opensmtpd: email groups with external addresses

[Steve Fairhead]

Hi folks,

Newbie opensmtpd user/dumbass here. Our old sendmail aliases file
supported email groups with external addresses, e.g.:

# Internal users: fred, bert
# External users:
ernie: somed...@somedomain.com
# Groups:
somegroup: fred, bert, ernie

This doesn't seem to work with opensmtpd - I get an error. (Not just
groups, it seems: er...@ourdomain.com fails on its own.)

What is the correct way to support this?

Thanks,

Steve

Re: How to assign apps to cwm groups?

[Sadeep Madurange]

On 2024-05-23 22:07:27, Sadeep Madurange wrote:
> I'm trying to assign xterm to group 1 and firefox to group 2. Then,
> I'd like to only see a specific group at any given time. 
> 
> After logging in, I start xterm. Then I start firefox. Problem is
> firefox opens right on top of my terminal. I expected it to open in
> group 2 such that either it's not visible till I press 4+2 or start
> firefox in group 2 and move me to group 2 automatically. Is that not
> how groups work?
> 
> Also, with the config below and firefox and terminal open, when I
> press 4+1 nothing happens (I still see firefox and xterm stacked).
> When I press 4+2, both windows disappears. 
> 
> Can someone please let me know how I can configure groups to work a
> little like workspaces in i3, if that's possible?

Actually, it seems to be working. Not sure what I did, but works as
expected with the following config.

sticky no

autogroup 1"xterm,XTerm"
autogroup 2"Firefox"

# Commands
command mail   "xterm -e 'cd ~/Downloads && mutt -F ~/.mutt/muttrc'"
command firefoxfirefox

bind-key 4-Returnterminal
bind-key 4-d menu-cmd
bind-key 4S-rrestart
bind-key 4S-equit
bind-key 4S-qwindow-close

bind-key 4-1group-only-1
bind-key 4-2group-only-2
bind-key 4-3group-only-3
bind-key 4-4group-only-4
bind-key 4-5group-only-5
bind-key 4-6group-only-6
bind-key 4-7group-only-7
bind-key 4-8group-only-8
bind-key 4-9group-only-9

bind-key 4S-1   window-movetogroup-1
bind-key 4S-2   window-movetogroup-2
bind-key 4S-3   window-movetogroup-3
bind-key 4S-4   window-movetogroup-4
bind-key 4S-5   window-movetogroup-5
bind-key 4S-6   window-movetogroup-6
bind-key 4S-7   window-movetogroup-7
bind-key 4S-8   window-movetogroup-8
bind-key 4S-9   window-movetogroup-9

# Mouse bindings
bind-mouse M-2  window-lower
bind-mouse M-3  window-resize

-- 
Sadeep Madurange
PGP: 103BF9E3E750BF7E

How to assign apps to cwm groups?

[Sadeep Madurange]

Hello,

I'm trying to assign xterm to group 1 and firefox to group 2. Then, I'd
like to only see a specific group at any given time. 

After logging in, I start xterm. Then I start firefox. Problem is
firefox opens right on top of my terminal. I expected it to open in
group 2 such that either it's not visible till I press 4+2 or start
firefox in group 2 and move me to group 2 automatically. Is that not how
groups work?

Also, with the config below and firefox and terminal open, when I press
4+1 nothing happens (I still see firefox and xterm stacked). When I
press 4+2, both windows disappears. 

Can someone please let me know how I can configure groups to work a
little like workspaces in i3, if that's possible?

cwmrc content:

sticky no

bind-key 4-Return "terminal"
bind-key 4-d "menu-exec"
bind-key 4S-r "restart"
bind-key 4S-e "quit"
bind-key 4S-q "window-close"

bind-key 4-1 "group-only-1"
bind-key 4-2 "group-only-2"
bind-key 4-3 "group-only-3"

# Groups
autogroup 1 "xterm,XTerm"
autogroup 2 "Firefox"

# Mouse bindings
bind-mouse M-2  window-lower
bind-mouse M-3  window-resize

-- 
Sadeep Madurange
PGP: 103BF9E3E750BF7E

groups new

[mahmoudElshimi]

0
C Egypt
P Cairo
T
F Irregular
O ar_OpenBSD
I mahmoudElshimi
M mahmoudelsh...@protonmail.ch
U
N OpenBSD

groups new

[mahmoudElshimi]

0
C Egypt
P Cairo
T
F Irregular
O ar_OpenBSD
I mahmoudElshimi
M mahmoudelsh...@protonmail.ch
U
N OpenBSD

Re: groups new

[Matti]

Okay, thank you for your suggestion.

-M

to 5. lokak. 2023 klo 10.49 Janne Johansson (icepic...@gmail.com) kirjoitti:

> Den tors 5 okt. 2023 kl 09:43 skrev Matti :
>
>> It's not official, and I am trying to gain visibility by having it on the
>> openbsd site. I am the first member.
>>
>
> Perhaps try to help getting the HelBUG restarted again, there should be
> some people there who like BSD.
>
> http://helbug.fi/
> https://twitter.com/helbsdusergroup
>
> --
> May the most significant bit of your life be positive.
>

Re: groups new

[Janne Johansson]

Den tors 5 okt. 2023 kl 09:43 skrev Matti :

> It's not official, and I am trying to gain visibility by having it on the
> openbsd site. I am the first member.
>

Perhaps try to help getting the HelBUG restarted again, there should be
some people there who like BSD.

http://helbug.fi/
https://twitter.com/helbsdusergroup

-- 
May the most significant bit of your life be positive.

Re: groups new

[Matti]

It's not official, and I am trying to gain visibility by having it on the
openbsd site. I am the first member.

BR,

Matti

pe 22. syysk. 2023 klo 15.29 Ingo Schwarze (schwa...@usta.de) kirjoitti:

> Hi Matti,
>
> Matti wrote on Sun, Sep 17, 2023 at 04:14:55PM +0100:
>
> > 0
> > C Finland
> > P Uusimaa
> > T Helsinki
> > F None
> > O Finnish OpenBSD Users Group
> > I None
> > M membership.f...@gmail.com
> > U None
> > N *BSD
>
> so far, i failed to find any evidence that such a group actually exists.
> Can anybody provide pointers to such evidence?
>
> Thanks,
>   Ingo
>

Re: groups new

[Ingo Schwarze]

Hi Matti,

Matti wrote on Sun, Sep 17, 2023 at 04:14:55PM +0100:

> 0
> C Finland
> P Uusimaa
> T Helsinki
> F None
> O Finnish OpenBSD Users Group
> I None
> M membership.f...@gmail.com
> U None
> N *BSD

so far, i failed to find any evidence that such a group actually exists.
Can anybody provide pointers to such evidence?

Thanks,
  Ingo

groups new

[Matti]

0
C Finland
P Uusimaa
T Helsinki
F None
O Finnish OpenBSD Users Group
I None
M membership.f...@gmail.com
U None
N *BSD

Update groups

[Kevin Williams]

> 0 
> C USA
> P Oregon
> T Portland
> F 3rd Thursday, 7pm
> O BSD Pizza Night (group)
> U https://bsd.pizza
> N *BSD

New groups

[Kevin Williams]

0 
C USA
P Oregon
T Portland
F 3rd Thursday, 7pm
O BSD Pizza Night (group)
U https://bsd.pizza 
N *BSD

groups update

[WATANABE Takeo]

0
C Japan
P Niigata
F 4 times a year
O Echigo BSD Users Group
M inqu...@ebug.jp
U https://www.ebug.jp
N *BSD

groups new

[WATANABE Takeo]

0
C Japan
P Niigata (Echigo)
F 4 times a year
O Echigo BSD Users Group
M inqu...@ebug.jp
U https://www.ebug.jp
N *BSD

groups update

[Jan Prunk]

0
C Slovenia
P
T Ljubljana
F First Thursday of each month at 8:00PM
O BSD users group Slovenia
I Jan Prunk
M janpr...@gmail.com
U https://bsd.si
N *BSD

groups new

[Jan Prunk]

0
C Slovenia
P Ljubljana
T Ljubljana
F 1st Thursday, 8:00 PM
O BSD users group Slovenia
I Jan Prunk
M janpr...@gmail.com
U https://bsd.si
N *BSD

groups new

[Jan Prunk]

0
C Slovenia
P Ljubljana
T Ljubljana
F 1st Thursday, 8:00 PM
O BSD users group Slovenia
I Jan Prunk
M janpr...@gmail.com
U https://bsd.si
N *BSD.

New Groups

[Muhammad Abdullah Khabir]

0
C   Pakistan
P   Punjab
T   Islamabad
F   Irregular
O   Pakistan OpenBSD User's Group
I   Muhammad Abdullah Khabir
M   abdullah@abdullah.solutions
U   https://abdullah.solutions
N   OpenBSD

update groups (please)

[Gábor Légrádi]

0
C Hungary
T Budapest
F Irregular
O Magyar BSD Egyesület (Hungarian BSD Association)
I Gábor Légrádi
M i...@bsd.hu
U http://bsd.hu
N *BSD.



-- 

"Share what you know. Learn what you don't."

Re: groups new

[Ingo Schwarze]

Hi Stefan,

committed!

While committing, i added the missing "P Baden" because it appears
we sort the German groups alphabetically by Land.


Some might regard the following as typical ;-) for Germany:

This Group is not just an informal group (like, for example, the
OpenBSD project itself is), but a formal, legal entity in the form
of a registered association according to the German civil law (BGB)
officially registered with the district court.  The group has formal,
written bylaws, a board, chairman, CFO, and cash auditors, formal
membership (including membership fees), formal annual members'
meetings discussing stuff like elections, budget discharges and so
on and so forth...  :-o

But don't worry, *anybody* can participate in all activities without
being required to become a member, and without having to participate
in any of the formalities.

Yours,
  Ingo

P.S.
And no, it a totally unfounded rumour and a vicious lie that naddy@
was nominated for CFO during the last annual members' meetings on
May 7, 2021.  I just invented that out of thin air!


