Re: quota! but on the wrong fs :-(
On Sat, Jan 31, 2004 at 08:57:35PM +0100, [EMAIL PROTECTED] wrote: Hi, Got quota working on another web server and wanted to get it working on a development/shell server that is kinda new. I forgot that i needed /home mounted on it's own like /dev/ar0s4e /usr/home ufs rw,userquota2 2 for example but i just have / mounted so now quota is set on /. How can i fix this? You'll have to set up quotas again from scratch on the new partition -- you can't make the quotas on the root partition extend to cover /usr/home. It may be possible to script copying the actual file and byte limits from what you've setup on the root and copy them into /usr/home. Turning off quotas on the root partition is pretty simple -- just edit /etc/fstab to take out the 'userquota' mount flags, remount the root partition: # mount -u / and then delete the quota.user file. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: df oddity (to a newbie)
On Sun, Feb 01, 2004 at 01:38:34AM -0800, Joshua Eckroth wrote: I installed a 80gig harddrive for /usr/home, but df has been consistently giving me weird numbers: Filesystem 1K-blocks UsedAvail Capacity Mounted on /dev/ad5s1d 75685352 24426308 4520421635%/usr/home what's with Used + Avail != 1K-blocks? FAQ: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#DISK-MORE-THAN-FULL Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: df oddity (to a newbie)
On Sun, Feb 01, 2004 at 02:09:55AM -0800, Joshua Eckroth wrote: On Sun, Feb 01, 2004 at 09:57:45AM +, Matthew Seaman wrote: On Sun, Feb 01, 2004 at 01:38:34AM -0800, Joshua Eckroth wrote: I installed a 80gig harddrive for /usr/home, but df has been consistently giving me weird numbers: Filesystem 1K-blocks UsedAvail Capacity Mounted on /dev/ad5s1d 75685352 24426308 4520421635%/usr/home what's with Used + Avail != 1K-blocks? FAQ: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#DISK-MORE-THAN-FULL Wow, 8% exactly. Though it makes me sad to see 6gigs go away. Do you know you can tweak that value? 8% is a bit much on a 75Gb filesystem. See tunefs(8), particularly the '-m' minfree option. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: boot.config problem, can't boot
On Sun, Feb 01, 2004 at 01:06:04PM +0200, Mike Jackson wrote: I was doing some work on my gateway and decided to tighten up the security a bit... In essence, I had -h in /boot.config, but I commented it out (because I thought that somehow comments would be understood). So, now I have #-h in /boot.config, which by the way I set the immutable flag on according to one unofficial HOWTO I was reading. BTW, the comment in the /boot.config was not part of that HOWTO. It was my own lack of understanding about how that file is parsed during boot. Yes, I feel stupid, but I'm also wondering why the file can't include a comment. I think that this a bug. And then I rebooted for some other reason. And now, I can't get past the boot: prompt. The #-h is not understood and I can't override it. There are some changes to files which are on that box that I'd like to keep, which have been made since the last backup. Is there any way to recover from this situation, or is it re-install time? If you've got disk two from the install set, you should be able to boot the repair system from that, mount your hard drive on it and edit your boot.config file. Then just reboot as usual. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: toor root
On Sun, Feb 01, 2004 at 12:19:28PM +0100, nypix wrote: Hi, i have a little question about toor superuser. Which are the differences between the superuser toor and root? Excuse me for my bad English. toor has a different shell to root, and doesn't belong to all of the same groups that root does. Those are the only differences. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: ports question
On Sun, Feb 01, 2004 at 04:44:19PM -0800, Gary Kline wrote: Well, to answer my own posting, I hacked the /distfile and removed the (SIZE) = line. Now openldap21-* is flowing across. Dunno why the port assumed the file or parts of it were here. Next to rm the old version and update... . --Well, once it builds and installs! Odd. I updated the OpenlDAP 2.1.26 ports on my system last week, and it all worked perfectly. The tarball it pulled down is exactly as specified in the distfile: % ls -la /usr/ports/distfiles/openldap-2.1.26.tgz -rw-r--r-- 1 root wheel 2042658 Jan 23 06:48 /usr/ports/distfiles/openldap-2.1.26.tgz % md5 /usr/ports/distfiles/openldap-2.1.26.tgz MD5 (/usr/ports/distfiles/openldap-2.1.26.tgz) = e3388c021b1029c15cfbd462d3bfcc9d and the tarball on ftp.openldap.org hasn't changed: ftp dir openldap-2.1.26* 229 Entering Extended Passive Mode (|||50188|) 150 Opening ASCII mode data connection for '/bin/ls'. -rw-rw-r-- 1 2000 20 61 Jan 23 06:48 openldap-2.1.26.md5 -rw-rw-r-- 1 2000 20 2042658 Jan 23 06:48 openldap-2.1.26.tgz 226 Transfer complete. Perhaps the OpenLDAP mirrors you're trying to access aren't being properly updated -- I'd suggest ftp'ing down the openldap sources manually from ftp.openldap.org and placing them in /usr/ports/distfiles before you start building the port. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Adding Packages and Ports
On Sun, Feb 01, 2004 at 11:21:13PM -0500, Krikket wrote: Please correct me if I'm wrong, but the various versions of freeBSD (3.x, 4.x, and 5.x) are still being worked. Needless to say, 5.x is the bleeding edge, but 4.x hasn't been left to go stale. (Or else how would security patches get done, when needed?) FreeBSD 3.x isn't actively supported or worked on any more, although very occasionally some critical security fixes have been committed to that branch. But otherwise, yes, you're right. Therefore, the thought was to get the latest and greatest from the net. No, it's not as bleeding edge as the 5.2 stuff, but if a patch was done since the 4.9 iso's were made, it would be a good idea to have that on hand. So I thought it would be a good thing to use -r as a default option. Or am I just using an incorrect line of thinking, due to the flux that I got used to (and wish to avoid) from when I was dealing with the Linux world? Ports are developed independantly of the base system. It's a continuous process of development as new ports get added, updates to current ports are made to accomodate upstream changes to port distfiles or to fix bug, and generally as new features appear in the ports make system. Testing on ports is done using the currently supported versions of the OS -- viz. 4.9 and 5.2 -- and while ports should work on older systems, that cannot be guarranteed. Each time a release is made, a full set of packages are built from the ports tree: there's a short period of code freeze before that on the ports tree when extra effort is put into bug fixing and making everything work as well as possible together, rather than introducing new code. Those packages are what goes onto the FTP sites, and a sample of the most popular ones go into the install CDs -- there's *far* too much stuff to fit all of it onto a 4 CD distribution set. Between releases, where a port is updated, an updated pkg tarball is eventually uploaded to the ftp servers into the 'Latest' directory, for each Tier-1 architecture and for both supported OS versions. pkg_add -r will download that 'Latest' version where available, or else the version from the release set. However, pkg building isn't instantaneous, and you can get hold of the newest stuff much quicker by building out of the ports tree yourself. So, given that I should have the ports installed from my initial install phase, all I have to do is the make install clean? Too cool. Thank you for the pointer! Absolutely. Lots of people instinctively head towards the installing precompiled packages route, but generally I find that installing through ports is just as easy, usually doesn't take that much more time (except for some really big compilations, like OpenOffice or jdk14), and lets you tweak various build options and so forth. Even so, it's perfectly fine to mix up stuff installed via packages and stuff installed via ports -- it all comes down to the same package database in the end. Using ports also makes it a lot easier to keep everything maintained and up to date, especially by using the portupgrade(1) tools. There are some ports which aren't available as packages, usually for licensing reasons. Note that the ports tree you installed is a snapshot of the state at the time your release was created. The ports tree has undergone a great deal of development since then. There's been a lot of updates to the 3rd party ported software as well, and some versions current at that time may not be available any more. You can track the current state of the ports tree using cvsup(1) -- exactly as you'ld track the current state of the system sources. Details of how to do that are available in the Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html Nb. the cheats method of getting cvsup(1) working is very quick: Step 1: Install the cvsup-without-gui package using pkg_add. Type 'rehash' if you're using tcsh(1) as your shell, so that it becomes aware of the newly installed binaries. Step 2: Edit /etc/make.conf -- create the file if it doesn't exist. You need to add the following: SUP_UPDATE= yes SUP=/usr/local/bin/cvsup SUPFLAGS= -g -L 2 SUPHOST=cvsup.XX.FreeBSD.org [1] SUPFILE=/usr/share/examples/cvsup/standard-supfile [2] PORTSSUPFILE= /usr/share/examples/cvsup/ports-supfile where [1] should be a cvsup server local to you, and [2] as shown will get you the system sources for the same OS -RELEASE branch as you installed: eg. 4.9-RELEASE-pN or 5.2-RELEASE-pN. You can replace that by 'stable-supfile' to switch to the 4-STABLE branch, although once you've updated to 4-STABLE, the standard-supfile will be replaced by one pulling down the 4-STABLE sources. Step 3: Update the ports
Re: Adding Packages and Ports
On Mon, Feb 02, 2004 at 03:34:33AM -0500, Krikket wrote: I'm going to hold off on replying for a day, while I give this stuff a shot, but this part does raise a question for me... On Mon, 2 Feb 2004, Matthew Seaman wrote: Those packages are what goes onto the FTP sites, and a sample of the most popular ones go into the install CDs -- there's *far* too much stuff to fit all of it onto a 4 CD distribution set. I got my copy of FreeBSD by downloading the isos. CD 1 2 and mini. That's all that was available. CD #1 was the only CD that was ever asked for by the system. Where do the other CD's come into play? What's the difference between the isos and the 4 cd set? (Aside from the number of CDs...) I haven't seen anything that directly answers this. I'm more than willing to support the BSD project, assuming the OS meets my needs (and so far it looks like it probably will) I was just planning on starting with the BSD stuffie. 8^) And the BSD books... The isos on the FreeBSD site are what's distributed as disks 1 and 2 of the 4 CD set. You only get the other two CDs (which contain various selected packages) if you buy a set from FreeBSDMall or Deamon News' bsdmall. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: conf/62230: log-in-vain issues it's msg every time 'mail'command is used.
On Mon, Feb 02, 2004 at 08:32:30PM +0100, Didier Wiroth wrote: Hi, I thought I would share my experience, with log_in_vain. :-)) When setting: sendmail_flags=NO Sendmail only listens to 127.0.0.1 I only need sendmail to send daily/weekly/monthly reports. Every time the security report is sent, I have these entries too: Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:49161 flags:0x02 Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:49163 flags:0x02 There are not hundreds of entries of course only 6 or something depending of the quantity of sent mails If you add: define(`confTO_IDENT', `0')dnl to your /etc/mail/`hostname`.mc and rebuild and reinstall you sendmail config in the usual way, it will stop sendmail(8) trying to use the ident service at all. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: clock not keeping time
On Fri, Feb 06, 2004 at 10:26:51PM -0600, Earl wrote: I change the clock to the correct time. And the next day when I log in the time is worng. How can I fix this. So that it will keep the correct time. In general, use ntpd(8) to synch your sytem clock to various time servers on the net. This works well on a broadband or always-on connection, but be warned that it will bring up a dial-up line about every twenty minutes, so it's probably not what you want in that situation -- an alternative in that case is to use ntpdate(8) out of your /etc/ppp/ppp.linkup script. Here's a sample /etc/ntp.conf that you can probably just drop into your system. See http://fortytwo.ch/time/ for details of the 'pool.ntp.org' system. Replace the nework number and netmask in the 3rd line with the ones appropriate to your site: restrict default nomodify nopeer # Restrict access ... restrict 127.0.0.1 # ... except for me ... restrict 192.168.0.0 mask 255.255.255.0 # ... an the local net server pool.ntp.org server pool.ntp.org server pool.ntp.org pidfile /var/run/ntpd.pid driftfile /var/ntp/ntp.drift See also the lists of public stratum 2 servers at http://www.eecis.udel.edu/~mills/ntp/clock2a.html for some more servers if you need them. Plus consult your ISP -- most will make NTP servers available for their customers. To turn on NTP using the ntp.conf above in your system add: ntpdate_enable=YES ntpdate_flags=-b -s pool.ntp.org xntpd_enable=YES xntpd_flags= to your /etc/rc.conf (The 'xntpd' bit is historic -- ntpd(8) was called xntpd(8) for some time). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Repeated connection attempts in daily output
On Sat, Feb 07, 2004 at 10:22:06AM +0100, Colin Raven wrote: Connection attempt to TCP 217.xxx.xxx.xxx:6881 from 12.215.41.59:1519 flags:0x02 The well known ports number list from iana.org shows port 1519 as follows: vpvd1518/udpVirtual Places Video data vpvc1519/tcpVirtual Places Video control but there's no mention of 6881. Ports 6881-6889 are used by BitTorrent. It's probably not a malicious attack. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Share/Freeware to see FBSD from Win_XPproSP1?
On Sat, Feb 07, 2004 at 08:10:13PM -0500, Peter Leftwich wrote: Is there a program (go-between) that I can use to read my FreeBSD slices from Winbloze XP Pro SP1? I need to clean up some old OSs, make space...! Not within the same machine. You can obviously run Samba on a FreeBSD box to export the filesystems to a WinXP machine, but there's not support in WinXP for being able to read a BSD filesystem. There are products that will let you read the Linux ext2/ext3 filesystems from Windows: eg http://www.mount-everything.com/ -- but nothing for FreeBSD filesystems. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: sendmail to a smarthost?
