Re: Static IP on a Bridge
On 12/29/2011 09:21 AM, ja...@colannino.org wrote: > Quoting Matthew Seaman : > >> What's the error message you see when you fail to ping out? > > ping: cannot resolve google.com: Host name lookup failure It seems that you are currently receiving your resolver from DHCP as well, you should statically configure that in /etc/resolv.conf: nameserver 192.168.1.1 >> What does the routing table (netstat -r) look like before and after DHCP? > > Before DHCP: > > Routing tables > > Internet: > DestinationGatewayFlagsRefs Use Netif Expire > localhost link#11UH 00lo0 [...] What happens if you run 'route add default 192.168.1.1' instead of DHCP? What is the output of '/etc/rc.d/routing restart'? -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: swap pager:indefinite wait buffer: message out of vm.c
On 12/01/2010 03:23 PM, Mark Terribile wrote: > > Hi, > > Would some kind soul please tell me the meaning of a message coming > from vm.c (FreeBSD 7.2): > "swap pager: indefinite wait buffer: bufobj: 0, blkno: 2, size: 4096" > > This message occurs after a return from an msleep whose last args are PSWP, > "swread", and HZ*20 . > > When it occurs, some interactive program is locked up. It recovers > sometime later. > > My best guess is that this is a complaint that swap or paging I/O has been > excessively delayed. It is occurring while I am running disk-to-disk > transfers that have deep buffering. Think mbuf(1), but it's my own code, > testing some algorithms. I speculate that if the disk queuing/head movement > optimization doesn't let the heads move off the file system > where the file resides (and I only see this with large, single files) > then this problem might result. But that is a guess, and speculation. > > Does anyone know if this can occur under later versions of FreeBSD? Hi Mark, Do you have any test cases that reliably reproduce the problem? I've seen it crop up very infrequently on 8.1-RELEASE but I haven't been able to reproduce it. -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: ports INDEX file
On 07/23/2010 01:56 AM, Fbsd8 wrote: > Now about my project. Since about 4.0 I stopped using the ports tree > method. I now all most totally use the package system. I do not upgrade > a RELEASE but instead use the "install from scratch" method about a few > weeks after a new RELEASE is published. So since the package system is > also re-build a new for each new RELEASE, I am all ways in sync. Now > there are exceptions to using packages. In my case php5 was changed 3 > RELEASES ago to no longer contain the apache module, so I now have to > compile php5 from the port. But to short cut the compile process, I > pre-install all of php5's dependents as packages. And of course I had to > figure out who they all were by hand the first time and built a script > that automates the whole procedure. I use cvsup at NEW RELEASE time to > populate the empty ports tree with ports-base. Then I use cvsup to > checkout the php5 make files and them "make install" and everything > comes together just fine. Why not build packages in-house then? You've already assumed the bootstrapping cost of a full ports tree checkout to do the dependency scan for php5 -- why not build the binary package (with your relevant make options) there as well? Then the rest of your machines can install *everything* from packages, and therefore won't require *any* of the ports tree, not even some subset of exceptions that need to be compiled. This would save even more resources, since you only compile php5 once, rather than once per machine. -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: ports INDEX file
On 07/22/2010 06:20 PM, Fbsd8 wrote: > I have a pristine install of 8.0. > There is no /usr/ports directory yet. > I am trying to use the "portcheckout" port and the "porteasy" port to > just populate the ports tree with only the ports I use. > > Problem is in both cases the above ports require an existing INDEX file > to process and since I have none they don't work. > > How can I just download the ports INDEX file? > Portsnap is not a solution. Well, The INDEX file is a component of the ports tree distribution. If you choose not to use the supported method of installing it (i.e. installing the ports tree), you'll have to create your own. Hint: Per ports(7), take a look at the definition of the 'fetchindex' target. -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: rmconfig from all ports tree
On 07/21/2010 04:38 PM, claudiu vasadi wrote: > hello guys, > > is there a way to do "make rmconfig" for all ports at once ? The fastest way is: rm -rf /var/db/ports/* but this breaks the abstraction. The "right" thing to do would be to make rmconfig in each port directory. -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Apache 2.2, mod_auth_kerb
