A question on syntax in /etc/login.conf
On the page http://www.se.freebsd.org/doc/en_US.ISO8859-1/books/handbook/using-localization.html Syntax is shown as: language_name:accounts_title:\ :charset=MIME_charset:\ :lang=locale_name:\ :tc=default: If I look in the file on a newly installed 8.0-RELEASE it shows: russian|Russian Users Accounts:\ :charset=KOI8-R:\ :lang=ru_RU.KOI8-R:\ :tc=default: Is it the colon or pipe sign that is correct? /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A question on syntax in /etc/login.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/02/2010 11:00, Leslie Jensen wrote: On the page http://www.se.freebsd.org/doc/en_US.ISO8859-1/books/handbook/using-localization.html Syntax is shown as: language_name:accounts_title:\ :charset=MIME_charset:\ :lang=locale_name:\ :tc=default: If I look in the file on a newly installed 8.0-RELEASE it shows: russian|Russian Users Accounts:\ :charset=KOI8-R:\ :lang=ru_RU.KOI8-R:\ :tc=default: Is it the colon or pipe sign that is correct? Probably the latter. The '|' symbol is used when there are several alternative names for the same object -- this is not used much in /etc/login.conf, unlike /etc/termcap. By convention, the last name in a list of alternates like this is a comment rather than a tag for actual use. See getcap(3) for details. The first entry is syntactically correct -- 'accounts_title' would be a boolean value (set to true if present, false if absent) -- but the login.conf man page knows nothing of 'accounts_title' and it's a funny name for a boolean. So I guess that's likely to be a typo in the handbook. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktmxgYACgkQ8Mjk52CukIz/bwCcCS1qvkaNJyAaXCEUZA/s+6Nd gsYAn08d8pD7sWTfNh1OGfa3OheejcRj =ERMH -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A question on syntax in /etc/login.conf
... Is it the colon or pipe sign that is correct? /Leslie The answer is clearly set forth in login.conf(5): Records in a class capabilities database consist of a number of colon- separated fields. The first entry for each record gives one or more names that a record is to be known by, each separated by a '|' character. The first name is the most common abbreviation. The last name given should be a long name that is more descriptive of the capability entry, and all others are synonyms. All names but the last should be in lower case and contain no blanks; the last name may contain upper case charac- ters and blanks for readability. Note that since a colon (`:') is used to separate capability entries, a `\c' escape sequence must be used to embed a literal colon in the value or name of a capability. When in doubt, look for a manpage (first). b. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A question on syntax in /etc/login.conf
#secure method=pgpmime mode=sign On Mon, 01 Feb 2010 12:00:59 +0100, Leslie Jensen les...@eskk.nu wrote: On the page http://www.se.freebsd.org/doc/en_US.ISO8859-1/books/handbook/using-localization.html Syntax is shown as: language_name:accounts_title:\ :charset=MIME_charset:\ :lang=locale_name:\ :tc=default: If I look in the file on a newly installed 8.0-RELEASE it shows: russian|Russian Users Accounts:\ :charset=KOI8-R:\ :lang=ru_RU.KOI8-R:\ :tc=default: Is it the colon or pipe sign that is correct? On Mon, 01 Feb 2010 12:16:06 +, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: Probably the latter. The '|' symbol is used when there are several alternative names for the same object -- this is not used much in /etc/login.conf, unlike /etc/termcap. By convention, the last name in a list of alternates like this is a comment rather than a tag for actual use. See getcap(3) for details. The first entry is syntactically correct -- 'accounts_title' would be a boolean value (set to true if present, false if absent) -- but the login.conf man page knows nothing of 'accounts_title' and it's a funny name for a boolean. So I guess that's likely to be a typo in the handbook. Yes, this is a typo in the Handbook. I just committed a fix for the typo in revision 1.132 of doc/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml revision 1.132 date: 2010/02/01 12:52:51; author: keramida; state: Exp; lines: +2 -2 Fix typo in login.conf example. The aliases for login.conf entries are separated by the main name with a pipe '|', and there is no support for an accounts_type key in the database. Use a whitespace-separated name in the example, to indicate that it's ok to have spaces in login.conf entry aliases. Noticed by: Leslie Jensen, leslie at eskk.nu, Matthew Seaman, m.seaman at infracaninophile.co.uk Thanks for bringing this to our attention :) pgpKvTRasllSK.pgp Description: PGP signature
/etc/login.conf
how can i put in setenv= definition a : character? for example i would like to set enviroment variable a to b:c in login.conf thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /etc/login.conf
On 6/6/09, Wojciech Puchar woj...@wojtek.tensor.gdynia.pl wrote: how can i put in setenv= definition a : character? for example i would like to set enviroment variable a to b:c in login.conf It's documented in login.conf manual. -- Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /etc/login.conf
for example i would like to set enviroment variable a to b:c in login.conf It's documented in login.conf manual. indeed i missed that. Note that since a colon (`:') is used to separate capability entries, a `\c' escape sequence must be used to embed a literal colon in the value or name of a capability. thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
MD5 vs. SHA1: hashed passwords in /etc/master.passwd - can we configure SHA1 as default in /etc/login.conf?