On Sun, Feb 08, 2004 at 09:31:10PM +0800, Zhang Weiwu wrote: Hello. In my LAN the DNS server is my ADSL modem ... small device that cannot do MX type of address lookup. I wish to configure a fax server (FreeBSD 5.2 + Hylafax) in the LAN to send emails to a group of people upon receiving fax. The problem is hylafax fax server can only use sendmail to send fax notification, but sendmail can send out emails only when it knows receipiant's MX ip. The only way I can think of is to let sendmail send mails by using my ISP's smtp server (need login). But I read sendmail(8), I didn't find how to configure sendmail to do this, nor did I find such information on the handbook. I'm not familiar with sendmail config. Setting up a smarthost is simple. Just do the following: # cd /etc/mail # make (this will create a file `hostname`.mc if it doesn't already exist) # vi `hostname`.mc Modify the line to remove the comment (dnl) and put in your ISP's smart host: dnl define(`SMART_HOST', `your.isp.mail.server') so that it reads: define(`SMART_HOST', `smtp.example.com') Note the distinction between the left hand (`) and right hand (') side quote marks. Save the results. Now process those into a sendmail configuration file and install them and restart sendmail as follows: # make install # make restart-mta In order to suppress sendmail doing DNS lookups for MX records, you should be able to use the standard sendmail feature of putting the hostname in [square brackets]. This may or may not work -- you'll have to do some experiments. First of all try putting the square brackets into the SMART_HOST define above: define(`SMART_HOST', `[smtp.example.com]') If that doesn't work, you can try using the mailertable functionality. Create a file /etc/mail/mailertable containing the line: .relay:[smtp.example.com] and process that into a .db format hashed file by: # make -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Funky characters in KMail 1.5.4
On Mon, Feb 09, 2004 at 05:05:43PM -0500, Gerard Samuel wrote: Im not sure what to google for, so Im checking here to see if any other FreeBSD users experience this. Every now and then my emails that I send contain extra characters like =2D and =46 I have no idea what is causing it, and Im hoping someone on here can direct me to something on the net to help me correct this. Thanks for any advise you can pass along... That's something to do with the quoted-printable MIME type used in the body of many e-mails. See RFC 2045, section 6.7 at, eg: http://www.faqs.org/rfcs/rfc2045.html However, your mail client should translate those character escapes back to normal text before displaying it -- perhaps you're seeing the escapes in some messages because those messages don't have the correct MIME type in the headers? Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: HP jetdirect printer installation
On Tue, Feb 10, 2004 at 10:01:44AM -0500, Tom Hollingsworth wrote: Is there a utility similar to hppi for Solaris to install HP jetdirect network printers under FreeBSD? Nothing obvious that has specific support for JetDirect features. However JetDirect printers work well with just about any Unix printing software -- either the system supplied lpd(8) or the currently fashionable CUPS. If you're using lpd(8), then look at installing the print/apsfilter port, which add a raft of filters for automatically translating a number of file formats into postscript for printing. CUPS has similar functionality, and also supports using PPD files to provide support for the options provided by your printer. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Pnmscale on 4.8 i386 stable
On Fri, Feb 13, 2004 at 01:05:06PM -, Dave Carrera wrote: I cant find pnmscale on my system anywhere :-( How can I get it ? It's part of the netpbm suite of programs, available from ports in graphics/netpbm: % pkg_info -W /usr/local/bin/pnmscale /usr/local/bin/pnmscale was installed by package netpbm-10.20_1 Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Pnmscale on 4.8 i386 stable
[The graphics/netpbm port] On Fri, Feb 13, 2004 at 01:49:11PM -, Dave Carrera wrote: I do not have the port skel on my system so how do I get the port local to make it ? Well, assuming that the obvious recourse of just using cvsup(1) to grab the ports tree is not feasible for you -- it's only about 275Mb for the whole tree and the procedure for doing that has been discussed ad nauseam in this list and in many other places, principally the Handbook -- then you've got two options: 1) Install the pre-compiled version of the port from the FreeBSD packages collection. You will also need to install all of the dependencies of the package, which are: % pkg_info -r netpbm\* Information for netpbm-10.20_1: Depends on: Dependency: jpeg-6b_1 Dependency: png-1.2.5_3 Dependency: tiff-3.6.1_1 Dependency: jbigkit-1.5 You can download packages compiled for 4.x from eg. ftp://ftp.uk.freebsd.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics where there are packages for all of the requirements, although some are a version behind the latest. Then just use pkg_add(1) to install them. Note that these packages will have been compiled on 4.9-STABLE, but they should still work OK on 4.8. 2) Use cvsup(1) to get the core parts of the ports system (that's the 'ports-base' collection in cvsup terms) and seeing as you've got to set up cvsup(1) anyhow, you might as well grab 'ports-graphics' as well. If you don't pull down 'ports-graphics', instead you can go to the cvsweb interface and use the Download this directory in tarball link. eg: http://www.freebsd.org/cgi/cvsweb.cgi/ports/graphics/netpbm/netpbm.tar.gz?tarball=1 You'll need to grab the tarballs for all of the dependencies as well. Just untar those directories anywhere on your disk, and so long as /usr/ports/Mk and /usr/ports/distfiles exist you can compile and install at will. In both of these cases, you need to install the dependencies first, and then install netpbm. On the whole it is much, much easier just to grab the whole ports tree, in which case you need do no more than a 'make install' inside /usr/ports/graphics/netpbm and all of the dependencies will be installed for you automatically. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: MFS on new server.
On Sat, Feb 14, 2004 at 02:48:18AM -0800, Gary Kline wrote: When my new DNS server is finished I'm planning to create around a 512MB memory file system. An Onlamp article gives some basics. But how would I cp (say), gcc, sendmail, and bind to this new fs? Or am I looking at this the wrong way? Unless you're talking about a vnode backed MFS (as generated by vnconfig(8) on 4.x or 'mdconfig -t vnode' with 5.x's generic mdconfig(8) command) you're going to have to rebuild everything you put onto the MFS every time you recreate it. That's not the usual way of doing things -- generally a MFS is used for ephemeral data created as the application runs. On the other hand, if you're running on a vnode backed setup, then from the point of view of populating it with files, it's just like any other filesystem. Any advice, tips, or sharing will be greatly appreciated. Hmmm... Well, the copying can be done by all manner of means. rsync(1), tar(1), find(1)/cpio(1) spring to mind. pkg_add(1) works well -- maybe with a modified $PREFIX. Building a custom package containing everything you want to install in your MFS so that you can just re-install it at will would be quite a nifty idea. Even cp(1). If you're using a vnode backed area for a thick jail(8), then you can install a base system on it by: # make installworld DESTDIR=/jail/192.168.0.2 (assuming that's where you mount your jail...) If you then either do a loopback nfs mount or a null mount of /usr/ports onto the jail (see mount_nfs(8), mount_null(8)), or even just install a separate copy of /usr/ports, you can compile and install ports from within the jail as just if you were in the base system. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: MFS on new server.
Gary, On Sat, Feb 14, 2004 at 11:09:00AM +, Matthew Seaman wrote: On Sat, Feb 14, 2004 at 02:48:18AM -0800, Gary Kline wrote: Your mailing system anti-spam filters are a bit too hair triggered. You're bouncing the ham as well as the spam... - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 550 5.0.0 No SPAM) - Transcript of session follows - ... while talking to ns1.thought.org.: MAIL From:[EMAIL PROTECTED] 550 5.0.0 No SPAM 554 5.0.0 Service unavailable Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: IPFW ruleset not working... advice? WAS Re: Running processes...
On Sat, Feb 14, 2004 at 01:15:07PM -0600, Eric F Crist wrote: Hey, thanks! I changed all the rules so they read: allow ip from any to me port and added the rule: allow ip from me to any at rule 50 All seems to work now! Does anyone have any suggestions on how to make this system even tighter? Thanks. Yes. Use the stateful rules feature. Instead of opening up outgoing packets to everywhere, the keep-state rules dynamically open up a point to point connection that remains open while traffic is flowing beteeen the two systems, and times out after traffic stops or the connection is closed. A very minimal partial ruleset to allow incoming SSH, HTTP, HTTPS, SMTP and outgoing DNS lookups would look like: 00100 check-state 00200 deny log tcp from any to any established 00300 allow tcp from any to me 22,25,80,443 keep-state in recv fxp0 00400 allow udp from me to any 53 out xmit fxp0 00500 deny log ip from any to any [The 'in recv fxp0' and 'out xmit fxp0' stuff is optional: all it does is filter packets according to what interface they are traversing and in what direction. Remember to substitute the correct device name for your network interface.] Although at first sight, this would appear to block all tcp traffic except for the first 'SYN' packet, and not permit any incoming UDP traffic at all, the 'keep-state' flag in rules 00300 and 00400 generates dynamic rules that permit packets to flow in response to the packet that triggered them. Those rules are effectively inserted into the ruleset at the 'check-state' line (or at the first occuring 'limit' or 'keep-state' line). Use 'ipfw -d list' to show all active dynamic rules. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: background process limit?
On Sat, Feb 14, 2004 at 08:11:59PM +0100, Hugo (6s-gaming.com) wrote: Is there a way to limit background processes ? I need to separate these from foreground processes, but can't find a way to. Any ideas? There isn't really any way of distinguishing foreground and background processes apart from typing 'jobs' at the shell prompt. 'Foreground' and 'background' processes are concepts specific to your shell -- as far as the system is concerned, a process is a process, and it doesn't care if that's the process currently accepting interactive input from the tty or not. You can use the limits(1) command or the settings in /etc/login.conf to limit the total number of processes are user can run, which effectively prevents them from spawning too many background processes. You can set the 'maxfiles' limit quite high if the intent is to prevent your users from forkbombing your machine -- that will avoid interfereing with normal usage. If the problem is that your system is running out of resources to cope with the number of users and processes on it, then you're probably better off looking at each users' datasize, filesize, cputime, memoryuse and/or virtualmem limits as well. However, don't be too draconian or your users will become quite irate as their legitimate processes start to get killed off. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: 3,000+ DNS /./ANY/ANY requests - ...resent...
On Sat, Feb 14, 2004 at 09:03:14PM -0700, fbsdq wrote: Sorry about the earlier question, that was more or less just blank Hello, About a week ago I started noticing 3,000 or more requests coming from several ips for the following DNS queries: XX+/128.255.203.200/./ANY/ANY XX+/193.201.105.4/./ANY/ANY Those are just two examples, but each IP - I have about 20 of them now create 3,000 or more queries within several minutes. All the queries are exactly the same for ./ANY/ANY.any idea what those queries are? or what they are trying to do? Curious. Are those IPs taken literally from your log files? One of them belongs to the University of Iowa and the other to belongs to Millenium Communications S.A. in Poland. Seems that some arbitrary collection of machines are trying to do arbitrary lookups on your DNS servers. Have you configured your nameservers so that they will refuse to do recursive queries for strangers? There's various cache poisoning tricks that can be done if your DNS server is both recursive and authoritative for your own domains. There's some good pages about how to secure various versions of BIND at http://www.boran.com/security/sp/bind_hardening8.html http://www.boran.com/security/sp/bind9_20010430.html Those are aimed mainly as Solaris users, so there's whole sections about how to compile which you can just skip over. The 'take home' point is how to use the 'allow-query', 'allow-transfer' and 'allow-recursion' configuration directives correctly. Also how can I create an 'ipfw' rule to block an ip if XX amount of connections come in within XX amount of minutes/seconds?? Right now I manually block them, and yes those IP's try a day or so later to DNS bomb (?) my machine. I think my approach to this would be to write a script that trawls through /var/log/security or your DNS server logs picking out the malefactors and then writes and inserts appropriate IPFW rules -- probably on an hourly basis. Clever use of ipfw's 'set N' syntax will make administering mixing in these machine generated rules together with your other rules much easier. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Newbie Questions Regarding SU Command Running Periodic Updating
On Sun, Feb 15, 2004 at 10:20:12AM -0500, [EMAIL PROTECTED] wrote: Question # 1: When I type 'su' and subsequently type in my password, I am taken to the root. However, certain programs; i.e., 'portupgrade' will not run. If I then subsequently type 'su' I a, presented with a new prompt although no password is requested. I can now run programs like 'portupgrade' without incident. I am unable to find any documentation that states I should be running the 'su' command twice. Can someone explain to me what is happening here? Is this normal. Exactly how many levels are there? I thought that there were only two: the log in level and root level. Is there a third level or is this some sort of fluke. Yes. You're right that there are only the two privilege levels -- root vs ordinary users. What you're seeing is due to a different effect. The first time you su(1) you become root, but your shell environment is not set up the way you expect. Specifically you don't have /usr/local/sbin on your $PATH, so when you type 'portupgrade' at the prompt, the shell can't find the executable. You should be able to type '/usr/local/sbin/portupgrade' and have things work as expected. The second time you type su(1), it takes effect without asking for a password, since the super user can become any other user without giving one. However, changing from root to root normally isn't usually very productive. Usually when you su(1), the shell environment is left the same except for the USER, HOME and SHELL environment variables, which are reset appropriately for the new userid. However, settings in the target login's .cshrc or .profile or .bashrc or whatever will take effect exactly as for starting up any new shell. There are some flags to su(1) to modify that behaviour: '-l' (or just '-') says simulate a full login by the target user, and '-m' does the opposite -- leaving the original environment unmodified. My guess is that the behaviour you are seeing is because either the su(1) command is aliased to add in some other options, or that you have something in root's shell initialization files which is causing the effect. On general principles, I'd recommend you to install and use sudo(8) instead of su(1) -- it has much finer grained access controls, you don't need to give out the root password in order to let people run commands with root privilege and it logs everything done with it. Question # 2: Second, while typing in search terms in Google, I came across this web site - http://andrsn.stanford.edu/FreeBSD/newuser.html You will notice the entry about updating the database for the 'whereis' and 'locate' commands. I have read the manual on 'locate' and tried running the files mentioned manually, but alias all I receive is an error message that the command does not exist. Again, I have no idea what I am doing incorrectly. Any assistance would be appreciated. The database update will happen automatically, overnight, in the wee small hours of Saturday morning. So long as you leave you machine running, that is. You can manually update the 'locate' database by running (as root): # /etc/periodic/weekly/310.locate and similarly for whereis: # /etc/periodic/weekly/320.whatis Those should run without errors -- if you still have problems, please feel free to e-mail here again, including the exact output of running those commands. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Firefox Process Not Exiting
