Re: sshd - time out idle connections
On Fri, 3 May 2013 17:22:04 +0200, Fleuriot Damien wrote: > Allow me to add a bit of context here. > > > We're wrapping things up to obtain the PCI DSS certification which > is awarded for running through a long and annoying series of hoops. > This certification is rather important to our business so like it > or not, we have to play along. I'm familiar with this stupid concept. They are forcing you to fiddle with things that work fine as it is, just to get a sheet of shiny paper. After all, this sheet of paper allows you to raise your prices. :-) > Allowing the use of screen defeats the purpose of logging out idle > connections, I don't think we're going to pass this specific > requirement if we let users run screen. What _defines_ an idle connection? Let's say a user logs in via SSH and leaves the session untouched. Idle for 5 minutes? True. Disconnect. But what about this? After logging in, the user starts some program, maybe something like top, mc (Midnight Commander) or pine. Is this also considered idle? Is idle tied to "keystrokes received on the other end", or more like "data send to the client"? Is one sufficient, or are both required, to consider a connection "not idle", therefor not disconnecting it? What about batch processes? Can a user log in, submit a batch job, and then leave, while his batch job starts to run 10 minutes later (and finishes after 30 minutes)? Does the oh so holy specification for the glorious certification say anything about it, something you could incorporate into the concept and _then_ come up with an idea for implementation? The only chance to _really_ comply with the "certification rule" and therefor defeat any countermeasures possibly taken by users (tmux, screen, detach et al.) is to disconnect _any_ connection regardless of what the user is doing, killing all additional background processes and "at"-timed commands. Does this stop users from being idle more than 5 minutes? Sure, but it also STOPS THEM FOR DOING ACTUAL WORK, depending on how they use their SSH connections for that! However, the most excellent certification does not take that into mind, so why should you? ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: sshd - time out idle connections
On 5/3/2013 10:05 AM, Fleuriot Damien wrote: Thanks for your response Markham, I'm afraid labor law is much too protective here for us to be able to "educate" users in this way;) Your idea to run a cron job every X minutes has merit though, I'll try and check into that ! If labor law's stopping you, what does the law say about security/privacy breaches because someone stole a laptop that was still connected to your server? Run a cron job, and kill any ssh process that's lasted longer than five minutes, ignore what's being ran. Also kill any detached process by that user. If you must do something, you probably have sudo rights to pause cron. Why are you allowing ssh if you're not letting it be usable? I might also look into the annoyance of having a different authentication method just for ssh, setting it's pam config to be different than other services. If everything else uses kerberos, have ssh just use unix and not kerberos. It seems like a simple way to further limit access. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: update from apache22 to apache24
Ryan Frederick writes: > The Apache site has documentation on upgrading from 2.2 to 2.4 -- > http://httpd.apache.org/docs/2.4/upgrading.html > > The main change for me was the new allow/deny syntax. > > I've updated almost all of my Apache installs from 2.2 to 2.4 with no > issues. Lucky you. I've just been making the change. In addition to the allow/deny syntax, the biggest change is some old modules disappear and new ones need to be added. Unfortunately I'm now getting this: Performing sanity check on apache24 configuration: Syntax OK Starting apache24. /usr/local/etc/rc.d/apache24: WARNING: failed to start apache24 and none of the usual suspects have additional information. (Anyone want to take a shot at this? :-) Respectfully, Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: pkg question
On 03/05/2013 21:26, Walter Hurry wrote: > Quoting from /usr/ports/UPDATING: > > 20130502: > AFFECTS: users of ports-mgmt/pkg, ports-mgmt/poudriere, ports-mgmt/ > tinderbox > AUTHOR: bdrew...@freebsd.org > > This only affects people who are _building_ binary packages for pkgng. If > you are building from ports please ignore this. This step is optional. > > It is recommended to rebuild all packages and then have your users run > 'pkg check -Ba' and 'pkg upgrade' on their servers once. This will allow > the new shlib tracking to reinstall packages that have changed shlib > requirements. > > Does 'rebuild all packages' mean we have to recompile from scratch, or > merely do a 'pkg create' for each? If you have packages installed, but without shlib info in the database, then you can: pkg upgrade or whatever, to get pkg-1.0.12 installed pkg check -Ba -- scans everything you have installed and adds the SHLIB info to your local database pkg create -a -o /usr/ports/packages/ -- create pkg tarballs (including shlib info) out of everything known in your local database. pkg repo -f /usr/ports/packages -- build a repo out of those package tarballs. However, this only works for what you have installed on that one machine, which is generally a sub-set of what you'ld like to have in a pkg repo. To build a more comprehensive set of packages as you'ld normally find in a repo, it's cleanest to just tell poudriere or tinderbox to build everything again from scratch. Timeconsuming, but you end up with a consistent repository fully populated with all the SHLIBS info you could want. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matt...@infracaninophile.co.uk signature.asc Description: OpenPGP digital signature
Re: update from apache22 to apache24
The Apache site has documentation on upgrading from 2.2 to 2.4 -- http://httpd.apache.org/docs/2.4/upgrading.html The main change for me was the new allow/deny syntax. I've updated almost all of my Apache installs from 2.2 to 2.4 with no issues. The only installs I haven't updated yet are those using mod_evasive, since it's currently broken with 2.4 Ryan On 05/03/2013 09:47 AM, Jerry wrote: I was just wondering if anyone had updated from apache22 to apache24. Specifically, are there any problems to be overcome? Does the existing httpd.conf file work with the apache24 branch. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
pkg question
Quoting from /usr/ports/UPDATING: 20130502: AFFECTS: users of ports-mgmt/pkg, ports-mgmt/poudriere, ports-mgmt/ tinderbox AUTHOR: bdrew...@freebsd.org This only affects people who are _building_ binary packages for pkgng. If you are building from ports please ignore this. This step is optional. It is recommended to rebuild all packages and then have your users run 'pkg check -Ba' and 'pkg upgrade' on their servers once. This will allow the new shlib tracking to reinstall packages that have changed shlib requirements. Does 'rebuild all packages' mean we have to recompile from scratch, or merely do a 'pkg create' for each? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: update from apache22 to apache24
On May 3, 2013, at 10:47 AM, Jerry wrote: > I was just wondering if anyone had updated from apache22 to apache24. > Specifically, are there any problems to be overcome? Does the existing > httpd.conf file work with the apache24 branch. There are some changes. I was not upgrading from 22 to 24, but as part of building a new server to do the same task went from 22 to 24. The "allow/deny" syntax has changed, I'm sure there are others. -- Paul Kraus Deputy Technical Director, LoneStarCon 3 Sound Coordinator, Schenectady Light Opera Company ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: update from apache22 to apache24
On 03/05/2013 15:47, Jerry wrote: > I was just wondering if anyone had updated from apache22 to apache24. > Specifically, are there any problems to be overcome? Does the existing > httpd.conf file work with the apache24 branch. httpd.conf might or might not work -- there are some incompatible changes. For example: Options -all (2.2) should become: Options none (2.4) If you use on-the-fly compression: the syntax of FilterProvider is different now. That's just two examples I've heard about. Probably the best thing to do is grab yourself a jail or a VM somewhere, install apache-2.4 and keep configtest'ing and fixing your conf until you have something that works, and that you can put on your live system when you upgrade. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: Restarting exports disturbs clients
Actually, changes to /etc/exports under FreeBSD take effect when you either kill -HUP mountd.pid or /etc/rc.d/mountd reload|restart on the nfs server, but both disrupt existing mounted shares on the nfs client. What we are looking for is an equivalent of exportfs -r under Linux. Is that available under FreeBSD? Thanks. -- mohan -- On Fri, 3 May 2013, Daniel Feenberg wrote: On Fri, 3 May 2013, Graham Allan wrote: On Fri, May 03, 2013 at 02:08:26PM +0200, Bernt Hansson wrote: 2013-05-03 12:49, Daniel Feenberg skrev: When we change the exportfs file on our FreeBSD 9.1 fileserver: kill -HUP `cat /var/run/mountd.pid` That seems a bit harsh, try /etc/rc.d/nfsd restart or /etc/nfsserver restart. Sending SIGHUP to mountd has always been the right way to have it reread the exports file - should really be much less disruptive than restarting the service. We have tried both and both disruptive NFS clients. dan feenberg Graham -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Restarting exports disturbs clients
On Fri, 3 May 2013, Graham Allan wrote: On Fri, May 03, 2013 at 02:08:26PM +0200, Bernt Hansson wrote: 2013-05-03 12:49, Daniel Feenberg skrev: When we change the exportfs file on our FreeBSD 9.1 fileserver: kill -HUP `cat /var/run/mountd.pid` That seems a bit harsh, try /etc/rc.d/nfsd restart or /etc/nfsserver restart. Sending SIGHUP to mountd has always been the right way to have it reread the exports file - should really be much less disruptive than restarting the service. We have tried both and both disruptive NFS clients. dan feenberg Graham -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Restarting exports disturbs clients
On Fri, May 03, 2013 at 02:08:26PM +0200, Bernt Hansson wrote: > 2013-05-03 12:49, Daniel Feenberg skrev: > > > >When we change the exportfs file on our FreeBSD 9.1 fileserver: > > > > kill -HUP `cat /var/run/mountd.pid` > > That seems a bit harsh, try /etc/rc.d/nfsd restart or > /etc/nfsserver restart. Sending SIGHUP to mountd has always been the right way to have it reread the exports file - should really be much less disruptive than restarting the service. Graham -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: sshd - time out idle connections
Firing people for violating the 5 minute rule seems a tad extreme. If there is indeed a company policy regarding the 5 minute idle window you and you intend to roll forward with a connection kill script then also make screen or tmux available. In my experience people tend to be more accepting of connection outages if they can reconnect to where the were when they were last on. Regards, Mikel King BSD News _ From: Fleuriot Damien [mailto:m...@my.gd] To: FreeBSD questions [mailto:freebsd-questions@freebsd.org] Sent: Fri, 03 May 2013 10:28:31 -0400 Subject: sshd - time out idle connections Hello list, I'm facing this unusual demand at work where we need to time out idle SSH connections for security purposes. I've checked the following options from sshd_config but none seems to fit my needs : TCPKeepAlive ClientAliveCountMax ClientAliveInterval Basically, I'm trying to defeat the use of the following client-side option: ServerAliveInterval 5 I'm afraid all I've hit now is dead ends. Has anyone ever had the same requirements before and, perhaps, found a solution to this ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: sshd - time out idle connections
On 05/03/13 15:28, Fleuriot Damien wrote: Hello list, I'm facing this unusual demand at work where we need to time out idle SSH connections for security purposes. I've checked the following options from sshd_config but none seems to fit my needs : TCPKeepAlive ClientAliveCountMax ClientAliveInterval Basically, I'm trying to defeat the use of the following client-side option: ServerAliveInterval 5 I'm afraid all I've hit now is dead ends. Has anyone ever had the same requirements before and, perhaps, found a solution to this ? There's an idletime parameter in login.conf which will log out idle users. Normally sshd bypasses login, but the sshd config parameter UseLogin can change that, although it disables X11Forwarding. Note: this is all from a quick perusal of the source and manuals, I've not done it myself. -- In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a new race of servants. Called Uruk-Oh-Hai in the Black Speech, they were cruel and delighted in torturing spelling and grammar. _Lord of the Rings 2.0, the Web Edition_ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: sshd - time out idle connections
On May 3, 2013, at 5:16 PM, Arthur Chance wrote: > On 05/03/13 15:28, Fleuriot Damien wrote: >> Hello list, >> >> >> >> I'm facing this unusual demand at work where we need to time out idle SSH >> connections for security purposes. >> >> I've checked the following options from sshd_config but none seems to fit my >> needs : >> TCPKeepAlive >> ClientAliveCountMax >> ClientAliveInterval >> >> >> Basically, I'm trying to defeat the use of the following client-side option: >> ServerAliveInterval 5 >> >> >> I'm afraid all I've hit now is dead ends. >> >> >> Has anyone ever had the same requirements before and, perhaps, found a >> solution to this ? > > There's an idletime parameter in login.conf which will log out idle users. > Normally sshd bypasses login, but the sshd config parameter UseLogin can > change that, although it disables X11Forwarding. > > Note: this is all from a quick perusal of the source and manuals, I've not > done it myself. > > -- > In the dungeons of Mordor, Sauron bred Orcs with LOLcats to create a > new race of servants. Called Uruk-Oh-Hai in the Black Speech, they > were cruel and delighted in torturing spelling and grammar. > > _Lord of the Rings 2.0, the Web Edition_ I've already tried using login.conf 's idle timeout option and was sad indeed that it didn't apply to SSH connections. It never occured to me that UseLogin might be involved there… I'll have a look at it as well, thanks for your help Arthur. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: sshd - time out idle connections
Allow me to add a bit of context here. We're wrapping things up to obtain the PCI DSS certification which is awarded for running through a long and annoying series of hoops. This certification is rather important to our business so like it or not, we have to play along. Allowing the use of screen defeats the purpose of logging out idle connections, I don't think we're going to pass this specific requirement if we let users run screen. On May 3, 2013, at 5:18 PM, "Mikel King" wrote: > Firing people for violating the 5 minute rule seems a tad extreme. If there > is indeed a company policy regarding the 5 minute idle window you and you > intend to roll forward with a connection kill script then also make screen or > tmux available. In my experience people tend to be more accepting of > connection outages if they can reconnect to where the were when they were > last on. > > Regards, > Mikel King > BSD News > > > From: Fleuriot Damien [mailto:m...@my.gd] > To: FreeBSD questions [mailto:freebsd-questions@freebsd.org] > Sent: Fri, 03 May 2013 10:28:31 -0400 > Subject: sshd - time out idle connections > > Hello list, > > > > I'm facing this unusual demand at work where we need to time out idle SSH > connections for security purposes. > > I've checked the following options from sshd_config but none seems to fit my > needs : > TCPKeepAlive > ClientAliveCountMax > ClientAliveInterval > > > Basically, I'm trying to defeat the use of the following client-side option: > ServerAliveInterval 5 > > > I'm afraid all I've hit now is dead ends. > > > Has anyone ever had the same requirements before and, perhaps, found a > solution to this ? > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
SparkleShare
Hi Guys, Did any of you give a try with SparkleShare (http://sparkleshare.org/)? If yes, is it working good? Are there any special requirements? Do you like it better than OwnCloud? Laci ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: sshd - time out idle connections
Thanks for your response Markham, I'm afraid labor law is much too protective here for us to be able to "educate" users in this way ;) Your idea to run a cron job every X minutes has merit though, I'll try and check into that ! On May 3, 2013, at 4:51 PM, markham breitbach wrote: > Depending on the shell you are using, you may be able to set that to > auto-logout, or you > could set a cron job to run every 5 minutes and terminate tty's with > 5min > idle time. > > Honestly though, you will rarely find a good technical solution to a social > problem--there's always a work-around--and this is a social problem. If > there is a > company security policy stating that ssh sessions are not to be left idling > > 5 min, then > make sure everyone is aware of this policy and start handing out pink slips > to people that > violate it. > > -M > > > On 13-05-03 8:28 AM, Fleuriot Damien wrote: >> Hello list, >> >> >> >> I'm facing this unusual demand at work where we need to time out idle SSH >> connections for security purposes. >> >> I've checked the following options from sshd_config but none seems to fit my >> needs : >> TCPKeepAlive >> ClientAliveCountMax >> ClientAliveInterval >> >> >> Basically, I'm trying to defeat the use of the following client-side option: >> ServerAliveInterval 5 >> >> >> I'm afraid all I've hit now is dead ends. >> >> >> Has anyone ever had the same requirements before and, perhaps, found a >> solution to this ? >> >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: sshd - time out idle connections
Depending on the shell you are using, you may be able to set that to auto-logout, or you could set a cron job to run every 5 minutes and terminate tty's with > 5min idle time. Honestly though, you will rarely find a good technical solution to a social problem--there's always a work-around--and this is a social problem. If there is a company security policy stating that ssh sessions are not to be left idling > 5 min, then make sure everyone is aware of this policy and start handing out pink slips to people that violate it. -M On 13-05-03 8:28 AM, Fleuriot Damien wrote: > Hello list, > > > > I'm facing this unusual demand at work where we need to time out idle SSH > connections for security purposes. > > I've checked the following options from sshd_config but none seems to fit my > needs : > TCPKeepAlive > ClientAliveCountMax > ClientAliveInterval > > > Basically, I'm trying to defeat the use of the following client-side option: > ServerAliveInterval 5 > > > I'm afraid all I've hit now is dead ends. > > > Has anyone ever had the same requirements before and, perhaps, found a > solution to this ? > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
update from apache22 to apache24
I was just wondering if anyone had updated from apache22 to apache24. Specifically, are there any problems to be overcome? Does the existing httpd.conf file work with the apache24 branch. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: which X driver for NVIDIA Quadro FX 570M?
t61 is LEGO computer actually http://www.thinkwiki.org/wiki/Category:T61 Now you have to upgrade it :) 1) 15.4" 1920x1200 (WUXGA) widescreen 2) 8GB RAM 3) SSD 4) WIFI .../n adapter if you are sitting on HEAD I did only first and third and planning to put 8G RAM. On Mon, 2013-02-11 at 10:41 +, Anton Shterenlikht wrote: > From: paranormal > Subject: Re: which X driver for NVIDIA Quadro FX 570M? > To: freebsd-questions@freebsd.org > Date: Wed, 06 Feb 2013 03:23:40 +0200 > > I have t61p with mentioned card. > x11/nvidia-driver works well for me (at least quake, doom, compiz work). > > Thanks for all the replies. > > I bought a T61p for 220 GBP - what bliss! > > BIOS update - no problem > HEAD r246552 - no problem > wireless with iwn0: - no problem > sound with hdac0: - no problem > CD-RW with cd0: Removable CD-ROM SCSI-0 device > and sysutils/cdrtools-devel - no problem > X with nvidia0: and x11/nvidia-driver - no problem > flash as per > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/desktop-browsers.html > (7.2.1.2 Firefox and Adobe Flash Plugin) - no problem > > In fact, no problems at all! > > I can't recommend it enough. > > Anton > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" signature.asc Description: This is a digitally signed message part
sshd - time out idle connections
Hello list, I'm facing this unusual demand at work where we need to time out idle SSH connections for security purposes. I've checked the following options from sshd_config but none seems to fit my needs : TCPKeepAlive ClientAliveCountMax ClientAliveInterval Basically, I'm trying to defeat the use of the following client-side option: ServerAliveInterval 5 I'm afraid all I've hit now is dead ends. Has anyone ever had the same requirements before and, perhaps, found a solution to this ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Restarting exports disturbs clients
2013-05-03 12:49, Daniel Feenberg skrev: When we change the exportfs file on our FreeBSD 9.1 fileserver: kill -HUP `cat /var/run/mountd.pid` That seems a bit harsh, try /etc/rc.d/nfsd restart or /etc/nfsserver restart. it kills the jobs on clients that have files open on the fileserver. This is pretty inconvenient for users (and us). Is there a way around this? We have noticed that a Linux fileserver can restart nfs without distrubing clients (other than a short pause). The Linux restart doesn't restart the locking mechanism - is that the difference? We could do without locks, even without NFSv4, for that matter, if it would let us change exports without disturbing users. Perhaps there there is an NFS shutdown procedure that we should be using? Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Restarting exports disturbs clients
When we change the exportfs file on our FreeBSD 9.1 fileserver: kill -HUP `cat /var/run/mountd.pid` it kills the jobs on clients that have files open on the fileserver. This is pretty inconvenient for users (and us). Is there a way around this? We have noticed that a Linux fileserver can restart nfs without distrubing clients (other than a short pause). The Linux restart doesn't restart the locking mechanism - is that the difference? We could do without locks, even without NFSv4, for that matter, if it would let us change exports without disturbing users. Perhaps there there is an NFS shutdown procedure that we should be using? Daniel Feenberg NBER ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