MD5 seems to be compromised by potential collision attacks. So I tried to figure out how I can use another hash for security purposes when hashing passwords for local users on a FreeBSD 7/8 box, like root or local box administration. Looking at man login.conf reveals only three possible hash algorithms selectable: md5 (recommended), des and blf. Changing /etc/login.conf's tag default:\ :passwd_format=sha1:\ followed by a obligatory cap_mkdb seems to do something - changing root's password results in different hashes when selecting different hash algorithms like des, md5, sha1, blf or even sha256. Well, I never digged deep enough into the source code to reveal the magic and truth, so I will ask here for some help. Is it possible to change the md5-algorithm by default towards sha1 as recommended after the md5-collisions has been published? Thanks in advance, Oliver ---BeginMessage--- MD5 seems to be compromised by potential collision attacks. So I tried to figure out how I can use another hash for security purposes when hashing passwords for local users on a FreeBSD 7/8 box, like root or local box administration. Looking at man login.conf reveals only three possible hash algorithms selectable: md5 (recommended), des and blf. Changing /etc/login.conf's tag default:\ :passwd_format=sha1:\ followed by a obligatory cap_mkdb seems to do something - changing root's password results in different hashes when selecting different hash algorithms like des, md5, sha1, blf or even sha256. Well, I never digged deep enough into the source code to reveal the magic and truth, so I will ask here for some help. Is it possible to change the md5-algorithm by default towards sha1 as recommended after the md5-collisions has been published? Thanks in advance, Oliver ---End Message--- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: _security_path: cannot stat /etc/login.conf:
Vanik abazyan wrote: Help pls FreeBSD 5.3 sshd _security_path: cannot stat /etc/login.conf: 1st: Please include a descriptive subject - even if it's the same line as the body. 2nd: Do you have that file? What are the permissions? What action are you trying to do? Are there other information in the log files? Has it worked before? Have you installed other software or upgraded your system? Have you modified said files? etc. Please provide usefull information that will enable others to help you. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Limiting Filesizes with /etc/login.conf
Hi, Thanks, I have subscribed to the -questions mailling list. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lowell Gilbert Sent: 18 May 2005 20:16 To: James Tucker; [EMAIL PROTECTED] Subject: Re: Limiting Filesizes with /etc/login.conf This has nothing to do with filesystems, so I redirected the message to -questions. [EMAIL PROTECTED] (James Tucker) writes: I have been trying to set max file size limits for class of users on my system. I have tried to setup a specific class for this purpose and while it cap_mkdb's with no error messages when I copy files over to the users directory I find that I can upload files of any size! The process filesize limit affects how big a file the user can *create*, not how large a file she can *own*. If you want to limit the latter, you use disk quotas. [There is a section on them in the FreeBSD Handbook.] Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Limiting Filesizes with /etc/login.conf
Yes, your reply does answer my question, quota'ing does seem to be a solution but I don't want to restrict from users for possessing multiples of 10MB files. I have already implemented quota's to prevent them from taking up more than their designated home dir space, although it didn't seem, from what I have read, that is possible to do much else with the quotas? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lowell Gilbert Sent: 19 May 2005 14:16 To: James Tucker Subject: Re: Limiting Filesizes with /etc/login.conf James Tucker [EMAIL PROTECTED] writes: Thanks, I have subscribed to the -questions mailling list. The convention on that list is to copy the sender on everything, so you can ask questions without being subscribed. [The reverse of most other mailing lists, but -questions exists specifically to act as a tech support forum. I *think* my answer was probably what you needed, though; if I guessed wrong about what you're trying to do, you'll need to provide more information. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lowell Gilbert Sent: 18 May 2005 20:16 To: James Tucker; [EMAIL PROTECTED] Subject: Re: Limiting Filesizes with /etc/login.conf This has nothing to do with filesystems, so I redirected the message to -questions. [EMAIL PROTECTED] (James Tucker) writes: I have been trying to set max file size limits for class of users on my system. I have tried to setup a specific class for this purpose and while it cap_mkdb's with no error messages when I copy files over to the users directory I find that I can upload files of any size! The process filesize limit affects how big a file the user can *create*, not how large a file she can *own*. If you want to limit the latter, you use disk quotas. [There is a section on them in the FreeBSD Handbook.] Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Limiting Filesizes with /etc/login.conf
James Tucker wrote: Yes, your reply does answer my question, quota'ing does seem to be a solution but I don't want to restrict from users for possessing multiples of 10MB files. I have already implemented quota's to prevent them from taking up more than their designated home dir space, although it didn't seem, from what I have read, that is possible to do much else with the quotas? Then you'll have to do what syadmins have been doing since time immemorial: write your own script. Find over the filesystems you care about looking for files which the parameters you care about. Send mail when you find something, or be nasty and delete the file or whatever. Run it from cron as often as you deem necessary. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Limiting Filesizes with /etc/login.conf
This has nothing to do with filesystems, so I redirected the message to -questions. [EMAIL PROTECTED] (James Tucker) writes: I have been trying to set max file size limits for class of users on my system. I have tried to setup a specific class for this purpose and while it cap_mkdb's with no error messages when I copy files over to the users directory I find that I can upload files of any size! The process filesize limit affects how big a file the user can *create*, not how large a file she can *own*. If you want to limit the latter, you use disk quotas. [There is a section on them in the FreeBSD Handbook.] Good luck. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Changes to /etc/login.conf ignored
Hi, I'm seeing somewhat strange behavior in my 4.9 System: Seems like any changes I make to /etc/login.conf get silently ignored. Here's what I've done: I wanted to set an environment varialbe LC_CTYPE in /etc/login.conf like this :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES,LC_CTYPE=de_AT.ISO8859 +-1:\ Then I did a # cap_mkdb -v /etc/login.conf cap_mkdb: 9 capability records # but for any user logging in LC_CTYPE isn't set. Next I tried to set some abitrary env-variable in /etc/login.conf - again that variable is not set - for none of the users. As a last test I changed the original setenv-line in /etc/login.conf to list FTP_PASSIVE_MODE=NO instead of the original YES - again upon login every user still has passive-mode YES. Just to be sure I even renamed/moved any shell-init files of the users out of the way, including ~/.login_conf - didn't change a thing either. Every change I make to /etc/login.conf gets silently ignored... Thanks in advance for any clue, -ewald ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Changes to /etc/login.conf ignored
On Fri, Nov 21, 2003 at 12:07:22PM +0100, [EMAIL PROTECTED] wrote: Seems like any changes I make to /etc/login.conf get silently ignored. As I understand it, login.conf is used to set capabilities on a per user class basis to restrict the environment of classes of users - ie restricting the ttys users can login on, the max size of core dump files, maximum memory available to them, max number of processes allowed and so on. Perhaps /etc/csh.cshrc would be a better place to do what you're trying to do or better in a resource file that's read by all shells when a user logs in (global .profile file?)? -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/etc/login.conf password formatting
Please send replies directly to me as I do not have time to check the list as often as I would like.. Currently, it appears that some passwords on my system are DES, most are MD5. I found the following below recently, a suggestion to switch to blowfish. I am down with that! If I change the following (as shown below) in /etc/login.conf, will the system still decrypt the old DES and MD5 entries, ie. nothing will break in this regard? :passwd_format=blf:\ # change the password encryption to Blowfish instead of the default md5 Thanks, Kris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /etc/login.conf password formatting
On Tue, Jul 15, 2003 at 12:20:18PM -0500, Kris Yates wrote: Please send replies directly to me as I do not have time to check the list as often as I would like.. Currently, it appears that some passwords on my system are DES, most are MD5. I found the following below recently, a suggestion to switch to blowfish. I am down with that! If I change the following (as shown below) in /etc/login.conf, will the system still decrypt the old DES and MD5 entries, ie. nothing will break in this regard? :passwd_format=blf:\ Correct, but don't forget to rebuild the capability database afterwards as mentioned at the top of /etc/login.conf. Also, for completeness, you should also change the crypt_default line in /etc/auth.conf to read: crypt_default = blf md5 des Ceri -- User: DO YOU ACCEPT JESUS CHRIST AS YOUR PERSONAL LORD AND SAVIOR? Iniaes: Sure, I can accept all forms of payment. -- www.chatterboxchallenge.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: something@ in /etc/login.conf
Zheyu Shen [EMAIL PROTECTED] writes: this weekend when i was editing /etc/login.conf i noticed a @ behind a few of the sample entrys, e.g.: [...] reading the corresponding man page i could not find out what it means or how it is used. it seems to substitute a whole lot of limit types ('size', time' ...). Can please someone explain it to me? man 3 getcap ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
someting@ in /etc/login.conf
dear list this weekend when i edited /etc/login.conf i noticed a few sample entries like: :requirehome@:\ (line 102) :ignoretime@:\ (line 131) :accounted@:\ (line 158) ... reading the corresponding manpage i could not find out what it mean or how it is used. it seems to substitute a lot of limit types (size, bool, ...). could someone explain it to me? thanks! zheyu -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
something@ in /etc/login.conf
hello list, this weekend when i was editing /etc/login.conf i noticed a @ behind a few of the sample entrys, e.g.: :requirehome@:\ (line 102) :ignoretime@:\(line 131) :accounted@:\ (line 158) :passwordtime@:\ (line 248) :refreshtime@:\ (line 249) :refreshperiode@:\(line 250) :sessiolimit@:\ (line 251) ... reading the corresponding man page i could not find out what it means or how it is used. it seems to substitute a whole lot of limit types ('size', time' ...). Can please someone explain it to me? Thanks! Zheyu ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]