Re: http://www.freebsd.org/doc/en/books/handbook/serialconsole-setup.html
On Jun 25, 2013 9:25 AM, Stephen Burke sbu...@verizon.com wrote: Does anyone know how I could push serial output to an IP port that I could SSH to? Sounds like you are looking for something like SOL (serial over LAN) which can be setup with IPMI. Google should help you find more info on setting up IPMI. -pete ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Boot hangs in single-user mode
I have tracked down the issue. Not sure whether this is a PR issue or not... On 2013-06-06, at 11:18 AM, Polytropon wrote: On Thu, 6 Jun 2013 10:24:52 -0300, Andrew Hamilton-Wright wrote: Strangely, it seems that I cannot boot single user, either using boot -s from the boot loader, or using the boot menu. When I get to the point where the root filesystem is mounted, it hangs right after printing the message: Trying to mount root from ufs:/dev/ada0s1a Have you tried hitting the RETURN key several times? [ ... ] It's important to identify if the system is _really_ hanging, or if the message just isn't visible... This is indeed the crux of the issue. While hammering on the RETURN key did not produce a prompt, it turns out that there was a prompt... At some time in the relatively distant past, I had configured this machine to allow display to a serial console (long since disconnected) by adding these lines to /boot/loader.conf boot_multicons=YES boot_serial=YES comconsole_speed=19200 console=comconsole,vidconsole My notes say These came from the serial console setup page, and do work for vt100, however I did not note exactly which man page they came from, unfortunately. I do not see these lines on syscons(4), sio(4) or dcons(4). Similar lines are mentioned in the handbook regarding setting up a serial console (there is no mention of single-user mode here): http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/serialconsole-setup.html The issue, as it relates to single-user mode, is essentially this: if the system is configured to boot with multi-console options, then when the single user prompt is printed, it is only printed on the second console (which is also the only valid source of keyboard input) -- in this case, the configured but unattached serial port. I'm not sure what the best strategy is here. Having only one console that is accepting input for the single-user shell certainly makes sense. The question is, which of potentially several consoles should it be? IMO, it would be better/clearer if (for i386/amd64 anyway) the console was the one associated with the motherboard-based keyboard and video card. An argument here would be that the [CTRL]-[ALT]-[DEL] sequence is still valid when associated with this keyboard, so it does seem odd that other input on that device is ignored. I can see arguments for other setups, also, mostly revolving around the why would you _have_ another console configured if you didn't need it, so the configured console must therefore be the important one -- though the FreeBSD user base is certainly willing enough to experiment that I am sure I am not the only person who set up multi-console for a fun project. Perhaps the best strategy would be to add a message printed on all consoles (as the rest of the boot information is) just before the prompt is printed (singly) to let people know that this is happening? I'm not sure if a way to 100% predict the desired console is possible. Thoughts? If figure I will put a PR in, so that at least this is tracked, even if we don't change anything. I will reference this thread in the PR, but if anyone has input as to what to suggest, I would appreciate it. At the very least, the handbook should get updated to indicate that this may happen. Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Boot hangs in single-user mode
Hi Everyone, On Thu, 6 Jun 2013 10:24:52 -0300, Andrew Hamilton-Wright wrote: Strangely, it seems that I cannot boot single user, either using boot -s from the boot loader, or using the boot menu. When I get to the point where the root filesystem is mounted, it hangs right after printing the message: Trying to mount root from ufs:/dev/ada0s1a There was a bit of a delay getting back to this, as I needed to move the internals over to a replacement server in a planned upgrade. I have left the boot disk in the machine demonstrating this problem with the intention of coming back to determine what is going on (mount points to now-missing data disks have been removed from /etc/fstab). In the resulting stripped down system, I have the same behaviour as before -- I cannot get to single-user mode, but multi-user is fine. If in multi-user mode, if I issue kill -TERM 1 to go to single-user mode, I would get a single console message: pflog0: promiscuous mode disabled, then nothing. While I would expect pflog to shut down in this case, I have now disabled everything pf related (I cannot imagine that it would interfere with console operation), and now have the situation where kill -TERM 1 simply locks the console. Plugging in a USB device while the console is locked does produce the expected dmesg updates, and the system does respond to [CTRL]-[ALT]-[DEL] I will also add that I can boot to a single-user prompt when booting off of the 9.1 media via DVD and mounting the root filesystem from the disk. (This motherboard+kernel have never gotten along particularly well with the DVD reader/writer in the machine, so mounting the filesystem from the DVD usually fails with various atapi based timeouts). Does anyone have any thoughts on how to further explore this? As the situation was more than mildly annoying, and could certainly have been worse, if this is likely to occur for anyone else, I would like to file a PR. Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Boot hangs in single-user mode
Strangely, it seems that I cannot boot single user, either using boot -s from the boot loader, or using the boot menu. When I get to the point where the root filesystem is mounted, it hangs right after printing the message: Trying to mount root from ufs:/dev/ada0s1a Interestingly, there seems to be a bit of a sequence issue, as I have also seen the mount message appear before the audio system comes up, so occasionally, the last item printed is: pcm0: USB audio on uaudio0 If I boot normally, however, I can consistently reach a login prompt. I suspect that this may be a race condition of some kind, as yesterday I am sure I successfully booted to single-user while trying to solve a separate problem. In case the separate problem (failed disk) is relevant, the general situation is this: - four disk machine: ada0 (/, /usr, /tmp, /var); ada1 (/research -- data only), ada2 (/home), ada3 (/data -- also data only) - the disk ada2 has failed - in preparing to replace ada2, I have commented out all references to it from /etc/fstab I am rebooting the machine at the moment as I wish to ensure that I know which physical disk is ada2, so want to boot the machine without it plugged in. I seem to have trouble booting at all with ada2 missing and ada3 still attached, but can boot to multiuser with no problems in either of these two configuration: - all disks (including the faulty one) plugged in, with ada2 references removed from /etc/fstab - ada2 and ada3 not physically plugged in, and all references to either removed from /etc/fstab Neither combination allows me to boot single-user. While I can clearly go ahead with my disk replacement, this is not only strange and annoying, but potentially problematic. Has anyone else seen anything like this? I notice that there are several messages (dating back to 2004) in the list indicating 'hang after Trying to mount root' or 'hang after sbin_init' (which is the message that will be seen when booting single-user in verbose mode). Thoughts? Ideas? Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Boot hangs in single-user mode
[ Condensation of earlier comments below ] On 2013-06-06, at 11:18 AM, Polytropon wrote: On Thu, 6 Jun 2013 10:24:52 -0300, Andrew Hamilton-Wright wrote: When I get to the point where the root filesystem is mounted, it hangs right after printing the message: Trying to mount root from ufs:/dev/ada0s1a Have you tried hitting the RETURN key several times? ... It's important to identify if the system is _really_ hanging, or if the message just isn't visible... I did try that -- I have seen that behaviour before too. I tried hitting return a half-dozen times, and have additionally tried waiting (up to 20 min) to see if it would come back, to no avail. Interestingly, there seems to be a bit of a sequence issue, as I have also seen the mount message appear before the audio system comes up, so occasionally, the last item printed is: pcm0: USB audio on uaudio0 This seems to indicate that the system is still responding, i. e., the kernel is up and running. Whenever new hardware is detected, the kernel will issue a console message. That is a good point -- I will try plugging in an external USB device at this point, and see what happens then. It certainly appears that the system is generally running to me, as well. I should also mention that the system does respond nicely to [CTRL]-[ALT]-[DEL], which triggers the expected reboot process. I am rebooting the machine at the moment as I wish to ensure that I know which physical disk is ada2, so want to boot the machine without it plugged in. A suggestion: I tend to keep a tendency to use labels instead of device names to identify disks. This is handy in case you're This is an excellent idea. I do follow some variant of this (however work at a high enough level of paranoia that I want to be able to perform the did the right drive disappear when I unplugged it check just to ensure that I wasn't asleep when making up the labels. ;-) Thanks for the suggestions -- I will keep looking at it, and will try adding a USB device once this restore eventually completes. Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Status of Chromium port...
On Wed, May 15, 2013 at 9:01 AM, Volodymyr Kostyrko c.kw...@gmail.com wrote: 15.05.2013 18:29, J. Porter Clark: On Wed, May 15, 2013 at 11:32:31AM +0300, Volodymyr Kostyrko wrote: 14.05.2013 23:48, Peter Harrison: Hello list! Does anyone know the status of the Chromium port? It's stuck at v25 with multiple vulnerabilities. Updated versions have been available for a while, but haven't been brought into ports. I've emailed the maintainer but not had a response. Anyone know better? I'm building v27 from port now. Looks like many things have changed since v25 - new dependencies, the build flows differently. Seems to be a major update. Indeed, seems a real mess now. I told it not to use pulseaudio, it wants to install it anyway, along with gdbm and accessibility/speech-dispatcher. WTF? Might want to hold off until some of this gets fixed... Oh, a friendly soul. To ditch pulseaudio I told speech-dispatcher to use flite, this way we get really short list of extra deps. I can't build port for now due too -Werror. Clang shrieks about really bad things when compiling gcrypt (warning about deprecated interfaces) whereas gcc4.6 says the same about gssapi.h. It looks like I was able to build this version of chromium last night on my build server I use for pkgng packages: pkg info chromium chromium-27.0.1453.81 Mostly BSD-licensed web browser based on WebKit and Gtk+ I am running this build now (to compose this email actually) - i can try to dig up some build logs if that would be helpful. i don't have any special build arguments for this port. here's the uname for this build box: [pete@ranch ~]$ uname -ar FreeBSD ranch.nomadlogic.org 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 -pete -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cdorked.A
On Thu, May 9, 2013 at 2:52 PM, Joshua Isom jri...@gmail.com wrote: On 5/9/2013 12:19 PM, Per olof Ljungmark wrote: Hi, Is Apache on FreeBSD affected? Thanks, Technically, Apache isn't the problem. The hole's in cPanel probably, not Apache. The attackers replace Apache, probably patching the source code and replacing the host's with a trojaned copy. If they're patching the source code, then yes, FreeBSD, Windows, OS X, Solaris, OpenBSD, et al are possibly infected. I am not sure that is the case from the research I have been doing on this topic. For example there are reports of it being detected on lighttpd, nginx and systems that do not use cpanel: http://www.welivesecurity.com/2013/05/07/linuxcdorked-malware-lighttpd-and-nginx-web-servers-also-affected/ If anyone has a better rundown of this it would be great if you could point me in the right direction. I am having problems finding a proper examination/explanation of this backdoor. cheers, -pete -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When will binary packages be back?
On Wed, Apr 10, 2013 at 10:39 AM, Brett Glass br...@lariat.net wrote: For many years, I've used FreeBSD binary packages to avoid long waits and/or having to set up a special build machine when creating small systems. But even though the development server security breach is now long past, there are no published binary packages for FreeBSD 9.1. When will they be back? can't answer for the freebsd project - but the folks at pc-bsd have made a 9.1 pkgng repository available: http://blog.pcbsd.org/2013/04/pc-bsd-announces-package-repository-for-pc-bsd-and-freebsd-9-1-release/ there is also an east coast mirror hosted by NycBUG/NYI: http://lists.nycbug.org/pipermail/talk/2013-March/014741.html -pete ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When will binary packages be back?
On Wed, Apr 10, 2013 at 11:19 AM, Brett Glass br...@lariat.net wrote: Unfortunately, I've never experimented with pkgng, so will have to come up to speed on this. Might be a temporary workaround. it is def. where the project is moving towards for binary pkg distribution, so it won't be a wasted effort :) i've been quite happy with it since it first was released, and there is still plenty of active development happening on it as well. -pete -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn new pkg system
On Sat, Mar 9, 2013 at 3:25 PM, Fbsd8 fb...@a1poweruser.com wrote: Is svn going to become part of the base system in 9.2-RELEASE? not sure about svn, but this port has recently been commited: http://www.freshports.org/net/svnup/ it is a csup replacement. -pete -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Question about svn
SOn Sun, Nov 18, 2012 at 5:23 PM, Stephen Montgomery-Smith step...@missouri.edu wrote: I was looking at http://svnweb.freebsd.org/ What are csrg and socsvn? my best educated guess without taking a look: csrg == Berkley's Computer Systems Research Group historical(?) code socsvn == Google Summer of Code FreeBSD related projects. -pete -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 10Gb SFP+ recomendations?
On Wed, Sep 26, 2012 at 3:23 PM, Dennis Glatting d...@pki2.com wrote: I'm looking for a reasonable 10Gb SFP+ capable board supported under RELENG_9. All I need is one port that will be plugged into a Cisco C3KX-NM-10G. It's going into a Supermicro chassis. Any recomendations? I have had good success running Intel 10gig NICs supported by ixgbe(1) on 8.x systems. I see no reason as to why they would not work on 9.x as well. -pete -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What replaces csup?
On Tue, Sep 18, 2012 at 6:41 AM, Warren Block wbl...@wonkity.com wrote: On Mon, 17 Sep 2012, pete wright wrote: On Mon, Sep 17, 2012 at 8:14 PM, Warren Block wbl...@wonkity.com wrote: csup updates just the files that have changed without all the overhead. svn export can get a copy of all the current files, but it copies all of them every time, not just the changes. yea i agree with you. i wonder if it would be worth the effort of sharing a svn export via rsync or httpd to make fetching delta's easier and/or more efficient from a base install? It's an interesting idea. If the repository files were directly accessible in a filesystem, that filesystem could be shared with rsyncd and some exclude settings without needing an export at all. With svn bdb, the files are not directly accessible, but I don't know for fsfs. Probably not, so a periodic export would still be required. i did some tinkering with this last night, with the thought of storing an export in a zfs filesystem and eventually making it available publicly via a jail. my findings were that an export of the 9.1 relng branch consumed ~750MB while a svn co consumed ~1.4G of disk space and a full export took roughly 10-15mins. i eventually decided that what I was doing wasn't really needed by the wider end-user community. after mulling this move from cvs/csup for a bit i came to the conclusion that really the need for a source checkout is not as important as it may have been several years ago. freebsd-update is a really great tool, and i reckon for a majority of users out there not having to rebuild the kernel+world to get updates is a good thing(tm). i also reckon running a GENERIC kernel is appropriate in maybe %90 of use-cases out there as well (i haven't had a need to build a custom kernel on various server and workstation platforms since 2008'ish frankly). in this context, going the binary distribution route seems like a really smart decision. having a majority of your users basically running the same builds of the world and kernel *should* decrease the amount of support bandwidth needed to get people updated and running current code. i also reckon having more people running the same binaries would be helpful in finding reproducible bugs and hopefully squash them. so back to my original point...for sites running many systems, or sites requiring specific builds - mirroring the source tree locally is still very doable, and fortunately there are many well known ways to do this (svn co, svn export, skv, etc..). you could even argue that having a svn checkout may make patching bugs easier as you could just import a svn diff, rebuild and test. i also feel, personally, that it is nice to allow someone else build the kernel+world and let me grab binary updates as needed. now i can spend my clock cycles on more important tasks, like building packages for my pkgng repo :) -pete -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What replaces csup?
On Tue, Sep 18, 2012 at 5:44 AM, Stas Verberkt lego...@legolasweb.nl wrote: Jerry schreef op : On Tue, 18 Sep 2012 05:00:08 -0700 Michael Sierchio articulated: We are really behind the curve here. Git assumes (correctly) that disk space is inexpensive, much cheaper per byte than network bandwidth. By the time we adopt SVN completely, every serious project I know of will have moved from subversion to git. If you are going to make a sweeping change anyway, it makes no sense to do it in a half–assed manned. However, it does appear that in all too many instances, FreeBSD plays follow the leader rather then taking the bulls by the horns and getting ahead of the curve. I am sure I'll be hearing from the baby steps choir now. In any event, a comprehensive side-by-side evaluation of the two should be done by an impartial party. We should not be forgetting that Git and Subversion represent two different workflows. The latter stands for a centralistic development cycle, and the former for a distributed manner. Thus, this type of choice does not really have to do with big or small steps and leading of following, but more about the production cycle you want to have. If we were to use a Git-like system, the releng team would (probably) be in control on which patches are excepted from the pool of suggested changesets by the community of developers. This community would be more free in the manner in which they experiment, and there would be a less strong differentiation between committers and other people suggesting updates. On the other hand, our current approach has a controlled group of committers and the releng team only has the additional power of setting the schedule and taking the snapshot that becomes the release. (Gravely simplified.) It is a matter of taste. +1 one thing worth noting is that developers have been using mercurial for quite a bit of time now for FreeBSD development(1), to take advantage of the distributed model of that SCM. yet having the main tree under CVS in the past, and SVN currently, makes sense to me. i feel that it results in a cleaner public tree that is easier to navigate. so fortunately the project has been able to take advantage of both of of these philosophies of SCM. -pete (1) http://wiki.freebsd.org/LocalMercurial -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What replaces csup?
On Wed, Sep 19, 2012 at 1:11 PM, Walter Hurry walterhu...@gmail.com wrote: On Mon, 17 Sep 2012 21:26:45 -0600, Warren Block wrote: For ports, it's probably worth saving the distfile directory along with local diffs. Move it back into place after the svn checkout of the ports tree. PMFJI. Newbie here: What's wrong with using SVN for src, and portsnap for ports? my personal issue is the fact that csup and portsnap are both part of the base system whereas svn would require installation via ports or the pkg utility. it is frankly a minor inconvenience - and hopefully there will be a csup like utility for svn available in base one day. -pete -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What replaces csup?
On Mon, Sep 17, 2012 at 8:14 PM, Warren Block wbl...@wonkity.com wrote: On Mon, 17 Sep 2012, Robert Huff wrote: Paul Schmehl writes: Does csup use subversion now? Or do we need to use something else to fetch source? As I understand it, for the average user c(vs)up and subversion serve the same function using different methods (both in terms of identifying what files need to be fetched and actually fetching them). At this level of discussion they are mutually exclusive. I have switched from csup to subversion for ports and docs. After modest preparation it was essentially painless. The difference is that a local svn checkout has all the commit history. A comparison recently showed 700-some megabytes more space used by the svn checkout. csup updates just the files that have changed without all the overhead. svn export can get a copy of all the current files, but it copies all of them every time, not just the changes. yea i agree with you. i wonder if it would be worth the effort of sharing a svn export via rsync or httpd to make fetching delta's easier and/or more efficient from a base install? -pete -- pete wright www.nycbug.org @nomadlogicLA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
DFS and Atheros
Hi All, I recently read Adrian Chadd's Blog and was delighted to see that FreeBSD has support for ETSI and FCC radar test patterns. My question is whether the DFS implementation in FreeBSD suffers from the same problem as madwifi-dfs suffered from which was a very high false-positive rate? This meant that the madwifi DFS was virtually unusable for practical purposes where high throughput was required... Thanks Brett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Default Samba port?
On Sun, Nov 13, 2011 at 4:37 AM, Peter Harrison four.harris...@googlemail.com wrote: Hello list, Can anyone advise me the appropriate Samba port to install - the handbook refers to samba34, but I see samba35 and samba36 in in ports. This is for a home server, so I'm not necessarily looking for production standard, but something that just works on RELEASE-8.2 amd64. your best bet may be to install a prebuilt package via: pgk_add -r samba that is unless you need some non-standard knobs tuned. -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: get rel 9.0 iso
On Wed, Sep 7, 2011 at 4:59 PM, Fbsd8 fb...@a1poweruser.com wrote: What is the ftp url to fetch the most current release 9.0 .iso file? 9.0-RELEASE is not available yet. 9.0-BETA2 has been annouced today though: http://www.freebsd.org/where.html#helptest this will also be available on mirrors shortly... -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD supported versions (UNCLASSIFIED)
Classification: UNCLASSIFIED Caveats: FOUO TWIMC, How do I know as an admin of my FreeBSD server that the version I am running is supported via automated fashion? I'm trying to find a way to do this through a script of sorts so that when the date comes, I'm alerted that I need to upgrade. For example on this link: http://www.freebsd.org/security/#sup It has a table with dates / versions. How can I query this through the ports tree / or other means? V/R, Jonathon Jonathon Wright CISSP, MSIS, SSCP, BSIT RCERT PACIFIC - Architecture Cell Contractor, Quantum Research (808) 438-1094 Classification: UNCLASSIFIED Caveats: FOUO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: FreeBSD supported versions (UNCLASSIFIED)
Classification: UNCLASSIFIED Caveats: FOUO Agreed, Just thought it never hurt to ask. You never know. Thanks again for the support. Jonathon Jonathon Wright CISSP, MSIS, SSCP, BSIT RCERT PACIFIC - Architecture Cell Contractor, Quantum Research (808) 438-1094 -Original Message- From: Daniel Staal [mailto:dst...@usa.net] Sent: Wednesday, August 10, 2011 3:21 PM To: Wright, Jonathon Mr CTR US USA USARPAC; 'freebsd-questions@FreeBSD.org' Subject: Re: FreeBSD supported versions (UNCLASSIFIED) --As of August 10, 2011 1:26:10 PM -1000, Wright, Jonathon Mr CTR US USA USARPAC is alleged to have said: How do I know as an admin of my FreeBSD server that the version I am running is supported via automated fashion? I'm trying to find a way to do this through a script of sorts so that when the date comes, I'm alerted that I need to upgrade. For example on this link: http://www.freebsd.org/security/#sup It has a table with dates / versions. How can I query this through the ports tree / or other means? --As for the rest, it is mine. I don't think there is an automated way to do this. Like most OSes, end of life for a particular version is announced ahead of time, and when it occurs, through mailing lists and the media, but there aren't any automatic checks. You can check if there are current patches for your current version, but the lack of patches doesn't mean that there necessarily won't be some at some future time. (I actually can't think of _any_ OS that has support for an 'automated' check of this sort, besides possibly scraping a web page, which you could do with FreeBSD if you wanted.) Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- Classification: UNCLASSIFIED Caveats: FOUO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: em0 NIC slow on 8.2-p1 amd64?
On Fri, Jul 22, 2011 at 1:26 PM, Michael W. Lucas mwlu...@blackhelicopters.org wrote: On Fri, Jul 22, 2011 at 04:15:11PM -0400, Mike Tancsa wrote: On 7/22/2011 4:10 PM, Michael W. Lucas wrote: Will applications such as NFS cut bandwith usage that much? I have seen similar performance degradations with NFS in the past. I have seem cases where throughput is hurt due to frequent getattr() calls by the NFS client (esp noticable on Linux hosts traversing large namespaces fwiw). Some possible workarounds/tweaks: 1) increase rsize/wsize (32k for larger files for example) of client mount 2) if performance is only requirement UDP will increase performance versus TCP with obvious downside of using UDP :) 3) jumbo frames (MTU=9000) should help in most cases if available I've also done a bit of testing with NFSv4 - and I find performance here can be a bit better than v3 due to better attribute caching (decreasing amount of getattr() calls when traversing filesystems) and other interesting bigs v4 has. Granted moving from v3 to v4 is not trivial... just my two bits :) -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Probably working too hard for this cron question
On Mon, Jun 13, 2011 at 12:52 PM, Kurt Buff kurt.b...@gmail.com wrote: All, I've googled a bunch, read some freebsd.org docs, and just can't figure this out. I have a script that should read the current date into a variable, append the time/date stamp at the beginning of the file created with the date in the variable, do a bunch of cURL stuff, then append a time/date stamp at the end of the file. It works if I run it manually, but not from cron. Here are the batchfile and the cron entry: --begin script-- dt=`/bin/date +%Y-%m-%d` /bin/date /root/$dt-external1.txt /usr/local/bin/curl -K /root/urls.txt /root/$dt-external1.txt /bin/date /root/$dt-external1.txt --end script-- --begin crontab-- 15 12 * * * /root/do-curl.sh --end crontab-- I'm doing all of this as root, as you can see. The job launches - I can see an entry for cURL in top - but no file in /root. I've tried several variations on the first line of the script, but I'm getting nowhere, though I'm sure it's something stupidly simple that I'm missing. What am I missing? #!/bin/sh ? -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Probably working too hard for this cron question
On Mon, Jun 13, 2011 at 2:14 PM, Gary Gatten ggat...@waddell.com wrote: Yeah Pete, kinda need that huh. Kurt, If that turns out to be the only issue, don't feel bad - I've forgotten it myself several times! I'm sure many others have as well! as someone who was fixing some brain dead cron entries he setup on friday this morning...i agree :^) -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security monitoring all file changes
2011/4/21 Artem Kuchin mat...@itlegion.ru: Hello! We are running hosting servers and i think we need to monitor and log all changes in filesystems (ftp log is written already, but we give shell access and also files can be changed by scripts), so, when a client asks when the file/directory was changed or deleted and by whom we can answer that question. In what directtion should i look? Is Audit the thing for it? mtree is probably what you are looking for: http://www.freebsd.org/cgi/man.cgi?query=mtreeapropos=0sektion=0manpath=FreeBSD+8.2-RELEASEformat=html -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: more dns weirdness
On Thu, Dec 9, 2010 at 2:15 PM, Paul Macdonald p...@ifdnrg.com wrote: On 09/12/2010 22:01, Andy Tornquist wrote: Have you tried a different server to query? the wider issue is that freebsd whois will use tld.whois-servers.net cnames to resolve appropriate whois servers and that whois-servers.net has nameservers from one sole provider (ultradns), which is still having problems. I'm not overally bothered about amazons' whois, but i am concerned about freebsd's whois being tied to one NS provider (ultradns) which affects dig's according to man 1 whois you can specify alternative hosts to query as well as alternative databases. specifically i think the -h switch will be of interest. -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ssh key authentication problem...
On Thu, Oct 28, 2010 at 12:39 PM, Peter Harrison peter.piggy...@virgin.net wrote: Can anyone help me debug an ssh key-based authentication problem? I have an 8.1-R server running sshd, with one user account. On the server, I've used ssh-keygen to generate id_rsa and id_rsa.pub. On my laptop I then pulled the id_rsa.pub file over and: % cat id_rsa.pub .ssh/authorized_keys i assume you copied it to ~/.ssh/authorized_keys or $HOME/.ssh/authorized_keys? other things worth checking are permissions of ~/.ssh and the files contained in there? man 1 ssh details permissions, but briefly: ~/.ssh/authorized_keys Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. it also covers other files as well. HTH -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFS Issue
On Mon, 6 Sep 2010, Bill Tillman wrote: I have two LAN segments with a FreeBSD server on each. Server A is 10.0.0.254 Server B is 192.168.0.102 I setup server A has two drives and I setup a share on drive #2 to be shared via NFS with the both networks. I also made a symlink on drive #2 to a folder on drive #1 On server B I can nfs_mount the share on server A and see the symlink. But when I try to access the files in the symlink it shows the link is broken, In other words no files show up. On server A I can see the files in the symlink folder just fine. This is expected NFS behaviour: NFS exports filesystems starting at a given (exported) mount point. While there are many reasons for this, think about the security issues if a user on B could create a symlink on your exported volume (because the origin of the symlink will make no difference to the server) to access any file anywhere on A. If you want both disks 1 and 2 visible, the standard solution is to export and mount both disks on B. If the paths (absolute is easiest, but relative can be made to work) are consistent between A and the mounted image of A's filesystems on B, then your symlinks will work -- that is, if you have this kind of /etc/fstab entry, mounting /disk1 on A to /disk1 on B: A:/disk1/somedir/disk1/somedir A:/disk2/disk2 then a symlink in /disk1/somedir/link pointing to /disk1/something will work just fine. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFS Issue
On Tue, 7 Sep 2010, A. Wright wrote: your symlinks will work -- that is, if you have this kind of /etc/fstab entry, mounting /disk1 on A to /disk1 on B: A:/disk1/somedir/disk1/somedir A:/disk2/disk2 then a symlink in /disk1/somedir/link pointing to /disk1/something will work just fine. That should have read: then a symlink in /disk1/somedir/link pointing to /disk2/something will work just fine A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Extracting a variable listing
On Wed, 18 Aug 2010, Jack L. Stone wrote: The content I need will always fall beneath a row of pound signs, and there is content above that row I don't want, like this: bunch of rows I don't need here ### --- the top of stuff needed row1 If you want the '#' line in the output cat YourFile | sed -n -e '/#/,$p' If you don't, then cat YourFile | sed -e '1,/#/d' The above assumes that you will have at least 5 '#' chars on your divider line, and never before in the file. Increase the number '#' symbols if the above example is strictly literal. Note the -n in the first line. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fetchmail ssl certificate verification problem in FreeBSD 8.1
On Sun, 15 Aug 2010, RW wrote: On Sun, 15 Aug 2010 Dan Strick mla_str...@att.net wrote: That explains the problem. I copied the file /usr/local/share/certs/ca-root-nss.crt from my old FreeBSD release-8.0 system and hooked it up to fetchmail with the fetchmail sslcertfile option. At least fetchmail is now happy. You'd be better off installing security/ca_root_nss otherwise you'll be stuck with a stale file. I don't know why you don't have it, it's a dependency of fetchmail and many other ports. This thread caused me to look at my maillog, and I see the same issue. The fetchmail port has correctly installed security/ca_root_nss, and pkg_which reports the file in /usr/local/share/certs as having the origin ca_root_nss-3.12.4, however fetchmail isn't looking at it. Looking at the fetchmail code, there is no value set for ctl-sslcertfile. I'm not sure what fetchmail's behaviour was prior to 8.1, so I do not know whether this has changed. I don't have a pre-8.1 install handy -- if the OP does, I'd be interested in knowing whether the string SSL trusted certificate file: appears in the output of env LC_ALL=C fetchmail -V -v --nodetach --nosyslog and if so, what filename appears after the colon. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Text mode screen size max. compatibility
On Fri, 23 Jul 2010, Polytropon wrote:
Is there a way to easily determine the terminal output size at
program startup so the program can be preconfigured for certain
screen sizes, and even refuse to run if it's less than 80x25?
The curses library will do this. The variables LINES and COLS
will tell you what you want.
#include curses.h
main()
{
initscr();
printw(LINES = %d, COLS=%d -- press a key to quit\n, LINES,
COLS);
refresh();
getch();
endwin();
exit(0);
}
A.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Strange filesystem problems
On Wed, 21 Jul 2010, Andrea Venturoli wrote: Let's say I have directory foo; under foo I have bar which keeps thousands of files (in several subdirectories). I do: %cd /xyzzy/foo %pwd xyzzy/foo %rm -fR bar %pwd pwd: .: Permission denied At this point, I would suspect that you may have the UCHG flag set. What do: ls -lod /xyzzy/foo/bar and ls -lo /xyzzy/foo/bar say? Check the chflags(1) man page for some descriptions and also how to change/remove the flags if present. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: iptables equivaelnt
On Mon, Jun 21, 2010 at 10:34 AM, Chuck Swiger cswi...@mac.com wrote: Hi-- On Jun 21, 2010, at 10:28 AM, Jean-Paul Natola wrote: I'm looking for FREEBSD's equivalent of iptables I'm particuclary trying to implement some type of rate control as we are getting hammered by spam. The three major choices available with FreeBSD are documented here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html I'd humbly suggest pf + spamd if you are concerned specifically about stopping spam, both are supported by freebsd and i have had great success using these tools to combat spam. -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Archive Server Error
On Mon, 14 Jun 2010, Matthew Seaman wrote: On 14/06/2010 13:21:40, Carmel wrote: I am/was attempting to search the archive located at: http://lists.freebsd.org/pipermail/freebsd-questions/ Unfortunately, I am continually greeted with this error message: [ error message deleted ] Works for me. Try again. If you still see the problem, it's possible your browser has cached the error page and isn't really going back to the site at all. Try quitting and restarting your browser. Interesting. Archive search hasn't worked for me for weeks, with the same 500 error returned. Not a cache issue; clearing/restarting has no effect, and I have seen the issue on several machines/browsers (FBSD/links, Mac/Firefox, Mac/Safari). I'm wondering about firewall/proxy -- I'll give it a whirl when off-site later today. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Archive Server Error
On Mon, 14 Jun 2010, A. Wright wrote: Not a cache issue; clearing/restarting has no effect, and I have seen the issue on several machines/browsers (FBSD/links, Mac/Firefox, Mac/Safari). I'm wondering about firewall/proxy -- I'll give it a whirl when off-site later today. Still nothing when checking from home. I'm wondering about network topology -- it is dead when viewed from my server (138.73.29.51). Traceroute returns this: traceroute to wwwdyn.freebsd.org (69.147.83.38), 64 hops max, 52 byte packets 1 138.73.29.254 (138.73.29.254) 0.618 ms 0.555 ms 0.541 ms 2 bfg-6506.mta.ca (138.73.101.254) 0.801 ms 0.311 ms 0.323 ms 3 198.164.29.73 (198.164.29.73) 0.855 ms 0.792 ms 0.507 ms 4 198.164.29.65 (198.164.29.65) 8.464 ms 8.194 ms 8.109 ms 5 142.166.176.1 (142.166.176.1) 124.732 ms 124.961 ms 114.841 ms 6 xe-1-0-0-200.dr02.fctn.nb.aliant.net (142.166.209.194) 129.638 ms 117.374 ms 117.979 ms 7 so-1-3-0.cr02.stjh.nb.aliant.net (142.166.185.145) 126.063 ms 123.422 ms 130.776 ms 8 te-0-2-5-0.cr01.hlfx.ns.aliant.net (142.166.181.137) 126.243 ms 130.194 ms 123.887 ms 9 xe-3-0-0.bx01.asbn.va.aliant.net (207.231.227.6) 144.084 ms 148.291 ms 146.069 ms 10 yho1.asbn.va.aliant.net (207.231.227.26) 146.966 ms 143.405 ms 144.975 ms 11 ae-6.pat1.dce.yahoo.com (216.115.102.172) 140.772 ms 146.617 ms 166.540 ms 12 as-0.pat2.che.yahoo.com (216.115.101.145) 166.338 ms 201.429 ms 172.191 ms 13 as-1.pat2.dnx.yahoo.com (216.115.96.55) 206.685 ms 212.076 ms 212.919 ms 14 as-0.pat1.pao.yahoo.com (216.115.101.128) 221.059 ms 220.649 ms 222.264 ms 15 ae-1-d140.msr1.sp1.yahoo.com (216.115.107.53) 230.591 ms ae-0-d140.msr1.sp1.yahoo.com (216.115.107.49) 235.904 ms UNKNOWN-216-115-107-73.yahoo.com (216.115.107.73) 229.977 ms 16 * * gi-1-39.bas-b1.sp1.yahoo.com (98.136.16.61) 661.870 ms 17 wwwdyn.freebsd.org (69.147.83.38) 235.035 ms 238.288 ms 229.476 ms Could there be some bad cacheing on the server? I'm guessing that wwdyn indicates some load balancing? There seems to be some strange configuration going on; if the IP is substituted: http://69.147.83.38/pipermail/freebsd-questions/ a document not found error results referring to a machine called realcgi.sky.freebsd.org. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
xsltproc: failed to load external entity
Is anyone else experiencing a rash of docbook-related build issues centering around xsltproc accessing remote XML files? Currently while building polkit (recursively from a build of emacs), I get the error: gmake[3]: Entering directory `/usr/ports/sysutils/polkit/work/polkit-0.96/docs/man' /usr/local/bin/xsltproc -nonet --stringparam man.base.url.for.relative.links /usr/local/share/gtk-doc/html/polkit-1/ --xinclude http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl polkit.xml warning: failed to load external entity http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl; cannot parse http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl gmake[3]: *** [polkit.8] Error 4 I'm not a common user of xsltproc, but the combination of an argument beginning http://; along with the option -nonet (described as Do not use the Internet to fetch DTDs, entities or documents on the man page) seems rather fishy to me. Can this combination ever work? Has anyone else seen this? Does anyone have a suggestion for a fix? Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: More than 8 partitions
On 2010/5/2, Christopher Key cj...@cam.ac.uk wrote: frhed. Next write the data back to the disk: dd if=/tmp/hdr of=/dev/da0s2 On 2010/5/12, Jon Theil Nielsen wrote: obviously this is not the case. So I'll dd the existing partitions to another drive, use gpart to create enough partitions and then dd the old content back. I could easily use a standard disk layout, but the other approach will add some to my FreeBSD knowledge.. Just pointing out a rabbit hole here . . . You should be aware, too that if you want to _change_ the size (or any of several other params) of the filesystem, you don't really want dd, you want to dump(8) the filesystem and then use restore(8) -- as the man page says, this is the only reliable way to change various filesystem params. Using dd will be fine only if the sizes and all other params are to be identical (which is the case in Chris' comment, but not in the general case). Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Long I/O pauses on same mass storage
I have recently upgraded my system to 8.0, and in the course of doing so, have migrated most filesystems onto a new drive. I have noticed, since the upgrade, several instances where a very long pause occurs during which time one or more process is in uninterruptible device wait. This seems to most commonly happen when both reading and writing tasks are active -- I am unsure whether reads writes must be in the same partition, or whether two partitions on the same drive are sufficient. These pauses are quite long, on the order of 10 seconds or more, and happen during tasks that ran quite happily before the upgrade (example: if doing a lengthy compile, or subversion update, then opening an editor will hang while attempting to open the executable). As I am in the situation of switching from 7.2-8.0 and at the same time using a new drive, I would like to eliminate one of these from the equation first. Before I will be able to move on to chasing down the manufacturer if the drive is faulty, I will need some good data. While I will run some further tests here, I thought I would ask: Is anyone else seeing poor disk I/O scheduling or locking behaviour in 8.0? Is anyone aware of any of the filesytem changes that have occurred since 7.2 that may explain this? Does anyone have any thoughts on how to conclusively prove that the drive is at fault? I have not seen any errors logged to dmesg. Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long I/O pauses on same mass storage
On Wed, 12 May 2010, Mike Tancsa wrote: At 09:46 AM 5/12/2010, A. Wright wrote: Does anyone have any thoughts on how to conclusively prove that the drive is at fault? I have not seen any errors logged to dmesg. Start with smartmontools to ask your disk if it has logged any errors and check once a day or so to see if sectors are being remapped. Thanks for the tip. So I ran the short test, and am now running the long test. After the short test, I have been examining the output (using smartctl -a), and there seem to be no errors reports. I just noticed, however, the following two interesting lines that /var/log/messages seems to have acquired: May 12 15:44:00 qemg kernel: ad8: FAILURE - SMART status=51READY,DSC,ERROR error=4ABORTED May 12 16:05:27 qemg kernel: swap_pager: indefinite wait buffer: bufobj: 0, blkno: 294, size: 8192 The first dates from the point at which I turned on SMART data logging. The second one, however looks more interesting to me -- am I correct in thinking that there is no good reason why the swap_pager error would appear, aside from some sort of hardware related failure? Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long I/O pauses on same mass storage
Sorry to follow myself up . . . On Wed, 12 May 2010, A. Wright wrote: I just noticed, however, the following two interesting lines that /var/log/messages seems to have acquired: May 12 15:44:00 qemg kernel: ad8: FAILURE - SMART status=51READY,DSC,ERROR error=4ABORTED May 12 16:05:27 qemg kernel: swap_pager: indefinite wait buffer: bufobj: 0, blkno: 294, size: 8192 It turns out that dmesg output has a number of these, scattered over the last day; there were a bunch at 02:30 this morning; which at least indicates that the SMART logging has triggered this behaviour. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long I/O pauses on same mass storage
On Wed, 12 May 2010, Chuck Swiger wrote: Hi-- On May 12, 2010, at 12:48 PM, A. Wright wrote: So I ran the short test, and am now running the long test. After the short test, I have been examining the output (using smartctl -a), and there seem to be no errors reports. Show us the output of smartctl -a...? It can be a bit difficult to interpret the results until you've gotten some practice Here is it, in all its glory -- note that the long test is still in progress. Andrew. smartctl 5.39.1 2010-01-28 r3054 [FreeBSD 8.0-RELEASE amd64] (local build) Copyright (C) 2002-10 by Bruce Allen, http://smartmontools.sourceforge.net === START OF INFORMATION SECTION === Device Model: WDC WD15EARS-00S8B1 Serial Number:WD-WCAVY2700359 Firmware Version: 80.00A80 User Capacity:1,500,301,910,016 bytes Device is:Not in smartctl database [for details use: -P showall] ATA Version is: 8 ATA Standard is: Exact ATA specification draft version not indicated Local Time is:Wed May 12 17:26:28 2010 ADT SMART support is: Available - device has SMART capability. SMART support is: Enabled === START OF READ SMART DATA SECTION === SMART overall-health self-assessment test result: PASSED General SMART Values: Offline data collection status: (0x85) Offline data collection activity was aborted by an interrupting command from host. Auto Offline Data Collection: Enabled. Self-test execution status: ( 248) Self-test routine in progress... 80% of test remaining. Total time to complete Offline data collection: (29400) seconds. Offline data collection capabilities:(0x7b) SMART execute Offline immediate. Auto Offline data collection on/off support. Suspend Offline collection upon new command. Offline surface scan supported. Self-test supported. Conveyance Self-test supported. Selective Self-test supported. SMART capabilities:(0x0003) Saves SMART data before entering power-saving mode. Supports SMART auto save timer. Error logging capability:(0x01) Error logging supported. General Purpose Logging supported. Short self-test routine recommended polling time: ( 2) minutes. Extended self-test routine recommended polling time:( 255) minutes. Conveyance self-test routine recommended polling time:( 5) minutes. SCT capabilities: (0x3031) SCT Status supported. SCT Feature Control supported. SCT Data Table supported. SMART Attributes Data Structure revision number: 16 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 1 Raw_Read_Error_Rate 0x002f 200 200 051Pre-fail Always - 0 3 Spin_Up_Time0x0027 151 147 021Pre-fail Always - 9441 4 Start_Stop_Count0x0032 100 100 000Old_age Always - 12 5 Reallocated_Sector_Ct 0x0033 200 200 140Pre-fail Always - 0 7 Seek_Error_Rate 0x002e 200 200 000Old_age Always - 0 9 Power_On_Hours 0x0032 100 100 000Old_age Always - 383 10 Spin_Retry_Count0x0032 100 253 000Old_age Always - 0 11 Calibration_Retry_Count 0x0032 100 253 000Old_age Always - 0 12 Power_Cycle_Count 0x0032 100 100 000Old_age Always - 11 192 Power-Off_Retract_Count 0x0032 200 200 000Old_age Always - 10 193 Load_Cycle_Count0x0032 189 189 000Old_age Always - 4 194 Temperature_Celsius 0x0022 108 106 000Old_age Always - 44 196 Reallocated_Event_Count 0x0032 200 200 000Old_age Always - 0 197 Current_Pending_Sector 0x0032 200 200 000Old_age Always - 0 198 Offline_Uncorrectable 0x0030 200 200 000Old_age Offline - 0 199 UDMA_CRC_Error_Count0x0032 200 200 000Old_age Always - 0 200 Multi_Zone_Error_Rate 0x0008 200 200 000Old_age Offline - 0 SMART Error Log Version: 1 No Errors Logged SMART Self-test log structure revision number 1 Num Test_DescriptionStatus
Re: Long I/O pauses on same mass storage
On Wed, 12 May 2010, Adam Vande More wrote: On Wed, May 12, 2010 at 3:49 PM, Mike Tancsa m...@sentex.netmailto:m...@sentex.net wrote: At 04:27 PM 5/12/2010, A. Wright wrote: === START OF INFORMATION SECTION === Device Model: WDC WD15EARS-00S8B1 Serial Number:WD-WCAVY2700359 Isnt that one of those Western Digital Green drives ? I seem to recall a number of people complaining about similar issues where the drive stalls. Perhaps a firmware update ? Or perhaps a way to disable the power saving/spin down features ? Is your controller set to AHCI, or regular SATA. what does /var/run/dmesg.boot show ? This is indeed one of the so-called eco drives. The controller is set to SATA (no mention of ahci, though I will now look at it as suggested earlier to see if I can control the problem that way). In addition to what I pointed out earlier, I believe that is also a 4k sector drive. You'll need to align your partitions accordingly. As far as I can tell, it is a standard 512 byte sector. The general lack of documentation with this drive (shipped in a plastic coffin -- the only docs supplied with it were the label itself), but on the WD site, they indicate: Formatted Capacity 1500301 MB Used Sectors Per Drive 2930277168 Assuming a megabyte is 10^6 bytes, as is standard with storage vendors (1500301 * 1000 * 1000) / 2930277168 = 511.99968 So it appears that at least I don't have *that* particular problem. Thanks for the suggestions; I had not looked at AHCI before, and it may well be part of my ticket out of this problem. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long I/O pauses on same mass storage
On Wed, 12 May 2010, Chuck Swiger wrote: Thanks for real data to work from. Thanks for the assistance! There's no signs of surface failure with high reallocated sectors or anything, but your drive is parking it's heads nearly 100 times an hour. Someone else suggested this was a green firmware drive, so it might be spinning down and so forth trying to save power, and the OS is complaining because it takes a while to spin back up and become online. Thanks for reading the tea-leaves for me and pointing that out. I'm sure that that is the problem, as this would explain all the symptoms, as I am guessing that quite a large I/O queue can be generated if it is insisting on going into park that often. I've heard rumors that there exists an WDIDLE utility which might be able to tweak the firmware which might help. I will look into it, and see if there is a path out of the woods here. I'll report back once something else is known. Thanks all, for the help. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Long I/O pauses on same mass storage
On Wed, 12 May 2010, Adam Vande More wrote: On Wed, May 12, 2010 at 6:21 PM, A. Wright and...@qemg.orgmailto:and...@qemg.org wrote: As far as I can tell, it is a standard 512 byte sector. The general lack of documentation with this drive (shipped in a plastic coffin -- the only docs supplied with it were the label itself), but on the WD site, they indicate: Formatted Capacity 1500301 MB Used Sectors Per Drive 2930277168 As I understand it, all the 64MB EARS model drive have the WD Advanced Format eg 4k sectors. I don't have one and I'm pulling this (from the depths of memory || out of my ass), but I think those drives also have something funky going on where they report normal 512 sector when in fact they do have 4k ones. Either way, it wouldn't hurt to align on 1MB boundaries. I just got confirmation back from WD, and your nether regions are correct -- this _is_ a 4096 byte sector drive. I have suggested to WD that they may wish to mention this salient fact somewhere. Thanks again, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: dangerously dedicated disks and 8-stable status
On Fri, 7 May 2010, krad wrote: FYI happened on 2nd box as well but I least it didnt catch me out this time 8). It seems that pre freebsd-8 it is permissible to use format devs1[a-h] , however in freebsd-8+ to you are forced to use the format dev[a-h]. I have noted peculiarities also in this move (as noted above: 8.0-RELEASE upgrade -- no files visible), but different ones from what you are seeing. I have begun to suspect that part of the issue is that my drives at one time were set up in dangerously dedicated mode, but later changed to slice-based mode. It may be that there are still sectors near the beginning of the disk with old information in them. Currently I have one disk remaining from the old setup, for which I only get /dev entries produced for the device, and for partition 'a' (ie, /dev/ad10, /dev/ad10a), however if accessed from 7.2, I can see and mount /dev/ad10s1[a,d-g]. Might your disks have similar old information in the first track (but not in the first sector), or do you refer to a new disk, or one to which a number of sectors of zeros was written? Thanks for the info, A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pf suggestions for paced attack
I wrote:
If anyone is interested, I can send (or I suppose post) the scripts.
Balázs Mátéffy wrote:
Would you be so kind to share those scripts?
No problem; the scripts are below.
I run them both in /usr/local/bin
Note the usual caveats about running scripts as root;
some squashing of problems is done by setting PATH to
the empty string in the scripts and using the fully
qualified path to all executables.
I run /usr/local/bin/authlog_watcher in the background from
/etc/rc.d; I then have a rule:
block return log quick on $EXT_IF from { attackers } to any
in my /etc/pf.conf to make the actual filtering happen.
As you can see, the entire thing is quite simple -- the first
script simply is a loop fed from the auth.log file (note -F
to resync after log rotation). The second script is triggered
by the first when there is any activity of interest, and its
purpose is to examine the log (within a recent date range)
and count whether there are too many attempts.
I hope this helps out.
Andrew.
8 --- authlog_watcher --- 8 --
#!/bin/sh --
#
# Trigger our attack filtering script when relevant authlog
# activity occurs
#
# $Id: authlog_watcher 118 2010-05-03 16:46:55Z andrew $
#
PATH=
/usr/bin/tail -F /var/log/auth.log | {
while read line
do
sshd_test=`/bin/expr ${line} : .*sshd.*`
if [ ${sshd_test} -gt 0 ]
then
inv_test=`/bin/expr ${line} : .*invalid.*`
fail_test=`/bin/expr ${line} : .*Failed.*`
err_test=`/bin/expr ${line} : .*error.*`
if [ ${err_test} -gt 0 \
-o ${err_test} -gt 0 \
-o ${fail_test} -gt 0 ]
then
/bin/sh /usr/local/bin/filter-current-attackers
fi
fi
done
}
8 --- filter-current-attackers --- 8 --
#!/bin/sh --
#
# Invoked by the authlog_watcher script when activity involving
# failed login occurs. This script parses the auth.log file
# and for any lines that indicate kiddies, add them to the
# attackers table used/managed by pf to filter connections.
#
# $Id: filter-current-attackers 118 2010-05-03 16:46:55Z andrew $
#
PATH=
TAG=current-attackers
RAWLIST=/tmp/${TAG}.$$.raw
IPLIST_RAW=/tmp/${TAG}.$$.IPlist.raw
IPLIST_UNIQ=/tmp/${TAG}.$$.IPlist.uniq
TMP=/tmp/${TAG}.$$.tmp
LOG=/var/log
ATTACKERS=/etc/attackers
umask 077
trap echo 'Cleanup' ; rm -f ${IPLIST_UNIQ} ${IPLIST_RAW} ${RAWLIST} ${TMP} ; exit
1 2 3 15
/usr/bin/touch /tmp/filter-current-attackers.timestamp
{
/usr/bin/find ${LOG} -name 'auth.log.*' -mtime -2 | \
/usr/bin/sort -t. -r -n -k 2,2 | \
while read f
do
case $f in
*.gz) /usr/bin/zcat -f $f | /usr/bin/tail +2;;
*.bz2) /usr/bin/bzcat -f $f | /usr/bin/tail +2;;
esac
done
[ -f ${LOG}/auth.log ] /bin/cat $LOG/auth.log |
/usr/bin/tail +2
} | /usr/bin/grep sshd ${RAWLIST}
${IPLIST_RAW}
/bin/cat ${RAWLIST} | /usr/bin/grep Invalid \
| /usr/bin/sed -e 's/.* //' | /usr/bin/awk '{print $1;}'
${IPLIST_RAW}
/bin/cat ${RAWLIST} | /usr/bin/grep POSSIBLE BREAK-IN \
| /usr/bin/sed -e 's:\(.*\)\([
\[]\)\([0-9]*[.][0-9]*[.][0-9]*[.][0-9]*\)\(.*\):\3:' \
${IPLIST_RAW}
/usr/bin/sort -u ${IPLIST_RAW} ${IPLIST_UNIQ}
{
while read IP
do
if [ `/bin/expr ${IP} : [0-9]*[.][0-9]*[.][0-9]*[.][0-9]*`
-eq 0 ]
then
echo Invalid IP format : [${IP}]
continue
fi
# Explicitly avoid adding any machine on campus to the list
# if [ `/bin/expr ${IP} : 138[.]73[.]*` -gt 0 ] # MtA
# then
# continue
# fi
# check that there are at least 10 instances,
# to avoid locking ourselves out on a Thumbsday
/usr/bin/grep ${IP} ${IPLIST_RAW} ${TMP}
LINECOUNT=`/usr/bin/wc ${TMP} | /usr/bin/awk '{print $1;}'`
if [ ${LINECOUNT} -gt 10 ]
then
if
#pfctl -q -t attackers -T test ${IP}
/usr/bin/grep ${IP} ${ATTACKERS} /dev/null
then
:
# already in table
else
/usr/bin/logger -p auth.notice \
Adding ${IP} to pfctl filter
/sbin/pfctl -q -t attackers -T add ${IP}
/bin/echo Added ${IP} `host
Re: pf suggestions for paced attack
On Mon, 3 May 2010, John wrote: The script kiddies have apparently figured out that we use some time-window sensitivity in our adaptive filtering. From sshd, I've [ ... deletia ... ] Anybody got any superior suggestions? I've been running a script using tail -F to watch /var/log/auth.log to count total number of failures, and ix-nay anyone who reaches 10 fluffed attempts in 24 hours; this is managed by using pfctl to update the relevant table. It has worked pretty well for me over the last three or so years, and is immune to the current longer timeouts that you mention. If anyone is interested, I can send (or I suppose post) the scripts. Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Gaming
On Thu, Apr 29, 2010 at 10:10 AM, Joe's Morgue joes_mor...@yahoo.com wrote: Looking thru your manuals, I have not seen anything about gaming on a FreeBSD machine. Are there drivers for higher end graphic cards available? nvidia provides a binary blob of their Unix driver for FreeBSD: http://www.nvidia.com/object/freebsd_1.0-4365.html Regarding games in particular - it really depends on which game you are looking to play, and what it's requirements are. I have played HalfLife2 via wine emulation on FreeBSD using the nvidia driver for example. HTH -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Gaming
On Thu, Apr 29, 2010 at 10:57 AM, pete wright nomadlo...@gmail.com wrote: On Thu, Apr 29, 2010 at 10:10 AM, Joe's Morgue joes_mor...@yahoo.com wrote: Looking thru your manuals, I have not seen anything about gaming on a FreeBSD machine. Are there drivers for higher end graphic cards available? nvidia provides a binary blob of their Unix driver for FreeBSD: http://www.nvidia.com/object/freebsd_1.0-4365.html arg! wrong URL! http://www.nvidia.com/object/freebsd-195.36.24.html -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.0-RELEASE upgrade -- no files visible
Some further information . . . recap: failures mounting filesystems that were not in dangerously dedicated mode . . . I have now managed to move many of the files by doing the following: - run fdisk, label and newfs under 8.0 - reboot to 7.2, mount, place files on device - reboot to 8, files now in place Some further observations: - many of my devices, including single-partition devices constructed using: fdisk -I /dev/XXX bsdlabel -w /dev/XXXs1 newfs /dev/XXXs1a are not available from 8.0 if constructed under 7.2, however I can get things to work the other way around. - when I re-setup the disk (using the same commands as above), I am consistently getting the benign warning geom not found, which never appeared under 7.2 Any thoughts? It is quite a pain to dump/restore whole external file systems simply to set up an apparently-identical replacement. Does anyone know much about the recent filesystem changes? Is there a doc somewhere that outlines these? Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
8.0-RELEASE upgrade -- no files visible
I have a puzzler. After postponing an upgrade from 7.2 to 8.0 for some time, I now am attempting to make the transition. In the 7.2 install, I have one dangerously dedicated disk used only for backup (the accommodation of which is why I postponed the install in the first place), as well as a boot disk that was set up using slices. In addition, I have an external USB mass storage device that I have placed level 0 dumps of all filesystems upon. When I install 8.0 to a fresh disk (which is then set up using sysinstall), I can boot off the fresh disk and see all of the just-installed files perfectly. Here is the puzzler: if I boot 8.0, and mount any filesystem that was created by 7.2 or earlier, I cannot see any files. This includes both the non-DD internal disk (which is the boot disk for 7.2), as well as the external USB mass storage (formatted using UFS, but also not a DD setup). To add to the puzzle, df reports a usage number that reflects the block allocation, but ls does not report any filesystem entries. My primary objective is to make the dump files available under 8.0, so I tried booting 7.2 again, mounting my new (empty) /home partition and placing the files there -- this seemed to work as seen under 7.2, however when I rebooted using 8.0, there are again no files visible in this partition. Does anyone have any ideas on: (a) what the underlying problem could be (noting that although I have a DD disk, it is not involved in this process in any way) -- especially given that it seems to affect the filesystems on the external drive, or (b) what a path might be to getting the dump files to the new system so that I can use it? (I should mention that the dumps are rather huge (~100Gb), so a network based solution is rather unpalatable). Any input appreciated, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8.0 zfs install
On Fri, Dec 4, 2009 at 10:28 AM, William Taylor willi...@corp.sonic.net wrote: Does the installer in 8.0 support zfs? If not whats the easiest way to get a full zfs install done? This is probably the best place to start, in general the FreeBSD handbook is the best place to start looking for any information you may have regarding the OS: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/filesystems-zfs.html You can also get more information via the FreeBSD wiki here: http://wiki.freebsd.org/ZFS -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Why is sendmail is part of the system and not a package?
On Tue, Oct 27, 2009 at 5:16 PM, Lars Eighner luvbeas...@larseighner.com wrote: You guessed wrong. We use m4, which cuts out most of the crap that you had to write into sendmail.cf. You write sendmail.mc and compile it. Sendmail.mc on my system is less than 50 lines long, including comments. http://www.sendmail.org/m4/intro.html That's as poorly documented and incomprehensible as .cf by hand. What is your interest in sendmail? Are you connected with it in someway? Surely, yours could not be the opinion of someone who doesn't get a piece of O'Reilly's royalties. It's the same old crap, give the software away, sell the documentation. well shit man - Eric's actually a super nice guy and has made some major contributions to computing so I reckon he deserves *some* respect for the work he's done on sendmail. and frankly I find it easier to setup a SMART_HOST in my .m4 and dist out my resulting configs to my servers in my production clusters. I also have the added benefit that i know sendmail is being tracked as part of the base system so it makes it easier for me to monitor patches w/o having to track ports. For more complex systems (my relay for example) - sure I use postfix, and freebsd makes this quite easy to do as well. if you don't want to use sendmail on your machines it's easy - just don't use it. -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Why is sendmail is part of the system and not a package?
On Tue, Oct 27, 2009 at 6:24 PM, Lars Eighner luvbeas...@larseighner.com wrote: On Tue, 27 Oct 2009, pete wright wrote: On Tue, Oct 27, 2009 at 5:16 PM, Lars Eighner luvbeas...@larseighner.com wrote: You guessed wrong. We use m4, which cuts out most of the crap that you had to write into sendmail.cf. You write sendmail.mc and compile it. Sendmail.mc on my system is less than 50 lines long, including comments. http://www.sendmail.org/m4/intro.html That's as poorly documented and incomprehensible as .cf by hand. What is your interest in sendmail? Are you connected with it in someway? Surely, yours could not be the opinion of someone who doesn't get a piece of O'Reilly's royalties. It's the same old crap, give the software away, sell the documentation. well shit man - Eric's actually a super nice guy and has made some major contributions to computing so I reckon he deserves *some* respect for the work he's done on sendmail. Evidently by making it necessary to learn yet another scripting language to configure it. Other than personal profit I cannot see why people are clinging like grim death to something this fubar. Really, let's go past this one more time: ok i'm just gonna suggest you read up on the history of sendmail to gain some perspective on why/when it was written. i'm not saying that there are no issues with it - but i think some historical perspective would do you a world of good. regarding having to learn a new language i'm not sure about that as i wouldn't say i know m4 - but I can rtfm, and the default .mc files are actually well documented. so yea... Sure, sendmail.cf is hard to work with so the solution is you learn m4! Did you look at the link he offered? How helpful is that? Beside which, m4 is a PORT. So if sendmail is not configurable without a port, why isn't it a port? sure it's a port, sendmail is a port too. but that does not mean you need to install the port to compile custom .mc files for your server. in fact if you check out /etc/mail/Makefile you might notice that m4 is actually part of the base system: /usr/bin/m4 anywho i should stop feeding the troll. -p -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Why is sendmail is part of the system and not a package?
On Tue, Oct 27, 2009 at 7:14 PM, Frank Shute fr...@shute.org.uk wrote: On Tue, Oct 27, 2009 at 08:45:59PM -0200, Gonzalo Nemmi wrote: On Tuesday 27 October 2009 7:31:34 pm Jerry McAllister wrote: [snippage] So, that leaves personal preference as the only real reason for wanting to replace it. Let me get this straight .. that means that every Linux distro, NetBSD, OpenBSD and DragonFlyBSD are all doing it just out of personal preference? I'll speculate as to the reasons: NetBSD: probably wanted something smaller footprint-wise. OpenBSD: wanted something more secure. Dragonfly: started afresh, so could replace it without many headaches. RedHat: poor package management made it a pain to upgrade. FreeBSD: ? I can't think of a good reason why FreeBSD should get rid of it. Saying that, it would be neat if it was taken out of base and replaced with something minimal that could cope with the demands of cron and not much else. Then the user is expected to install a MTA of their choice out of ports. That would mean less code in base and fewer security advisories. yea i like where you are going with this frank - perhaps when opensmtpd is done we'll be in the position to import this into the freebsd tree? it sounds like it might fit the bill :) -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mounting an NFS volume served by Mac OS X
On Tue, Sep 1, 2009 at 3:20 PM, patrickgibblert...@gmail.com wrote: I'm wondering if anyone has had any success in mounting an NFS export from a Mac OS X machine on FreeBSD 7.2? When I try, I get: RPCPROG_MNT: RPC: Authentication error; why = Client credential too weak The man page for exports on Mac OS X has: -sec=mechanism1:mechanism2... This option specifies one or more security mechanisms required for access to the exported directory. The security mechanisms currently supported are krb5p, krb5i, krb5, and sys. Multiple security mechanisms can be spec- ified as a colon separated list, and should be in the order of most preferred to least preferred. In the absence of this option, the security mechanism defaults to sys. My export does not specify this, so sys is what is being used. Not exactly sure what that means... I don't see any options in mount_nfs(8) on the FreeBSD side that has anything to do with authentication or security mechanisms... Any suggestions would be greatly appreciated! which version of NFS are you using on the server side, which version are you attempting to use on the client side. also, it may be helpful if you post your /etc/exports file from your server (or what ever configuration you are using on the OSX server) and your mount command that is failing. -pete -- pete wright www.nycbug.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: USB flash disc
Bernt Hansson wrote: I've got an usb flash disc kingston datatraveler DT150 64GB. That I put pcbsd on to try, and now I can't seem to get it of the stick. [ deletia ] Errors when trying fdisk: fdisk -BI /dev/da0 *** Working on device /dev/da0 *** fdisk: invalid fdisk partition table found fdisk: Geom not found: da0 fdisk: Failed to write sector zero umass0: BBB reset failed, IOERROR umass0: BBB bulk-in clear stall failed, IOERROR umass0: BBB bulk-out clear stall failed, IOERROR I'm assuming you have checked any readonly status that may be set on this device (in software or hardware), however the above exactly matches the reports I got from a USB desktop drive right before the device completely packed it in. If there are vendor diagnostics to debug data transfer to the device I would verify that it is actually transferring data as your next step. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xdvi with amd64
On Mon, 4 May 2009, Olivier Nicole wrote: Exactly which fonts are you having trouble with? I can tell you whether I can reproduce the issue under 7.1. Nothing exotic at all: cmr10.300.pk The error message is: $ xdvi memo Note: overstrike characters may be incorrect. xdvi: Wrong number of bits stored: char. 68, font cmr10 $ For what it is worth, I don't seem to be able to produce this with any DVI files I create. If you have one in particular you would like me to verify, you can email it to me. What version of xdvi are you running? I have a recent port: $ xdvi -version xdvik version 22.84.10 (@(#)Motif Version 2.2.3, runtime version 2.2) Libraries: kpathsea version 3.5.2, T1lib version 5.1.2 A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Dump snapshot issue...
On Tue, 5 May 2009, Marc Coyles wrote: I've got a script that dumps various filesystems to tape for me, but I've always had an issue whenever I've used the -L option... see below: /usr/bin/mt rewind /sbin/dump 0aLuf /dev/sa0 / dump: Cannot create //.snap/dump_snapshot: No such file or directory You probably have not created the .snap directory in the root of the filesystem. From the dump(8) man page: If the .snap directory does not exist in the root of the file system being dumped, a warning will be issued and the dump will revert to the standard behavior. This problem can be corrected by creating a .snap directory in the root of the file system to be dumped; its owner should be ``root'', its group should be ``operator'', and its mode should be ``0770''. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Shopping for external harddrive
On Tue, 5 May 2009, Daniel Underwood wrote: and other online reviews. But I also wanted to see if any of you folks have personal recommendations. I had an unpleasant experience with Maxtor/Seagate support this year. I had one of their OneTouch III's pack up after 6 mo, and the warranty replacement died out of the box. It took 69 days as well as dozens of phone calls + emails to get a replacement for the dead replacement. The overall failure rate of their products seems to be acceptable, but their support is just terrible. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xdvi with amd64
Hello Oliver; On Thu, 30 Apr 2009, Olivier Nicole wrote: Is there known issue with the port of Xdvi (/usr/ports/print/xdvi) on 6.4 amd64? I suspect there is a problem with the size of the int/short/long as Xdvi detects wrong number of bits in some font files, while these same font files are used without problem by other ports and are identical to font files generated in x86 system. Though I am now on 7.1, I was using xdvi on 6.4/amd64 without noticing any issues. Exactly which fonts are you having trouble with? I can tell you whether I can reproduce the issue under 7.1. Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Copying files without scp
On Tue, 7 Apr 2009, Steve Bertrand wrote: Can someone recommend a *known good* production quality copy mechanism that will act like scp, but without the overhead? rsh? nc? If you are happy with rsh authentication, then have you looked at plain old rcp? A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: going from cvs to svnq
[ snippage of question re: svn and cvs ] On Tue, 31 Mar 2009, Chuck Robey wrote: Andrew Wright wrote: The primary advantage of using svn is that the _server_ uses a different protocol to track objects. I think that's unclear, you can't mean that just having the protocol be different, that's not that much of a win. Having svn track extra things, like directories, that I'd think was a win. I chose the word protocol poorly. For protocol read way of doing things, or perhaps algorithm. What I was trying to make clear is that the choice of tool between cvs and svn is made based on server related criteria. What I don't know is, I use cvsup all the time, but when I switch to svn, what does the cvsup job of tracking an archive (not tracking the sources, I mean the archive)? Does svn do it all itself? If so, I can find out how, I just want to know if that's how its done. If not, what's the general tool used to track the freebsd archive, so I can investigate it? If you are asking what is the name of the subversion client, and how can I use it?, then the answer is svn (which is also the executable used for the server, a la cvs with the pserver option). Usage instructions are available via: http://subversion.tigris.org If you are asking what can I type to get a readonly copy of the repo?, then according to the ROADMAP.txt at: http://svn.freebsd.org/viewvc/base/ROADMAP.txt?view=markup the answer appears to be: svn co http://svn.freebsd.org/base/head Strong Caveats: o One of the peculiarities of subversion is that if you leave off the head portion of the URL, you will get _all_ of the nodes in the repository -- that is, the history at every point. o As I mentioned earlier, this will produce a newly checked out working space that is incompatible with cvsup (or cvs in general). o ***Early Adopter Warning***: There has not been (as far as I know) a general call for people to move to this type of repository access except for committers -- therefore expect rough edges until a general announcement is made. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: going from cvs to svnq
Sorry to follow-up my own note, but . . . On Wed, 1 Apr 2009, Andrew Wright wrote: [ further snippage of previous note ] Strong Caveats: o ***Early Adopter Warning***: There has not been (as far as I know) a general call for people to move to this type of repository access except for committers -- therefore expect rough edges until a general announcement is made. I would further urge you to read: http://svn.freebsd.org/viewvc/base/projects/GUIDELINES.txt?view=markup for an overview of the information used by the committers, and will further add: Even Stronger Caveat: o The head revision translates to something like current looking around in http://svn.freebsd.org/viewvc/base/ will show you that there are directories other than head from which branching is done. Some perusal of the svn manual and poking around in the repository may help you track current, but there isn't anything in place yet to let you track stable, for instance. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: going from cvs to svnq
On Tue, 31 Mar 2009, Chuck Robey wrote: I've finally decided that it's way past time that I switched from using cvs for my home archive (currently /home/ncvs) to using subversion. I'm trying to hunt down a web page that might give a set of rules to help moving things. I've It appears that you may be labouring under the assumption that svn is a potential _client_ replacement that will read a CVS repo. It doesn't do this. You can convert a repository using the tools available at: http://cvs2svn.tigris.org/ but afterwards you are using svn exclusively -- there is no ability to mix and match. After the conversion, both client and server tools will change. The primary advantage of using svn is that the _server_ uses a different protocol to track objects. Directory management, for instance, is a track-able change, as opposed to the CVS strategy of directory management through side effect. Stuff like, can I use my present cvsup-fetched /home/ncvs with svn? I didn't No - if you have fetched a directory using cvsup, then it is a CVS workspace, and will remain that way. If the server managing a repo is using CVS, you will use a CVS client to access it If you are managing a repo you wish to convert to svn, then the link above will help you do it. At the time of such a conversion, all currently-checked-out CVS workspaces will be orphaned. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wine without X
On Fri, 27 Mar 2009, Barnaby Scott wrote: Can I ask one more possibly really dumb question, to which I can find no answer: Is there a 'conventional', or sensible for one reason or another, place to download application source to? Presumably you don't want it mixed Not dumb at all. There are several conventions. The one I use is to have a user named build. This provides a natural home for these packages (the home directory of that account) as well as nice management for setting uname, potential wheel association etc. for an account that is used for building system libs by executing su - build to get that type of admin process underway. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Formatting a tape?
On Thu, 19 Mar 2009, Jaime wrote: I have a DLT tape drive in a FreeBSD system. With one of the tapes, I can get tar -cvpf /dev/sa0 -C / . to work. With all the other tapes, I can't. Is there some kind of formatting process that I need to do? I tried mt fsf 1 from this page: I assume that this is a fresh tape? Do other tapes from the same batch work? What happens if you use dd to try and write to the tape? The command dd if=/dev/zero of=/dev/sa0 count=8 should print out: 8+0 records in 8+0 records out If you are getting something else, I might suspect a physical media problem. I have certainly gotten the odd dud tape before. A. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is NFS Locking Reliable?
On Tue, 10 Mar 2009, Konrad Heuer wrote: I'd like to ask for your experiences with NFS locking in larger environments. Our experiences are not so satisfying. Our NFS servers for user home This matches my historical experience, especially if you add in periodically wedged and ignored lock state. First, it is useful to realize that locking over NFS has, until version 4, been done outside of NFS itself. That is, there are a pair of daemon (usually called statd and lockd) processes that negotiate the lock outside of the stateless mechanism that is the NFS data access method up to v3. My past v3 experience has been that only in the case where you have exactly the same version of statd and lockd on both sides (on the client and on the server) is it possible that you _may_ experience truly reliable locking. Note that this is only possible with the same OS at the same revision/patch on both client and server. NFS v4 is no longer stateless, and manages locks internally, which I would guess would make things much better, though my experience on mixed environments under v4 is much more limited. What version of the NFS protocol are you using? You can find this out via /usr/sbin/nfsstat If you are stuck with a v3 client, my recommendation would be to turn locking off altogether for that client, as I have found that this works in general better, as the applications desiring the lock are then at least aware that the lock won't work, rather than being led up the garden path by a successful return from a call to lockd that later is not honoured. If upgrading all to v4 is possible, it is probably worth a try, and good luck! Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
xorg configuration
Hi All, Have worked on this for a week or more with no success. Running xorgconfig as root gives a kde gui that works but once I click anything the screen just goes to fuzzy vertical lines. The only other config that really works makes the screen and icons really HUGE. Could you point me in the right direction ? Stan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When is there going to be a USB install and run iso iamge for FreeBSD?
On Fri, Feb 20, 2009 at 6:12 PM, Fbsd1 fb...@a1poweruser.com wrote: Sergio de Almeida Lenzi wrote: Em Sex, 2009-02-20 às 20:51 +, Formula 1 escreveu: Is there going to be a possibility for FreeBSD, in the future or now, that there will be a release of it that allows for install and running of the operating system off of a USB memory stick? I have it running here... two small scripts save it from the disk into a 2mb usb stick. once in the usb you can boot (from the usb) and install it on any other disk in 5 minutes and using zfs (a 1gb ufs partition, a swap partition and a big zfs partition. if needed I can put the script in the web fo testing or download. I adivse that there is no need to enter sysinstall. Hope it can help ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Sure would like a copy of your scrips. Thanks +1 here. would it be possible to post the scripts, or a url, to the list? cheers, -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: recovering from a power outage
[ deletia introducing discussion of fsck ] On Thu, 12 Feb 2009, Tim Judd wrote: It's part of the bootup scripts now. It runs in the background 60 seconds after the login prompt shows up (not exactly, but close to 60 secs) it's the background_fsck option that defaults to YES in /etc/rc startup. only if there's major problems will it bail out, screaming for help. it'll drop you into a shell telling you that the filesystems need repair. If you are paranoid (like I am) and want to watch everything happen, then it is nice that fsck will read /etc/fstab (if still present) and correlate filesystem names with devices, so you can just follow a sequence like this: (boot single user) fsck / fsck /usr fsck /var ...etc Once you have run fsck on /, you can mount it using mount -u -o rw / so that you can then run ed (which is in /bin). I am assuming that the reason you cannot use ed to look at a file until this point is because it wants to write the temporary buffer somewhere, even if there are no changes, and if / is readonly and nothing else is mounted, then /tmp is unavailable for this purpose. Can anyone corroborate that? If so, does anyone know when ed started wanting to make a temp file even before any edits are made? I am sure that ed has gotten me out of similar jams in the past, when I wanted to see part of a file in an unchecked root fs, and cat wouldn't fit the bill because the file was too long (and more and friends are far away on /usr, and therefore not available if still patching up the root). Anyone? Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Restricting users to their own home directories / not letting users view other users files...?
On Wed, 11 Feb 2009, Keith Palmer wrote:
What if I symlinked each home user's public_html directory to a directory
readable only by Apache? Would Apache be able to read the destination
directory via the symlink, even if it doesn't have permission to access
the destination directory?
You can do something like this easily.
Assuming you have access to the Apache config, you can setup Apache
to look in a location other than /home/${USER} for the public_html
directories. Let us call this /web/${USER}. If you create a
directory here for each actual user, and create a user-owned
public_html directory within it, then you can make your symlinks
from the real home directory to this location. Apache can happily
operate on the assumption that ${HOME} for each user is /web/${USER}.
Look for UserDir in the Apache config httpd.conf (for 1.3) or the
httpd-userdir.conf file (for 2.2).
Is there really no better way to do this...?!?
Even easier is to simply set the default umask for your users (say
to 077) in the system-wide shell initialization for your users'
favourite shells.
Then new files will be unreadable, and new directories unbrowsable.
User A will be able to see if B has created a file in their
home dir, but not what is in it, nor anything below the home directory
point.
This is what most systems do -- if people want their items completely
private, they can put them in a sub-dir.
Users can still give away privacy by resetting umask or using chmod,
but they could do that in any case, if you allow more than one account
per machine (or jail).
Cheers,
Andrew.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: dump/restore problem
Ivan; when I started a migration to new HDD, according few how-tos, I got the following warning: # dump -0Lauf - /dev/ad0s1f | restore -rf - When debugging dump/restore problems, it is always best to dump to a file, and then restore from the file -- this allows you to see which of dump and restore is printing which message. I would guess that the Header with wrong dumpdate is this issue: http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/118087 More surprising is: warning: ./.snap: File exists *expected next file 141455, got 146* DUMP: 2.86% done, finished in 3:35 at Thu Feb 5 01:44:32 2009 What exactly is your .snap entry? Is it actually a directory, or do you have a file called .snap that is getting in the way? The expected next file message indicates inode numbers out of sequence, which I would guess also come from restore -- if the warning about .snap comes from dump, then I would encourage you to make sure that dump cleanly creates its archive (to a file) before spelunking in the restore error messages. If you are short of space and are using several partitions on your new drive, just format the largest and place the output files there while you experiement. Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
dump(8) using snapshot + recommended cache
Hi All; I regularly use dump(8) with snapshots to back up my server. While this seems to have been working perfectly well so far, upon (re)reading the man page for dump(8), I have noticed a somewhat scary pair of lines in the paragraph describing the option for -C cachesize (emphasis with stars mine): [Use of this option] will greatly improve performance at the cost of ***dump possibly not noticing changes in the file system*** between passes. ***It is recommended that you always use this option when dumping a snapshot.*** Does anyone know what, exactly, this means? In particular, is the first statement actually trying to say: Use of this option will greatly improve performance; however it may be that changes made to the filesystem made between _dump_ passes will be ignored. ***The resulting dumped filesystem image will be consistent and correct based on a timestamp no later than that of the point at which the dump was started***. Is this a fair statement? Is this guaranteed? Or are we trying to say that: The resulting filesystem will contain images of individual files based on a timestamp no later than that of the point at which the dump was started, however any individual files modified after the dump begins may be stored using any of the version that appeared written to disk during the period of the dump. As far as the second line goes, I am not at all clear on what this is trying to say. Why is the cache recommended? For speed? Stability? Output correctness? In particular, if a snapshot dump is made without a cache option, is it potentially corrupt? In particular, if the second attempt above is more true than the first, it seems to me that we should _not_ recommend the use of a cache with snapshots, as it seems to erode the utility of the snapshot itself. It is for this reason that I am suspecting that there is more here than meets the eye, which is why I am keen to make sure that this is clear. I am very happy to put in an update to the docs if we can make sure that we know exactly what we are trying to say here. Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: dump(8) using snapshot + recommended cache
I regularly use dump(8) with snapshots to back up my server. While this seems to have been working perfectly well so far, Sorry to follow-up my own post; I just realized I hadn't mentioned any version info. The docs I am reading are the ones associated with 7.1-RELEASE; I haven't checked whether this part of the dump documentation got updated with 7.1 or not. Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: dump(8) using snapshot + recommended cache
On Sun, 1 Feb 2009, RW wrote: ***It is recommended that you always use this option when dumping a snapshot.*** When you dump a snapshot there are, by definition, no changes between passes. So it's saying that in that case there in no reason not to cache. Ah, that makes sense. That being the case, perhaps we can update the text to: If dumping from a snapshot, the filesystem is already frozen, therefore using a cache with a snapshot will ensure that consistency is maintained while also providing best performance. If that sounds good, I'll make a doc patch. Out of curiosity, under what circumstances is the improved performance the most likely? I dump from cron when the system usage is low, and haven't noticed any significant difference in time with or without cacheing -- but I haven't done any testing under heavy load, nor with limited RAM, so there are many mbufs available in any case. Thanks for the info, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Edit user groups
sorry OT and I recommend against sudo because it's very design is a man-in-the-middle type of scenario, and one typo by the sudo devs can possibly make a mess out of things. I think sudo makes a lazy admin -- too easy to just run in and hit something. I think sudo is a false sense of security. If a user trusts another, and give sudo access, why not give the whole OS to them? Sudo's out there -- don't get me wrong, but you won't catch me dead with a box with sudo installed. I think it's a very misleading tool. And not to say they do -- but what if the devs put in a keygen...do you monitor the sudo source code? And if I remember correctly -- the way sudo gets it's work done is a SUID bit to root. Those are the devil's eggs that hatch and just cause havoc. A rogue CGI calling sudo to do something on the website, buffer overflow (with php!) and you've gotten rooted. No, no -- I hate sudo for it's own doing. It's going to eat itself alive. /rant No flames please. not a flame, but a point of order - you can grant sudo privs to a user that does not automatically give them full root/wheel privs. i recon this is something that most admins have had to come across when working in a multiuser environment. what sudo also does provides you is: 1) an audit trail of who did what, when with said escalated privs 2) a way to give non-wheel users access to run specific commands that may require escalted privs so i'm not really sure why one would want to throw out the baby with the bath water, it's just another layer on the onion - and much better than giving everyone root access, or requiring the one or two trusted users in wheel to executed any program that may require escalated privs (rndc reload, apachectl reload come to mind immediately). -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Secondary DNS or BSD Server space
On Thu, Dec 18, 2008 at 8:11 PM, Matt Emmerton m...@gsicomp.on.ca wrote: Everyone: We just got word that Neustar, which bought DNS service provider Nominum a few years ago, is shutting down Nominum's secondary.com service. The service used to provide secondary DNS for users' zones at no charge. I and the other secondary.com users I know think it's reasonable for the company to charge a small but reasonable fee for the service instead of keeping it running for free. But alas, Neustar is getting greedy. The only alternative they offer is a $50-a-month managed DNS service, which we don't want or need. (We're fine maintaining our own master servers and zones; we just need a slave to use as a secondary.) So, we're looking for alternatives. Does anyone on this list know of a good, BSD-based service which offers reasonably priced secondary DNS? Or reasonably priced servers at a server farm, where I and others can set up a secondary DNS server? There was a thread on this just the other day here. Not sure if they are BSD-based, but both dyndns.org and zoneedit.com offser secondary service for practically nothing. I'm %99 sure that dyndns.org is FBSD based. I've been using them for a while now and am quite happy with them too. if you check out their jobs board there are openings for FreeBSD engineers: http://dynamicnetworkservices.com/jobs-hiring -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nsswitch.conf man page
On Wed, Jul 16, 2008 at 11:44 AM, [EMAIL PROTECTED] wrote: I don't see anything in the man page about adding ldap into the nsswitch.conf file. Is that something that I can do so that I can get applications to use my openldap? oh that's odd - never noticed that :) I would assume I could add something to the affect of: passwd files ldap group files ldap yep that's about it, here is what i use for ldap auth on some workstations that hit an openldap cluster. passwd: files ldap shadow: files ldap group: files ldap -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: priority or order for /usr/local/etc/rc.d scripts?
Regarding the order of rc scripts, On Mon, 30 Jun 2008, fred wrote: I need resin to be started when apache is starting, how can I do that? I can?t find any documentation on priority or order for startup scripts. The rcorder(8) page will help you out. Note the PROVIDE and REQUIRE keywords. Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Running with a readonly root partition
As devfs is running by default, it seems to me that it would be relatively easy to run with a readonly root partition, assuming that the directories under which writing is necessary (ie; /tmp, /var, /home) are located in separate, writable partitions. The main advantages are that none of the configuration files or binaries in /etc and /usr (which may still be on a separate readonly partition) are vulnerable to attack (even from a local privilege escalation) without remounting the partition as writable. This used to be a very common setup in the *NIX world, so I am surprised to find little to no mention of it in the archives. I set up my machine this way a couple of months back, and have noticed some minor things (some few things assume a writable /etc, notably including dump(8), and the boot process update to /etc/motd). Once these have been rectified by relocating the files and setting up symlinks, there have been no problems. My questions are: - does anyone else do this? - if not, why not? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Running with a readonly root partition
On Fri, 13 Jun 2008, Mister Olli wrote: do you have some kind of installation/setup manual? that would be really interesting to see your steps, and try that myself. There aren't very many steps: - install as per normal, but with the following on separate partitions: /, /tmp, /var Most people usually put /usr on a separate partition too, as it makes software updates easier DO NOT put /etc on a separate partition, or you will have an unbootable system - make a directory /var/etc (or other similar location in the writable portion of your filesystem) - copy the necessary files to /var/etc and create symlinks in /etc of the form ../var/etc/filename The files I have done this for are dumpdates and motd Other files may be required if you run other daemons; I experimented with denyhosts, and therefore had hosts.allow there for a while - update /etc/fstab to have 'ro' instead of 'rw' for / and /usr - reboot or run mount -u -r / ; mount -u -r /usr if you want to test whether things are working, just run mount and see whether things are ok for a while before updating /etc/fstab -- then any major panics can be solved with a reboot. I have some questions too: - how do you handle updates/ installation of new software? By remounting before doing updates. I don't do updates that often, so this is not a problem for me. - how do you prevent someone who hacked the machine to remount '/' as writable You don't; at least not this simply. The main advantages of this strategy are protection against (a) accidental changes by root users and (b) trojans, scripts and other naive rootkits. Like most security ideas, it is simply a single step along the way, and the usual rule applies -- anyone who actually has root has the privileges to damage the system to any extent they like. - how do users update theirs passwords when '/etc' is read-only? This is a larger problem, and one I had forgotten about as the machine in question is a firewall/datashare that doesn't have many users. Things should work fine if you are running yp or similar from another machine; alternatively a password update script can be written to either (a) do the remount to allow updating on the fly, or (b) queue the update until a regular remount+update cycle (as many large shops do). Certainly not a one-size fits all solution for everyone, but I remain curious as to why this technique has fallen out of favour. Perhaps it is this weakness with local passwords that has caused most people to give up the (relatively small) security advantages in favour of simplicity? Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Version 5.4
On Tue, May 27, 2008 at 10:43 AM, Dennis Kirschling [EMAIL PROTECTED] wrote: Hi, I have a customer running BSD that has been informed that he needs to upgrade his Apache product. I have a wealth of experience with SCO products but very little with BSD. The Apache that they are operating now is version 2.0.55? I don't have the knowledge to look into installed products or where I would gather the Apache upgrade and the installation instructions. If you can point me to any info regarding this upgrade I sure would appreciate it! The FreeBSD product has excellent documentation. The best place to start is here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ Regarding your current task, the section on ports is probably the most helpful. It looks like you will have to upgrade the Apache port that is currently installed. Is there a specific version of the Apache web server that is needed? FreeBSD supports many different versions of the Apache webserver - yet the ports system makes installing, and updating, these applications very easy. Hope this helps, -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dmesg empty after shutdown -r
On Thursday 01 May 2008 01:58:46 A Hamilton-Wright wrote: After shutdown -r now and the subsequent reboot, I have (... no dmesg) On Thu, 1 May 2008, Mel wrote: dmesg -M doesn't show anything either? Wish I'd thought to try that last night. I eventually shut it down again (shutdown -p) until I could come in this morning and take a look at the console while booting -- and now everything is fine. I have now tried a few reboots (shutdown -r) and halts (shutdown -h), and I have a dmesg every time it recovers. I will certainly keep an eye on this and see if I can reproduce this in any fashion. If anyone else sees this phenomena (even transiently), I would love to know about it. Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
dmesg empty after shutdown -r
This is very strange. After shutdown -r now and the subsequent reboot, I have logged in to my machine FreeBSD qemg.org 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 10:35:36 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC amd64 Everything seems to be running normally, except dmesg produces no output, and /var/run/dmesg.boot is zero bytes long. Does anyone have any ideas why this would ever occur? Or even how it could occur? Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: USB HD based backup schemes
You haven't mentioned how large a USB drive you have available to use for this scheme, but it sounds to me like your situation can be summed up as follows: - you have two machines to back up, one is remote, but both have consistent network accessibility - you have a (removable) drive upon which you want to place regular backups, based on some use of dump/restore, and presumably this drive is large enough for all backup data, to be managed under some rotation scheme (old -vs- current directories, for example) - the main question is how to collect and organize the data onto this (removable) drive on a machine remote from the one being backed up If the above pretty much fits the bill, I would suggest a simple script to be run out of cron to copy the data. Keep in mind that you can easily transfer the data directly from dump to your remote machine by piping it into an ssh command. On your dobby machine, a command of the form: dump 1nuLf - /my/data | ssh -x kreacher /path/to/some/handler/script will present the dump output to a script run on the backup machine that can presumably ensure sane handling of the incoming data and potentially mount your USB device. Passing the mount point on dobby as an argument to your remote script will help you organize things if you have set up multiple filesystems on dobby that you need to dump separately. Note that I am assuming here that you have made a zero level dump and that it will be perpetually available in some safe place. I'm sure that I could roll my own with dump or such, but I'm sure that I would leave important things out and that this has already been done by people who are smarter and more experienced than I am. So recommendations please. As long as you are dumping whole filesystems, I don't really see how you can leave anything out -- recovery is then simply a case of: - boot off an install/live CD - fdisk, label, newfs - restore dump level 0, restore most recent dump level 1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: USB HD based backup schemes
On Sat, 26 Apr 2008, Jeffrey Goldberg wrote: On Apr 26, 2008, at 3:38 PM, David N wrote: We used to use RSnapshot http://www.rsnapshot.org/ to backup to an external disk, its a great tool that also does incremental via hard links which is a plus. Just after I posted, I started thinking about rsync. I hadn't known about rsync's hard link feature. So once I saw that, the trail did lead me to rsnapshot. The only thing I don't like about it is the security hole it demands of remote machines to be able to back up to them. Take a look at rsync's -e feature. You can use it to pipe its output through an ssh tunnel much as I just posted a moment ago: rsync -e ssh -x ... kreacher:path/to/usb/storage Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
CPU throttling on amd64
Does anyone on this list know the state of any userland control tools for CPU throttling on the amd64 platform? I see in the archives that there was little functionality in this are as of 2004, and then substantial work in 2005 to make cpufreq available through sysctl. At that time there is a thread indicating how nice it would be if someone wrote a daemon to do the control for this a la cpufreqd http://lists.freebsd.org/mailman/htdig/freebsd-amd64/2005-February/003524.html I cannot seem to find anything relating to throttling and or AMD CoolQuiet after that point. Is there such a daemon? Thanks for any pointers, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenBSD - FreeBSD migration
The results of my investigation so far are below: Filesystem stuff: - it appears that FreeBSD and OpenBSD use the same partition table format. Is this true? If so, I can potentially avoid rebuilding an entire disk if I am right that ... - FreeBSD can mount and read OpenBSD's version of the 4.2 BSD filesystem implementation Although I strongly suspect that the filesystem itself is probably the same, it is not possible to read an OpenBSD mounted partition, as far as I can tell. After booting using FreeBSD, fdisk correctly reports the information regarding the slice set up by OpenBSD (default 4, not 1, the FreeBSD default), however bsdlabel under FreeBSD cannot interpret any of the data found at the location reported in the table read by fdisk. I do find this somewhat surprising, as it is the same structures that are being recorded. Perhaps there is a magic number issue here that causes bsdlabel to believe that it can't interpret the data as the message returned is that there is no label present in the indicated slice. This makes the filesystem question moot, as without access to the BSD partition results there is no clue as to where to begin access of the filesystem. - even if the above isn't true, it appears that the format used by dump/restore is consistent. I have tried dumping/restoring some small filesystems to test this, but if this is an unsupported way to go, I would like to know now. This seems to work. I was successfully able to dump filesystems under OpenBSD and then restore them under FreeBSD, with general success (albeit a complaint that the dump header is out of date). Cheers, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenBSD - FreeBSD migration
Ivan Voras wrote: Andrew Wright wrote: If both of these are true, I can simply install FreeBSD over top of the OpenBSD /, /var and /usr partitions, and then be able to mount the old /home. Is this something people do? If you delete everything from all directories except /home, it might work. Otherwise, the risk of getting mixed binaries, libraries and scripts from both systems is too great. I probably should have been more clear in my initial post -- I am certainly intending on relabelling + reformatting partitions for /, /usr, /var, /tmp and so on -- to try to run these with a potential filesystem incompatbility (not to mention the potential of mixed binaries) is just asking for trouble. What I am hoping to do is run dump | restore, as the various userdata partitions are all on separate drives (in a partitions), and I have enough space to dump the first one and compress it onto another user-space drive, and similar jiggery-pokery (Doing this will save _many_ media swaps, and thus much time). Essentially, I am asking whether _readonly_ access works, for which I will need FreeBSD to read the disklabel and the filesystem. Thought I'd clear that up in case a perusal through the archives steered anyone wrong later one. Thanks to everyone who pointed out the live CD, I think that will let me answer most, if not all, of my questions. Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OpenBSD - FreeBSD migration
Hi All; I want to migrate a system from OpenBSD 4.2 (ie; the current version) to FreeBSD (7.0). I have poked around on the archives a little to determine how best to do this, and I want to make sure that my understanding (summarized below) is indeed correct. If I am asking these questions on the wrong list (potentially likely for the AMD specific questions) then please let me know: Filesystem stuff: - it appears that FreeBSD and OpenBSD use the same partition table format. Is this true? If so, I can potentially avoid rebuilding an entire disk if I am right that ... - FreeBSD can mount and read OpenBSD's version of the 4.2 BSD filesystem implementation If both of these are true, I can simply install FreeBSD over top of the OpenBSD /, /var and /usr partitions, and then be able to mount the old /home. Is this something people do? - even if the above isn't true, it appears that the format used by dump/restore is consistent. I have tried dumping/restoring some small filesystems to test this, but if this is an unsupported way to go, I would like to know now. Also, before someone (quite rightly) says back up your data, I will note that the reason that I would like to be able to read from /home is to avoid a lengthy restore -- all this data is backed up, but if there is no reason to re-label the drive and reformat the various user data partitions (on various drives) and then spend a day running restore, then I would like avoid such a waste of time. If this is even slightly likely to cause problems though, please let me know and I will start swapping media. - if I have somehow misled myself that restore(8) is consistent, please let me know -- re-installing the old OS just to back up to some other format would be a giant waste of time. Processor stuff: - The machine of interest has an AMD64 processor. I have seen several references to running Linux emulation on an AMD processor, but I would like to confirm that this is true while running the 64-bit version of the OS. In other words: - with a 64-bit installation (amd64) of FreeBSD 7.0, emulation of 32-bit Linux binaries (notably Matlab, but possibly other software as well) is possible, and indeed a reasonably well-known way of proceeding. If I'm crazy, and/or misreading the docs, please let me know. Thanks, Andrew. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DYNDNS server (NOT CLIENT)
On Jan 9, 2008 7:20 PM, Lou Katz [EMAIL PROTECTED] wrote: I want to set up a DYNDNS SERVER and run one myself for the folks I already provide Name Service for. Are there any pointers on how to do this? -- this looks like it may be helpful: http://www.dhis.org/ looks like both the client and server packages are available in the ports tree as well... /me is going to look into this for his own use now :) -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall Redirect
On Nov 30, 2007 5:59 AM, Lucas Neves Martins [EMAIL PROTECTED] wrote: Hello guys, I´m having the following problem: Redirect requests from the port 80, to the port 8082. - for apache tomcat. I´m new on freeBSD, Of course, I had looked out on google, and read the firewall section on the Handbook. snipping some ipfw rules... PS: I´m trying to do this, to make the user tomcat run the apache-tomcat, opening the port 8082, and make it transparent to users who access the domain by the common port 80. another method to achieve this that may be interesting for you is to use mod_jk to redirect requests coming in on your priv'd port 80 apache daemon to your tomcat processes on an unpriv'd port: http://tomcat.apache.org/connectors-doc/ I won't go into the whole configuration here - but going this route may give you more flexibility than using a packetfilter ruleset and will allow you take advantage of load balancing etc. with mod_jk as well. i currently use this setup for a site that serves both static content from httpd and .jsp pages from tomcat all on the same box. HTH -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iSCSI and multi-terabyte support?
On 10/10/07, Kurt Buff [EMAIL PROTECTED] wrote: At my place of work, we're looking at implementing a SAN, most likely with iSCSI, some time next year, and likely about 5-10TBytes. I was wondering if FreeBSD could provide this on COTS hardware, but my googling hasn't been successful. From my reading of this list over the past couple of years, it seems that both parts of the solution - iSCSI support and large disk support - are still problematic, but I'd like to hear more informed opinion, as the potential cost savings is quite large. Anyone have recent-ish experience putting something like this together? IMHO opinion I do not think FreeBSD is there...yet. ZFS is addressing many of the enterprise filesystem features that would be needed to implement something on this scale, and there is the iSCSI target from NetBSD available in the ports tree. I think 7-RELEASE is going to be a solid foundation for building solutions like this - but in the mean time it may be worth considering OpenSolaris if are considering going the COTS path. or - you can take a look at a company like Isilon Systems (http://www.isilon.com/) which builds very scalable filers based on FreeBSD. I have beta tested their iSCSI implementation and it does look good. HTH -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: courier-authlib problems.
On 10/8/07, Tankko [EMAIL PROTECTED] wrote: I upgraded one of my servers to courier-authlib-base-0.60.0 from .59 and I am now getting the following errors in my mail log: Oct 8 18:21:47 myserver.net authdaemond: Shared object libauthvchkpw.so not found, required by authdaemond Oct 8 18:21:47 myserver.net authdaemond: Installing libauthpam Oct 8 18:21:47 myserver.net authdaemond: Installation complete: authpam Oct 8 18:21:47 myserver.net authdaemond: Installing libauthldap Oct 8 18:21:47 myserver.net authdaemond: Shared object libauthldap.so not found, required by authdaemond Oct 8 18:21:47 myserver.net authdaemond: Installing libauthmysql Oct 8 18:21:47 myserver.net authdaemond: Shared object libauthmysql.so not found, required by authdaemond Oct 8 18:21:47 myserver.net authdaemond: Installing libauthpgsql Oct 8 18:21:47 myserver.net authdaemond: Shared object libauthpgsql.so not found, required by authdaemond and Oct 8 18:11:33 myserver.net imapd-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Oct 8 18:12:07 myserver.net imapd-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Thunderbird (OSX) has doesn't seem to care, but the iphone is now unable to get email. I am using SSL to get mail via imap. I have a 2nd server that has not been upgraded to .60 yet, and it works fine. But...the upgraded server has: courier-authlib-base-0.60.0 = up-to-date with port and the non-upgraded server has: courier-authlib-0.59.3 needs updating (port has 0.60.0) courier-authlib-base-0.59.3needs updating (port has 0.60.0) courier-authlib-vchkpw-0.59.3 needs updating (port has 0.60.0) I am assuming the upgraded server had these three ports as well before the upgrade, but I can not be 100% sure. I always kept these 2 severs running the same versions of everything, so I assume they were. Anyone know how to fix this? yea ran into a similar issue yesterday myself. i had to make this modification in /usr/local/etc/courier-imap/imapd-ssl: TLS_PROTOCOL=SSL23 believe old default value was: TLS_PROTOCOL=SSL3 HTH -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Backup Large FileServer
On 9/28/07, Alexandre Biancalana [EMAIL PROTECTED] wrote: Hi list, I've to backup a large window$ 2003 FileServer (~800GB) from my new FreeBSD BackupServer (before I can change this fileserver to FreeBSD). I'm trying cygwin+rsync on FileServer side and rsync+hardlinks on BackupServer side. Using rsync the two great advantages are: 1. Only copy the changes 2. on the BackupServer side I use hardlinks from the older backups, with this only space consumed is from file that where changed. on the bad side: 1. Problems with long pathnames 2. Problems with unicode filenames 3. Very slow copy ~ 2MB/s (I've doubt if this can be improved using any other copy method) I want hear some ideas from the list about the options available to accomplish this job. Alexandre - have you looked at using something like Bacula: http://www.bacula.org/ You should get much better performance (you can write your backup to disk - it does not have to be a tape device) and all windows metadata etc. should be preserved as well. -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd config config file question
On 7/10/07, Huy Ton That [EMAIL PROTECTED] wrote: No, it was unhashed. Thanks for pointing it out though. But the strange thing is when I run: /etc/rc.d/sshd status I get no message No message for start, restart, reload etc. I am performing these commands as root. Any ideas? (couple things, please don't top post, and be sure to keep [EMAIL PROTECTED] cc'd on this thread so others can help you) i'm not sure what you mean about no message. make sure you have sshd_enabled=YES in your /etc/rc.conf. also check to see if sshd is running by using ps. if it is not, try starting it by hand - this will tell you if there are any errors on startup. once it starts cleanly by hand then use the init script in /etc/rc.d/sshd. the man page for sshd is very helpful, and should answer many of the questions you may have - including how to start the daemon by hand, etc.. type: man sshd -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help! FreeBSD: 88.78 KBps, Linux: 624.95 KBps
On 7/10/07, Kyrre Nygård [EMAIL PROTECTED] wrote: Hello. My friend is switching to Linux because FreeBSD is failing on him. When downloading a file from a FreeBSD box and a Linux box on the same network, the FreeBSD box got 88.78 KBps whereas the Linux got 624.95 Kbps. I have no idea what's wrong, but my man isn't really into good information design (e.g. taking something complex and making it easy), so his system is a mess. Maybe some of you can help me locate where the problem's at? It's probably best to start at the basics and work up: 1) uname -ar on both systems 2) do both systems have identical hardware? 3)what are you coping over, lots of small files, one large file. i.e. what kind of benchmark are you using? that's the best place to start. it looks like you have a ton of pf stuff going on, and have made many changes to your kernel via sysctl. i didn't really look at that stuff closely - that info is kinda pointless w/o the basic hardware, OS data. -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restore UFS snapshot
On 5/26/07, Svein Halvor Halvorsen [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roland Smith wrote: Is it possible to rollback a file system snapshot, i.e. restore the file system to the state it was in at the time a mksnap_ffs command was issued? You can mount the snapshot, and then copy the files back to the original fs. Note that cp can preserve flags, but not ACLs AFAIK. Yes, I know that this is possible. However, it's a lot of work. There should be some straightforward way of rolling back to a snapshot, since the files and all the file system structure are already there. Also, there might not be room on the disk for it. well, if you are using snapshot's you already have most likely calculated the overhead that the snapshot(s) will take - so i'm a little confused at to the lack of room available for the snapshot. it's not uncommon to have hourly, daily, weekly snapshot's of given volumes. User scenario: Before a major upgrade (eg. releng-current, portupgrade -a, etc), it would be nice to mksnap_ffs, and then after the upgrade be able to either delete the snapshot if all went well, or rollback to the snapshot. You should use dump(8) in this case. Create level 0 dumps of your filesystems and store them somewhere. You can dump live filesystems with dump's -L flag. If you botch the upgrade, you can use restore(8) to revert your filesystems to the situation before the upgrade. Note that you should really make regular dumps of your filesystems as backups anyway! This is also beyond the point, although I appreciate that you suggest alternative ways to meet my objectives. dump/restore would also require additional disk space. I do actually backup my data on a regular basis, but not all of my computers really need external backup, as I could stand some downtime. However, if I could easily make a snapshot, and then either roll back or delete it afterwards, it would be a nice compromise between security and effort. And also: it seems it should be possible to do this. If not, I might want to make a tool for it. they handbook has a pretty decent example of how to use dump along side mksnap_ffs - and it seems pretty robust to me. when dealing with whole filesystems and important data i think dump(8) is really the way to go as much work has been put into ensuring that you end up with a consistent image on disk. having said that - i see no reason why one couldn't write a wrapper around dump(8) and mksnap_ffs. -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