On Mon, Feb 16, 2004 at 09:15:43PM +1100, Gautam Gopalakrishnan wrote: On Mon, 16 Feb 2004 00:12:56 -0500 Daniel R. Curran [EMAIL PROTECTED] wrote: I am wondering if anyone else has this issue and if there is a fix for it. When I run firefox and then exit the program the process remains resident, and it starts eating up the CPU. Does anyone know of a fix for this. I have been manually killing the process, but this seems like a horrible way to work with the program. One more vote from me. Same behaviour with firebird too. So it's not newly introduced... I've seen this happen with all of Mozilla, Firebird and now Firefox. It's only certain web sites that trigger the effect, and it seems to happen on sites which make use of a large amount of Flash stuff -- the effect is even caused by Macromedia's test page at http://www.macromedia.com/shockwave/welcome/ -- although quite often what happens is that the flash infexted page will only load once (if at all) and after that the whole browser freezes up and has to be killed from the command line. I'd say it's more likely a bug in the linuxpluginwrapper or linux-flashplugin ports. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Scripts
On Mon, Feb 16, 2004 at 11:40:56AM -0500, Eric Toll wrote: I'm trying to feed a text file into a script. Script is suppose to take relevant parts and output them to a new file... Script is marked executable... less textfile | script.pl Usually you would do that by: % script.pl textfile People often abuse cat(1) in this sort of case: it's the first time I've seen anyone do it with less. script.pl: Command not found. What gives?? This typically means that the #! line in the script is incorrect -- for a perl script you need: #!/usr/bin/perl as the first line -- possibly with some extra flags. This assumes you actually have perl installed. perl-5.005.03 comes with the base system in 4.x, but in 5.x you have to install one of the perl ports -- perl-5.8.2 is now the default perl under 5.2 or above. In any case, remember to run the 'use.perl' script after installing or before de-installing a perl port. Nb. There are all sorts of weird ways of setting up the #! line of a perl script floating around the perl community, but those really are a waste of time on FreeBSD (or most modern unices for that matter). Stick with the tried and true simple way unless you have an overriding reason to do otherwise. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: phpMyAdmin not loading MySQL extensions
On Mon, Feb 16, 2004 at 12:31:28PM -0600, Tweax Daemon wrote: I'm having trouble configuring phpMyAdmin. I guess from when I try to view it in a browser I get the message unable to load mysql extensions the msql link re-directs me to the phpmyadmin site where its states about it can't load mysql.so which is on my system I tried placing it in the same directory but that didn't work. Changing many things in the config.inc.php file but I still get the same error. Has anyone been successful at getting phpMyAdmin to work on FreeBSD 4.8, if so please info me Works fine for me. I assume you have compiled up php with the mysql support included? It's in the default configuration, so it should be there even if you've installed packages from the FTP sites. In any case, look at the output of the phpinfo() function to verify that you have compiled it with all of the right options: % /usr/local/bin/php EOF | grep MySQL ? ? phpinfo() ? ? EOF MySQL Support = enabled Now it does sound as if you don't have libmysqlclient.so on your library search path. Try running these commands and compare the output to what I get: % ldd /usr/local/libexec/apache/libphp4.so | grep mysql libmysqlclient.so.12 = /usr/local/lib/mysql/libmysqlclient.so.12 (0x28608000) % ldconfig -r | grep mysql search directories: /usr/lib:/usr/lib/compat:/usr/X11R6/lib:/usr/local/lib:/usr/local/lib/mysql:/usr/local/lib/compat/pkg:/usr/local/lib/pth 166:-lmysqlclient_r.12 = /usr/local/lib/mysql/libmysqlclient_r.so.12 167:-lmysqlclient.12 = /usr/local/lib/mysql/libmysqlclient.so.12 At a guess the problem is that you don't have '/usr/local/lib/mysql' on your shared library search path. You can fix that (as a one-off) by: # ldconfig -m /usr/local/lib/mysql after which the ldd(1) and ldconfig(8) commands above should show libmysqlclient.so being correctly located. Then restart apache: # apachectl graceful and the PHP module should pick up the required MySQL stuff. Don't worry if the .so version number on your system is different -- I'm running mysql-4.0.18 which implies libmysqlclient.so.12. Other MySQL versions will be different. You can preserve the ldconfig setup, or rather recreate it on each reboot, by putting: ldconfig_paths=/usr/lib/compat /usr/X11R6/lib /usr/local/lib /usr/local/lib/mysql into /etc/rc.conf. Cheers Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: How-to get anonymous FTP to use port 6021
On Mon, Feb 16, 2004 at 02:56:34PM -0500, JJB wrote: How can I tell the inetd anonymous ftp server to listen on an different port other that 21. I tried adding port 6021 in the /etc/services file but that did not work. Don't change the default ftp port number in /etc/services -- instead add your own line, eg: mycustomftp6021/tcp Then add a line lie so into /etc/inetd.conf: mycustomftpstream tcp nowait root/usr/libexec/ftpd ftpd -l and restart inetd: # kill -HUP `cat /var/run/inetd.pid` Note that this may well result in port 6020 being used for the FTP data channel -- you'll need to make sure your firewall rules permit that. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: newbie problem building fetchmail from ports
On Mon, Feb 16, 2004 at 02:10:11PM -0500, Marty Landman wrote: Any advice on what to do here? === Configuring for gettext-0.11.5_1 That's an ancient version of gettext -- are you using a copy of the ports tree you got from the installation CDs? At a guess, you're running FreeBSD 4.7... Current version of gettext in ports is gettext-0.13.1 which provides libintl.so.6 Come to think of it, fetchmail is now at version 6.2.5 in ports so you must be using an old ports tree. However so long as all the sources are still available for download, you should be able to install. The problem appears to be due to this target in the devel/gettext port Makefile: pre-configure: ${RM} ${WRKSRC}/doc/gettext.info* which was removed with version 1.42 of the port Makefile -- you, I suspect have version 1.38. You could try just editing the Makefile to change those lines to: pre-configure: -${RM} ${WRKSRC}/doc/gettext.info* (ie. insert a '-' before the ${RM}) -- that will cause make to ignore any error code produced by trying to remove some files that weren't actually there in the first place. Cheers, Matthew PS. If you're tempted to update your whole ports tree to the latest, you should be aware that there have been some incompatible changes in the pkg_foo tools which will cause you grief on a 4.7 system. There's a sysutils/pkg_install port you can install to help things out. Most things should work OK, but you'ld have to upgrade the system to a supported version to be sure (ie. 4.9 or 5.2). -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: md5 check
On Tue, Feb 17, 2004 at 10:46:21AM +0100, Albert Shih wrote: Hi, I've see long time ago there are some md5 signature in /var/db/pkg/*. I Do you know some basic command to check this signature with the real binary ? For example if I want known when some user change my /usr/local/bin/bash to /usr/local/bin/bash-hack pkg_info -g pkgname Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Error 127 During Makeinstall of 4.8 to 4.9 Upgrade
On Tue, Feb 17, 2004 at 08:36:13AM -0500, Bob Perry wrote: If the problem still persists, I'll have to consider another OS. As I mentioned earlier, this is not a testbox. I was attempting to upgrade from 4.8 to 4.9 and the program stopped during the makeinstall phase with the following error messages: ==gnu/usr.bin/groff/font/devascii Making R expr: not found ***Error code 127 This is a well known problem and it and the solution may be easily found by googling. The clock on your system is wrong. Set the clock to the correct time and start again with 'make buildworld'. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: bond two interface together
On Tue, Feb 17, 2004 at 12:38:05PM -0500, Michael Goodman wrote: Is there a way in FreeBSD to bond two NIC's together? I'm using a ethernet TAP to monitor traffic. Thanks. See ng_one2many(4) -- that's a mechanism for bonding together several NICs in order to get better throughput, which looks like what you need. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: can't connect to ftp server
On Tue, Feb 17, 2004 at 12:04:51PM -0500, Marty Landman wrote: Well, I know more than before and I can get sftp access to my fbsd box so yes. Now I gather the problem is that the machine isn't listening on port 21; is that supposed to be controlled by inetd? What do I do now? Kinda obvious, but is inetd(8) running at all? If it is running, did you restart it after editing the configuration file? To make inetd(8) start automatically on reboots add this to /etc/rc.conf: inetd_enable=YES You might want to tweak inetd's runtime flags something like the following: inetd_flags=-wWl -R 1024 -c 128 which makes inetd log every connection to it and imposes some limits on the number and rate of connections inetd will accept. In order to make inetd(8) reread it's config file: # kill -HUP `cat /var/run/inetd.pid` You should now see something listening on port 21 -- if you still can't connect by FTP, double check your firewall rules (remember that FTP uses both ports 20 and 21) and /etc/hosts.allow. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: can't connect to ftp server
On Tue, Feb 17, 2004 at 02:48:14PM -0500, Marty Landman wrote: At 01:25 PM 2/17/2004, Matthew Seaman wrote: Kinda obvious, but is inetd(8) running at all? # ps -ax | fgrep inetd 20482 ?? Is 0:00.01 inetd start Right -- this is where the problem is. inetd(8) doesn't understand 'start' as a command line argument. It's not like the startup scripts in /usr/local/etc/rc.d -- those are wrappers that start the required processes themselves, whereas inetd /is/ the required process itself. Try this: # kill 20482 # /usr/bin/inetd -wWl -R 1024 -c 128 Then you should find your ftp service working OK. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Error 127 During Makeinstall of 4.8 to 4.9 Upgrade
On Wed, Feb 18, 2004 at 12:52:48AM -0500, Bob Perry wrote: I googled (first time ever for FreeBSD issues) as suggested and found the message you referred to. My system date/time was 5 hours off, if I remember correctly, so I set the time with 'date 0402172134' and started my upgrade again with 'make buildworld'. Everything ran smoothly, except for mergemaster...still not 100% with that function yet. I rebooted successfully, around 12:30am but my system clock is back to the 5-hour difference as before reading 5:30 am. Must have set it incorrectly. Will have to read the man date page more thoroughly. It sounds to me as if your bios or CMOS clock is set to wall-clock time, which is the norm for windows systems, rather than to UCT, which is the norm for Unix systems. We can also deduce that you are probably located on the US East coast... Since the system clock is set from the bios clock at reboot time, this explains the observed symptoms. You can fix this behavoiur using /usr/sbin/tzsetup -- the first dialog asks: Is this machines CMOS clock set to UTC? If your machine is dedicated to FreeBSD you should answer 'Yes'. If you have a Windows partition on the machine that you sometimes boot into, you should answer 'No'. Then go through and choose an appropriate timezone for your machine. If you answer 'No' to that question, a zero-length file /etc/wall_cmos_clock will be created, which cues the system to account for the difference between wall-clock and UCT when referring to the CMOS clock. Otherwise, you should go into your system BIOS and set the clock to the correct UCT time. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: can't connect to ftp server
On Tue, Feb 17, 2004 at 04:34:04PM -0500, Marty Landman wrote: Something related which I'd like to understand Matthew. I don't know what the base install ftpd is as # /usr/libexec/ftpd -V ftpd: illegal option -- V ftpd: unknown flag -V ignored # /usr/libexec/ftpd -v # However I installed wu-ftpd from the ports yesterday and it's in /usr/local/libexec/ftpd so I changed /etc/inetd.conf accordingly and then did kill -HUP `cat /var/run/inetd.pid` and for laughs (or developing the understanding now that navigating unix is similar to driving in New Jersey) I tried ftp'g into my box w/o first (starting) inetd and I got in, and ps -ax showed inetd running as well. Yet I don't see in the man pages for inetd(8) where any of these options imply automatic restart. There's two ways of running ftpd(8) -- either out of inetd(8) or as a standalone process. Some software packages will do one, some will do the other and several will do both given the correct configuration. The system ftpd(8) assumes that it is going to be run out of inetd(8) -- which means that inetd(8) is going to do all the grunt work of receiving any incoming connection and then fire up ftpd(8) with it's standard in- and outputs already connected to the network socket. If you try and start a daemon designed to work with inetd from the command line, as you showed, it will either sit there waiting for input on stdin or close down immediately. Most of the other FTP server ports are intended to run standalone -- that is the ftpd process runs continually and manages all of the incoming connections to port 21 itself. Generally running these daemons from the command line will look as if they just shut down immediately, but actually what happens is that they 'daemonized' themselves: ie. spawn another copy of themselves, which isn't associated with any terminal (plus various other changes -- see daemon(3), setsid(2) for details). You won't be able to run both inetd(8) providing FTP service and a standalone FTP daemon -- only one process at a time can take control of the FTP port on your system. However, most system level programs like this don't print out error messages on the command line -- rather, they use syslog(3) to write the errors into the system log files. However there isn't any obvious notification to you typing at the console if this sort of thing occurs -- you'll just find that some process you expected to be running isn't and have to go hunting through the log files to work out why. Running ftpd out of inetd is generally appropriate for low-traffic FTP sites or sites where FTP access is only required occasionally. A stand-alone FTPd setup would be more appropriate for a machine tasked with being a full-time FTP server. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Shutdown Problem