Stefan Hagen wrote on Fri, Jul 16, 2021 at 12:22:55PM +0200:

> 0
> C Germany
> P 
> T Heidelberg
> F 1st Friday and 3rd Monday each month at 7:00PM
> O Unix User Group Rhein-Neckar (UUGRN)
> I Stefan Hagen
> M s...@uugrn.org
> U https://uugrn.org
> N *BSD

Re: groups new

[Stefan Hagen]

Ingo Schwarze wrote:
> Hi Stefan,
>
> Stefan Hagen wrote on Fri, Jul 16, 2021 at 12:22:55PM +0200:
>
>> U https://uugrn.org
>
> i suspect that your web server is misconfigured; at least for me,
> it appears to redirect to itself:
>
>  $ w3m -dump_source https://uugrn.org
> Redirection loop detected (https://uugrn.org/)
>
> Could you please check?

Whoops! It was indeed an issue. Fixed now.

Best Regards,
Stefan

Re: groups new

[Ingo Schwarze]

Hi Stefan,

Stefan Hagen wrote on Fri, Jul 16, 2021 at 12:22:55PM +0200:

> U https://uugrn.org

i suspect that your web server is misconfigured; at least for me,
it appears to redirect to itself:

 $ w3m -dump_source https://uugrn.org
Redirection loop detected (https://uugrn.org/)




302 Found
[...]


302 Found

OpenBSD httpd



Could you please check?

Yours,
  Ingo

groups new

[Stefan Hagen]

0
C Germany
P 
T Heidelberg
F 1st Friday and 3rd Monday each month at 7:00PM
O Unix User Group Rhein-Neckar (UUGRN)
I Stefan Hagen
M s...@uugrn.org
U https://uugrn.org
N *BSD

Re: groups new

[Katherine Mcmillan]

0

C Canada
P Ontario
T Ottawa
F Irregular
O NCR OpenBSD User's Group
I Katherine McMillan
M kmcmil...@alumni.uwaterloo.ca<mailto:kmcmil...@alumni.uwaterloo.ca>
N OpenBSD


From: Katherine Mcmillan 
Sent: 20 March 2021 11:05
To: escapeins...@0x1bi.net 
Cc: misc@openbsd.org 
Subject: Re: groups new

Thank you :)
I'm looking forward to getting to know more people in the OpenBSD community!



From: escapeins...@0x1bi.net 
Sent: 18 March 2021 15:42
To: kmcmi...@uottawa.ca ; misc@openbsd.org 

Subject: Re: groups new

> Waterloo Alumni

That's quality stuff

Re: groups new

[Katherine Mcmillan]

Thank you :)
I'm looking forward to getting to know more people in the OpenBSD community!



From: escapeins...@0x1bi.net 
Sent: 18 March 2021 15:42
To: kmcmi...@uottawa.ca ; misc@openbsd.org 

Subject: Re: groups new

> Waterloo Alumni

That's quality stuff

Re: groups new

[escapeinsert]

> Waterloo Alumni

That's quality stuff

groups new

[Katherine Mcmillan]

0

C Canada
P Ontario
T Ottawa
F Irregular
O NCR OpenBSD User's Group
I Katherine McMillan
M kmcmil...@alumni.uwaterloo.ca
N OpenBSD

groups new

[Katherine Mcmillan]

0

C Canada
P Ontario
T Ottawa
F Irregular
O NCR OpenBSD User's Group
I Katherine McMillan
M kmcmil...@alumni.uwaterloo.ca
N OpenBSD

Groups

[Abdullah Khabir]

0
C Pakistan
P Islamabad
T Islamabad
F Irregular
O OpenBSD users of Pakistan
I Abdullah Khabir
M abdullah@abdullah.today
U https://abdullah.today
N OpenBSD


signature.asc
Description: PGP signature

groups update

[Sha'ul]

0
Canada
BC
Vancouver
Irregular
VanBUG
Sha'ul ben Avraham
van...@riseup.net
Subscribe van...@lists.riseup.net https://lists.riseup.net/www/info/vanbug
OpenBSD, FreeBSD

groups new

[Sha'ul]

0
Canada
BC
Vancouver
Irregular
VanBUG
Sha'ul ben Avraham
van...@riseup.net
https://lists.riseup.net/www/info/vanbug
*BSD

Re: Updating user groups - deregistering Iran BSD User Group (IRBUG)

[Ingo Schwarze]

Hi Faraz,

Faraz Vahedi wrote on Thu, Jan 14, 2021 at 08:05:32AM +:

> With a heavy heart, I am writing to hereby announce the end of the
> IRBUG's activities, the user group that I have been running for about
> two years.  Because of the current situation in Iran, the pandemic era,
> and several other reasons, I sadly decided to stop our further
> activities as a user group

I deleted your entry for now, please speak up if you hear about any other
group in Iran that would make sense to be listed, or if the situation
improves such that activities can be resumed.

> and will I hereafter as an individual, keep on advocating, helping,
> and educating anyone interested if I could do so anytime.

All the best for you!

> Therefore, please remove the IRBUG from the list as it no longer
> is active.
> 
> I am very much grateful to anyone who supported me during this journey,
> thank you very much, people. I hope I can make more contributions to
> the project in both technical and educational development.

Just watch out for bugs that show up in your personal usage of OpenBSD,
and try to write and send patches to fix them whenever possible.  :-)

Yours,
  Ingo

Groups

[Abdullah Khabir]

0
C Pakistan
P Islamabad
T Islamabad
F Irregular
O Pakistan OpenBSD Group
I Abdullah Khabir
M abdullah@abdullah.today
U https://abdullah.today
N OpenBSD




Abdullah Khabir

https://abdullah.today

C20F 2707 3025 2569 BAC5
534B 7820 6670 C19D 1580


signature.asc
Description: PGP signature

Re: groups new

[Ingo Schwarze]

Hi,

Computer Planet wrote on Sun, Nov 01, 2020 at 11:20:03PM +0100:

> 0
> C ITALY
> P Cosenza
> T San Marco Argentano
> F Irregular
> O OpenBSD CpnetServer
> I Ernesto Bellomusto
> M open...@cpnetserver.net
> U node51.net
> N OpenBSD | *BSD

Is there any evidence that this group actually exists?
That is, that it meetings were held in the past and/or that
speakers gave talks and/or that the group provides some
resources or information or support online?

If somebody thinks that founding a new group is a nice idea, we
usually don't list the new group until it is somewhat well-established.

Yours,
  Ingo

groups new

[Computer Planet]

0
C ITALY
P Cosenza
T San Marco Argentano
F Irregular
O OpenBSD CpnetServer
I Ernesto Bellomusto
M open...@cpnetserver.net
U node51.net
N OpenBSD | *BSD

[groups new] OrlandoBSD

[Daniel Moch]

0
C USA
P Florida
T Orlando
F Irregular
O The Orlando BSD Users Group
I Daniel Moch
M dan...@danielmoch.com
U http://www.orlandobsd.org
N *BSD

new groups

[abd.homaei]

0
C Iran
P Tehran
T Tehran
F Irregular
O Iran meetBSD
I abdorrahman homaei
M i...@meetbsd.ir
U http://meetbsd.ir
N *BSD

Re: groups new

[Ingo Schwarze]

Hi Jan,

Jan Prunk wrote on Wed, Mar 18, 2020 at 06:08:26PM +0100:

> 0
> C Slovenia
> P SI
> T Ljubljana
> F Irregular
> O BSD User Group Slovenia
> I Jan Prunk
> M b...@groups.io
> U https://bsdug.wordpress.com
> N *BSD

I suggest you resubmit when a few meetings have taken place.
So far, i see no evidence of any activity.

The website looks as if it is unchanged since September 6, 2018,
and it says "Website is in a starting phase".

The mailing list seems to have four members and two postings,
both in December 2018 and both posted by the same person.

Yours,
  Ingo

groups new

[Jan Prunk]

0
C Slovenia
P SI
T Ljubljana
F Irregular
O BSD User Group Slovenia
I Jan Prunk
M b...@groups.io
U https://bsdug.wordpress.com
N *BSD

cwm window in all/no groups

[Chris Cappuccio]

I'm using windows groups with sticky.

unbind-key  all

bind-keyM-1   group-only-1
bind-keyM-2   group-only-2
...
sticky yes

Usually I can keep all my windows in whatever group they were opened in. On
occasion, I must be typing in some strange key combination and I end up
getting some or all of the windows on my current screen bound to no group.

I don't have any keys bound to 'window-stick' which seems like it would
do exactly this. I don't have any keys bound to group-only-0. When windows
start going into all/nogroup mode, it becomes very frustrating. I can't focus
into a nogroup xterm for typing unless I kill or move any windows which are
members of the current group. I can't move the nogroup windows either. I
can't close them using the meta key delete. These nogroup windows have
some very annoying properties, appropriate for xconsole perhaps.

Does this sound familiar to anyone? 

.cwmrc:

unbind-key  all

bind-keyM-1   group-only-1
bind-keyM-2   group-only-2
bind-keyM-3   group-only-3
bind-keyM-4   group-only-4
bind-keyM-5   group-only-5
bind-keyM-6   group-only-6
bind-keyM-7   group-only-7
bind-keyM-8   group-only-8
bind-keyM-9   group-only-9
bind-keyCM-q   window-delete
bind-keyCM-r   restart
bind-keyM-equal"mixerctl outputs.master=+10"
bind-keyM-jwindow-cycle-ingroup
bind-keyM-kwindow-rcycle-ingroup
bind-keyM-minus"mixerctl outputs.master=-10"
bind-keyM-twindow-maximize
bind-keySM-1   window-movetogroup-1
bind-keySM-2   window-movetogroup-2
bind-keySM-3   window-movetogroup-3
bind-keySM-4   window-movetogroup-4
bind-keySM-5   window-movetogroup-5
bind-keySM-6   window-movetogroup-6
bind-keySM-7   window-movetogroup-7
bind-keySM-8   window-movetogroup-8
bind-keySM-9   window-movetogroup-9

bind-keySM-Return   "xterm -e top"
bind-keyM-Return"xterm"

command firefoxfirefox
command sofficesoffice
command iridiumiridium
command xterm  xterm

borderwidth 1
color   activeborder   gray8
color   inactiveborder black
snapdist4
sticky  yes

Re: groups update

[Ingo Schwarze]

Hello,

please ignore this submission.