On 06/03/2010 02:16 AM, John wrote: > On 2010-06-03 07:45, Benjamin Lee wrote: >> On 05/20/2010 06:02 AM, John wrote: >> >>> Hi list. >>> >>> I'm having problems getting mod_auth_kerb to play nice on one of my >>> servers. >>> I have the exact same setup on other machines and it works perfectly, >>> only difference is this ones running CURRENT while they track RELEASE. >>> >>> Some info: >>> >>> # pkg_info|grep apache&& pkg_info|grep kerb >>> apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. >>> mod_auth_kerb-5.4 An Apache module for authenticating users with >>> Kerberos v5 >>> >>> # uname -a >>> FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 >>> 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 >>> >>> >>> Everything compiles and installs nicely, but when I try to do a >>> 'apachectl start' I get this: >>> >>> httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: >>> Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: >>> /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol >>> "gsskrb5_register_acceptor_identity" >>> >>> Is this due to running current? >>> If it is I will drop the issue right now, I just want to know for sure >>> before I spend hours trying to solve it. >>> >> Hi John, >> >> What is the output of 'ldd /usr/local/libexec/apache22/mod_auth_kerb.so'? >> >> > > /usr/local/libexec/apache22/mod_auth_kerb.so: > libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x281b8000) > libheimntlm.so.10 => /usr/lib/libheimntlm.so.10 (0x281c1000) > libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x281c6000) > libhx509.so.10 => /usr/lib/libhx509.so.10 (0x28224000) > libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x2825a000) > libcrypto.so.6 => /lib/libcrypto.so.6 (0x2825c000) > libasn1.so.10 => /usr/lib/libasn1.so.10 (0x2880) > libroken.so.10 => /usr/lib/libroken.so.10 (0x283c1000) > libcrypt.so.5 => /lib/libcrypt.so.5 (0x283d1000) > libc.so.7 => /lib/libc.so.7 (0x28091000) Hi John, It looks like libgssapi (and potentially other parts of heimdal) have been broken in head/ since the heimdal-1.1 merge. Thus, it's now also broken in stable/8/ and releng/8.0/. I've filed a PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=147454 -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Apache 2.2, mod_auth_kerb
On 05/20/2010 06:02 AM, John wrote: > Hi list. > > I'm having problems getting mod_auth_kerb to play nice on one of my > servers. > I have the exact same setup on other machines and it works perfectly, > only difference is this ones running CURRENT while they track RELEASE. > > Some info: > > # pkg_info|grep apache && pkg_info|grep kerb > apache-2.2.15_7 Version 2.2.x of Apache web server with prefork MPM. > mod_auth_kerb-5.4 An Apache module for authenticating users with > Kerberos v5 > > # uname -a > FreeBSD host.example.com 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Tue May 11 > 20:04:45 UTC 2010 host.example.com:/usr/obj/usr/src/sys/HOST i386 > > > Everything compiles and installs nicely, but when I try to do a > 'apachectl start' I get this: > > httpd: Syntax error on line 4 of /usr/local/etc/apache22/httpd.conf: > Cannot load /usr/local/libexec/apache22/mod_auth_kerb.so into server: > /usr/local/libexec/apache22/mod_auth_kerb.so: Undefined symbol > "gsskrb5_register_acceptor_identity" > > Is this due to running current? > If it is I will drop the issue right now, I just want to know for sure > before I spend hours trying to solve it. Hi John, What is the output of 'ldd /usr/local/libexec/apache22/mod_auth_kerb.so'? -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: BTX Halted
On 10/06/2009 01:36 AM, Tseveendorj Ochirlantuu wrote: > Dear all, > I've found something strange I have never seen before. When start booting > FreeBSD 7.2 amd64 from ISO image in ESX 4.0 then error occurs. You can see > it from snapshot. > > I have following. > > Dell R900 with 4 CPU, 64GB RAM > ESX 4.0 installed on R900 > FreeBSD 7.2 amd64 > > What is this mean? Did you create the guest with a 64-bit CPU? -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Best practices for securing SSH server