On Tue, Feb 17, 2004 at 05:29:20PM -0500, [EMAIL PROTECTED] wrote: ACPI-0159: *** Error: AcpiLoadTables: Could not get RSDP, AE_NO_ACPI_TABLES ACPI-0213: *** Error: AcpiLoadTables: Could not load tables: AE_NO_ACPI_TABLES ACPI: table load failed: AE_NO_ACPI_TABLES I have no idea what that means, but I assume that it has something to do with the problem I am experiencing. Perhaps someone might have some idea what is happening and how to correct it. Unfortunately it seems that ACPI on your system is not supported under FreeBSD at the moment. ACPI should be pretty standard, but like everything in the PC world, there are any number of implementations all slightly different from each other. And mostly done as cheaply as possible, and with the only requirement being that it works with Windows... In order to fix this, you'ld have to get a motherboard using the same chipset into the claws of one of the FreeBSD developers interested in the ACPI stuff. It may have happened already -- but any fix would only be in 5-CURRENT so far and upgrading to that is not recommended except for experts -- so your only other option to get ACPI support is to wait until a new FreeBSD release: 5.2.1 is due out RSN, or 5.3 will be out in a few months. In the mean time, if you're using a desktop system then doing without ACPI isn't too much hardship. You won't be able to power off from the keyboard but application of a forefinger to the power button usually suffices. OTOH, if you're using a mobile then the ACPI power control features are much more important. Ho hum. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Installing stuff somewhere else
On Tue, Feb 17, 2004 at 11:53:06PM +0100, Maarten wrote: what if I have a compilehost on which I build FreeBSD(5) images, and I want to build certain ports, but would like them installed in $imagedir/usr/local/whatever instead of /usr/local/whatever? I'm aware of pkg_add's -p option, but that still happily keeps its administration under /var/db/pkg for instance, when I would like it under $imagedir/car/db/pkg. You can make pkg_add keep it's administrative files in a different location by setting PKG_DBDIR in your environment. Also, what is the smartest way to have 'make installworld' install under something other than / ? Actually, this is a live topic on the [EMAIL PROTECTED] list at the moment. There's a movement to add some patches first developed in 2001 to add a 'DESTDIR' variable to the ports system, which is complementary to the 'PREFIX' variable. Changing 'PREFIX' will install the port into a different location, but it will also cause the port to set everything up assuming that it is going to be accessed from that location. DESTDIR is different -- it will let you install ports/packages to a different location than the location you'll be accessing them from -- eg. installing a port from outside a jail to be accessed from inside it, or installing on a partition which will be NFS exported and mounted on client machines. See ports/28155 and the thread starting at http://lists.freebsd.org/pipermail/freebsd-ports/2004-February/thread.html#9159 Until then, the best route seems to be logging into the jail(8) and installing the ports/packages from there. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: problem making p5-Mysql port
On Tue, Feb 17, 2004 at 04:23:59PM -1000, Baron Fujimoto wrote: I'm trying to build p5-Mysql from ports (as a dependency for bugzilla), but I run into the following error: === p5-Mysql-modules-1.2219 is marked as broken: unknown MySQL version: 323. This is on a 4.8 system with a fresh cvsup. Any tips or pointers would be greatly appreciated. The p5-Mysql port can be built against any of the versions of MySQL currently available in ports by setting the 'WITH_MYSQL_VER' variable on the make(1) command line, or in /etc/make.conf or in /usr/local/etc/pkgtools.conf if you're a portupgrade user. eg: # cd /usr/ports/databases/p5-Mysql # make install WITH_MYSQL_VER=40 which will use the MySQL-4.0.18 client libraries. Seeing that the p5-Mysql port wants to link against a version of MySQL which is no-longer available in the ports tree, you may instead wish to try installing one of the 'databases/p5-DBD-mysqlNN' ports (where NN is the version of MySQL client you have installed) -- these use the standard perl DBI/DBD database system and can are a more actively maintained drop-in replacement for the p5-Mysql stuff. They are also what is recommended on the MySQL website nowadays: http://www.mysql.com/doc/en/Perl.html Works fine with Bugzilla. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: information installation freeBSD
On Wed, Feb 18, 2004 at 09:33:08AM +, Go'K High wrote: I learn that linux have a OS 64bit -- freeBSD 64. I never used linux and I will like to know how could I download it and installed on my AMD 64. FreeBSD is not Linux. However, yes, AMD64 is a fully supported platform which you can run FreeBSD on. Start reading here: http://www.freebsd-fr.org/index-trad.html and there are several Francophone lists you can subscribe to at: http://www.freebsd-fr.org/local-fr/www/spec/support/liste_diffusion.html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: My fault or just Spam
On Tue, Feb 17, 2004 at 07:29:03PM -0600, [EMAIL PROTECTED] wrote: Anyhow, within the month that I've had my server running I've been recieving numerous emails that are obviously malicious to Windows users (i.e. contain an attachment with some random-letters.exe and nonsense about a patch). In short my concern is not that me or my wife will run this, sense we don't use Windows, but whether these emails are just spam or if it is my fault. Not your fault at all. The 'net is being plauged at the moment by a series of Windows worm programs that attempt to spread themselves through e-mail. Once the infect a machine, they send e-mail to addresses listed in uers' address books, and also forge the sender address using the same source. See, eg. http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] This means that you and I, as innocent and uninfected bystanders will be deluged in three types of message as a consequence: i) Messages from the trojan program attempting to propagate itself. ii) Bounce messages from the mailer daemon saying that messages of type (i) couldn't be delivered, sent to the forged sender addresses. iii) Really annoying messages sent by some dim-witted anti-virus software accusing you of sending virus infested e-mails. These are completely pointless, as the sender addresses are forged, and the AV software writers should know that. In fact the huge flood of messages of type (iii) have outnumbered the messages of type (i) in this latest outbreak. AV software writers making themselves part of the problem there, rather than the solution. As FreeBSD users we can, of course, act all smug about this and just set our spam filters and AV software to dump all of the (i), (ii) and (iii) types of message into the bit-bucket. If you want to test your machine to see if it is providing an open relay, go to http://www.abuse.net/relay.html and follow the instructions. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Disk Quota Question
On Wed, Feb 18, 2004 at 11:45:27PM -0500, JJB wrote: Try http://www.freebsd.org/cgi/man.cgi?query=quotaonsektion=8apropos=0 manpath=FreeBSD+5.2-RELEASE+and+Ports -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joel Eddy Sent: Tuesday, February 17, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: RE: Disk Quota Question I've followed the manual on FreeBsd 5.1. Recompiled the kernel with quota options. It is on the /usr file system. everything appears to be running correctly. I've made entries to fstab by the manual also. [...] But when I quota -u USERID I get mail# quota -u USERID Disk quotas for user USERID (uid 1001): none Either I'm missing something or something isn't working. Where do I look next. I sounds to me as if you've enabled all of the quota machinery, but that you need to actually initialise the system and set some quotas for each user on the partition. You need to run quotacheck(8) to initialise the quota.user and/or quota.group files -- that should happen automatically when you reboot, or you can run it manually by: # quotacheck -v -a That may take some time to run, and there shouldn't be any activity on the filesystem while it is being checked -- best way to ensure that is to drop to single user mode while you run it. Having done that, what's the output of: % repquota /usr To set up the quota limits for each user use edquota(1). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: New
On Thu, Feb 19, 2004 at 10:58:54AM -0500, Pedro Sam wrote: On Wednesday February 18 2004 20:30, Robert Huff wrote: Kevin D. Kinsey, DaleCo, S.P. writes: Where is a good place to start? 5.2-RELEASE. Grab the floppies from ftp.freebsd.org and install over the 'Net. If this is your first installation, go with 4.9. 5.x is still rated early adopter; while nothing's exactly broken, there are more likely to be surprises lurking in wait for the inexperienced. Just wondering... if one installed 4.9, would the system be stuck with really outdated userland apps? or would CVSup be able to update the userland ports, without changing the base system? Ummm... you've got a bit of an incorrect idea about how FreeBSD works. The OS consists of the kernel plus the user system (aka 'the world') -- that is, the complete set of system libraries and standard applications. Under FreeBSD all of these parts are developed in synchrony, and all out of a unified source tree. Generally you will always update kernel and world together -- occasionally there may be security updates or the like where you single out a particular application for rebuilding, but that is not a frequent occurrence. The system sources are divided into a number of branches: there is a branch corresponding to each release, known as a 'Release' or 'Security' branch, because the only permitted changes to it are security fixes; and there are two active development branches, known at the moment as 4-STABLE and 5-CURRENT. There are also the old 1-STABLE, 2-STABLE and 3-STABLE branches as well, but those are essentially quiescent nowadays and mostly of historical interest. The 5.x release branches start out as snapshots of the 5-CURRENT branch, and the 4.x releases likewise of the 4-STABLE branch. 5-CURRENT is the real bleeding edge where there is no guarrantee that anything will work at any particular point and the code base is occasionally liable to sweeping and invasive changes. Only system developers should be running 5-CURRENT. 5.x releases are for testing the major new features introduced in 5-CURRENT: they offer a better user experience than raw 5-CURRENT but don't generally come up to the required standards of stability and performance you'ld normally expect from a FreeBSD release. 4-STABLE is the branch for tried and tested changes merged from the current branch. You should always be able to compile and run the latest 4-STABLE sources -- the 'STABLE' in the name does not imply 'unchanging' as the term does in some other projects, but that the system versions so labeled will run with a high level of stability. 4-STABLE is suitable for day-to-day use by ordinary users, although if you're betting your business on FreeBSD, one of the 4.x-RELEASE branches would usually be a better choice. Eventually the 5-CURRENT branch will reach a suitable level of refinement that it will be possible to create the 5-STABLE branch. That's intended to occur with the release of FreeBSD-5.3. Arround that point the current branch will be renamed 6-CURRENT and all of the major development works will be shifted there. 5-STABLE will become the principal target for merging in the tested changes and the releases branched from it will be recommended as the best versions of the OS to run. That's still several months away, at the minimum though. Work on 4-STABLE will gradually tail off and that branch will head for honourable retirement like it's predecessors. 3rd party software -- ports: essentially everything installed under /usr/local or /usr/X11R6 -- is built and updated completely independently of the development of the main system sources. There's only one ports tree and it serves 4-STABLE and any of the release branches, although limited resources mean that testing can only be done on the latest 4.x and 5.x release branches. You can always grab the latest ports tree and compile what you want from source: this generally gives the best results and it's easy enough even for inexperienced users. However, installing pre-compiled versions of the ports, called 'packages' will often be quicker. As complete a set of packages as possible is created to go with each release. Between releases, and as resources allow, updated packages are produced as new upstream versions of ported software appear -- you'll find those in the 'Latest' directories on the FTP sites. However, so long as you use packages compiled for a version of the OS with the same major version number, you should (in theory) be able to use those packages on other versions of the OS than the release they were compiled under. Unfortunately, that's something that cannot be entirely guarranteed. Ports/packages already installed on your system should continue to work even if you upgrade the base system. If you upgrade over a major version number, you will have to install compatibility libraries -- basically a copy of libc.so from an earlier version of the system. This way,
Re: Sendmail rule questions
On Thu, Feb 19, 2004 at 01:11:55PM -0500, Chuck Swiger wrote: Benjamin Meade wrote: Just wondering if sendmail (not procmail) can reject messages from a specific user that are above a certain size? You can control the max message size on a sitewide basis via: define(`confMAX_MESSAGE_SIZE', `2100')dnl ...but I don't believe you can do so on a per-user basis, no. The only way I could think of for doing this would be to create a second set of mailer definitions with the 'M=' (Maximum message size) setting altered appropriately, and custom parsing rules to force the messages sent from a particular address to be delivered via those mailers. Needless to say, that's going to be a pig of a job to set up and configure correctly. You would be better off setting up some sort of Milter or indeed forcing all of the messages to be processed through procmail(8). See http://www.benzedrine.cx/milter-regex.html or http://www.snert.com/Software/milter-sender/ for somethings that might do the job -- except that apparently neither of those can filter by message size. Both are available in ports -- if the term 'Milter' means anything to you, and you're fluent at C programming then adding a check on message size might be possible. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: your mail
On Thu, Feb 19, 2004 at 02:02:32PM -0800, Matthew, Kristina and Ethan wrote: i have a mac osx machine and a freebsd 4.4 machine connected via a crossover cable for a small network. i have been able to figure out NFS, Apache, FTP etc. and so far it's really fun. what i'd like to be able to do is as follows: i have a modem on my bsd box and it connects via ppp to a dial-up isp. i would like to configure such that when i request an internet site from my mac, the bsd box dials up the isp and acts as a gateway until i'm done online, then disconnects... is this possible, is it really complicated? It's certainly possible, and it's not too difficult. Start by setting up PPP on the FreeBSD box -- there's plenty of examples and howtos around to help you do that, particularly: ppp(8) http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/userppp.html /usr/share/examples/ppp I recommend you use the user-mode PPP if you're just using a standard POTS dialup. You will want to use the ppp -nat command line option. Now, put: gateway_enable=YES into /etc/rc.conf, and either reboot or run: # sysctl net.inet.ip.forwarding=1 On your MacOS X machine, set the default route to the IP number of the FreeBSD box on your X-over cable. Set the nameserver IP numbers in /etc/resolv.conf or whatever the MacOS X eqivalent is to the same numbers as on your FreeBSD box (these will either have been provided for you in your ISP's documentation, or automatically as part of the PPP dialup process). That should be pretty much all you need to do: try looking at some Internet sites and see how well it works. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: your mail
On Fri, Feb 20, 2004 at 09:21:07PM +0800, h0444lp6 wrote: Dear list I tried to use mplayer under 5.2R but got /libexec/ld-elf.so.1: Shared object libintl.so.5 not found. What do I have to install to get libintl.so.5 libintl.so is part of GNU gettext -- however, the current version of gettext: % pkg_info -I gettext\* gettext-0.13.1 GNU gettext package installs libintl.so.6: % pkg_info -L gettext\* | grep libintl.so. /usr/local/lib/libintl.so.6 What you need to do is install the up-to-date version of gettext (if you haven't already) and then rebuild all of the ports that link against libintl.so: # portupgrade -fr gettext That may take quite some time, as lots of packages use gettext. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: No Email or FTP
On Fri, Feb 20, 2004 at 10:20:26AM -0500, Grant Peel wrote: In FreeBSD 4.4 and 4.7, is there a way to shut off email and or ftp privledges? (Other than using quota that is). Using sendmail. Yes -- those can both be done. To stop a user FTP'ing into the machine, add their username to the /etc/ftpusers file. Confusingly that's the list of people not permitted to be ftp users... See ftpusers(5) for some more fine grained controls you can have via that file. Note that this stops the users accessing their accounts on the FreeBSD box via any local FTP server -- it doesn't stop them from running an FTP client and downloading stuff from remote sites. If it's the latter that you want, then that's much harder to achieve. You can create a unix group for all of the people permitted to run ftp clients (ftp, fetch, wget, any web browsers, etc.), set the group ownership of those binaries to the ftp-allowed group and change the permissions to mode 0750. Even so, if the user can compile or otherwise obtain their own copy of one of those clients there's not a lot you can do to stop them using it. You can set up ipfw(8) or some other packet filter to prevent anyone making outgoing ftp connections to arbitrary sites -- you could also provide an FTP proxy service on your firewall (use ipfw rules to force everyone to use the proxy, or implement some form of transparent proxying) which requires authentication from the user. Squid can do that sort of thing, as can the fw-tk stuff (although you'll have to write some scripts to wrap around the components provided via fw-tk). Both available in ports. As for e-mail: to prevent a user sending or receiving e-mail, you need to use the access DB feature. Look at /usr/share/sendmail/cf/README, particularly the sections under 'blacklist_recipients' and the stuff under the heading Finer control by using tags for the LHS of the access map. It's also possible to force your users to authenticate before they can submit a message to sendmail(8), but that's not generally done as it's too intrusive. It also entails recompiling sendmail with SASL support and quite a bit of setup work. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Removing system user
On Fri, Feb 20, 2004 at 11:51:03PM +0800, meimi wrote: I have read some document about server hardening. It suggests me removing the following users: operator, games, news, uucp and following groups: operator, staff I can guess that games is used for playing and news is used for reading news in news group. How about the other? Their descriptions in passwd are not clear. Am I safe to remove them in normal server environment (web, mail, ftp, DNS, SSH)? You can certainly remove those users and groups, but it's unlikely to gain you very much and quite likely to cause you some problems. It will certainly make it harder for you to do routine updates on your system, possibly including some security patches. So long as you don't alter the entries in the master.passwd and group files for those entities, you're pretty safe. Those IDs exist mostly to be the owners of various files: note that the shell has been set to /sbin/nologin and the password for those accounts has been locked and that they have no special privileges despite the low UID and GID numbers -- as such they are rather less dangerous than the account you use to log in via. All in all, I wouldn't bother touching those accounts. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: clientmqueue filling up
On Sat, Feb 21, 2004 at 12:20:19PM +, Jonathon McKitrick wrote: I've turned off all my sendmail options, IIRC, but /var/spool/clientmqueue keeps getting filled up with messages about undelivered mail. How can I stop this? NOTE: Please CC me, as I am not currently subscribed. Thanks. Are there any sendmail processes running? If you've got: sendmail_enable=NONE in /etc/rc.conf no sendmail processes should be started at reboot. However, this doesn't prevent processes attempting to send e-mail by piping messages into the standard input of /usr/sbin/sendmail -- which will result in the messages being queued up in /var/spool/clientmqueue as you've discovered. What processes try and do this? Two contenders I can think of immediately are the periodic(8) scripts, and cron(8). To stop the periodic scripts sending e-mail, you need to tell the scripts to log their output to a file rather than e-mailing it to root. Do that by adding: daily_output=/var/log/daily.log weekly_output=/var/log/weekly.log monthly_output=/var/log/monthly.log to /etc/periodic.conf -- just create that file if it doesn't already exist. See /etc/defaults/periodic.conf for other options you can use there. You can, of course, choose whatever log files you prefer, but the files shown above are already set up for automatic log cycling in /etc/newsyslog.conf To prevent cron(8) sending e-mails, you simply need to set the MAILTO variable to an empty value in all of the various crontabs (/var/cron/tabs/*, /etc/crontab). Just add the line MAILTO= near the top of the various crontab files -- for best results, use the command 'crontab -e' to edit the stuff under /var/cron/tabs. There's possibly other commands that try and send e-mail, but I can't think of any right now. You should be able to work out what they are by inspecting the files that end up in /var/spool/clientmqueue. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Is inetd a proxy server?
On Sun, Feb 22, 2004 at 11:58:10AM -0500, Marty Landman wrote: At 11:12 AM 2/22/2004, Matthew Seaman wrote: A proxy listens to all of your request, and then opens up a second connection to the real server (or another proxy) for you and replays your request to it -- so all of the traffic is relayed through the proxy. Newbie here Matthew. Could you please explain how a proxy differs from a router? Or are they in many ways intersecting in their functionality? e.g. I've got a class c network in my office and recently learned how to use apache to reverse proxy a request so that http://my-ip-adr/fbsd becomes the same as http://fbsd, where the latter is mapped to the ip addr for my fbsd box on the lan by apache. (which btw is kind of cool) Sure. A router deals with network traffic at the IP level -- sometimes described as Layer 3 on the OSI 7 layer model. In plain English, the router doesn't care what's inside the packets: it just looks at the IP numbers in the headers and relays the packets appropriately. A router will work for all sorts of traffic -- HTTP, FTP, SSH, SMTP, whatever (unless you've deliberately added a packet filter) -- unlike a proxy, which works at the protocol level: thus you'll get an HTTP proxy or a FTP proxy or a SMTP relay or a DNS recursive server -- the names vary, but they all do proxy service. It's also common for proxies to cache previous traffic and reply out of cache instead of going all the way back to the originating server, but that's not a requirement. Sometimes the software used to implement a proxy is actually identical to the software you'ld use to implement the originating server -- as commonly seen with most MTAs and BIND and occasionally Apache HTTPD as you've done -- although specialised proxying software is more generally used for HTTP and FTP and the like. The point of having inetd(8) is that it provides is a mechanism so that you don't have to have umpty-dozen different small servers running all of the time and taking up your process space. I notice that mingetty runs ~ half a dozen instances on my box, waiting for console users that will never come since as a rule I do everything thru ssh on my windows workstation. And httpd, though I've cut the child process spec down on the apache conf since it's not needed. Of course the saved cycles aren't needed either in my current environment. :) getty(8) is pretty light weight, and it doesn't take much extra memory to run multiple copies of it. It's also the case that while you may not need to log in via the console during normal usage, when you do need console access then you generally need it very badly. Could httpd be set up to run via inetd instead of on its own? If so, is it not typically done this way because it is usually the biggie app on servers? Following that reasoning, if a server were primarily used for ftp would it make sense to remove ftpd from inetd's conf file and instead start it as a service, assuming that were possible? You can run apache 1.3.x through inetd -- see the 'ServerType' directive in httpd.conf: http://httpd.apache.org/docs/mod/core.html#servertype As it says in bright red letters: Inetd mode is no longer recommended and does not always work properly. Avoid it if at all possible. ServerType no longer exists in apache 2.0.x. If you are running a busy FTP site, then yes, running a standalone FTP daemon would be a good idea. However, the server side configuration for most FTP daemons is a lot simpler than for Apache, so it's feasible to run ftpd out of inetd for much higher traffic than it would be for apache. Another common server where there's an option of running under inetd is Samba -- however I think the trend nowadays is to assume that the Samba daemons will run standalone. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Fail to start KDE
On Sun, Feb 22, 2004 at 11:07:52AM -0600, Chris wrote: On Sunday 22 February 2004 10:33 am, Mike Jeays wrote: On Sun, 22 Feb 2004 23:46:54 +0800 Create a file .xinitrc in the home directory, containing the single line 'startkde ' (without the quotes). Then try startx again. Kindly explain the difference between between the following in your .xinitrc file. exec startkde startkde 'exec startkde' replaces the .xinitrc process with the startkde process. 'startkde ' starts up a separate startkde process in the background and then continues executing the .xinitrc process. That may or may not be a good thing -- if the .xinitrc process exits (or the stardkde process that it morphs into in the first instance) then your session will be deemed to have ended and you'll be dumped back at the shell prompt. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: make installworld to only install new/changed files?
On Mon, Feb 23, 2004 at 05:34:08PM -, Rob MacGregor wrote: I have a strange (maybe) desire to be able to only install the new or changed files when doing a make installworld on FreeBSD (5.2 or later ideally). Does anybody know if this is possible? Putting INSTALL=install -C into /etc/make.conf will compare files before installing, and avoid overwriting a file with an identical copy of itself. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: [FAQ pointer] Re: How to start single user mode or safe mode
On Tue, Feb 24, 2004 at 03:38:35AM +0800, Stephen Liu wrote: This one is fine... # fsck /dev/ad4s1a (I suppose boot) but these two aren't: # fsck /dev/ad4s1b (I suppose swap) # fsck /dev/ad4s1c (I suppose /) You can only run fsck(8) on partitions containing filesystems. The 'b' partition is usually a swap area, which doesn't use any sort of filesystem at all. The 'c' partition usually maps to the whole slice -- that is, it overlaps all of the actual partitions you're using for your file systems. You very rarely need to access the 'c' partition specifically -- commands that affect the whole slice nowadays tend to take ad4s1 or the equivalent as an argument. Your /var and /usr partitions probably live on partitions 'e' and 'f' -- possibly 'g' or 'h' as well if you have any other partitions. disklabel(8) will show you what partitions have been allocated. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: MailTracking System On FreeBSD
On Wed, Feb 25, 2004 at 09:57:11PM +0200, Vahric MUHTARYAN wrote: Does anybody know any Mail Message Tracking System on FreeBSD ?! I'm sorry -- I don't really understand what you're asking for. The answer is probably yes, but please explain in a bit more detail exactly what you expect this software to do. Taking a stab in the dark: is it that you want to be notified when a message you send is delivered, or read by the recipient? That sort of thing: 'Delivery Status Notification' comes as a standard feature of sendmail(8) on FreeBSD systems, implemented according to RFC 1894 -- see http://www.faqs.org/rfcs/rfc1894.html (Presumably Sendmail will eventually adopt the updated standard from RFC 3464). You generally see the effect of that in 'bounce-o-grammes' where you're notified that some mesage couldn't be correctly delivered. Most Mail User Agents have some sort of support for requesting such notifications. Unfortunately this standard scheme doesn't cover notifying the sender when a message is actually read, rather than just successfully delivered -- some Mail User Agents have extended the scheme to show that sort of thing, but to ensure success you'ld have to be sending the message to someone using a similar MUA. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: acpiconf for FreeBSD-4.9 ?
On Wed, Feb 25, 2004 at 03:42:54PM -0500, Lowell Gilbert wrote: acpiconf(8) is part of the base system in -CURRENT. 4.x does not support ACPI. It doesn't? % uname -a FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.9-STABLE FreeBSD 4.9-STABLE #56: Thu Feb 19 23:35:17 GMT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 % grep -i acpi /var/run/dmesg.boot acpi0: ASUS A7V266 on motherboard acpi0: power button is handled as a fixed feature programming model. Timecounter ACPI-fast frequency 3579545 Hz acpi_timer0: 24-bit timer at 3.579545MHz port 0xe408-0xe40b on acpi0 acpi_cpu0: CPU on acpi0 acpi_button0: Power Button on acpi0 acpi_cpu: throttling enabled, 16 steps (100% to 6.2%), currently 100.0% Admittedly this isn't the same level of support as occurs in 5.x, but it is there. See the documentation in /usr/src/sys/i386/conf/LINT for 'device acpica' for more details. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Problems after upgrade
On Wed, Feb 25, 2004 at 03:30:36PM -0600, Luis Guzmán wrote: I upgraded my server from FreeBSD 4.6.2 to version 4.8. After this, my passwd file was empty and my master.passwd was gone! I have a backup of these files and now I need to rebuild my users database. Is there a way to do this from my old files? I also need them for my SMB network. Copy your backup master.passwd file to /etc/master.passwd and then run: # pwd_mkdb /etc/master.passwd which will rebuild the password database, including the /etc/passwd file. Nb. If you upgraded your system using the install media, what it will have done is essentially write over your original system with the updated files. That includes giving you a fresh set of the default versions of the files under /etc -- it will backup your original settings for you, but you're going to have to merge those files with the new ones under /etc. This includes particularly such files as /etc/group, /etc/login.conf, /etc/make.conf, your PPP configuration (if you're using PPP) and any other files you've customised. You may find the following commands useful if you need to restore the group or login.conf files: # cap_mkdb /etc/login.conf # cap_mkdb /etc/group (It does no harm to run those if you're not sure whether you need to or not.) Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: How do I turn this off?