The content is wrong: no such group exists in Qazvin,
and the email address given on "M" line bounces.

Besides, the email is a forgery and did not originate
from the person given in the From: header.

Yours,
  Ingo


Faraz Vahedi wrote on Sun, Dec 08, 2019 at 09:43:15PM -0500:

> 0
> C Iran
> P Qazvin
> T Qazvin
> F Last Thursday of the month
> O Qazvin BSD User Group (QBUG)
> I Farid
> M qaz...@irbug.org
> U https://www.irbug.org
> N *BSD

groups update

[Faraz Vahedi]

0
C Iran
P Qazvin
T Qazvin
F Last Thursday of the month
O Qazvin BSD User Group (QBUG)
I Farid
M qaz...@irbug.org
U https://www.irbug.org
N *BSD

Update Groups: Submitting Iran BSD User Group (IRBUG)

[K Faraz Vahedi]

0
C Iran
P Teheran
T Teheran
F Last Thursday of the month
O Iran BSD User Group (IRBUG)
I Faraz Vahedi
M k...@irbug.org 
U https://www.irbug.org/ 
N *BSD

BSD User Groups update

[Tom Murphy]

Hi,

  I was informed back on the 11th March 2019 from Sam Smith that
the Manchester BSD user group ended a few years ago.

  Attached is a diff to groups.dat to remove it from the list.

  Is this OK?

  Thanks,
  Tom

Index: build/groups.dat
===
RCS file: /cvs/www/build/groups.dat,v
retrieving revision 1.143
diff -u -p -u -p -r1.143 groups.dat
--- build/groups.dat2 Oct 2019 20:09:52 -   1.143
+++ build/groups.dat17 Oct 2019 13:08:08 -
@@ -400,15 +400,6 @@ N OpenBSD
 # Start of United Kingdom
 0
 C United Kingdom
-T Manchester
-O Manchester BSD User Group
-I Sam Smith
-U http://www.bsdgroups.org.uk/manchester
-F Usually the second week of each month
-N *BSD
-
-0
-C United Kingdom
 P Greater London
 T London
 O London *BSD Meetup

Re: groups new

[Ingo Schwarze]

Hi,

Kihaguru Gathura wrote on Sun, Sep 29, 2019 at 09:40:03PM +0300:

> 0
> C Kenya
> P
> T Nairobi
> F irregular
> O OpenBSD Kenya
> I Kihaguru Njenga Gathura
> M kihaguru.gath...@engineer.com
> U
> N OpenBSD

I know that we are currently listing a couple of "groups" of this kind,
but i'm not convinced it is a good idea.  I feel we should require some
evidence that groups are indeed active.  Typically, that will be a website
containing:

 - the name of the group
 - the precise address where meetings are held
 - the time of meetings, if they are regular
 - the time of the next meeting, if they are irregular
 - a list of past speakers, if any (date and subject)
 - the agenda of future meetings, as far as already planned
 - a contact address

Other evidence of activity may also be acceptable in individual
cases, but i dislike listing groups where there is absolutely nothing.

Yours,
  Ingo

groups new

[Kihaguru Gathura]

0
C Kenya
P
T Nairobi
F irregular
O OpenBSD Kenya
I Kihaguru Njenga Gathura
M kihaguru.gath...@engineer.com
U
N OpenBSD

Re: Purpose of primary and secondary user groups

[Philip Guenther]

On Sun, Jan 13, 2019 at 6:13 AM Bryan Harris  wrote:

> Is there also a difference when creating a file in a folder with set GID
> bit on that folder and owned by secondary group? I think in normal
> behavior, if folder allows a user to create a file (sec. group w/ 770
> perm.) then the new file group will not take the group of the folder but
> will take the group of the user's primary group. But if you have set GID
> bit then the new file will take the group of the folder it's in (which
> will be one of the user's secondary groups).
>
> I thought in OpenBSD there is also a flag to mount the filesystem to
> always do this regardless of set GID but I can't remember. I don't see
> it in the man page so maybe with all of this I'm really thinking of
> Linux but I can't remember.
>

Nope.  OpenBSD always uses the BSD behavior.  The use of the SGID bit on
directories to request BSD behavior was an addition in SystemV-based
systems when enough of their devs and users yelled at them to Not Be Stupid
And Provide the Better Behavior.  I'm not sure who or when first added the
mount option.  Linux certainly has both of those, but is not the only one.


Philip Guenther

Re: Purpose of primary and secondary user groups

[Bryan Harris]

On 12/30/2018 12:33 AM, Philip Guenther wrote:

On Sat, Dec 29, 2018 at 11:29 AM Ipsen S Ripsbusker <
ip...@ripsbusker.no.eu.org> wrote:


Aside from compatibility, what is the purpose of primary groups,
compared to secondary groups?

Said otherwise, why do we have both primary and secondary groups
rather than only secondary groups?

Yet another phrasing: Why do I need to set a primary group?


Secondary groups can only be set, all at once, when running as root (e.g.,
login, sshd), while the primary group can be altered by setgid binaries and
then switched among using set*gid(2).

For filesystem objects like files and directories, the BSD behavior is for
the object to get its group from the directory in which it was created,
ignoring the groups of the process that created it.  On more SysV-like
systems the default is to take the primary group of the process that
created it.  However, for objects that exist in the kernel but not the
filesystem such as pipes, sockets, and SysV shared memory segments,
semaphores, and message queues, the common behavior is to take the primary
group of the process that created it.  This  doesn't have much effect other
than fstat() for pipes and sockets, but for SysV stuff it affects what
operations processes can perform.


Philip Guenther



Is there also a difference when creating a file in a folder with set GID 
bit on that folder and owned by secondary group? I think in normal 
behavior, if folder allows a user to create a file (sec. group w/ 770 
perm.) then the new file group will not take the group of the folder but 
will take the group of the user's primary group. But if you have set GID 
bit then the new file will take the group of the folder it's in (which 
will be one of the user's secondary groups).



I thought in OpenBSD there is also a flag to mount the filesystem to 
always do this regardless of set GID but I can't remember. I don't see 
it in the man page so maybe with all of this I'm really thinking of 
Linux but I can't remember.



V/r,

Bryan

Re: Purpose of primary and secondary user groups

[Philip Guenther]

On Sat, Dec 29, 2018 at 11:29 AM Ipsen S Ripsbusker <
ip...@ripsbusker.no.eu.org> wrote:

> Aside from compatibility, what is the purpose of primary groups,
> compared to secondary groups?
>
> Said otherwise, why do we have both primary and secondary groups
> rather than only secondary groups?
>
> Yet another phrasing: Why do I need to set a primary group?
>

Secondary groups can only be set, all at once, when running as root (e.g.,
login, sshd), while the primary group can be altered by setgid binaries and
then switched among using set*gid(2).

For filesystem objects like files and directories, the BSD behavior is for
the object to get its group from the directory in which it was created,
ignoring the groups of the process that created it.  On more SysV-like
systems the default is to take the primary group of the process that
created it.  However, for objects that exist in the kernel but not the
filesystem such as pipes, sockets, and SysV shared memory segments,
semaphores, and message queues, the common behavior is to take the primary
group of the process that created it.  This  doesn't have much effect other
than fstat() for pipes and sockets, but for SysV stuff it affects what
operations processes can perform.


Philip Guenther

Re: Purpose of primary and secondary user groups

[Otto Moerbeek]

On Sat, Dec 29, 2018 at 07:27:48PM +, Ipsen S Ripsbusker wrote:

> Aside from compatibility, what is the purpose of primary groups,
> compared to secondary groups?
> 
> Said otherwise, why do we have both primary and secondary groups
> rather than only secondary groups?
> 
> Yet another phrasing: Why do I need to set a primary group?
> 

Mainly for accounting purposes.

man 2 intro

tells you about it.

-Otto

Purpose of primary and secondary user groups

[Ipsen S Ripsbusker]

Aside from compatibility, what is the purpose of primary groups,
compared to secondary groups?

Said otherwise, why do we have both primary and secondary groups
rather than only secondary groups?

Yet another phrasing: Why do I need to set a primary group?

Re: Confusion re. VMs, bridges, intergace groups and pf.

[Theo de Raadt]

cho...@jtan.com wrote:

> Additionally, under which circumstances could/should I use interface
> groups and under which rdomains? I cannot discern any practical
> difference between them except in how they're labeled (numeric vs.
> symbolic) although I confess that my experience with network routing
> has been tainted by the Other OS so my knowledge is there murky.

they are completely different

interface groups cluster a set of interfaces for name-reference in pf (and
a few other tools) (so you don't need to list them by actual name)

rdomains on the other hand steer packets

Re: Confusion re. VMs, bridges, intergace groups and pf.

[chohag]

Additionally, under which circumstances could/should I use interface
groups and under which rdomains? I cannot discern any practical
difference between them except in how they're labeled (numeric vs.
symbolic) although I confess that my experience with network routing
has been tainted by the Other OS so my knowledge is there murky.

Matthew

Confusion re. VMs, bridges, intergace groups and pf.

[chohag]

Something in the documentation regarding VM network iterface groups is
unclear to me.

I have created a switch and VM in /etc/vm.conf:

  switch "private" {
interface bridge0
group private
  }

  vm "test" {
memory 2G
disable
disk /srv/vm/test.img
interface { switch "private" }
  }

Which correctly creates a tap device with the group when started:

  tap0: flags=8943 mtu 1500
  lladdr fe:e1:ba:d9:26:d5
  description: vm4-if0-test
  index 15 priority 0 llprio 3
  groups: tap private
  status: active

The bridge is configured as:

  /etc/hostname.bridge0:add vether0
  /etc/hostname.vether0:inet 192.168.42.1 255.255.255.0

So far all well and good but attempting to craft pf rules to filter 'on
private' apparently has no effect.