On 06/22/2009 06:16 PM, Daniel Underwood wrote: > On a BSD box at work (at an extremely fast connection and static IP), > I run an SSH server. I am the only person who uses the server, but I > use it from some locations that are behind a dynamic IP (so I can't > set pf rules to filter by IP). I will always, however, use the same > laptop to connect to the server. Due to the speed and location of the > connection, it's a relatively high-risk target. > > What are some good practices for securing this SSH server. Is using a > stored key safer than a password in this instance? I have no > experience with port-knocking, but I'd appreciate some tips or > suggested beginning references... I welcome any and all advice. > > Note: I do require X11 forwarding (not sure whether that's relevant > information) I have password authentication disabled on my public SSH server. You can accomplish this by setting: ChallengeResponseAuthentication no in /etc/ssh/sshd_config. See sshd_config(5) for more information. This allows you to enforce the use of stronger authentication methods (e.g. public key). Keep in mind, however, that this setup will only be secure if you keep your alternate credentials (e.g. private key) secure as well. If for some reason you would prefer to use password authentication, I would recommend that you look into automatic brute force detection. There are a number of utilities in ports available for this purpose, including security/sshguard and security/denyhosts. -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: 7.2 Installation Problem - Large Disk
On 05/07/2009 07:28 PM, Paul Stewart wrote: > Hi there.. > > > > I hope this is the correct mailing list to ask this question. > > > > I have a Dell Poweredge R710 server (brand new)... 7.2-RELEASE installs fine > but I'm having a problem getting any large partitions over approximately > 500GB. During the installation it allows me to create 4.5TB partition but > after rebooting it's only really 500GB +/- > > > > Has anyone successfully installed into a disk this large? This is a RAID5 > array using the Dell Perc 6/I controller > > > > I have installed now 6+ times with smaller partitions (100GB even) and run > into problems . hoping someone could share how they got large disk support > working.. I'd be happy with several 1TB partitions but when I configure it > this way and exceed 4 partitions it tells me disk error creating > partitions.. Unfortunately, MBR and BSD disklabel use 32 bit values, so they are limited to 2TB. GPT uses 64 bit values, but I don't believe that FreeBSD fully supports it. You can see the Big Disk project page [1] for more information. As a workaround, you may wish redo your RAID configuration so that you have multiple logical volumes (e.g. 2T, 2T, 0.5T). [1] http://www.freebsd.org/projects/bigdisk/index.html -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: PAM-SSH-LDAP problem
On 04/17/2009 02:04 PM, Panos wrote: > hello I'm trying to setup an ldap for authenticating users. > I think that the ldap server is ok > but ssh gives me an error PAM authntication error illigal user XXX from > XXX.XXX.XXX.XXX > I think that something is wrong when pam-ldap is quering tο ldap. > Fisrt I thounght that was acl problem so I tried something like this > access * by * write > full access to alla but nothing. > When I'm using phpldadmin to connet to ldap I have no problem, [...] Have you enabled ldap in /etc/nsswitch.conf? You may find it helpful to read through the FreeBSD LDAP Authentication article[1]. [1] http://www.freebsd.org/doc/en/articles/ldap-auth/index.html -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Problem: FreeBSD 7.x && ssh v2 && nss_ldap
On 04/15/2009 01:33 AM, Konrad Heuer wrote: > > I see a problem on two systems running FreeBSD 7.0 or 7.1 which are > configured as OpenLDAP clients using the nss_ldap module. > > When someone logs on using ssh protocol version 2 the session will not > be initialized correctly. The user will only get his primary group > affiliation but no affiliation to other groups (memberUid attribute in > LDAP group entries). > > On 7.1 the ssh login process hangs forever with open ldap queries, on > 7.0 the group list is incomplete. On several 6.x systems, all works > correctly. > I have used the configuration for years now. > > There are some workarounds I found: > > a) use ssh protocol version 1 > b) set UseLogin to yes in sshd_config > c) avoid ssl encryption in communication to ldap server >(ldap://... uri instead of ldaps://... in ldap.conf) > > Does anybody see similar problems? Does anybody have an idea what may > couse the problem? I recently submitted ports/133501 regarding this issue, but I have not yet received a response. My workaround was to disable pthread_atfork support, so the problem might be related to the change from libkse to libthr in RELENG_7. -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
nss_ldap problems with pthread_atfork on RELENG_7