On Wed, Feb 25, 2004 at 04:34:54PM -0500, Shaun T. Erickson wrote: When I login, I get a UNIX tip by Dru, printed on the screen. I'd like to turn that off, but haven't located where to do that ... TIA. By default, that's usually just the output of the fortune(6) command rather than a FreeBSD specific tip. However, it's probably from a command run out of ${HOME}/.login (if you're a tcsh(1) user) or ${HOME}/.profile or ${HOME}/.bash_login (if you're a bash(1) user). Other shells probably use one or other of .login or .profile or else their own particular files. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: upgrade problem
On Wed, Feb 25, 2004 at 02:04:20PM +, Jim McIver wrote: Trying to upgrade from Freebsd 4.6 to 4.9...haven't got it working yet, but I am getting strange message from the machine. newsyslog: illegal flag in config file -- N Any idea where this is coming from? You seem to be running an older version of newsyslog(8) with the /etc/newsyslog.conf file from a more recent version. The 'N' flag (meaning don't try and send a signal to any process) was added to RELENG_4 newsyslog on 4th May 2003. This suggests that your attempt to upgrade has failed to update all of the standard system programs -- you'll probably find it easiest to do a 4.6 to 4.9 upgrade by cvsup(1)ing the latest RELENG_4_9 sources, and then doing a full buildworld, buildkernel, installkernel, installworld cycle as detailed in /usr/src/UPDATING and the handbook at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: upgrade problem
On Wed, Feb 25, 2004 at 02:26:08PM +, Jim McIver wrote: On Wed, Feb 25, 2004 at 02:04:20PM +, Jim McIver wrote: This suggests that your attempt to upgrade has failed to update all of the standard system programs -- you'll probably find it easiest to do a 4.6 to 4.9 upgrade by cvsup(1)ing the latest RELENG_4_9 sources, and then doing a full buildworld, buildkernel, installkernel, installworld cycle as detailed in /usr/src/UPDATING and the handbook at: That's what I'm trying to do, but I'm stuck on the error code 127 ...touch when I run 'make installworld' and can't find the solution. Hmmm... You've fixed your clock problems according to another post you made. Try clearing out everything you compiled previously and re-running cvsup(1) to make sure everything has the correct timestamp and permissions: # cd /usr/src # make cleandir # make cleandir (Yes: do this twice in order to get the full effect) # cvsup -g -L2 /path/to/your/supfile and then try compiling again: ie. run 'make buildworld' (the 'make installworld' is failing because it's trying to install something that should have been created during the 'make buildworld' stage, but wasn't). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: cvsup config file
On Thu, Feb 26, 2004 at 07:22:41AM -0500, Ed Budd wrote: On Thu, 26 Feb 2004 11:43:43 +0900 Rob [EMAIL PROTECTED] wrote: Noah wrote: *default release=cvs tag=. ports-all That's how I cvsup my ports tree. So should be alright for keeping up-to-date with STABLE. Uh, doesn't the tag=. reference mean -CURRENT not -STABLE? I think the OP wants tag=RELENG_4_9 or tag=RELENG_4, depending on whether wants the RELEASE with sec patches or 4x-stable. Or is it far too early in the morning for me to be responding to this? The OP was cvsup'ing the *ports* tree. The RELENG_x or RELENG_x_y tags simply don't exist in the section of the CVS repository dedicated to ports, so trying to use them in a ports supfile is exceedingly counterproductive -- in fact, they will result in all of the files under /usr/ports being deleted. The only tag you would want to use for the ports is 'tag=.', ie. the HEAD revision from CVS. There are tags like RELEASE_4_9_0 in the ports tree, but these are intended for the benefit of the people putting together release CD sets rather than for end users like thee and me. Remember, the ports are developed independently from the main system. There is no version of the ports tree for any particular version of the system. There are package sets available compiled for release with the system, which you could describe as Packages for Release Foo, but there's really nothing stopping you using those packages on other release versions with the same major version number. Your success at doing that may not be total if the release you're using is a long way away from the release the packages were compiled under, but, modulo occasional incompatible changes in the pkg tools and other such things; in general it should work. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Boot and MBR.
On Thu, Feb 26, 2004 at 01:11:28PM -0900, Mark Weisman wrote: The second question I have, is can I put the command startx into my rc.conf file to have it boot directly into the x-server? Any help on these two would be awesome. Thanks. Other people have described how you can arrange for startx to be run automatically whenever anyone logs into your system console -- however I'm guessing that isn't exactly what you mean. If you want to set up a system with a graphical login screen, check out xdm(1) --- you can enable that by editing the file /etc/ttys and changing the line: ttyv8 /usr/X11R6/bin/xdm -nodaemon xterm off secure to: ttyv8 /usr/X11R6/bin/xdm -nodaemon xterm on secure xdm(8) is the 'X Display Manager' -- the default look is not amazingly pretty, but you can customise it a bit to make it look nicer: investigate the files in /usr/X11R6/lib/X11/xdm. Note that is you use xdm(8), when you log in the ${HOME}/.xsession script will be run to populate your desktop and start up a window manager, rather than the ${HOME}/.xinitrc script that's run by startx. The two scripts have very similar effects, and you can probably get away with copying one to the other initially. If you're a Gnome user, there's a workalike program gdm(8) you might want to use instead, and I believe the KDE stuff comes with (surprise, surprise) kdm(8). Their documentation should tell you exactly what you need to put into /etc/ttys in order to substitute them for xdm(8). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: The sensitivity of the mouse
On Thu, Feb 26, 2004 at 04:57:02PM -0600, Kevin D. Kinsey, DaleCo, S.P. wrote: Valerian Galeru wrote: Hi all! How can I change the sensitivity of the mouse? I am using the 4.9 release. Read the manpage for moused(8), and look for the -a option. Any flag you want could likely be added to /etc/rc.conf. If you're running KDE, or Gnome, and maybe some other WM's, they can do something similar for you. In Gnome, it's Main Menu | Applications | Desktop Preferences | Mouse For generic X Windows, use xset(1) to control this sort of thing -- the KDE or Gnome menu enties probably rjust run xset behind the scenes for you anyhow. eg: % xset m 2 200 Make the mouse accelerate to twice as fast if you move the pointer more than 200 pixels. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: cp options
On Fri, Feb 27, 2004 at 05:12:24PM +1300, Tom Munro Glass wrote: Linux cp has a --link option that makes hard links instead of copies of non-directories. The FreeBSD cp doesn't appear to have that option. Is there a way of achieving this? Yes. Use find(1)/cpio(1) -- so, to create a 'link tree' of your entire home directory under /tmp, you would do: % cd ${HOME} % find . -print | cpio -pvdl /tmp That assumes that ${HOME} and /tmp are on the same device, which is probably not true, but you get the general idea. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: booting into X (was: Boot and MBR (Gnome))
On Fri, Feb 27, 2004 at 11:45:18AM -0500, Robert Huff wrote: Kevin D. Kinsey, DaleCo, S.P. writes: I did this just last night; this seems to do it (and I was a bad boy, just hacked it w/o looking at the docs) [EMAIL PROTECTED] [/home/kadmin][10:26] #cat /etc/ttys | grep gdm ttyv0 /usr/X11R6/bin/gdmcons25 on secure It is my understanding that booting into X is not encouraged. However, if you (generic) must do it then the ttys method is the wrong way to go. Instead, add the appropriate commands at the end of /etc/rc.local. Errr... I don't know where you got that idea from. There are circumstances where you don't want to use an X display manager, and there are circumstances when you do. For a home or a desktop system, having a graphical display manager provides a much nicer user experience, IMHO. It is true that gdm(1) has had a history of security problems, but I believe the latest version has had all known problems fixed and it is as secure as anything you might use in that circumstance. As for starting the display manager from the RC scripts: this is all very well right after boot up, but it doesn't always mix too well with people logging in and out all the time. /etc/ttys is used to make sure {x,g,k}dm is automatically restarted once the user has logged out -- it's exactly analogous to the way that getty(8) is used to manage logins to tty devices. If you want to run a display manager in daemon mode, that's your privilege, but running out of /etc/ttys is certainly an option -- it's documented that way for xdm and kdm, whereas gdm docs say neither yea nor nay on the subject. People have reported that the ttys method works with gdm -- so long as gdm doesn't daemonize itself and retains control of the console then everything should be OK. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: run perl scrip with post form from apache
On Sat, Feb 28, 2004 at 09:29:56AM -0500, fbsd_user wrote: I keep getting this error message when I try to run an perl script from an apache web page that is trying to post an form. I have mod_perl-1.28 and p5-WWW-Mechanize Method Not Allowed, The requested method POST is not allowed for the URL /sim.pl. Any ideas on how to get this to work? Check your apache configuration -- perhaps you have a Limit/Limit block that forbids POST to that URL. You should see a bit more detail in the httpd-error.log Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: run perl scrip with post form from apache
On Sat, Feb 28, 2004 at 11:11:19AM -0500, JJB wrote: The httpd-error.log has these messages now (2)No such file or directory: exec of /usr/local/www/data/sim.pl failed [client ] Premature end of script headers: /usr/local/www/data/sim.pl The sim.pl file is in that directory and it was given to me as am working script. Check the ownership/permissions on the sim.pl file -- sounds like the apache process doesn't have permission to read and/or execute the file. You probably want it to be mode 555 or 550 with the group set to the same as the apache process. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: run perl scrip with post form from apache
On Sat, Feb 28, 2004 at 12:17:34PM -0500, fbsd_user wrote: All ready had sim.pl set as 770 and owner as www and group as wheel Ah. Then check the #! line at the top of the script -- it should read: #!/usr/bin/perl (possibly with a few flags appended). Make sure you can run sim.pl from the command line -- it will probably just sit there waiting for input, but if you hit Ctrl-D it should print something out. Running 'perl -cw' on the script might be a good idea as well. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Pkgdb Problem -- /usr/local/sbin/pkgdb:35:in
On Sat, Feb 28, 2004 at 03:54:09PM -0500, Bob Perry wrote: Sorry for being so thick, but I get more than just nervous when using the delete command. Do I understand you correctly in that I delete, as in rm, the portupgrade files in /usr/ports/sysutils/ directory and also all of the ruby files in the /usr/ports/ lang/ directory? You can follow the instructions at http://www.freebsd.org/cgi/getmsg.cgi?fetch=1562140+0+current/cvs-ports from the original commit message. There's probably a more streamlined way of doing the upgrade, but this procedure works pretty smoothly. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: question on cut/paste in Gnome.
On Sat, Feb 28, 2004 at 07:31:56PM -0800, Gary Kline wrote: I've got Gnome set up as my default GUI on my new DNS server. (Seems much improved over the older RH8 version.) But how do I paste things? Clicking with first/third mouse buttons designate the string or area I want; it should be in the buffer. But the middle button (oR firstthird) buttons don't paste. The right mouse button pops up small rectange with a Paste area, but this doesn't work. If it doesn't work the X-windows way, then it probably works more like the way it does in windows: use the left mouse button to select the text, then right click to get a popup menu which should have 'cut' and 'copy' entries. Select whicher you require. Then left click to move the cursor to the insert point, right click to bring up the menu and select paste. You may also find that you can select the area, then left mouse down on the selection and drag to where you want it to go. (Which is a feature of OpenOffice that I personally hate because I want left mouse to *always* select text.) It's possible that you may have difficulty cut'n'pasting between applications that use different paradigms -- there may be more than one cut-buffer under the hood as well. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: NFS sharing /usr/ports and /usr/src
On Sun, Feb 29, 2004 at 05:45:33PM +1300, Tom Munro Glass wrote: I want to NFS share /usr/ports and /usr/src from a master machine for use by other machines. If I specify -network and -mask options for each share, I get the error: mountd[101]: can't change attributes for /usr/src mountd[101]: bad exports list line /usr/src but if I don't have any options, the share works OK? What am I doing wrong? You've probably got /usr/ports and /usr/src on the same disk partition. You can't export two chunks of the same partition to the same set of client hosts with different flags. Not only that, but you can't do anything that even smacks of changing the flags between two exported subdirectories on a single partition. Or in other words, it's the partition that gets exported, rather than the particular directory trees you specify. I think, although I could be wrong, that if you export, say, /usr/src which happens to reside on the /usr partition, then an NFS client can be persuaded to access files from anywhere on the /usr partition. What you should do is put the two subdirectories on the same line in the exports file: /usr/ports /usr/src -network 192.168.0.0 -mask 255.255.255.0 Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Athlon
On Sun, Feb 29, 2004 at 12:12:02PM -0600, Teilhard Knight wrote: Just a couple of easy questions for you. Is a machine with an Athlon processor 1.4 MHz an i386 machine? And if so, what kind of processor should I select in my kernel? i586, or i686? One of these? CPU: AMD Athlon(TM) XP1600+ (1400.06-MHz 686-class CPU) Origin = AuthenticAMD Id = 0x662 Stepping = 2 Features=0x383f9ffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PA T,PSE36,MMX,FXSR,SSE AMD Features=0xc048MP,AMIE,DSP,3DNow! As /var/run/dmesg.boot says, it's a 686 class processor. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: apache + SSL, modssl vs OpenSSL
On Sun, Feb 29, 2004 at 02:07:03PM -1000, Vincent Poy wrote: I'm planning to upgrade my old apache with a newer version and add SSL but I noticed the ports has both apache + modssl as well as apache + OpenSSL, are there any differences between the two of them and is one of them better than the other? Thanks. apache+mod_ssl is my preference, but that's really just me. Either will serve you well. Functionality and configuration file sysntax is slightly different between the two but that's mostly a matter of individual preference rather than any organic difference. One thing that mod_ssl supplies is the EAPI, which enables a number of other extensions to apache, such as the ability to define and use variables within the apache configuration files. You might be interested to know that mod_ssl is a standard part of Apache 2.x Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Building jdk
On Mon, Mar 01, 2004 at 10:16:02AM +0100, Per olof Ljungmark wrote: When trying to build the jdk13/14 ports one needs to get the patches manually fron http://www.eyesbeyond.com/freebsddom/java/jdk14.html However, I am unable to reach this site, anybody else have this problem? Yes -- the server is up and pingable, but apache doesn't appear to be accepting connections right now: % telnet www.eyesbeyond.com 80 Trying 203.32.153.68... telnet: connect to address 203.32.153.68: Connection refused telnet: Unable to connect to remote host Traceroute shows that server is physically located in Austrailia, where it's about 8.00pm right now. Could be down for administrative reasons, or could be waiting for an admin to come into work and deal with it. Try again in an hour or so. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: NewSysLog FBSD 4.9
On Mon, Mar 01, 2004 at 02:35:20PM +0100, Pelle Andersson (SPD Systems AB) wrote: Hi! ::NEWSYSLOG:: - I want to rotate and pack my logs for Qpopper and ProFTPD This is my lines in '/etc/newsyslog.conf': #--- /var/log/qpopper.log root:root 640 7 * @T00Z /var/log/proftp.log root:root 640 7 * @T00Z #--- It does not work =( No error messages or anything. What do I need to do? Any suggestions? Hmmm... that looks fine to me. What happens if you run: # newsyslog -v I assume that newsyslog is actually running every hour -- that's the default from the system crontab: % grep newsyslog /etc/crontab 0 * * * * rootnewsyslog and that the other system logs are all being cycled as intended. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: mailbox quota
On Mon, Mar 01, 2004 at 05:50:26PM +0300, flux wrote: How do I define mailbox quota in my FreeBSD system running sendmail and using procmail for local mail delivering? By setting up filesystem quotas on the /var partition -- assuming your mailboxes are in the default place in /var/mail. procmail understands how to deal with the EQUOTA error and causes sendmail to bounce over-quota messages with an appropriate error message. To set up quotas: i) Compile kernel with 'options QUOTA' added to the config file. Reboot with new kernel. ii) Add: check_quotas=YES enable_quotas=YES to /etc/rc.conf iii) Edit /etc/fstab to tell the system to enforce quotas on the /var partition: /dev/da0s1e /var ufs rw,nosuid,userquota 2 2 See fstab(5) for details of the userquota and groupquota options. iv) Reboot -- quotacheck(8) will be run to count up how many files and bytes are owned by each of the different userids, and the quota system will be enabled by running quotaon(8). v) Running repquota(8) will now give you a nice little report showing how much space each userid is using up on the partition: % repquota -av vi) However, no usage limits have yet been set. Use edquota(8) to set them: # edquota username This will put you into the $EDITOR editor (or vi if $EDITOR is unset) showing how many files and how many bytes are in use for that username on each of the partitions with quota limits. Fill in appropriate numbers in the 'limits' sections: anything you leave at '0' will be unlimited. Save the file, and then check that the settings were registered OK: # quota -v username And that's all there is to it. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: JVM for FreeBsd 5.2
On Mon, Mar 01, 2004 at 07:52:57PM +0100, Angelo Turetta wrote: Just get a fresh copy of the ports tree (normally via cvsup), then build the port java/jdk14. Beware: the distribution files need to be downloaded manually, because of license restrictions. Just follow the instructions you get when you run make install inside /usr/ports/java/jdk14 The OP might want to hold off on trying to do that for a day or so: there's some sort of problem at the moment with the www.eyesbeyond.com site where you have to go to download some vital patches. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: [Repost] Limiting connections to CVS
On Mon, Mar 01, 2004 at 10:32:12AM -0500, Gerard Samuel wrote: Reposting to list, as I was locked out of -questions over the weekend, and I don't know if I got any replies. - I read somewhere that they were able to limit CVS pserver connections to 4 a minute. I would like to do something similar. I currently have a firewall/nat box running 4.9-RELEASE-p1, using ipf. The CVS server is behind the firewall/nat box running on 4.9-RELEASE-p1. Thanks for any insight you may provide... If you're running CVS pserver out of inetd, which I believe is the usual practice, then you can limit the total number of simultaneous connections to a service or the maximum rate at which a service may be invoked: either of those can apply to connections from one specific IP address or to all connections. See inetd.conf(5), but the syntax you want is something like: cvspserver stream tcp nowait/0/4 root/usr/bin/cvscvs --allow-root=/your/cvsroot/here pserver Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Questions regarding BIND
On Mon, Mar 01, 2004 at 12:07:39PM -0800, Jason Williams wrote: I'm using FreeBSD 4.9 and I have cvsup'd the ports and src tree. I made the world, and now im looking to implement BIND. So the first question is, what is the best way to upgrade BIND? Would it be better to use the ports version, or to grab the source? The easiest thing to do is just install from the dns/bind9 port. That will get you the latest release from the bind9 series. If you hunt through the archives of this list, you'll see a lot of advice about defining 'NO_BIND' in /etc/make.conf and installing the port with 'PORT_REPLACES_BASE_BIND9=yes' in the make flags. While you can do that, I personally think it's much better just to install under the default perfix and leave the system version of bind alone. That means you'll end up with /usr/bin/dig being the version from bind8, and /usr/local/bin/dig being the version from bind9, but it's trivially easy to set up aliases or modify your path so you run your favourite version by default. Secondly, is regarding my setup. This server will not be setup to be public accessible. It is for our internal LAN. With that in mind, are there any How-to's for setting up BIND or getting started documents? It depends how complicated your setup is. If you have absolutely no connection to the internet, you'll have to supply your own root domain and delegate yourself. If your nameserver can see the internet servers, then you can just set up a private zone by configuring your server with the zone data: so long as the clients ask that machine for the data it is authoritative for, it will answer without checking the delegation from the root. Also, is the book DNS and BIND (the O'Reilly book) pretty good? Worth buying..i may swing down to my local bookstore and buy it. Absolutely recommended. Explains very clearly everything you need to know to complete this task. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: flashplugin-mozilla is marked as broken...?
On Tue, Mar 02, 2004 at 09:56:23AM +0100, albi wrote: On Tue, 02 Mar 2004 17:46:57 +0900 Rob [EMAIL PROTECTED] wrote: you know that if you want flash in your browser in FreeBSD you need to use the flash-plugin for Linux ? So can I thus combine: FreeBSD-mozilla + linux-flash-plugin ? i'm afraid not, you need to run linux-mozilla + linux-flashplugin (check /usr/ports/www ) Actually, you can run the linux flash plugin with the native mozilla. You need to be running a version of the OS with libmap support -- either 5.x, or recent 4.9-STABLE, or there are some patches against 4.9-RELEASE available, which might apply to earlier versions of the system. Just try installing the www/linuxpluginwrapper port -- it will tell you if your version of the OS is unsupported or not. Be sure to follow the instructions about setting up /etc/libmap.conf carefully. This lets you install both linux-flashplugin and acroread as browser plugins. Works nicely. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: why bootpd running, though wrapped up in inetd superserver ?
On Tue, Mar 02, 2004 at 12:46:54PM +0900, Rob wrote: I'm using bootpd for booting-up another diskless PC. In inetd.conf, I have enabled the bootps line, but to my surprise, bootpd keeps running continuously after being called once. I thought wrapping the daemon up in the inetd superserver would prevent this. I have tried already the bootpd-flags -t 5 and -i to no avail. Any idea what's wrong here, or am I myself making a mistake here ? You seem to be doing everything right. Most odd. I see that the default timeout is 15 minutes (by inspecting the source code: see /usr/src/libexec/pootpd/pootpd.c, and look for the actualtimeout struct) -- can you test waiting that long to see if the bootpd process will eventually time out? It might be worth running tcpdump(1) on your network interface to verify that there isn't any traffic on ports 67 or 68 during that time -- the timeout gets reset whenever there's any traffic at all. When you edited /etc/inetd.conf to insert the '-t 5' option, did you send a HUP signal to inetd(8) to make it reread the config file? # kill -HUP `cat /var/run/inetd.pid` Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: what raid system should i purchase for freebsd ?
On Mon, Aug 12, 2002 at 02:58:42PM +0100, [EMAIL PROTECTED] wrote: can any one tell me what raid system can y purchase to have a garantee that freebsd will recognize im ? Assuming you mean hardware RAID controllers and a standard IA32 machine: i want to use RAID 1 (mirror) system with 2 hard disks . Depending on which version of FreeBSD you want to run, take a look at: http://www.freebsd.org/releases/4.9R/hardware-i386.html#AEN33 or http://www.freebsd.org/releases/5.2.1R/hardware-i386.html#AEN65 and look at the man pages linked from those documents for more detailed lists of precisely what models are known to work. Your vendor will be able to tell you what RAID cards they use -- systems by popular suppliers like Dell and Compaq are generally well supported. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: fatal trap 12
On Mon, Mar 01, 2004 at 01:11:49PM -0300, Marco wrote: Hello, my name is Marco Giardini. My problem is the following one: When the operating system initiates leaves mensage to me error that makes me reinitiate the maquina. mensage that leaves is fatal trap 12. http://www.freebsd.org/doc/es_ES.ISO8859-1/books/faq/troubleshoot.html#Q4.9. Fatal trap 12 happens for much the same reasons as Signal 11. Try running this to see if you can confirm hardware errors. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Download FreeBSD.
On Mon, Mar 01, 2004 at 11:40:51AM -0800, Frank Guo wrote: Could you please provide the link that can download the FreeBSD? There are quite a few download sites: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html We are trying to test the software with our application. Installation instructions are here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install.html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: fatal trap 12
On Tue, Mar 02, 2004 at 02:06:25PM +, Matthew Seaman wrote: On Mon, Mar 01, 2004 at 01:11:49PM -0300, Marco wrote: Hello, my name is Marco Giardini. My problem is the following one: When the operating system initiates leaves mensage to me error that makes me reinitiate the maquina. mensage that leaves is fatal trap 12. http://www.freebsd.org/doc/es_ES.ISO8859-1/books/faq/troubleshoot.html#Q4.9. Fatal trap 12 happens for much the same reasons as Signal 11. Try running this to see if you can confirm hardware errors. Oops. I meant to add: http://www.memtest86.com/ Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Keeping multiple machine up to date
On Tue, Mar 02, 2004 at 08:45:01AM -0700, hal wrote: I have 10 FreeBSD machines which I need to keep up to date software wise. Half of the machines only have access to the local network. On the machines which have network access I use cvsup. Cvsuping multiple machines is time consuming, is there a better way? What is the conventional wisdom for keeping many machines up to date? A pointer to an FAQ or something would be great. The usual thing in this situation is to choose one machine as your local repository for sources, run cvsup(1) on that, and then distribute the sources from there to the rest of your systems. There's several variations on doing that. Perhaps the simplest thing to do is just cvsup(1) the ports onto a designated build machine, use that machine to build packages for all of the others and either share out /usr/ports/packages by NFS or setup an anoymous FTP server. Alternatively, you can just NFS export your /usr/ports directory to all of the machines on your network, and build stuff on each machine. A good idea when doing this is to set WRKDIRPREFIX and maybe DISTDIR in your environment (see ports(7)), or in pkgtools.conf (if you're a portupgrade user) to point to chunk of diskspace held locally to each machine. That will let you avoid thrashing your network when building ports. If you have a local DISTDIR on each machine you can export your /usr/ports read only which can be an advantage. Nb. to avoid repeatedly downloading the same source tarballs, either share out /usr/ports/distfiles or set DISTDIR to a local directory and use MASTER_SITE_OVERRIDE to force the client machines to try and get the distfiles from a local server before they go out to the net. The most flexible way of doing this sort of thing is to set up a machine as a cvsup(1) mirror or a CVS server, and pull down the CVS repository onto it. There's a net/cvsup-mirror port to help you do that. Then you can either cvsup(1) you client machines against the local cvsup server, which is blindingly fast on a 100Mb/s network and even better if your local server has a fast disk system, or you can use CVS to check the ports tree out of that server. There's some description of all this sort of thing in the handbook -- see http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/small-lan.html but it doesn't say much more than I've put in this e-mail. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: linuxpluginwrapper ERROR
On Tue, Mar 02, 2004 at 12:09:24PM -0500, Osmany Guirola Cruz wrote: I am installin the linux plugin wrapper and it give me these error The linuxthreads port needs source code for libgcc Please install FreeBSD source code in /usr/src *** Error code 1 in my /usr/src i have the sys folder .. some weeks ago i compiled the kernel . i don't understand these error i think that i have the source code installed if these is not the way please HEKP ME Relax -- no need to panic. The sys directory contains just the kernel sources, but the linuxthreads package needs bits of source code from the rest of the system. Most people would simply use cvsup(1) to get all of the system sources (including the kernel sources), however as that comes to about 315Mb, you may not want to download all that. [Of course, once you've got the bulk sources, then cvsup is excellent at keeping them up to date using a minimum amount of network bandwidth]. If you have installation media you should be able to install system sources from there, or you can take eg. a copy of the /usr/share/examples/cvsup/standard.supfile and edit it to only pull down the 'src-gnu' collection. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: linuxpluginwrapper ERROR
On Tue, Mar 02, 2004 at 01:45:19PM -0500, Osmany Guirola Cruz wrote: Ok, i understand but.. i don't have cvs in my network it's imposible to me do (cvs) :-( .. i need to know if i can find these files in the image that i download from internet... i am using 5.2 REALEASE or download the src from internet... cvs(1) comes with the system. However, we've been talking about a different (but related) program called cvsup(1). cvsup(1) is practically indispensable for effective management of a FreeBSD machine. To get started with cvsup(1), simply issue the following command: # pkg_add -r cvsup-without-gui This (modulo running rehash for tcsh(1) users) will install the cvsup program. Typically this is my first action on a newly installed FreeBSD machine... Now read all about how to use cvsup(1) in the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html This is (IMHO) *the* best way to download FreeBSD sources from the Internet. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: sendmail: Operation timed out with
On Tue, Mar 02, 2004 at 03:15:48PM -0500, Justin Brody wrote: I can't send any mail though. The first entries in my mail queue: i22K75of000208 3 Tue Mar 2 15:07 [EMAIL PROTECTED] (Deferred: Operation timed out with math.umd.edu.) [EMAIL PROTECTED] i22K6mof000198 5 Tue Mar 2 15:06 [EMAIL PROTECTED] (Deferred: Operation timed out with math.umd.edu.) [EMAIL PROTECTED] Hmmm... Is there any more information in /var/log/maillog? What's the result of running: /usr/sbin/sendmail -q -v -- or at least the beginning of the SMTP dialog up to attempting to send the first message. I note you're using 'none.org' as a domain name -- that used to be a registered domain for a corporation in Korea (it's on 'client hold pending delete' at the moment). Seems to have disappeared from the DNS though. You'll find that sendmail works a lot better if you use correctly registered domain names -- although it should cope without. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: sendmail: Operation timed out with
On Tue, Mar 02, 2004 at 05:23:52PM -0500, Justin Brody wrote: Here's a bit from /var/log/maillog: Mar 2 16:40:39 aleph sendmail[327]: i1SGr1hh004059: to=[EMAIL PROTECTED], de lay=3+04:47:38, xdelay=00:00:00, mailer=esmtp, pri=8130413, relay=math.umd.edu., dsn=4.0.0, stat=Deferred: Operation timed out with math.umd.edu. Mar 2 16:40:39 aleph sendmail[327]: i1S4wehh000450: to=[EMAIL PROTECTED], ctladdr=[EMAIL PROTECTED] (1001/1001), delay=3+16:41:59, xdelay=00:00:00, mailer=esmtp, pri=10290322, relay=math.umd.edu., dsn=4.0.0, stat=Deferred: Operation timed out with math.umd.edu. Don't know if that says anything new. I would wonder if it's some sort of lookup based on ctladdr, but I get the same error if use -f [EMAIL PROTECTED] which does show up in that field. sendmail -q -v reports: aleph# sendmail -q -v Running /var/spool/mqueue/i22M7pof000364 (sequence 1 of 17) [EMAIL PROTECTED]... Connecting to math.umd.edu. via esmtp... [EMAIL PROTECTED]... Deferred: Operation timed out with math.umd.edu. Running /var/spool/mqueue/i22KDkof000227 (sequence 2 of 17) [EMAIL PROTECTED]... Connecting to po1.wam.umd.edu. via esmtp.. [EMAIL PROTECTED]... Connecting to po2.wam.umd.edu. via esmtp... [EMAIL PROTECTED]... Connecting to po0.wam.umd.edu. via esmtp... [EMAIL PROTECTED]... Deferred: Operation timed out with po0.wam.umd.edu. etc... Bah! All that says is connection timeout. No indication of *why*. You're not even getting the SMTP banner there. I suspect it's probably something to do with an administrative descision on behalf of UMD admins -- perhaps they reject connections to hosts in DUL block lists. I'll give a shot at changing my domain name - what should I use? I'm a bit too poor to actually buy one :) Should I just change to use my ISP's domain? Yes -- do a reverse lookup on your IP number and use that name in your sendmail config. It may not look pretty, but it should let you see if that is the problem. The other thing to do is forward all of your e-mail via your ISP's smart host. As you are probably expected to do. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: linuxthreads
On Tue, Mar 02, 2004 at 05:04:45PM -0500, Osmany Guirola Cruz wrote: hi again i am tryin to install the linuxpluginwrapper and from the source i installed contrib and gnu when i try to do da make install clean i have these error SYS.h : no such file or directory {standard input} Assambler message {standard input}:55: Error: no such instruction: 'kerncall' What should i do? what part of the source i have to install. Well, I guess that the SYS.h file that the compiler is looking for is actually /usr/src/lib/libc/i386/SYS.h On reflection, I think that if you can, be on the safe side and grab the entire source tree -- that's the 'src-all' collection in cvsup(1). The sources tend to assume that you've got the complete set. linuxpluginwrapper and it's dependent ports are quite unusual in wanting to grovel amongst the system sources. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: sendmail: Operation timed out with
On Tue, Mar 02, 2004 at 08:11:36PM -0500, Justin Brody wrote: A couple pieces of information that might be relevant: About a month ago, I was running the same FBSD version with the same sendmail.cf from behind a different router connected to a different cable modem and calling my box cogito.none.org. This seemed to work o.k. After sleeping on it, I'm starting to think that the problem is not actually within the SMTP setup, but is rather something to do with firewalling or similar measures. Does your ISP permit you to run SMTP servers? Many have been bitten very badly by clueless windows users, and so deny use of SMTP to all. Sometime this proscription also extends to enforcement by transparent proxying or other measures to control SMTP traffic from their clients. You should check with them as to what their policy is. Can you telnet to port 25 on the UMD server or the ISP's server you're trying to connect to? If you can't get a connection established, I'd suspect the problem is firewalling somewhere between you and them. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Do I need alternate architecture source in /usr/src/sys ??