This if my /etc/pf.conf (comments sanitised):

  set skip on lo

  block
  match in all scrub (no-df random-id max-mss 1440)
  antispoof quick for { egress wlan }

  match log on private proto tcp

  # NAT everything else
  match out on egress inet from !(egress:network) to !self nat-to (egress)

  # Permit inbound ssh
  pass in quick proto tcp from any to self port ssh

  # Open everything during testing
  pass quick

Specifically, the match log line doesn't record anything (verified with
tcpdump -i pflog0) with 'on private' but does with 'on vether'. So how
can I filter based on the interface group to which a VM or switch is
assigned as vm.conf(5) claims I can (in VM CONFIGURATION/interface/group)?

Have I made a mistake in my configuration somewhere, misunderstood the
documentation and how to use interface groups, or is this a bug? I am
using a freshly-installed 6.4 on amd64.

Thanks,

Matthew

Re: groups new

[Ingo Schwarze]

Hi,

Jan Prunk wrote on Thu, Sep 20, 2018 at 06:48:55PM +0200:

> 0
> C Slovenia
> P SI
> T Ljubljana
> F irregular
> O BSD User Group Slovenia
> I
> M b...@groups.io
> U https://bsdug.wordpress.com
> N *BSD

I had a look at it and i feel that it is too early to add it.

The website does not contain any content whatsoever.
The mailing list page says "1 Member, 0 Topics".

One person not doing anything is not a group.

Consider coming back after this has actually become a group
that is doing anything beyond having an empty website.

Yours,
  Ingo

groups new

[Jan Prunk]

0
C Slovenia
P SI
T Ljubljana
F irregular
O BSD User Group Slovenia
I
M b...@groups.io
U https://bsdug.wordpress.com
N *BSD

"groups in groups" with pf tables

[Remi Locherer]

Hi,

With other firewall products I like to use groups that contain groups.
In pf I like working with tables. Tables can be negated and rules with
tables are faster than ones with long lists.

I tried to use something like this:


$ cat pf-examples.conf
host_a1 = "192.168.10.11"
host_a2 = "192.168.10.12"
a_hosts =  $host_a1 $host_a2

host_b1 = "192.168.20.11"
host_b2 = "192.168.20.12"
b_hosts = $host_b1 $host_b2

net_c1 = "192.168.30.0/24"
net_c2 = "192.168.31.0/24"
c_hosts = $net_c1 $net_c2

table   { $a_hosts $b_hosts }
table  { $a_hosts $b_hosts $c_hosts }


block log
pass log from  to any
pass log inet proto icmp from  to any


Unfortunately this does not work with macros containing subnets.

$ pfctl -nf pf-examples.conf
pf-examples.conf:11: syntax error
pf-examples.conf:14: macro 'c_hosts' not defined
pf-examples.conf:14: syntax error
$


Do I miss something regarding the syntax?

Are there other approaches to reach my goal?

Thanks,
Remi

new groups

[Rafael adorman]

0
C Iran
P Tehran
T Tehran
F irregular
O Iranian meetBSD Group
I abdorrahman homaei
M d.orien...@gmail.com
U http://meetbsd.ir
N *BSD

Groups New

[damia...@knoxbug.org]

0
C USA
P Tennessee
T Knoxville
F Last Tuesday each month
O KnoxBUG
I Damian Szidiropulosz
M damia...@knoxbug.org
U http://knoxbug .org
N *BSD

Re: Doubts about groups who have made Free-to-Non-Free transition and groups that are all free

[Jack J. Woehr]

Jorge Luis wrote:

OpenBSD was the first operating system


I can't parse legal arguments with any degree of expertise. I simply bless the 
day I found OpenBSD!

I now use the BSD-2 license for all my own open source software.

Long live truly free software, despite a world-wide legal climate increasingly 
hostile to the existence of same.

--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way of skeptically interrogating the universe
www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Doubts about groups who have made Free-to-Non-Free transition and groups that are all free

[Jorge Luis]

It is written in Openbsd Lyrics:

"David Dawes worked for years with a team of developers to make a free
X11 distribution for us to use, called XFree86, 98% of which was based on
entirely free code from MIT. Suddenly, one day, he decided that we must give
him more credit (ie. advertise his name) or stop using it. Within about 4
months every project had told him to get stuffed, and the community has
created a replacement effort. Now his team cannot even keep their web pages
up to date...

OpenBSD was the first operating system to integrate a packet filter, and
it was the ipf codebase from Darren Reed that we chose. But a few years
later he told us that we were not free to make changes to the code. So we
deleted ipf, and our new packet filter far exceeds the capabilities of the
one he wrote. And other projects are switching too...

The Apache group started from the humble beginnings of just being 'a
patchy' set of changes to a completely free web server of dubious quality.
But the years have changed them, and what they supply is now quite
non-free... released under a license so entangled in legalese that we have
absolutely no doubt that there are encumbrances hidden within. Legal terms
protect. Who are they protecting? Not your freedom. " 

Reference: http://www.openbsd.org/lyrics.html#36

What are all the others groups who have made Free-to-Non-Free transition?

Because groups have made Free-to-Non-Free transition?

What are all the groups who are all free?

What are the operating systems that ship without blobs?

What are the groups that ship without NDA?

What are the others groups that ship without the other project non-free?

I want programme and use only software and hardware that are all free in
hobby, no blobs, no NDA...





--
View this message in context: 
http://openbsd-archive.7691.n7.nabble.com/Doubts-about-groups-who-have-made-Free-to-Non-Free-transition-and-groups-that-are-all-free-tp287434.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Adding a new Polish BUG to groups list

[Frederic Cambus]

Hi misc@,

Here is a filled template for a new user group submission. We are
based in Poland, and targeting the Podkarpackie Voivodeship.

0
C Poland
P Podkarpackie
T Rzeszow 
F Irregular
O SBUG
I Frederic Cambus
M 
U http://www.sbug.org/
N OpenBSD, *BSD

Thanks in advance!

Cheers,
Frederic

Re: groups new

[Janne Johansson]

groups.dat-egypt.diff 
..for someones cut-n-paste convenience.


2015-05-26 3:54 GMT+02:00 noob sia009 :

> 0
> C Egypt
> P Masr EL-Gdida
> T Cairo
> F irregular
> O Egypt OpenBSD Group
> I Hossam EL-Mansy
> M noobsia...@yahoo.com
> U
> N OpenBSD
>
>


-- 
May the most significant bit of your life be positive.

groups new

[noob sia009]

0
C Egypt
P Masr EL-Gdida
T Cairo
F irregular
O Egypt OpenBSD Group
I Hossam EL-Mansy
M noobsia...@yahoo.com
U 
N OpenBSD

groups new

[N.J. Thomas]

0
C India
P Delhi
T New Delhi
F irregular
O New Delhi BSD User Group (NDBUG)
I N.J. Thomas
M i...@ndbug.in
U http://ndbug.in/
N *BSD

Re: CWM has "all groups" application?

[Rodrigo Mosconi]

2014-06-13 3:45 GMT-03:00 Bryan Linton :

> On 2014-06-12 18:35:05, Rodrigo Mosconi  wrote:
> > Hi guys,
> >
> > I would like to know if is possible to make an application (xclock, for
> > example) to be always present, regardless the selected group.
> > On my configuration I have a gap, where I place xclock without group.
>  When
> > I use "grouponlyN" all applications hides (ok, described behavior),
> > including xclock.
> >
> > Is possible to make xclock  present on all groups?
> >
> > I understood from cwm(1) and cwmrc(5) that an application can be member
> of
> > only one group or no group.  Is that true?
> >
> > If does not exists "allgroups", that feature is interesting to be added?
> >
> > Thanks
> >
>
> Since in another mail you sent to the list, you said you're using
> snapshots, there was a bug introduced in CWM back in February that
> prevents applications from being omnipresent.
>

Bryan,

The other email is about another machine.  The cwm machine runs a snapshot
Jun 11.
Folow dmesg:

OpenBSD 5.5-current (GENERIC) #164: Wed Jun 11 13:11:27 MDT 2014
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA C7-M Processor 6300MHz ("CentaurHauls" 686-class) 1.60 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,PBE,NXE,SSE3,EST,TM2,xTPR
real mem  = 803434496 (766MB)
avail mem = 777863168 (741MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/27/09, BIOS32 rev. 0 @ 0xf0010,
SMBIOS rev. 2.5 @ 0xfcfc0 (47 entries)
bios0: vendor American Megatrends Inc. version "080014" date 27/04/2009
bios0: Phitronics PC3000E+
acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG WDRT OEMB HPET
acpi0: wakeup devices NPGS(S4) NP0S(S4) RLAN(S4) USB1(S3) USB2(S3) USB3(S3)
USB4(S3) EHCI(S3) PS2K(S3) PS2M(S3) UAR1(S4) UAR2(S4) SLAN(S4) SLT2(S4)
SLT3(S4) SLT1(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
cpu0: apic clock running at 99MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 3, 24 pins
ioapic1 at mainbus0: apid 2 pa 0xfecc, version 3, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 2 (NBPG)
acpiprt3 at acpi0: bus 3 (NBP0)
acpiprt4 at acpi0: bus -1 (P0P9)
acpiprt5 at acpi0: bus 128 (PCI1)
acpicpu0 at acpi0
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
bios0: ROM list: 0xc/0xd400
cpu0: Enhanced SpeedStep disabled by BIOS
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "VIA P4M900 Host" rev 0x00
viaagp0 at pchb0: v3
agp0 at viaagp0: aperture at 0xf000, size 0x1000
pchb1 at pci0 dev 0 function 1 "VIA P4M900 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA P4M900 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA P4M900 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA P4M900 Host" rev 0x00
"VIA P4M900 IOAPIC" rev 0x00 at pci0 dev 0 function 5 not configured
pchb5 at pci0 dev 0 function 6 "VIA P4M900 Security" rev 0x00
pchb6 at pci0 dev 0 function 7 "VIA P4M900 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA Chrome9 HC IGP" rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 2 function 0 "VIA P4M900" rev 0x80
pci2 at ppb1 bus 2
ppb2 at pci0 dev 3 function 0 "VIA P4M900" rev 0x80: apic 2 int 7
pci3 at ppb2 bus 3
re0 at pci3 dev 0 function 0 "Realtek 8101E" rev 0x01: RTL8101E (0x3400),
apic 2 int 4, address 00:25:11:ee:26:45
rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
pciide0 at pci0 dev 15 function 0 "VIA VT8237S SATA" rev 0x00: DMA
pciide0: using apic 1 int 21 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x07: DMA, channel
0 configured to compatibility, channel 1 configured to compatibility
pciide1: channel 0 disabled (no drives)
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0xb0: apic 1 int 20
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0xb0: apic 1 int 22
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0xb0: apic 1 int 21

Re: CWM has "all groups" application?

[Bryan Linton]

On 2014-06-12 18:35:05, Rodrigo Mosconi  wrote:
> Hi guys,
> 
> I would like to know if is possible to make an application (xclock, for
> example) to be always present, regardless the selected group.
> On my configuration I have a gap, where I place xclock without group.  When
> I use "grouponlyN" all applications hides (ok, described behavior),
> including xclock.
> 
> Is possible to make xclock  present on all groups?
> 
> I understood from cwm(1) and cwmrc(5) that an application can be member of
> only one group or no group.  Is that true?
> 
> If does not exists "allgroups", that feature is interesting to be added?
> 
> Thanks
> 

Since in another mail you sent to the list, you said you're using
snapshots, there was a bug introduced in CWM back in February that
prevents applications from being omnipresent.

I reported the bug, and was told by the developer in question that
they did not have time to track it down right now, but would as
soon as they had free time.
http://marc.info/?l=openbsd-bugs&m=139536903917298&w=2

In the meantime, you can use CVS to checkout a copy of CWM from
February 6th, 2014, and rebuild it.  It takes less than 10 seconds
to build on a CPU circa 2005.  In that case, provided that the
application doesn't automatically start assigned to a group, you
can press ++MOUSE1 (CM-M1 in cwm(1)) to make windows
omnipresent.

-- 
Bryan

CWM has "all groups" application?

[Rodrigo Mosconi]

Hi guys,

I would like to know if is possible to make an application (xclock, for
example) to be always present, regardless the selected group.
On my configuration I have a gap, where I place xclock without group.  When
I use "grouponlyN" all applications hides (ok, described behavior),
including xclock.

Is possible to make xclock  present on all groups?

I understood from cwm(1) and cwmrc(5) that an application can be member of
only one group or no group.  Is that true?

If does not exists "allgroups", that feature is interesting to be added?

Thanks

Re: ypldap 1024 character limit on groups?

[Israel Brewster]

Thanks. I'll see if I can find the time to fix this. It could be a fun project
:-) In the meantime, however, I have determined that CentOS works properly in
this regard, so sadly I'll have to switch, at least for now :-( Thanks for the
feedback, and information as to exactly where the problem lies so I know where
to start looking!

---
Israel Brewster
Computer Support Technician II
Era Alaska
5245 Airport Industrial Rd
Fairbanks, AK 99709
(907) 450-7250 x7293
---

[demime 1.01d removed an attachment of type text/directory which had a name of 
Israel Brewster.vcf]
On Mar 7, 2014, at 8:02 AM, Theo de Raadt  wrote:

>> I see. Wow, that is a HUGE bug.
> 
> Such maximum line lengths have been commonplace in Unix forever.  This
> is not an OpenBSD-introduced problem; it is just something that has
> not yet been improved.
> 
> Improvements come when people try to push forward along the curve.
> People like you...

Re: ypldap 1024 character limit on groups?

[Theo de Raadt]

> I see. Wow, that is a HUGE bug.

Such maximum line lengths have been commonplace in Unix forever.  This
is not an OpenBSD-introduced problem; it is just something that has
not yet been improved.

Improvements come when people try to push forward along the curve.
People like you...

Re: ypldap 1024 character limit on groups?

[Israel Brewster]

On Mar 6, 2014, at 3:24 PM, Philip Guenther  wrote:

> On Mon, Mar 3, 2014 at 4:14 PM, Israel Brewster 
wrote:
>> I am working on setting up my OpenBSD 5.2 box to connect to my company
LDAP
>> server (Mac OS X 10.8.5 OpenDirectory). I have successfully installed
>> login_ldap from ports and configured ypldap and the login.conf file such
that
>> I can now authenticate as any of my ldap users. However, when ypldap pulls
in
>> the group membership information from my LDAP server, it appears to be
cutting
>> off the group membership listing at 1024 characters. The end result is
that
>> only about half of my users are actually showing up as members of the
>> appropriate group(s). I have confirmed this not only by behavior (sftp is
not
>> chrooted for some users even though I have the proper entries to match the
>> group in sshd_conf), but also by using the userinfo command: userinfo for
a
>> user that shows up in the first 1024 characters of the group membership
>> listing properly shows the user as a member of the group. userinfo for a
user
>> that does not show up in the first 1024 characters show the user as only
being
>> part of the default group (staff in this case). How can I get ypldap to
show
>> the full member listing?
>
> The 1024 byte limit is hardcoded in libc's getgr* routines.
>
> /usr/src/lib/libc/gen/getgrent.c:#defineMAXLINELENGTH   1024
> /usr/src/lib/libc/gen/getgrouplist.c:#define MAXLINELENGTH  1024
>
> Increasing those would also require an increase to grp.h's _GR_BUF_LEN
> and possibly other places in the tree.  Not tested: good luck!
>
>
> Philip Guenther

I see. Wow, that is a HUGE bug. Unless there is some workaround, that
essentially means OpenBSD is not suitable for use in any sort of directory
environment, unless it is very small. I mean, I only have about 300 users in
my directory (about 1/3 of the total company), split between two groups, and
ypldap only shows about 2/3 of each group, or about 100 people. You could
MAYBE manage 200 if you used shorter usernames. But maybe we're just weird,
and no normal company puts more than 100 people in a group :-)

In any case, thanks for the information. I guess I'll start looking at other
OS options. That stinks - I like OpenBSD.
---
Israel Brewster
Computer Support Technician II
Era Alaska
5245 Airport Industrial Rd
Fairbanks, AK 99709
(907) 450-7250 x7293
---

[demime 1.01d removed an attachment of type text/directory which had a name of 
Israel Brewster.vcf]

Re: ypldap 1024 character limit on groups?

[Philip Guenther]

On Mon, Mar 3, 2014 at 4:14 PM, Israel Brewster  wrote:
> I am working on setting up my OpenBSD 5.2 box to connect to my company LDAP
> server (Mac OS X 10.8.5 OpenDirectory). I have successfully installed
> login_ldap from ports and configured ypldap and the login.conf file such that
> I can now authenticate as any of my ldap users. However, when ypldap pulls in
> the group membership information from my LDAP server, it appears to be cutting
> off the group membership listing at 1024 characters. The end result is that
> only about half of my users are actually showing up as members of the
> appropriate group(s). I have confirmed this not only by behavior (sftp is not
> chrooted for some users even though I have the proper entries to match the
> group in sshd_conf), but also by using the userinfo command: userinfo for a
> user that shows up in the first 1024 characters of the group membership
> listing properly shows the user as a member of the group. userinfo for a user
> that does not show up in the first 1024 characters show the user as only being
> part of the default group (staff in this case). How can I get ypldap to show
> the full member listing?

The 1024 byte limit is hardcoded in libc's getgr* routines.

/usr/src/lib/libc/gen/getgrent.c:#defineMAXLINELENGTH   1024
/usr/src/lib/libc/gen/getgrouplist.c:#define MAXLINELENGTH  1024

Increasing those would also require an increase to grp.h's _GR_BUF_LEN
and possibly other places in the tree.  Not tested: good luck!


Philip Guenther

Re: ypldap 1024 character limit on groups?

[Israel Brewster]

On Mar 3, 2014, at 3:14 PM, Israel Brewster  wrote:

> I am working on setting up my OpenBSD 5.2 box to connect to my company LDAP
> server (Mac OS X 10.8.5 OpenDirectory). I have successfully installed
> login_ldap from ports and configured ypldap and the login.conf file such
that
> I can now authenticate as any of my ldap users. However, when ypldap pulls
in
> the group membership information from my LDAP server, it appears to be
cutting
> off the group membership listing at 1024 characters. The end result is that
> only about half of my users are actually showing up as members of the
> appropriate group(s). I have confirmed this not only by behavior (sftp is
not
> chrooted for some users even though I have the proper entries to match the
> group in sshd_conf), but also by using the userinfo command: userinfo for a
> user that shows up in the first 1024 characters of the group membership
> listing properly shows the user as a member of the group. userinfo for a
user
> that does not show up in the first 1024 characters show the user as only
being
> part of the default group (staff in this case). How can I get ypldap to
show
> the full member listing?
> ---
> Israel Brewster
> Computer Support Technician II
> Era Alaska
> 5245 Airport Industrial Rd
> Fairbanks, AK 99709
> (907) 450-7250 x7293
> ---
>

I was thinking: is there any chance this is due to a problem with the Apple
OpenDirectory LDAP, and not with ypldap? When I use a LDAB browser such as
explorer, it shows all the groups, but perhaps it works differently. Any
suggestions would be appreciated, as right now the LDAP binding is useless,
and if I can't get this working I'll have to start over on a different OS
where I can make this work - which will not be fun :-(. Thanks.

---
Israel Brewster
Computer Support Technician II
Era Alaska
5245 Airport Industrial Rd
Fairbanks, AK 99709
(907) 450-7250 x7293
---

[demime 1.01d removed an attachment of type text/directory which had a name of 
Israel Brewster.vcf]

ypldap 1024 character limit on groups?

