Re: ideas needed for password management
> However, I now have the problem of allowing users setting and > modifying their own passwords (perhaps even their usernames) without > giving them ssh access to the host. It will be a bit more tricky if you want them to be able to change their usernames and such, but it's possible to modify sshd to force a command for a specific group. For instance if you create a group 'passwdonly', add the users to it, and place a: Match Group passwdonly ForceCommand /usr/bin/passwd At the bottom of /etc/ssh/sshd_config it makes the only thing they can do when they SSH is to be able to change their password. If you have password authentication turned off you can turn it on for that specific group as well. You can also write a custom script to prompt them for what they wish to do, change their username and such and force that to be the command. > I set up a simple mail server on OpenBSD on a VPS, based on OpenSMTP > and Dovecot. The users will be the Unix users on the VPS for > simplicity. In this instance, if you wish to expose a web interface for changing of usernames and passwords, going with virtual users backed by a SQL database may be easier and less likely to compromise the host. I know you had mentioned not having a lot of experience in this area, but if it's a hobby the bit of programming involved may be fun. I hope this helps. -- Mitch Riedstra
Re: ideas needed for password management
Thank you Mitch for the ideas! Please see below: On 20/09/23 10:30PM, Mitchell Riedstra wrote: > > > However, I now have the problem of allowing users setting and > > modifying their own passwords (perhaps even their usernames) without > > giving them ssh access to the host. > > It will be a bit more tricky if you want them to be able to change > their usernames and such, but it's possible to modify sshd to force a > command for a specific group. > > For instance if you create a group 'passwdonly', add the users to it, > and place a: > > Match Group passwdonly > ForceCommand /usr/bin/passwd > > At the bottom of /etc/ssh/sshd_config it makes the only thing they can > do when they SSH is to be able to change their password. > > If you have password authentication turned off you can turn it on for > that specific group as well. > > You can also write a custom script to prompt them for what they wish to > do, change their username and such and force that to be the command. > I learned a lot from these few lines and I appreciate that. The users of this service will not know what ssh is and they will probably do most of the tasks by their smartphones. That's why I am guessign the web interface may be the most extreme they may tolerate, lol. > > > I set up a simple mail server on OpenBSD on a VPS, based on OpenSMTP > > and Dovecot. The users will be the Unix users on the VPS for > > simplicity. > > In this instance, if you wish to expose a web interface for changing > of usernames and passwords, going with virtual users backed by > a SQL database may be easier and less likely to compromise the host. > > I know you had mentioned not having a lot of experience in this area, > but if it's a hobby the bit of programming involved may be fun. It looks like I gotta do some reading to learn how to do this. I wonder if Rainloop would be simpler or more work. I guess I am a lazy hobbyist, lol! Thanks again for the brainstorming, I truly appreciate it. Hakan signature.asc Description: PGP signature
ideas needed for password management
Dear all, I set up a simple mail server on OpenBSD on a VPS, based on OpenSMTP and Dovecot. The users will be the Unix users on the VPS for simplicity. However, I now have the problem of allowing users setting and modifying their own passwords (perhaps even their usernames) without giving them ssh access to the host. I don't have technical background and training for this type of work; however, I love doing this, please be gentle with me. The mail server is a hobby that is intended for family and a few friends, and is not mission critical. I thought something like Webmin could work for this purpose, but without root access of course. However, I am not sure if such a tool exists. Any other ideas are welcome. Thank you so much in advance for your suggestions. Hakan
Re: UTF-8 problem with php-7.4
On Wed, Sep 23, 2020 at 09:11:44AM +0200, Boudewijn Dijkstra wrote: > Op Thu, 10 Sep 2020 04:01:30 +0200 schreef Bambero : > > Hi, > > > > It seems that perl regular expressions lost one polish letter (ą): > > https://www.compart.com/en/unicode/U+0105 > > > > I can see this problem only under OpenBSD 6.7 with php-7.4 (same version > > of php under linux is OK) > > > > Ex.: > > > > PHP 7.4.10 or 7.4.5 > > > int(1) // OK > > > > PHP 7.4.10 or 7.4.5 > > > int(0) // UPS??? > > > > PHP 7.3.21 > > > int(1) // OK > > > > PHP 7.3.21 > > > int(1) // OK > > > > Any ideas how to fix that? > > > > Regards, > > Bambero > > The same happens with any UTF-8 sequence that ends in 0x85. I guess (a part > of) PHP's PCRE code is not in UTF-8 mode, causing triggers on CHAR_NEL > (=0x85). I don't know a lot about PHP or the external PCRE library, but my guess would be that php is treating the string as bytes not characters. Can you try using the "u" (PCRE_UTF8) modifier? https://www.php.net/manual/en/reference.pcre.pattern.modifiers.php > for ($i = 0x75; $i <= 0x825; $i++) { > $u = mb_chr($i); > $str = 'dasw' . $u . 'zdas'; > $r = preg_match('/^.{5,64}$/', $str); > if ($r == 0) { > printf("%04x:", $i); > for ($j = 0; $j < strlen($u); $j++) { > $b = ord(substr($str, 4 + $j)); > printf(" %02x", $b); > } > printf(": %s\n", $str); > } > } > > > -- > Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/ >