On Tue, Mar 02, 2004 at 05:38:28PM -0600, Kevin D. Kinsey, DaleCo, S.P. wrote: Cvsupping a 5.2 box after today's Advisory, I noticed (perhaps for the first time), that files were downloaded for other architectures (amd64, sparc64, etc.). Those are the arch specific parts of the kernel, which is a very small part of the total sources. You need them about as much as you need the driver code for devices not present on your system: ie. not at all. However, it's going to be a lot more effort going round and deleting those files than any possible benefit from the small amount of filesystem space you'll recover. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Size of variables in awk
On Wed, Mar 03, 2004 at 02:25:27PM +1030, Wayne Sierke wrote: It seems I've run into the 32-bit signed number wall in awk (5.2-RELEASE). My totals are maxing out at 2147483648. Would anyone happen to know whether that's really the case (that awk is only implemented with 32-bit number capability - unfortunately I don't have any other awks nearby to verify nor can I find any reference info that indicates) and/or can suggest a way around it? Use perl instead? Perl should switch from an integer to a floating point representation internally if it runs over MAXINT. You should be able to use a2p(1) to automatically convert your awk code into perl. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: make world question on remote dedicated server
On Wed, Mar 03, 2004 at 05:46:54PM +1100, Mark Sams wrote: I am thinking of getting a FreeBSD dedicated server that I will only have ssh access to. What is the normal procedure of keeping up to date with kernel changes when you do not have console access? The usual procedure is to get console access. The cheapest and easiest way of doing that is to use a null-modem cable to connect the serial port to a neighbouring machine and run tip(1) or some other terminal emulator there. If you haven't got another machine handy, you might be able to use a modem to provide yourself with a remote console -- shades of the days of big-iron mainframe type systems. Is it possible to drop into single user mode remotely? Or is single user mode not necessary for make installkernel and the like? Does: Getting into single user mode remotely is easy. It's the getting out that's hard. buildworld / buildkernel / installkernel reboot then installworld / mergemaster If you're going to do this at all, it's probably better to save the reboot until after all of the installworld/installkernel/mergemaster steps. work while connected through ssh? You certainly can do this, and the vast majority of the time it will work OK. However, if things don't go smoothly you're going to be left up a gum tree with a non-working server and no way to recover or back-out changes. Whether that's an acceptable risk is a judgement call you'll have to make. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: what is my real address?
On Wed, Mar 03, 2004 at 06:15:51PM +0800, Robert Storey wrote: I've set up a FreeBSD client at our school. The client gets its address via dhcp from the gateway machine which runs Windows NT (yuch!). There is apparently a proxy server installed which blocks http, but I can get out onto the Internet using ssh to login to another server, from where I run lynx if I want to visit web sites. ftp is not blocked, so I can download if I need to. If you need to find your external address quickly, then ssh into this other machine and look at the variables that ssh sets in your environment -- I'm assuming that the box you ssh into is running some variety of OpenSSH. eg: % env | grep SSH SSH_CLIENT=81.2.69.219 1483 22 SSH_CONNECTION=81.2.69.219 1483 81.2.69.219 22 SSH_TTY=/dev/ttyp4 SSH_AUTH_SOCK=/tmp/ssh-6kfGMKtW/agent.30744 where you can see I ssh'd from 81.2.69.219 to 81.2.69.219 (yes -- pretty pointless, but this is just for illustration). For run, I would like to run an ftp server on this client machine. For that, I would need to know my real address on the web, but I am not sure how to find this info. If I run ifconfig, it tells me the following: inet addr: 10.0.0.10 Bcast: 10.0.0.31 Mask 255.255.255.224 Running an FTP server through a NAT'ing gateway is not going to be a pleasant experience, even if you were running the NAT gateway on a FreeBSD box where natd's punch_fw functionality would make things a great deal easier for you. FTP is an ancient protocol not designed to cope with the realities of the modern internet. You'ld be better off putting a reverse-proxy on your gateway machine. A related question...I do realize that my address could change everytime I fire up the client machine. I'm wondering if I can deal with that by using dyndns? Remember, this would be for an anonymous ftp server, not http. There are several ports in the ports collection that do this sort of thing -- updating a DNS server when your IP nuber allocation changes so your registered domains resolve to the right place. Usually they work by querying your ADSL router or Cable modem every so often as to what its IP addresses are. If the gateway machine supports SNMP, you might be able to adapt some of those scripts to work using that. I can remember off-hand exactly what SNMP oid you need to query to find out the interface address, but it should work pretty well: mrtg(1) does that sort of thing against all sorts of hardware. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Tab Stops
On Wed, Mar 03, 2004 at 05:44:15PM +1100, Craig Wilson wrote: I have a situation where I would like to reduce the tab stops from 8 character columns to 4 character columns. Any help on how to achieve this would be most welcome. In what application? They all have different ways to doing that sort of thing. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: latest security advisory and 5.1R
On Wed, Mar 03, 2004 at 08:24:43AM -0500, Ed Budd wrote: Can anyone confirm whether 5.1R is affected by yesterday's security advisory (FreeBSD-SA-04:04.tcp)? On the one hand it says that this affects All FreeBSD releases but on the other hand only lists STABLE, 5.2, 5.2.1, 4.9 and 4.8 under corrected. Does this mean it IS affected but not yet fixed on those versions? As it says: all FreeBSD releases are affected. Fixes have been released for all supported versions of the OS, and detailed in the advisory. It's possible that those fixes will be back-ported to older versions, but you can't afford to assume so. Besides, you read the comments about New Technology Releases and suitable for early adopters only when you installed 5.1-RELEASE didn't you? Now that 5.2.1-RELEASE is out, you should probably upgrade. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: 1 processor vs. 2
On Wed, Mar 03, 2004 at 02:53:49PM +0100, Danny Pansters wrote: On Wednesday 03 March 2004 14:05, Stefan Cars wrote: Dual Xeon, 2.4 GHZ with 2GB of RAM or Xeon 3.0 GHZ with 2GB of RAM and RAID-1 on three disks or RAID-5 on three disks. RAID5 on 3 disks? That's useless. 3 disks is the minimum quantity for RAID5: it's certainly not ideal, but it is by no means useless. RAID5 setups can span 3 or more drives -- I don't know what the practical limit is for Vinum or typical PC raid controller cards, but the last time I used it (which I admit was some years ago) Veritas Volumne Manager under Solaris made the strong suggestion that no more than 7 drives be put into one RAID5 group. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: latest security advisory and 5.1R
On Wed, Mar 03, 2004 at 09:00:09AM -0500, Ed Budd wrote: I think what's confusing me here is that I assumed that 5.1R was still officially supported and every other advisory up to this one has been included, like last week's FreeBSD-SA-04:03.jail advisory, for example. So am I to assume then that as of this week 5.1R is no longer officially supported? Hmmm... Well, the official word on the subject should be the page at http://www.freebsd.org/releng/index.html, and yes, that does imply that 5.1-R is a supported security fix branch, but a quick check in CVS shows no patches have been applied to that branch. There are some changes in the affected files in src/sys/netinet/ between RELENG_4_8, RELENG_4_9, RELENG_5_1 and RELENG_5_2, but the patch applied to 5.2 was quite similar to the one applied to 4.8 or 4.9, so I'd guess that the affected section of code is still there in the RELENG_5_1 sources. No idea if you can merge in the changes on the RELENG_5_2 branch to the RELENG_5_1 branch without modification though. You might want to ask on freebsd-security@ if 5.1-R is still a supported security fix branch. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: latest security advisory and 5.1R
On Wed, Mar 03, 2004 at 08:35:00AM -0600, Ronald Clark wrote: I have what I hope is a simple question. If I cvsup my sources and complete the makeworld and installworld processes, will that install the patch, or do I need to apply manually and recompile the kernel? (I have been under the impression that doing a cvsup would download and install the patch when sources were updated) So long as you are cvsup'ing one of the branches where the fix has been applied: that's HEAD, RELENG_5_2, RELENG_4_9, RELENG_4_8 or RELENG_4, then yes: cvsup, followed by make {build,install}{world,kernel} will remove the vulnerability. It seems that the fix has not been applied to the RELENG_5_1 branch, so 5.1-RELEASE users really should think about upgrading to 5.2.1-RELEASE. You can download the patches as shown in the advisory and apply them by hand if you really want to, but that should be left to masochists only as it does pretty well exactly what cvsup'ing does, except it takes a lot more concentration and has a greater risk of fat-fingering the keyboard and so shooting yourself in the foot. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Installing Squirrel Mail from the Ports
On Wed, Mar 03, 2004 at 08:59:50AM -0800, [EMAIL PROTECTED] wrote: [...] Checksum mismatch for squirrelmail-1.4.2.tar.bz2. === Giving up on fetching files: squirrelmail-1.4.2.tar.bz2 Make sure the Makefile and distinfo file (/usr/ports/mail/squirrelmail/distinfo) are up to date. If you are absolutely sure you want to override this check, type make NO_CHECKSUM=yes [other args]. *** Error code 1 Stop in /usr/ports/mail/squirrelmail. *** Error code 1 Stop in /usr/ports/mail/squirrelmail. Delete /usr/ports/distfiles/squirrelmail-1.4.2.tar.bz2, and try again. The file you have by that name has been corrupted somehow and the ports system is not happy with it. I just checked, and the tarball I downloaded from sourceforge is identical to the one I used the last time I updated squirrelmail. You should end up with: % ls -la squirrelmail-1.4.2.tar.bz2 -rw-r--r-- 1 root wheel 1888703 Oct 1 20:42 squirrelmail-1.4.2.tar.bz2 % md5 squirrelmail-1.4.2.tar.bz2 MD5 (squirrelmail-1.4.2.tar.bz2) = 8d8271c704a9f23d53138a4ceea38fb4 but the ports system will check that automatically for you. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature