wondering
A single instance of PHP would use only one CPU.  However, if your web 
server spreads multiple parallel requests over multiple processes 
(Apache 1.x, for instance) you would indeed benefit from the second CPU.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: mysql can't finf shared library

2003-11-17 Thread Uwe Doering
Gary Kline wrote:
After upgrading to the latest mysql323-client and reinstalling
my root password, here is what happens:
mysqladmin -u root password 'fooobar1234'
/usr/libexec/ld-elf.so.1: Shared object "libmysqlclient.so.10" not found
[EMAIL PROTECTED]:/etc# locate libmysql
/usr/local/lib/mysql/libmysqlclient.a
/usr/local/lib/mysql/libmysqlclient.so
/usr/local/lib/mysql/libmysqlclient.so.10
	Anybody know what's going on here?  Is this a known bug?
Well, at least up to MySQL 3.23.58 a startup script 
'000.mysql-client.sh' gets installed under '/usr/local/etc/rc.d' which 
runs this command at boot time:

  /sbin/ldconfig -m /usr/local/lib/mysql

This is supposed to ensure that the system automatically knows where to 
look for the MySQL client libs.  It worked for me out of the box.  Did 
you delete this script, or is there any other reason why scripts under 
'/usr/local/etc/rc.d' don't get executed on your system?

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: md5/des ?

2003-11-13 Thread Uwe Doering
Oles Hnatkevych wrote:
Hello!

/usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf)
But /usr/sbin/adduser creates users with DES encrypted passwords.
How do I make it use MD5 instead of DES? Seems like it's perls crypt()
problem, and the DES is the default...
In case you're running FreeBSD 4.x, please see the attached patch.  I 
pulled it from the Internet some time ago and subsequently improved it 
slightly, as far as I recall.  With this patch applied 'adduser' honors 
the 'passwd_format' parameter in '/etc/login.conf'.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
--- src-4.5-RELEASE/usr.sbin/adduser/adduser.perl   Wed Nov 21 02:46:56 2001
+++ src/usr.sbin/adduser/adduser.perl   Wed Apr  9 11:41:17 2003
@@ -26,6 +26,7 @@
 #
 # $FreeBSD: src/usr.sbin/adduser/adduser.perl,v 1.44.2.3 2001/10/15 13:43:18 dd Exp $
 
+use DB_File;
 
 # read variables
 sub variables {
@@ -687,6 +688,7 @@
 local($userhome);
 local($groupmembers_bak, $cryptpwd);
 local($new_users_ok) = 1;
+local($salt_extended);
 
 
 $new_groups = "no";
@@ -712,7 +714,10 @@
$new_users_ok = 1;
 
$cryptpwd = "";
-   $cryptpwd = crypt($password, &salt) if $password ne "";
+   $salt_extended = &passwd_format_prefix($class);
+   $salt_extended .= &salt;
+   $cryptpwd = crypt($password, $salt_extended) if $password ne "";
+
# obscure perl bug
$new_entry = "$name\:" . "$cryptpwd" .
"\:$u_id\:$g_id\:$class\:0:0:$fullname:$userhome:$sh";
@@ -786,11 +791,36 @@
 return @array;
 }
 
+# determine and return salt prefix depended on login_class given
+sub passwd_format_prefix {
+local($class) = shift;
+local(%hash,$v);
+local($ret) = "";
+
+tie %hash, 'DB_File', "/etc/login.conf.db", O_RDONLY, 0644, $DB_HASH ||
+   return "";
+
+$class = "default" if($class eq "");
+if (exists($hash{$class})) {
+   $v = $hash{$class};
+   $v =~ /passwd_format=([a-z0-9]*):/;
+   if ($1 eq 'md5') {
+   $ret = "\$1\$";
+   } elsif ($1 eq 'blf') {
+   $ret = "\$2\$";
+   }
+}
+
+untie %hash;
+
+return $ret;
+}
+
 # see /usr/src/usr.bin/passwd/local_passwd.c or librcypt, crypt(3)
 sub salt {
 local($salt);  # initialization
 local($i, $rand);
-local(@itoa64) = ( '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
+local(@itoa64) = ( '.', '/', '0' .. '9', 'a' .. 'z', 'A' .. 'Z' ); # 0 .. 63
 
 warn "calculate salt\n" if $verbose > 1;
 # to64
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: kernel error

2003-11-11 Thread Uwe Doering
Norhisham Khalil wrote:
i have error message on my samba server on freebsd 5.1

FreeBSD bsdbro.fc.com 5.1-RELEASE-p2 FreeBSD 5.1-RELEASE-p2 #1: Sun Aug 24
16:48:49 MYT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/BSDKING 
i386

kernel: psmintr: delay too long; reseting byte count
kernel: psmintr: out of sync (0008 != ).
kernel: psmintr: discard a byte (1)
is this a sign of deteriorating harddisk?
or i need to tweak syscontrol?
This is the mouse driver complaining that it got out of sync with your 
pointer device.  This can happen from time to time and is harmless as 
long as it occurs infrequently.  At least that's my experience.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Virtual Sound Channels

2003-11-08 Thread Uwe Doering
Alex Kelly wrote:
Is there a way I can make these commands run at boot time:

# sysctl hw.snd.pcm0.vchans=4
# sysctl hw.snd.maxautovchans=4
Rather than enter them in each time I want to use xmms in kde? I guess aRTs 
hogs psm0.
You may want to take a look at the sysctl.conf(5) man page.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Linking disk utilization to a process

2003-11-07 Thread Uwe Doering
Sheldon Hearn wrote:
Hi folks,

Can anyone suggest a way to link disk utilization to a process?

I can see whether my disks are busy with systat -vmstat, but I don't
know how to find out _which_ processes are causing the work.
Ideas?
You could enable kernel system accounting (please see sa(8) and 
friends).  While this is not realtime it may be okay for debugging 
purposes.  The accounting log provides the command name along with a 
number of readings, including the number of disk i/o operations.  Please 
note that the accounting data is available for logging purposes only 
after the respective process terminated.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Process priority

2003-10-27 Thread Uwe Doering
Olaf Hoyer wrote:
On Sun, 26 Oct 2003, [EMAIL PROTECTED] wrote:

Is there some way ho to assign priority (cpu time) for each process ?
I'm using Samba server for PDF printing and in case of big printouts it
could "eat" whole cpu time for few seconds, so i'd like to control it
and give to this process lower priority.
nice and renice are the commands to give the process lower priority.

in particular, whilst operating, you will want to check out renice(8).
Or if you consider it appropriate to give Samba only the available idle 
time in this scenario you may also want to look at the idprio(1) command.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Choosing A Stripe-Size (RAID5 Array)

2003-10-27 Thread Uwe Doering
Rishi Chopra wrote:
I've had a tough time getting help for this question on the newsgroups and
freebsd.org discussion forums, so I thought I'd mail the list...
I'm setting up a 600GB Raid-5 array (4-200GB 8MB Buffer IDE disks connected
to an Adaptec 2400A controller) and would like some help picking a
stripe-size (this is the smallest unit of data written to each disk by the
raid controller.)  My usage pattern is fileserver and webserver+db, some
light desktop usage as well.  I'll be using defaults for the file system
(16K block size.)
Based on experience, can anyone suggest a good stripe-size choice?  Also, if
this controller performs best with a particular stripe-size under FreeBSD
(due to driver design, etc.) please say so; I can always tweak the newfs
command line switches to accomodate a particular stripe-size choice.
It depends on your priorities.  If you are after sheer transfer speed a 
smaller stripe size is best because a single transaction is likely to be 
spread over multiple disks which then deliver the data in parallel.

On the other hand, if your priority is not the transfer speed of a 
single transaction but rather the ability to process multiple 
transactions in parallel without too much congestion a bigger stripe 
size is preferred.  This is because in this case smaller transfers are 
likely to be limited to only one disk per transaction, at least 
statistically.  So in a four disk system you have still three disks left 
to process up to three other, independent transactions in parallel. 
This way the server is more resilient in a 
multi-client/multi-transaction environment.

My recommendation for moderately to heavily used file servers with 
multiple clients is therefore to use a bigger stripe size.  This also 
goes for web servers and DB servers as they are likely to cause multiple 
parallel disk transactions as well.  I think 256 kB is the maximum for 
this controller, so you may want to pick that value.  And there is no 
need to change the default block size of the file system in this 
scenario since this can lead to a performance degradation.  The FreeBSD 
kernel is optimized for 16kB blocks.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Best way to cleanly uninstall packages?

2003-10-22 Thread Uwe Doering
Hi Chris,

Chris Richards wrote:
Hi Everyone,

I have installed 2 packages which inturn installed a bunch of
dependencies... They are "imageindex-1.0.6" and "gallery-1.4.0.1" I was
seeing which one I like best - now I have decided I want to keep gallery
and uninstall imageindex.
What is the cleanest way to do this? I have noticed that they both have
common dependencies so I can't just use the "pkg_delete -r" option - I
am sure this is a common problem and there is probably an easy way to
uninstall all dependencies for imageindex except for the ones that are
needed for gallery.
I think the '-r' option of 'pkg_delete' is not what you are looking for 
because it works the other way round.  It additionally deletes packages 
that depend on the package you would like to deinstall.  I understand 
what you would like to do is get rid of packages that the package to be 
deleted depends on, in order to tidy up after deciding on which of the 
two photo gallery packages to keep.

I don't know whether there is a more elegant method that would do this 
in one go, but what I would do is list the required packages with

  pkg_info -r 

and feed the resulting list of required packages to

  pkg_info -R  [ ...]

Pick those packages as additional candidates for removal that list only 
the package that you want to remove in the first place.  Now do the 
whole process again for these additional packages and work your way down 
the dependency tree recursively.  I recommend to make a sketch of the 
relevant parts of the tree on old-fashioned paper in order to not get 
confused.  When you're done with that, delete the candidates top down 
with 'pkg_delete'.

If anyone else knows a more automated way, with the base system tools, 
that is, I would certainly be interested, too.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: idle process status

2003-08-27 Thread Uwe Doering
Michelle wrote:
Could anyone please tell me what might cause a process to enter an I 
status or idle status.  I had two cron jobs which did not run a few 
nights ago, specifically the daily run output and aide.  The next day 
when I looked at the status of the jobs with the ps aux command, it 
stated that the status was I or idle for both of these cron jobs.
Idle state means that this process didn't run (that is, slept) for at 
least 20 seconds.  Please see man page ps(1).  It is just a flag and 
does nothing special to the process.

I was 
unable to kill the jobs even with kill -9 and had to reboot the server.  
Now everything is fine and the cron jobs ran again last night; however, 
I would like to know what might cause this so I can prevent it from 
happening again.
A sleeping process that cannot be killed is usually the result of either 
a kernel bug or some hardware problem (lost interrupt, hanging 
controller etc.) that blocks the intended demise of the process.  But 
without further debugging it is impossible to tell what it is exactly.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Using pw adduser to set password in a script

2003-07-01 Thread Uwe Doering
Jez Hancock wrote:
I'm attempting to use pw adduser to add a new user to the system and
would like confirmation that the following is the correct way to set
the user's password at the same time:
echo "password" | \
pw adduser -q -h - -u user -g group -s shell -d /home/user -c comment
Can anyone also tell me the security implications of doing this, given
that the command is executed from a within a script (actually php but
this is more-or-less irrelevant)?
[...]
Here is what I use:

  echo 'password' | \
  pw useradd -q -h 0 -n user -g group -s shell -d /home/user \
-c 'comment' -m
Note that feeding the password to 'pw' via the command line (with 
'echo') is a security problem if you have untrusted users on that 
machine, since they can see the password in the process list (with 'ps').

A better approach for automating account creation is to first store the 
password (generated or given) in a file (with secure permissions, of 
course) and then feed 'pw' from that file:

  pw useradd -q -h 0 -n user -g group -s shell -d /home/user \
-c 'comment' -m < /path/to/file
  rm -f /path/to/file
Hope that helps.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Strange formatting error with pkg_info after using portupgrade

2003-06-21 Thread Uwe Doering
Hi,

Rev. Joe Doyle Ardent wrote:
	Hello, everyone, I have a fairly strange error, that has popped 
up on both machines where I have used portupgrade (both 4.8-RELEASE 
boxes).  Here is an example output:

please:~> pkg_info |head
BitTorrent-3.2.1b   "Peer to Peer file sharing/mirroring."Mesa-3.4.2_2
A graphics library similar to SGI's OpenGL
ORBit-0.5.17High-performance CORBA ORB with support for the C language
XFree86-4.3.0,1 X11/XFree86 core distribution (complete, using mini/meta-po

	Note how Mesa's entry begins immediately after the last 
character of BitTorrent's.
> [...]

While I actually don't know why the terminating newline is missing in 
some cases I noticed that there was an MFC to RELENG_4 a couple of days 
ago that makes 'pkg_info' add a newline if the comment line doesn't have 
one.  You may want to take a look at FreeBSD's CVS repository 
(src/usr.sbin/pkg_install/info/show.c) in order to build and install a 
fixed 'pkg_info'.

Or if it doesn't happen often you could just as well edit the respective 
'+COMMENT' file in the '/var/db/pkg' hierarchy.  The pragmatic approach. ;-)

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: resolver problem

2003-06-11 Thread Uwe Doering
exec wrote:
It seems I have a problem with resolver.
[...]
/etc/resolv.conf is right:

domain my.uni.org
nameserver xx.xx.xx.xx
nameserver yy.yy.yy.yy
nameserver zz.zz.zz.zz
All nameservers are working properly on every other machine. I deleted 
host.conf file (which was also right) and nothing changes.
What makes you think that deleting host.conf was the right thing to do?

Commands host, nslookup, and dig all work very well for both internal an
external sites. But ping for example fails:
cannot resolve www.xxx.yy: Unknown host
[...]
Host, nslookup, and dig use DNS automatically and exclusively, so there 
doesn't have to be any directive in the system telling them to do so. 
Most programs, however, use gethostbyname() etc. and need the 'bind' 
entry in host.conf, which you just removed by deleting this file.  If 
you restore the file DNS lookups will work.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: Booting using serial console

2003-06-11 Thread Uwe Doering
Gary Aitken wrote:
Well, nothing like feeling like a blind person...

I'm trying to boot / install 4.5 on a headless system.

I've made the serial console boot floppies, but get no response when I 
try to use them.
[...]

boot.config looks like:
 /boot/loader -h
I could be wrong, but isn't 'boot.config' supposed to contain only 
arguments you would otherwise enter at the boot prompt?  So it should be 
just a single '-h'.  I have a '-P' in that file, for instance, and it 
works as expected.

When the machine tries to boot, how does it determine the baud rate to 
use on the com1 port, assuming it is properly listening there?  I'm 
guessing the baud rates of the machine and the terminal are mismatched.
'sio0' in the kernel config needs a 'flags 0x10' directive in order to 
make COM1 a (potential) console port.  Default speed is 9600 bit/s.

   Uwe
--
Uwe Doering |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"