On 02/11/2009 04:20 PM, Benjamin Lee wrote: > On 02/10/2009 10:08 PM, Arjun Singh wrote: >> Thanks for the advice. I tried to see if I could get nscd to solve anything, >> but it seems to just hide the problem, and not completely. With nscd >> enabled, the first login fails. After that, it's fine.. >> >> I get the following in auth.log corresponding with the failed first login >> (with the correct pw): >> >> Feb 10 22:03:23 new-hkn sshd[59371]: nss_ldap: could not search LDAP server >> - Server is unavailable >> Feb 10 22:03:23 new-hkn sshd[59371]: fatal: login_get_lastlog: Cannot find >> account for uid 1 >> Feb 10 22:03:23 new-hkn sshd[59371]: syslogin_perform_logout: logout() >> returned an error > [...] > > It appears to be a bug when using nss_ldap with RELENG_7, as I have been > unable to reproduce the issue on machines running 6.2-RELEASE and > 6.3-RELEASE, regardless of the version of OpenLDAP. In my environment, > the machines use pam_krb5 for authentication, so the problem is > definitely not related to pam_ldap. Have you filed a problem report? [changing the subject to be more descriptive] I was able to work around the issue by removing pthread_atfork detection from the configure script. Specifically: b...@dot /usr/ports/net/nss_ldap/work/nss_ldap-264 $ diff -u configure.in{.orig,} --- configure.in.orig 2009-02-13 01:56:31.0 -0800 +++ configure.in2009-02-13 01:56:58.0 -0800 @@ -230,7 +230,6 @@ AC_CHECK_FUNCS(gethostbyname) AC_CHECK_FUNCS(nsdispatch) AC_CHECK_LIB(pthread_nonshared, main) -AC_CHECK_FUNCS(pthread_atfork) AC_CHECK_FUNCS(pthread_once) AC_CHECK_FUNCS(ether_aton) AC_CHECK_FUNCS(ether_ntoa) I assume, then, that the defect is related to the change from libkse to libthr in RELENG_7. Does anybody have any further insight into this issue? -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: nss_ldap SSL/TLS problems..
On 02/10/2009 10:08 PM, Arjun Singh wrote: > Thanks for the advice. I tried to see if I could get nscd to solve anything, > but it seems to just hide the problem, and not completely. With nscd > enabled, the first login fails. After that, it's fine.. > > I get the following in auth.log corresponding with the failed first login > (with the correct pw): > > Feb 10 22:03:23 new-hkn sshd[59371]: nss_ldap: could not search LDAP server > - Server is unavailable > Feb 10 22:03:23 new-hkn sshd[59371]: fatal: login_get_lastlog: Cannot find > account for uid 1 > Feb 10 22:03:23 new-hkn sshd[59371]: syslogin_perform_logout: logout() > returned an error [...] It appears to be a bug when using nss_ldap with RELENG_7, as I have been unable to reproduce the issue on machines running 6.2-RELEASE and 6.3-RELEASE, regardless of the version of OpenLDAP. In my environment, the machines use pam_krb5 for authentication, so the problem is definitely not related to pam_ldap. Have you filed a problem report? -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Edit user groups
On 01/20/2009 08:23 PM, Tim Judd wrote: [...] > and I recommend against sudo because it's very design is a > man-in-the-middle type of scenario, and one typo by the sudo devs can > possibly make a mess out of things. > > I think sudo makes a lazy admin -- too easy to just run in and hit > something. > > I think sudo is a false sense of security. If a user trusts another, > and give sudo access, why not give the whole OS to them? > > Sudo's out there -- don't get me wrong, but you won't catch me dead with > a box with sudo installed. I think it's a very misleading tool. And > not to say they do -- but what if the devs put in a keygen...do you > monitor the sudo source code? > > And if I remember correctly -- the way sudo gets it's work done is a > SUID bit to root. Those are the devil's eggs that hatch and just cause > havoc. A rogue CGI calling sudo to do something on the website, buffer > overflow (with php!) and you've gotten rooted. > > No, no -- I hate sudo for it's own doing. It's going to eat itself alive. > > No flames please. Have you read through the entire src tree? And the source of every software package you've ever installed? If so, it would be a drop in the bucket to read through sudo as well. I see that you sent your e-mail from a Windows box... P.S. There is a difference between a keygen and a keylogger. -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Help! locate.code /tmp: filesystem full
On 01/14/2009 10:34 AM, Andy Wodfer wrote: > Hi, > I'm getting an error message every week and I can't seem to understand why > nor manage to fix it. Here it is: > > #dmesg > [snip] > pid 54753 (locate.code), uid 65534 inumber 23557 on /tmp: filesystem full > > # df -h > Filesystem SizeUsed Avail Capacity Mounted on > /dev/ar0s1a989M 53M857M 6%/ > devfs 1.0K1.0K 0B 100%/dev > /dev/ar0s1g 48G8.5G 36G19%/backup > /dev/ar0s1d989M 44K910M 0%/tmp > /dev/ar0s1f387G168G189G47%/usr > /dev/ar0s1e7.7G398M6.7G 5%/var > > As you see there's 910MB free space in /tmp. Should be plenty to run the > weekly locate script? [...] What is the output of 'df -i /tmp'? -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Downgrading Ports
On 12/04/08 02:53, Marcel Grandemange wrote: >> Good Day Guys. >> >> Im wondering how can one downgrade ports? >> And I don't mean installed ports (portdowngrade) , I mean the actual >> ports system. >> >> I have found the freeradius2 port to be broken and can't install it >> therefore I would like to downgrade ports to try install an older version. >> >> >> Any advise? > >> See portdowngrade(1) -- it doesn't do what you think it does. Use it to > fetch an earlier version of the port and then reinstall it however you wish, > e.g. using portupgrade(1). > > > [EMAIL PROTECTED] /usr/ports/net/freeradius2]# portdowngrade freeradius2 > > portdowngrade 0.6 by Heiner Eichmann > Please note, that nothing is changed in the ports tree > unless it is explicitly permitted in step 6! > > Seeking port freeradius2 ... not found > [EMAIL PROTECTED] /usr/ports/net/freeradius2]# ls > Makefiledistinfofiles pkg-descr pkg-plist > work > > I have used portdowngrade successfully on ports already installed, but > doesn't work on a port not installed yet. > Am I doing something wrong? > The port name is 'freeradius' (without the trailing 2): $ sudo portdowngrade freeradius portdowngrade 0.6 by Heiner Eichmann Please note, that nothing is changed in the ports tree unless it is explicitly permitted in step 6! Seeking port freeradius ... Found several matches: 1: net/freeradius 2: net/freeradius-mysql 3: net/freeradius2 Please choose one: -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Downgrading Ports
On 12/04/08 01:25, Marcel Grandemange wrote: > Good Day Guys. > > Im wondering how can one downgrade ports? > And I don't mean installed ports (portdowngrade) , I mean the actual ports > system. > > I have found the freeradius2 port to be broken and can't install it > therefore I would like to downgrade ports to try install an older version. > > > Any advise? See portdowngrade(1) -- it doesn't do what you think it does. Use it to fetch an earlier version of the port and then reinstall it however you wish, e.g. using portupgrade(1). -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: best way to add patch to x11/slim-1.3.1
On 11/19/08 17:34, Fbsd1 wrote: > Greg Larkin wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Fbsd1 wrote: >>> On the developers website there is a patch i want to apply >>> >>> http://developer.berlios.de/patch/?func=detailpatch&patch_id=2283&group_id=2663 >>> >>> >>> >>> [ Patch #2283 ] Add a variable to run shutdown commands without root >>> pass. >>> >>> How can i get "make install" to apply this patch while compiling the >>> port? >>> >> >> Hi Fbsd1, >> >> Since you've already found a unified diff of the change that you want to >> incorporate into the port, you can submit a PR (problem report) using >> the form here: http://www.freebsd.org/send-pr.html. >> >> Just follow the instructions on that page, and your patch will be >> submitted to the PR system. The port maintainer reviews your PR, makes >> the necessary change and possibly updates the port's revision number. >> You then use portupgrade or some other means to install the new version >> of the port with the incorporated patch. >> >> Hope that helps, >> Greg >> - -- >> Greg Larkin >> > > I submitted PR like you suggested, But i am in need of more immediate > results. What changes to the port files do i need to make to get the > port to complie in the patch file? You should read the FreeBSD Porter's Handbook [1]. In particular, you'll probably be interested in section 4.4, "Patching" [2]. [1] http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/index.html [2] http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/slow-patch.html -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: preparing for an upgrade
On 11/18/08 21:43, Jeremy Chadwick wrote: [...] > You can only use it on 7.x if you add compatibility libraries and ensure > your kernel has COMPAT_FREEBSD6 in it. These libraries have given some > users trouble in the past; you will find most people advocate rebuilding > all ports from scratch (pkg_delete -af please) when upgrading between > major FreeBSD versions (e.g. 6.x -> 7.x). Is there a particular reason that you recommend using pkg_delete? I just did 'portupgrade -aRf' for my 6.2 -> 7.0 upgrades. -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
Re: Question on creating a video server
On 11/08/08 11:14, Sean Cavanaugh wrote: >> >> Has anyone done this with FreeBSD and open source >> software, and has recommendations on what hardware to get >o> and what software works with it? > > Look up MythTV. it's the opensource alternative to Windows Media Center > and has a lot of nice functionality. It is in FreeBSD ports too. Although MythTV is available in ports, there are significant disadvantages to running MythTV on FreeBSD. First, most TV tuner cards don't have corresponding FreeBSD kernel modules. Second, MythTV uses the Video4Linux API, which of course doesn't exist on FreeBSD -- instead, you hack the kernel to emulate V4L. Third, there is terribly limited LIRC (Linux Infrared Remote Control) support, and most people will want to use their remotes with their MythTV installations. I love FreeBSD, but running a PVR solution that is so closely tied to Linux (V4L, LIRC) is a bit of a hack. Don't get me wrong -- I tried it and discovered that the community has made significant progress towards getting it to work. But at the end of the day, I wanted a fully-functional PVR, not months of writing drivers and hacking V4L into the FreeBSD kernel. That's why I eventually made the decision to run MythTV on Linux, even though I'd *much* rather administer a machine running FreeBSD. -- Benjamin Lee signature.asc Description: OpenPGP digital signature
Re: Locked out of Root
On 10/22/08 19:55, APseudoUtopia wrote: > Hey, > > I have one user (other than root and the other system users) on my > box, and that user is _NOT_ in the wheel group. I also have root > logins disabled via SSH. This is a remote server and all I have is SSH > access. > > Is there any way that I can gain root? I know the root password and > everything, but I just can't get to it. The user is not in the wheel > group, and root login is disabled in SSH. > > Thanks for any help/advice. Login as the unprivileged user and run: $ su See su(1). -- Benjamin Lee signature.asc Description: OpenPGP digital signature
Re: updating a port with problems (libxml2)
On 10/17/08 01:01, Colin Brace wrote: > Hi all, > > I use portsnap to keep the port tree of my FreeBSD 7 box up to date. > According to portaudit, which I run nightly, there is a problem with the > current version of libxml2. So, as usual, I run "sudo portsnap fetch && > sudo portsnap update", and then: Note that 'portsnap fetch update' will accomplish the same thing. > $ cd /usr/ports/textproc/libxml2 > $ sudo make deinstall > $ sudo make reinstall clean > > But this last command results in an error: > > ===> libxml2-2.6.32 has known vulnerabilities: > => libxml2 -- two vulnerabilities. >Reference: > <http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html> > => Please update your ports tree and try again. > > It would appear that the port has not yet been updated. Is this some > temporary glitch? Otherwise, the approach I use is not very robust, since I > have now managed to deinstall a library upon which a dozen or so programs > depend. However, this is the first time this has happened. > > Comments, suggestions most welcome. To get libxml2 reinstalled before the port is bumped you'll want to try 'make -DDISABLE_VULNERABILITIES reinstall'. In general, it's easier to use portupgrade(1). See "Using the Ports Collection"[1] in the FreeBSD Handbook. [1] http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html -- Benjamin Lee signature.asc Description: OpenPGP digital signature
Re: Mailman + Apache + Cookies + FreeBSD
On 10/09/08 14:59, Grant Peel wrote: > Hi all, > > I am not a fan of cross posting, but, I have to make a exception in this > case as I can't seem to nail down whether its the software or OS causing > me the problem. > > Software: Apache 2.2, Python 2.5, Mailmain 2.1.11 > OS: FreeBSD 6.2 Release #0 > > Apache and Python were built from ports, Mailman was built from source. > > Problem: I can't stay logged into the Mailman web interface. Each time I > submit a form, I am logged out. When I do log in, If I look on my local > machine, I cant find a session cookie anywhere. It like is never set. > And the Mailman documentation clearly states that none of the changes > will be saved in that scenario. > > Question: are there any people out there who can point me in the right > direction? I assume that Python should be setting a cookie, but thats > just a guess ... could it be OS related? Is your Mailman web interface served over https? If so, you might want to check that DEFAULT_URL_PATTERN is set correctly in mm_cfg.py, for instance: DEFAULT_URL_PATTERN = 'https://%s/mailman/' -- Benjamin Lee signature.asc Description: OpenPGP digital signature