Re: webcam fixes and changes in -current
On Aug 29 18:06:32, lau...@tratt.net wrote: > Lots of us have to use webcams more than we used to. There have been some > recent changes in OpenBSD support for webcams that some might find useful. > Most of the hard work was done by Marcus Glocker, with input from Ingo > Feinerer, sc.dying, and myself. Thanks to all! The uvideo on my old MacBook1,1 (dmesg below) is back, for instance. It attaches in a strange way on boot: uvideo0 at uhub0 port 4 configuration 1 interface 0 "Apple Computer Bluetooth" rev 2.00/0.0c addr 2 uvideo0 detached uvideo0 at uhub0 port 4 configuration 1 interface 0 "Micron Built-in iSight" rev 2.00/1.84 addr 2 video0 at uvideo0 Does the device attach as bluetooth first, and the kernel later decides it is a camera? This is how it used to work on these macbooks for me, and it got broken some weeks ago; now video(4) is back. $ video -q video device /dev/video: encodings: uyvy frame sizes (width x height, in pixels) and rates (in frames per second): 320x240: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30 352x288: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30 640x480: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30 controls: brightness, saturation, gamma, sharpness The repetition of the 30 (fps) seems strange - perhaps there is some quirk in getting the list of the camera's supported frame rates. $ video -c video: VIDIOC_G_CTRL: Invalid argument brightness=63 saturation=5 gamma=100 sharpness=3 Capturing doesn't work though: $ video -v video device /dev/video: encodings: uyvy frame sizes (width x height, in pixels) and rates (in frames per second): 320x240: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30 352x288: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30 640x480: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30 controls: brightness, saturation, gamma, sharpness Xv adaptor 0, Intel(R) Textured Video: encodings: yuy2, uyvy, yv12 max size: 1280x800 using uyvy encoding using frame size 640x480 (614400 bytes) using default frame rate video: VIDIOC_G_CTRL: Invalid argument video: ioctl VIDIOC_DQBUF: Invalid argument The first error shows immediately after start, the camera led lights up, and a black rectangle is shown; after a few seconds, video(1) emits the second message and exits with an exit value of 1. Jan OpenBSD 6.8-beta (GENERIC.MP) #0: Wed Sep 23 13:07:51 CEST 2020 h...@mb32.stare.cz:/usr/src/sys/arch/i386/compile/GENERIC.MP real mem = 2113323008 (2015MB) avail mem = 2058436608 (1963MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 07/29/05, SMBIOS rev. 2.4 @ 0xe7490 (36 entries) bios0: vendor Apple Computer, Inc. version "MB11.88Z.0061.B03.0610121324" date 10/12/06 bios0: Apple Computer, Inc. MacBook1,1 acpi0 at bios0: ACPI 3.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpi0: wakeup devices ADP1(S3) LID0(S3) PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB7(S3) EC__(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Genuine Intel(R) CPU T2500 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz, 06-0e-08 cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU T2500 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz, 06-0e-08 cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (PCIB) acpisbs0 at acpi0: SBS0 model "ASMB016" serial 35580 type LION oem "DP" acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: LID0 "APP0002" at acpi0 not configured acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB "PNP0A08" at acpi0 not configured asmc0 at acpi0:
Re: [www] OpenBGPD: wrong release date for 6.7p0
On 2020-09-23, Alex Naumov wrote: > Hi, > there is a typo on the ftp.html page. > OpenBGPD 6.7p0 was released in 2020, not 2019. > > Cheers, > Alex > Thanks, fixed.
Re: UTF-8 problem with php-7.4
Op Thu, 10 Sep 2020 04:01:30 +0200 schreef Bambero : Hi, It seems that perl regular expressions lost one polish letter (ą): https://www.compart.com/en/unicode/U+0105 I can see this problem only under OpenBSD 6.7 with php-7.4 (same version of php under linux is OK) Ex.: PHP 7.4.10 or 7.4.5 The same happens with any UTF-8 sequence that ends in 0x85. I guess (a part of) PHP's PCRE code is not in UTF-8 mode, causing triggers on CHAR_NEL (=0x85). for ($i = 0x75; $i <= 0x825; $i++) { $u = mb_chr($i); $str = 'dasw' . $u . 'zdas'; $r = preg_match('/^.{5,64}$/', $str); if ($r == 0) { printf("%04x:", $i); for ($j = 0; $j < strlen($u); $j++) { $b = ord(substr($str, 4 + $j)); printf(" %02x", $b); } printf(": %s\n", $str); } } -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: OpenDNSSEC signer engine: Bus error: How to get debug information?
Hi All, By the way, I just wanted to say how great this is. I have problem, I ask for help, I get (good) help. With relative easy I can build the necessary debugging tool and use it to find out that the OS has helped to identify a problem in the application. Pretty nice and not necessarily my everyday experience in IT. Thanks again. Cheers, Robb.
[www] OpenBGPD: wrong release date for 6.7p0
Hi, there is a typo on the ftp.html page. OpenBGPD 6.7p0 was released in 2020, not 2019. Cheers, Alex
Re: Nextcloud large file downloads fail (httpd, postgresql, php7.3)
On 2020-09-22, Unicorn wrote: > Hello, > > I have been encoutering this issue on several machines and have not > been able to locate the cause even after days worth of searching, let > alone find a solution (although I tried many things). It would be a good start to narrow down whether the problem occurs in httpd or nextcloud/php - maybe try apache-httpd or nginx to do this?