[Israel Brewster]

I am working on setting up my OpenBSD 5.2 box to connect to my company LDAP
server (Mac OS X 10.8.5 OpenDirectory). I have successfully installed
login_ldap from ports and configured ypldap and the login.conf file such that
I can now authenticate as any of my ldap users. However, when ypldap pulls in
the group membership information from my LDAP server, it appears to be cutting
off the group membership listing at 1024 characters. The end result is that
only about half of my users are actually showing up as members of the
appropriate group(s). I have confirmed this not only by behavior (sftp is not
chrooted for some users even though I have the proper entries to match the
group in sshd_conf), but also by using the userinfo command: userinfo for a
user that shows up in the first 1024 characters of the group membership
listing properly shows the user as a member of the group. userinfo for a user
that does not show up in the first 1024 characters show the user as only being
part of the default group (staff in this case). How can I get ypldap to show
the full member listing?
---
Israel Brewster
Computer Support Technician II
Era Alaska
5245 Airport Industrial Rd
Fairbanks, AK 99709
(907) 450-7250 x7293
---

detail groups

[Wesley MOUEDINE ASSABY]

Hi,

I'm looking for a paper, or a man page about described groups in OpenBSD.
Is there a way to have more details on groups (/etc/group), for example :
what is the groups "nobody, operator, nogroup, bin...)

For better understanding the system.

Thank you very much.

Wesley.

www.e-solutions.re

Re: Removing secondary groups with usermod -G

[Ted Unangst]

perl doesn't actually edit the file in place, it just automates the tmp file
handling.

On Mar 22, 2011, at 1:10 AM, Bret Lambert  wrote:

> On Mon, Mar 21, 2011 at 9:45 PM, William Boshuck 
wrote:
>> On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris Bennett wrote:
>>
>>> OpenBSD's form of sed requires you to output to a new file and
>>> mv that back to original.
>>
>> .. or one could use ed, or perl, to change a file in place.
>
> What happens if ed, or perl, corrupts a system file in place?
>
>>
>> -wb

Re: Removing secondary groups with usermod -G

[Steve Clarke]

On Monday 21 Mar 2011 19:54:09 Stuart Henderson wrote:
> On 2011-03-21, Steve Clarke  wrote:
> > I have read on the hindernet, that to remove a user from a group,
> > you simply run usermod -G, and omit the group that you want the
> > user to be removed from.  These posts are often associated with
> > HPUX and Solaris.
> >
> > The same does not work with OpenBSD, and on looking into the code
> > (user.c), it is clear that the functionality to remove users from a group
> > is simply not there.
> >
> > This issue has been around for 10 years (see the following links):
> >
> > http://marc.info/?l=openbsd-misc&m=109088617022480&w=2
> > http://marc.info/?l=tru64-unix-managers&m=97203990632722&w=2
> >
> > I am looking for the ability to remove users from groups, and I am quite
> > capable of modifying user.c to provide compatibility, but there may be a
> > better way ...
> >
> > My questions are:
> >
> > 1. Is there a different application which can be used to remove users
> > from secondary groups? (I'd like to automate, so vi isn't an option)?
> 
> I am fairly sure we don't have anything to do that.
> 
> > 2. Should the -G switch be used to remove users from groups so the
> >operation is consistent with that of HPUX and Solaris.
> 
> That makes sense to me.
> 
> > 3. What is the ettiquette for agreeing an additional functionality, and
> > submitting patches, once I've made the user.c modifications?
> 
> The best way is to send a diff to tech@ (cvs diff -u, inline in a
> plaintext email body).
> 

Thanks Stuart, that's pointed me in exactly the right direction ... Ill give
it a go!  Best Regards, Steve!

Re: Removing secondary groups with usermod -G

[Paul de Weerd]

On Tue, Mar 22, 2011 at 06:10:21AM +0100, Bret Lambert wrote:
| On Mon, Mar 21, 2011 at 9:45 PM, William Boshuck  
wrote:
| > On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris Bennett wrote:
| >
| >> OpenBSD's form of sed requires you to output to a new file and
| >> mv that back to original.
| >
| > .. or one could use ed, or perl, to change a file in place.
| 
| What happens if ed, or perl, corrupts a system file in place?

The same thing that happens when sed creates a corrupt temporary file
that is then used to replace its input: brokenness.

Paul 'WEiRD' de Weerd

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Re: Removing secondary groups with usermod -G

[Piotr Dacko]

--- On Tue, 3/22/11, Bret Lambert  wrote:

> From: Bret Lambert 
> Subject: Re: Removing secondary groups with usermod -G
> To: "William Boshuck" 
> Cc: misc@openbsd.org
> Date: Tuesday, March 22, 2011, 7:10 AM
> On Mon, Mar 21, 2011 at 9:45 PM,
> William Boshuck 
> wrote:
> > On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris
> Bennett wrote:
> >
> >> OpenBSD's form of sed requires you to output to a
> new file and
> >> mv that back to original.
> >
> > .. or one could use ed, or perl, to change a file in
> place.
> 
> What happens if ed, or perl, corrupts a system file in
> place?
> 
> >
> > -wb
> 
> 
Hmm, do backup first? 

piotr

Re: Removing secondary groups with usermod -G

[Bret Lambert]

On Mon, Mar 21, 2011 at 9:45 PM, William Boshuck  wrote:
> On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris Bennett wrote:
>
>> OpenBSD's form of sed requires you to output to a new file and
>> mv that back to original.
>
> .. or one could use ed, or perl, to change a file in place.

What happens if ed, or perl, corrupts a system file in place?

>
> -wb

Re: Removing secondary groups with usermod -G

[William Boshuck]

On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris Bennett wrote:

> OpenBSD's form of sed requires you to output to a new file and
> mv that back to original.

.. or one could use ed, or perl, to change a file in place.

-wb

Re: Removing secondary groups with usermod -G

[Kevin Chadwick]

On Mon, 21 Mar 2011 13:18:41 -0500
Chris Bennett wrote:

> OpenBSD's form of sed requires you to output to a new file and mv that back 
> to original. But that isn't a big deal.

I'm fairly sure that that is what all seds do but just hide it from the
user. Easier to use but raises questions about seding sensitive files,
not that I do.

Re: Removing secondary groups with usermod -G

[Stuart Henderson]

On 2011-03-21, Steve Clarke  wrote:
> I have read on the hindernet, that to remove a user from a group,
> you simply run usermod -G, and omit the group that you want the
> user to be removed from.  These posts are often associated with
> HPUX and Solaris.
>
> The same does not work with OpenBSD, and on looking into the code
> (user.c), it is clear that the functionality to remove users from a group is
> simply not there.
>
> This issue has been around for 10 years (see the following links):
>
> http://marc.info/?l=openbsd-misc&m=109088617022480&w=2
> http://marc.info/?l=tru64-unix-managers&m=97203990632722&w=2
>
> I am looking for the ability to remove users from groups, and I am quite
> capable of modifying user.c to provide compatibility, but there may be a
> better way ...
>
> My questions are:
>
> 1. Is there a different application which can be used to remove users
> from secondary groups? (I'd like to automate, so vi isn't an option)?

I am fairly sure we don't have anything to do that.

> 2. Should the -G switch be used to remove users from groups so the
>operation is consistent with that of HPUX and Solaris.

That makes sense to me.

> 3. What is the ettiquette for agreeing an additional functionality, and
> submitting patches, once I've made the user.c modifications?

The best way is to send a diff to tech@ (cvs diff -u, inline in a
plaintext email body).

Re: Removing secondary groups with usermod -G

[Chris Bennett]

On Mon, Mar 21, 2011 at 05:50:37PM +, Steve Clarke wrote:
> I have read on the hindernet, that to remove a user from a group, 
> you simply run usermod -G, and omit the group that you want the
> user to be removed from.  These posts are often associated with
> HPUX and Solaris.
> 
> The same does not work with OpenBSD, and on looking into the code 
> (user.c), it is clear that the functionality to remove users from a group is 
> simply not there.
> 
> This issue has been around for 10 years (see the following links):
> 
> http://marc.info/?l=openbsd-misc&m=109088617022480&w=2
> http://marc.info/?l=tru64-unix-managers&m=97203990632722&w=2
> 
> I am looking for the ability to remove users from groups, and I am quite
> capable of modifying user.c to provide compatibility, but there may be a
> better way ...
> 
> My questions are:
> 
> 1. Is there a different application which can be used to remove users
> from secondary groups? (I'd like to automate, so vi isn't an option)?
> 
> 2. Should the -G switch be used to remove users from groups so the
>operation is consistent with that of HPUX and Solaris.
> 
> 3. What is the ettiquette for agreeing an additional functionality, and
> submitting patches, once I've made the user.c modifications?
> 
> Thanks and Regards,
> 
> Steve C
> 

I use a small script with sed to make one line changes in files.
It asks for the file location and what to match. making it substitute nothing  
would remove a line from /etc/group or drop a single user and insert the 
changed line back. OpenBSD's form of sed requires you to output to a new file 
and mv that back to original. But that isn't a big deal.

I mostly use the script myself to change many html/css files to reflect a site 
or server wide change. Very fast and easy. And very  simple to automate.

Chris Bennett

Removing secondary groups with usermod -G

[Steve Clarke]

I have read on the hindernet, that to remove a user from a group, 
you simply run usermod -G, and omit the group that you want the
user to be removed from.  These posts are often associated with
HPUX and Solaris.

The same does not work with OpenBSD, and on looking into the code 
(user.c), it is clear that the functionality to remove users from a group is 
simply not there.

This issue has been around for 10 years (see the following links):

http://marc.info/?l=openbsd-misc&m=109088617022480&w=2
http://marc.info/?l=tru64-unix-managers&m=97203990632722&w=2

I am looking for the ability to remove users from groups, and I am quite
capable of modifying user.c to provide compatibility, but there may be a
better way ...

My questions are:

1. Is there a different application which can be used to remove users
    from secondary groups? (I'd like to automate, so vi isn't an option)?

2. Should the -G switch be used to remove users from groups so the
   operation is consistent with that of HPUX and Solaris.

3. What is the ettiquette for agreeing an additional functionality, and
submitting patches, once I've made the user.c modifications?

Thanks and Regards,

Steve C

Songs Needed, Participate in music focus groups, major brand seeking songs, acts signed & more

[Music Xray]

Hello from Music Xray.
Display the images in this message in order to view it properly.
This is the weekly Music Xray Opportunity Feed email. If you feel like you've
been added to this list in error or if you do not wish to receive these emails
please see the instructions in the footer of this email message.
Scroll down to see this week's opportunities.



New Initiative: We will pay you to listen to music!

Join Music Xray focus groups and get paid to listen to music.Music Xray needs
focus group members who love music and who are willing to share their opinions
& feedback.
If you are already signed up as an artist at Music Xray, just log into your
account and click the "Focus Groups" tab on your dashboard.
If you are not an artist (or a music industry professional) but love music and
want to be a part of focus groups, just sign up by clicking the link in the
upper left corner of Music Xrayand then once you are logged in, select to
create a an account "as a fan" and fill out the question form.
Within a few weeks you'll start getting focus group alerts with instructions
for how to listen and get paid.



Featured Opportunity - Urgent Song Search for TV Show

We're urgently looking for TOP songs for the opening sequence of a new TV show
in production. The title track needs to be well written, well performed, and
recorded to broadcast quality.
In particular we're looking for a song with strong male vocals that is upbeat,
full of energy and optimistic in nature.
Our client needs to make song choices ASAP so we're working to tight deadlines
and looking for serious placements only.
Click here to learn more about this opportunity.



Special Bonus Featured Opportunity

Seeking Catchy Song for International Advertising Campaign for a Major
Consumer Brand
The agency is seeking an happy/cheerful/celebratory song that will appear as
the centerpiece of an international advertising campaign for a major consumer
brand. The ads will begin running internationally in the spring of 2011 and
continue through the summer.
A catchy, celebratory, cheerful sing-along chorus is a big plus but we're open
to other ideas as well. Sometimes we don't recognize it until we hear it.
If you are a band or act that is interested in appearing in some or all of the
multiple ads that will be produced with your song as the centerpiece, we are
open to discussing that as a possibility.
We look forward to hearing your submissions.
Click the headline of this post for more information.



Stuff to do

SEE ALL AVAILABLE OPPORTUNITIES
SEE FREE OPPORTUNITIES ONLY
SEE SUCCESS STORIES
FOLLOW US ON TWITTER
FOLLOW US ON FACEBOOK
FOLLOW US ON MYSPACE
CREATE A SONG PRESENTATION PACK
GET YOUR SONGS MATCHED TO OPPORTUNITIES FOR FREE
LEARN ABOUT MUSIC XRAY



A few of the opportunities posted on the site in the past 7 days



Maybe you'll have a meeting with someone like this dude!Meet One-On-One With A
Record Label Representative From Any Major Record Label
Fanatix Agency is an entertainment industry provider that arranges private,
one on one meetings with record label representatives from all major record
labels, as well as other executives within the entertainment business. We will
review your music and based on our knowledge of what A&Rs are looking for
right now, advise you on which labels you can be shopped to right now, (if
you're ready). If you choose, we can book a face to face meeting for you, at
the label or company of your choice.
Click the headline of this post for more information.



High Seas ManagementProfessional Feedback with Possible Management Deal
Submit your music for me to provide feedback in the form of a song critique.
If I like what I hear and you would like to work with HighSeas Management we
can discuss working arrangements to take your career to the next level. We are
always on the lookout for new artists and bands.
HighSeas Management is a San Diego based Artist Management company that offers
an array of services to Artists and Bands alike. Current artsits include Mike
Goodrick and The Greater Heights with more on the way as we continue to grow
our list of artists and bands. If you are interested in us having work for you
then submit a song to an opportunity on our page. If we like what hear we will
get back to you with pricing and potential management opportunities and
information on how HighSeas Management can help you.
Click the headline of this post for more information



Get your track out to 10,000+ people
Every month Kiss My Face Music sends an email out to 10,000+ music lovers.
Most of the people on this list are based in the UK.
We have decided to feature an mp3 of the month on our mailer. Please submit
your track here to be considered for our mp3 of the month feature and get your
track out to 10,000 music lovers. If selected you will need to provide us with
a paragraph or two of text about your band and the track and a link to the mp3

Re: Trouble getting groups through ypldap

[John Danks]

On Thu, Oct 14, 2010 at 2:38 PM, Nigel Taylor
 wrote:
>
> It could be the groups your missing have no members, which fails to output the
> group. You can confirm this my adding a user to one of the groups, and see if
> the group is displayed. This following change, rather than skipping output of
> the group, outputs group with a null list of members.

Thanks, that was the problem. Adding a member to the groups made them
show up through getent.

Re: Trouble getting groups through ypldap

[Nigel Taylor]

It could be the groups your missing have no members, which fails to output the
group. You can confirm this my adding a user to one of the groups, and see if
the group is displayed. This following change, rather than skipping output of
the group, outputs group with a null list of members.

Regards

Nigel Taylor

$ cvs -R -q -d /cvs diff -u
Index: ldapclient.c
===
RCS file: /cvs/src/usr.sbin/ypldap/ldapclient.c,v
retrieving revision 1.14
diff -u -r1.14 ldapclient.c
--- ldapclient.c6 Jun 2009 05:02:58 -   1.14
+++ ldapclient.c5 Jul 2009 18:18:35 -
@@ -611,7 +611,7 @@
}
} else if (idm->idm_list & F_LIST(i)) {
if (aldap_match_entry(m, attrs[j++],
&ldap_attrs) == -1)
-   goto next_grpentry;
+   continue;
if (ldap_attrs[0] == NULL)
goto next_grpentry;
for (k = 0; k >= 0 && ldap_attrs[k] != NULL; 
k++) {





On 10/14/10 20:15, John Danks wrote:
> I'm attempting to setup OpenLDAP, Samba and ypldap on 4.7. OpenLDAP is
> up and running along with Samba, and I've used the smbldap tools to
> populate the directory.
> 
> I'm having trouble getting the full list of LDAP groups with getent.
> At first I ran "getent group" and didn't see any of the LDAP groups.
> Then I noticed that the ypldap.conf example uses basedn
> "ou=Users,dc=domain,dc=tld", so I changed it to basedn
> "dc=domain,dc=tld". Now getent group shows only the first of the LDAP
> groups:
> 
> # getent group
> ...
> nogroup:*:32766
> nobody:*:32767
> _openldap:*:544
> _dbus:*:572
> _avahi:*:629
> _avahi-autoipd:*:630
> _cups:*:541
> Domain Admins:*:512:root
> 
> I ran the equivalent search that ypldap was doing (based on watching
> OpenLDAP in the foreground) and got the full list of groups. So it
> looks like something between OpenLDAP and ypldap isn't working quite
> right. I looked at the changes to ypldap since 4.7 and there doesn't
> seem to be anything relevant.
> 
> I'm out of ideas for troubleshooting short of trying a snapshot, which
> I'll try later today.
> 
> Any ideas where to look next?
> 
> Here's my ypldap.conf:
> 
> domain "pmh.org"
> interval 30
> 
> provide map "passwd.byname"
> provide map "passwd.byuid"
> provide map "group.byname"
> provide map "group.bygid"
> 
> directory "ldap.pmh.org" {
> binddn "cn=Manager,dc=pmh,dc=org"
> bindcred "secret"
> #   basedn "ou=Users,dc=pmh,dc=org"
> basedn "dc=pmh,dc=org"
> 
> passwd filter "(objectClass=posixAccount)"
> 
> attribute name maps to "uid"
> fixed attribute passwd "*"
> attribute uid maps to "uidNumber"
> attribute gid maps to "gidNumber"
> attribute gecos maps to "cn"
> attribute home maps to "homeDirectory"
> fixed attribute shell "loginShell"
> fixed attribute change "0"
> fixed attribute expire "0"
> fixed attribute class "ldap"
> 
> group filter "(objectClass=posixGroup)"
> 
> attribute groupname maps to "cn"
> fixed attribute grouppasswd "*"
> attribute groupgid maps to "gidNumber"
> list groupmembers maps to "memberUid"
> }
> 
> And dmesg:
> 
> OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel Pentium III ("GenuineIntel" 686-class, 128KB L2 cache) 898 MHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXS
> R,SSE
> real mem  = 266694656 (254MB)
> avail mem = 249700352 (238MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 08/23/01, BIOS32 rev. 0 @ 0xfda74, 
> SMBIOS
> rev. 2.3 @ 0xf0ff0 (49 entries)
> bios0: vendor Intel Corp. version "CB81010A.15A.0026.P05.0108230926" date 
> 08/23/
> 2001
> bios0: Gateway E-1600
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> acpi at bios0 function 0x0 not configured
> pcibios0 at bios0: rev 2.1 @ 0xf/0x1
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3370/144 (7 entries)
> pcibios0: PCI Interrupt Router at 000:31:0 

Trouble getting groups through ypldap

[John Danks]

I'm attempting to setup OpenLDAP, Samba and ypldap on 4.7. OpenLDAP is
up and running along with Samba, and I've used the smbldap tools to
populate the directory.

I'm having trouble getting the full list of LDAP groups with getent.
At first I ran "getent group" and didn't see any of the LDAP groups.
Then I noticed that the ypldap.conf example uses basedn
"ou=Users,dc=domain,dc=tld", so I changed it to basedn
"dc=domain,dc=tld". Now getent group shows only the first of the LDAP
groups:

# getent group
...
nogroup:*:32766
nobody:*:32767
_openldap:*:544
_dbus:*:572
_avahi:*:629
_avahi-autoipd:*:630
_cups:*:541
Domain Admins:*:512:root

I ran the equivalent search that ypldap was doing (based on watching
OpenLDAP in the foreground) and got the full list of groups. So it
looks like something between OpenLDAP and ypldap isn't working quite
right. I looked at the changes to ypldap since 4.7 and there doesn't
seem to be anything relevant.

I'm out of ideas for troubleshooting short of trying a snapshot, which
I'll try later today.

Any ideas where to look next?

Here's my ypldap.conf:

domain "pmh.org"
interval 30

provide map "passwd.byname"
provide map "passwd.byuid"
provide map "group.byname"
provide map "group.bygid"

directory "ldap.pmh.org" {
binddn "cn=Manager,dc=pmh,dc=org"
bindcred "secret"
#   basedn "ou=Users,dc=pmh,dc=org"
basedn "dc=pmh,dc=org"

passwd filter "(objectClass=posixAccount)"

attribute name maps to "uid"
fixed attribute passwd "*"
attribute uid maps to "uidNumber"
attribute gid maps to "gidNumber"
attribute gecos maps to "cn"
attribute home maps to "homeDirectory"
fixed attribute shell "loginShell"
fixed attribute change "0"
fixed attribute expire "0"
fixed attribute class "ldap"

group filter "(objectClass=posixGroup)"

attribute groupname maps to "cn"
fixed attribute grouppasswd "*"
attribute groupgid maps to "gidNumber"
list groupmembers maps to "memberUid"
}

And dmesg:

OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 128KB L2 cache) 898 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXS
R,SSE
real mem  = 266694656 (254MB)
avail mem = 249700352 (238MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/23/01, BIOS32 rev. 0 @ 0xfda74, SMBIOS
rev. 2.3 @ 0xf0ff0 (49 entries)
bios0: vendor Intel Corp. version "CB81010A.15A.0026.P05.0108230926" date 08/23/
2001
bios0: Gateway E-1600
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3370/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x1000 0xcd000/0x1000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82810E Host" rev 0x03
vga1 at pci0 dev 1 function 0 "Intel 82810E Video" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xf800, size 0x400
ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x02
pci1 at ppb0 bus 1
fxp0 at pci1 dev 8 function 0 "Intel 82562" rev 0x01, i82562: irq 5, address 00:
03:47:a3:9b:b8
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x02: 24-bit timer at
 3579545Hz
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x02: DMA, channel 0 w
ired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI 5/cdrom removab
le
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
wd0 at pciide0 channel 1 drive 0: 
wd0: 16-sector PIO, LBA, 39205MB, 80293248 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x02: irq 10
ichiic0 at pci0 dev 31 function 3 "Intel 82801BA SMBus" rev 0x02: irq 9
iic0 at ichiic0
admtm0 at iic0 addr 0x2d: adm1025
spdmem0 at iic0 addr 0x50: 256MB SDRAM non-parity PC133CL3
auich0 at pci0 dev 31 function 5 "Intel 82801BA AC9

Re: Update on altq and interface groups

[Daniel Melameth]

On Mon, Jul 5, 2010 at 8:50 AM, Olivier Mehani  wrote:
> I know this question has been asked before, but I'm after an up-to-date
> answer, or at least a confirmation.
>
> Has support for interface groups been implemented for altq?

No.

http://marc.info/?l=openbsd-misc&m=127453585925685&w=2

Update on altq and interface groups

[Olivier Mehani]

Hi list,

I know this question has been asked before, but I'm after an up-to-date
answer, or at least a confirmation.

Has support for interface groups been implemented for altq? By that, I mean
the
possibility to use an interface group name with baltq on GROUPb to set up
similar queues for each of the interfaces of the group. This could be used to
not have to explicitly name the interfaces but rather refer to their current
role. The outgoing traffic for all the interfaces could also be classified
with
only one ruleset of bpass out on GROUPbs.

Unfortunately, the changelogs and my small experiments (see below) seem to
hint that
it's not supported. But maybe I'm (doing it) wrong?

opera...@mudrublic:~$ /sbin/ifconfig
lo0: flags=8049 mtu 33200
(...)
ath0: flags=8963
mtu 1500
(...)
groups: wlan internal
(...)
sis0: flags=8843 mtu 1500
(...)
groups: egress
(...)

Relevant beginning of pfctl.conf:

UPLINK_BANDWIDTH = "90Mb"
set skip on lo
set loginterface public
altq on egress priq bandwidth $UPLINK_BANDWIDTH queue {std_out,
interactive_out, dns_out, tcp_ack_out}
queue std_out priq(default)
queue interactive_out priority 4 prirq(red)
queue dns_out priority 5
queue tcp_ack_out priority 6
(...)
pass out on egress proto tcp to any flags S/SA keep state queue(std_out,
tcp_ack_out)
pass out on egress proto { tcp udp } to any port domain keep state queue
dns_out
pass out on egress proto tcp to any port ssh flags S/SA keep state
queue(std_out, interactive_out)


$ sudo pfctl -vf /etc/pf.conf
set skip on { lo }
set loginterface public
UPLINK_BANDWIDTH = "90Mb"
pfctl: SIOCGIFMTU: Device not configured

This error doesn't happen if I replace egress with sis0 in the baltq onb
line
(pretty bad omen, I guess...).

$ uname -a
OpenBSD mudrublic.narf.ssji.net 4.6 GENERIC#58 i386

Thanks.

--
Olivier Mehani 
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE  F5F9 F012 A6E2 98C6 6655

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: pf, altq and interface groups

[Henning Brauer]

* Daniel Melameth  [2010-05-22 03:58]:
> I've considered migrating my macro-based interface names to interface
> groups, but, it appears, altq does not grok interface groups--and pfctl
> spits back a pfctl: SIOCGIFMTU: Device not configured when I try.  Am I
> missing something here?  pf.conf's BNF, it appears, says I'm not...

no ifgroup support for altq - and it is not easy to add either.

the BNF is simplified, otherwise it would explode.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

pf, altq and interface groups

[Daniel Melameth]

I've considered migrating my macro-based interface names to interface
groups, but, it appears, altq does not grok interface groups--and pfctl
spits back a pfctl: SIOCGIFMTU: Device not configured when I try.  Am I
missing something here?  pf.conf's BNF, it appears, says I'm not...

CARP: multiple host groups on one network?

[Toni Mueller]

Hello,

I've decided to make more use of CARP, but I'm not sure that I
understand how "vhid" and "carpnodes" are supposed to work. So far, my
reading of carp(4) and ifconfig(8) is as follows:

* If I have a number of aliases bound to a certain interface, I should
  move them all to individual carp interfaces, each with their own vhid
  value, and their own password.

* On all hosts which are supposed to share one of these IP numbers, I
  configure similar carp interfaces using that same vhid value.

* The numbering of the carp interfaces is only of local significance
  on a given machine, and has no effect on other machines on the
  same network.

* If I want load balancing, then I'm going to use the "carpnodes"
  option, but now with individual vhid numbers for the same IP
  number on all affected nodes. The failover is now implicit because
  the non-working hosts simply don't advertise their MAC.

* If I want several hosts forming a number of groups on the same LAN,
  I need to assign vhid values across all hosts, and passwords
  according to group membership.

  Example: DNS on hosts dns1 and dns2, and two web servers on hosts
  web1 and web2, totalling four machines in two groups.


-- 
Kind regards,
--Toni++

Re: [Samba] Re: Winbind syslog errors and Domain Local Groups

[(private) HKS]

Ah, thanks, didn't even realize 3.0.31 had been released. I'll give that a try.

-HKS

On Tue, Jul 15, 2008 at 6:15 PM, Jeremy Allison <[EMAIL PROTECTED]> wrote:
> On Tue, Jul 15, 2008 at 06:12:41PM -0400, (private) HKS wrote:
>> I was finally able to correct these errors by enabling Kerberos
>> and changing the security model from domain to ads, but now
>> I've run into the same problem reported here:
>> http://www.usenet-forums.com/samba/394092-re-samba-accessing-member-server-prompts-credentials.html
>>
>> After about 5 minutes of uptime the winbind service throws
>> several errors into syslog and nothing referencing it will work
>> correctly until I restart it. The processes are still running.
>>
>> Jul 15 17:57:26 testbox winbindd[994]: [2008/07/15 17:57:26, 0]
>> nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
>> Jul 15 17:57:26 testbox kernel: Jul 15 17:57:26 testbox winbindd[994]:
>> [2008/07/15 17:57:26, 0]
>> nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
>> Jul 15 17:57:26 testbox winbindd[994]:
>> async_request_timeout_handler: child pid 992 is not responding.
>> Closing connection to it.
>> Jul 15 17:57:26 testbox kernel: Jul 15 17:57:26 testbox winbindd[994]:
>>   async_request_timeout_handler: child pid 992 is not responding.
>> Closing connection to it.
>>
>> This is Samba 3.0.30 and Kerberos 5 running on FreeBSD 7.0.
>>
>> Can anyone help me out here?
>
> Known bug that was explicitly fixed in 3.0.31.
>
> Jeremy.

altq and interface groups

[Martin Schröder]

Hi,
setup: 4.2 with tun0 being a pppoe(8) int and tun1 being a ssh-vpn
over tun0. altq is running on tun0.

I know that altq doesn't support interface groups (and that support is
not planned (see
http://marc.info/?l=openbsd-misc&m=112431574118264&w=2)) but is there
a way around this? Currently altq sees all traffic on tun1 on tun0 as
default instead of ssh, which it is.

Best
   Martin

ACLs in CUPS with users/groups in a LDAP directory

[Comète]

Hi,

i would like to use the ACLs in CUPS to give access to users and groups 
from a LDAP directory. I already did this on a linux machine with 
pam-ldap and nss-ldap, but on OpenBSD, pam and nss are not supported. So 
 i wonder if it was possible to do this another way ?


thanks

Comete

Re: bgpd nested neighbor groups

[Henning Brauer]

* Lord Sporkton <[EMAIL PROTECTED]> [2007-11-15 23:44]:
> Is it possible to nest a neighbor group inside another neighbor group
> in bgpd.conf?
> 
> It gives me an errors on the nested group statement when i try to
> start bgpd. is there a way around this or am i missing something i
> need to nest?

no, no nesting

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

bgpd nested neighbor groups

[Lord Sporkton]

Is it possible to nest a neighbor group inside another neighbor group
in bgpd.conf?

It gives me an errors on the nested group statement when i try to
start bgpd. is there a way around this or am i missing something i
need to nest?

on:
OpenBSD 4.2 GENERIC.MP#304 i386

-- 
-Lawrence

Re: max number of groups

[Tobias Weingartner]

In article <[EMAIL PROTECTED]>, Douglas A. Tutty wrote:
> 
>  There has to be _some_ solution but it doesn't have to revolve around
>  groups.  Surely we don't need a separate box for every 16 projects (and
>  lets not get into another reason to use Xen :)) )

Group accounts with ssh keys controlling access.

-- 
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax