Re: locate
george wrote to [EMAIL PROTECTED]:
I am getting this error upon running periodic weekly it looks to me
that there is a very long directory but I dont know a command to find
this directory. can someone help?
# find / | awk '{ if (length = 1024) print }'
It's linear on the number of inodes, but it should be accurate
locate: integer out of +-MAXPATHLEN (1024): 1028
- Ryan
--
Ryan Thompson [EMAIL PROTECTED]
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ports Base
Lonnie Santella wrote to [EMAIL PROTECTED]: That's a good point, but I don't make a practice of running NFS, and often the servers are at different locations - not connected via any network. So would I be correct in assuming that I would copy the entire contents beginning at the /usr/ports level and all subdirectories? Sure. That will gain you the benefits of an up-to-date ports tree. It's important that you do this before any ports are installed on the system, though, or you'll likely have consistency and dependency issues. Once you start installing ports, you have the pkgdb to deal with. Personally, I would just use once fast/well-connected machine to keep everything up to date and build packages for all of the ports you need. Then, just copy those packages and their recursive dependencies (via CD, or ftp/sftp/scp). It's a *lot* less to transfer and maintain. I use something like this to rapidly deploy new FreeBSD servers. Within about 40 minutes from an empty RAID array, I can have a fully-configured environment, the latest RELENG_4_9 (or 4_10 now), up-to-date ports, with our own base ports already installed. We do use NFS and a cvsup server to make life easy, but, in cases where I've done this remotely, I only had to modify a few processes to make it work over SSH. Due to network and system speeds, it took longer than 40 minutes (2-3 hours the last time I tried. The client bought me steak and a pint of beer at a local restaurant while we waited), but it was still just one make all once I got the first root prompt after the FTP install. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RulesDuJour for FreeBSD
Chris wrote to FreeBSD Questions: If anyone has got a tweak RulesDuJour scripts (http://www.exit0.us/index.php/RulesDuJour) for FBSD/MailScanner/SA - I would really love to see them What's to tweak? Make sure you have bash installed. Edit the path to bash if needed in the first line of the file. Do use the provided my_rules_du_jour, and follow the usage instructions found therein. There are no FreeBSD- specific tweaks to worry about. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disk about to fail
Tuc wrote to [EMAIL PROTECTED]: Hi, Looks like my disk is about to fail YET AGAIN on my laptop : ad0: FAILURE - READ_DMA status=51READY,DSC,ERROR error=40UNCORRECTABLE LBA=25937067 ad0: FAILURE - READ_DMA status=51READY,DSC,ERROR error=40UNCORRECTABLE LBA=25937067 ad0: FAILURE - READ_DMA status=51READY,DSC,ERROR error=40UNCORRECTABLE LBA=25937067 ad0: FAILURE - READ_DMA status=51READY,DSC,ERROR error=40UNCORRECTABLE LBA=25937067 The last 2 times however I found it was the /var partition, I newfs'd it again, it happened again, re-newfs'd it, now its happening again. How do I find out whats stored at that LBA, and either fix it, or do something so it doesn't use that block or any bad block anymore? /var is typically quite a volatile filesystem; many reads/writes; usually nothing stays for long. If you're getting those errors, it means the failure is occurring in a portion of the disk you're actually using. (i.e., blocks that are actually allocated to files). Try a recursive grep of the entire filesystem and see which file(s) croak as unreadable. :-) Once, I had this happen, and actually found a 50MB file that was using the bad region of the disk. The file wasn't essential to anything, so I left it there. The rest of the disk still works fine. Needless to say, I don't trust it very much, but at least the immediate problem is confined. If the bad space *isn't* actually used by a file, it's a bit tricker. If you really want to track it down in that case, you could try filling up your disk with files some multiple of blocksize and read them back in, until you either get a hard error, or a consistency failure. Then, delete all of the files that you created, except for the one(s) spanning the bad blocks. Note that *none* of these strategies are recommended where any data that you care about is concerned. Best? Get your data off the disk *yesterday*, in descending priority order, and use the platters for wind chimes. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: seperating SQL and application server?
Zhang Weiwu wrote to [EMAIL PROTECTED]: Hello. I am running apache + php + mysql on an PIII 800MHz server. Phpgroupware webpages takes several seconds to show up on a LAN (15 seconds at max). I mean each webpage takes several seconds to show up, even if I am the only user to access the server, and the server have no other works to do. I wish to know what slowed it down. A static page is 10 times faster. I know phpgroupware is very complicated, and each page are displayed after complicated process, so is the CPU too slow? Or is it the I/O problem? Or should I put the SQL server on another box? What is likely to be the slowest part? As others have mentioned, running vmstat is a good way to get some idea of where the bottleneck is. Also, you didn't say anything about RAM; some web applications eat RAM for breakfast, especially if they cause a lot of memory-intensive SQL queries like cross products and big joins. Run top -ores while making a few queries to the web site, and look for big http memory images. Also, if you have a significant amount of swap in use (i.e., more than 5%), that's a sign that the server has started paging, and that can slow things down by orders of magnitude. Make sure you're using mod_php instead of the standalone PHP CGI executable. This will save RAM *and* give you incredible performance gains, especially with respect to load time, and the benefits associated with SQL connection and query caching, which I hope phpgroupware takes advantage of. If you learn nothing this way, and think phpgroupware might be the problem itself, you might want to try some smaller examples of PHP and profile those... turn off output buffering, and create a small PHP application that writes incremental progress to the browser (or, write timestamps to a local logfile, although this will add to the request time and affect your results slightly), so you can see which components of the application-layer processing take the most time. Then you can work on optimizing. I have a very old Pentium 200 box (compaq deskpro, years old but very good quanlity), if I let it run mysql server for phpgroupware, would it bring up the speed or actually slow it down? Separating MySQL and Apache is usually a good idea, but benefits usually only appear when both are under some load. I don't think load is your issue, especially if the server can't handle one concurrent request in a reasonable amount of time. Hope this helps, - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RCS question
Ryan Thompson wrote to Jez Hancock: To both of you, ci -l is your friend. and, of course, ci -u does the same thing, but leaves the revision unlocked. You'll use both. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrading the kernel
Robert H. Perry wrote to FreeBSD-Questions: I'm upgrading from 4.7 RELEASE to 4.8 RELEASE soon. My understanding is that once you have built the world with buildworld, it's time to build and install the new kernel. In your scenario, yes, you'll definitely want to build a new kernel. In fact, I hope you elected to go with the security branch (RELENG_4_8), so that you get the 13 or so security related fixes that have been applied since 4.8 was released. My current kernel is customized with a sound card device and nothing else. That's fine; you can continue to use your kernel config. (/usr/src/sys/i386/conf/WHATEVERYOUCALLEDYOURKERNELCONFIG) The FreeBSD Handbook indicates that the safest way to do this is to build and install a kernel based on GENERIC. After booting from GENERIC and verifying that your system works you can then customize your kernel. Well, you can if you want, but you won't have any issues from 4.7 - 4.8. I'd just go with your custom kernel config. Can I use the commands, # make buildkernel and # make installkernel, or are #make buildkernel KERNCONF=GENERIC and # make installkernel KERNCONF=GENERIC the correct commands? Have you specified KERNCONF in /etc/make.conf? If not, then it defaults to GENERIC. In your case, though, again, you shouldn't have any problems building from your custom conf. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ftp changing times of files.
Grant Peel wrote to [EMAIL PROTECTED]: Hello all, The default ftp client from one of my servers You mean /usr/bin/ftp? , seems to be changing the time and datestamps of files it gets from other servers. To what? From what? Which time zones? mtime? ctime? atime? All my servers are set to the same time (within a minute) and set to the same timezone (EDT | EST). Please send us a concrete example. (screen(1) or similar, from an actual session showing the problem). - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: d/l,compiling question
M.D. DeWar wrote to [EMAIL PROTECTED]: Hello, I may have missed this. Sometimes in the docs for a application it will say at a point you need to be root or have superuser permissions to do this I normally login in as user then su - over to superuser. (I hope thats the right terminology). Then I do the ./configure makes etc. Is that okay to do ? or should I be just plain user till its time to make install ? Your approach is fine. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrading the kernel
Robert H. Perry wrote to Ryan Thompson: In your scenario, yes, you'll definitely want to build a new kernel. In fact, I hope you elected to go with the security branch (RELENG_4_8), so that you get the 13 or so security related fixes that have been applied since 4.8 was released. Hadn't intended to, but now I'll have to consider it. This is my first upgrade and I was sticking with the basics. Yep. If you're upgrading from source anyway, upgrading to RELENG_4_8 is no harder than -RELEASE. If not, then it defaults to GENERIC. In your case, though, again, you shouldn't have any problems building from your custom conf. Just to clarify then, is the following OK: # cd /usr/src # make buildkernel KERNCONF=CUSTOM # make installkernel KERNCONF=CUSTOM CUSTOM is the name of my kernel config file. Yes. For the full how-to, follow the instructions in: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ftp changing times of files.
[ CC'ing this back to -questions, and not trimming original message. Please CC [EMAIL PROTECTED] with your replies! ] Grant Peel wrote to Ryan Thompson: OK here goes I have 3 machines. enterprise excelsior voyager each have clients /usr/bin/ftp the forst two are running ProFTPD daemons. (I have since set the TimeGMT off in those two). It could be a ProFTPD issue, although I run ProFTPD, here, and was not able to reproduce the problem. One way to find out quickly is to re-enable the stock ftpd on one of the machines and retry your tests. If the problem goes away with a different server, it's a ProFTPD issue. I can PUT a file from any server to another and the timestamp on the file will match from the client to the server machine. When I GET a file, the file I GET has its timestamp set 4 hours backwards. Hmm. That really reeks of time zone issues somewhere in the chain. Try simpler testing--the stock ftpd, rcp/scp, and see if you can obtain different results. So far, it's not obvious to *me* where the specific problem is, but further testing will help, and maybe someone else on the list has encountered this before. Here are some clues: enterprise# date Thu Oct 23 18:27:36 EDT 2003 excelsior# date Thu Oct 23 18:27:03 EDT 2003 voyager# date Thu Oct 23 18:27:34 EDT 2003 I have a file on enterprise ent_orig.txt -rw-r--r--1 root grant0 Oct 23 17:33 orig_ent.txt When I log in from excelsior, and GET it, the timestamp shows: -rw-r--r-- 1 grant wheel 0 Oct 23 13:33 orig_ent.txt Yet, when I PUT if (Loggin into excelsior FROM enterprise) it shows: -rw-r--r-- 1 grant wheel 0 Oct 23 18:30 orig_ent.txt (Note, of course, it really was 18:30 when I did this, so that stamp is OK) Any ideas? -Grant Grant W. Peel Server Admin [EMAIL PROTECTED] http://thenetnow.com - Original Message - From: Ryan Thompson [EMAIL PROTECTED] To: Grant Peel [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 23, 2003 6:09 PM Subject: Re: Ftp changing times of files. Grant Peel wrote to [EMAIL PROTECTED]: Hello all, The default ftp client from one of my servers You mean /usr/bin/ftp? , seems to be changing the time and datestamps of files it gets from other servers. To what? From what? Which time zones? mtime? ctime? atime? All my servers are set to the same time (within a minute) and set to the same timezone (EDT | EST). Please send us a concrete example. (screen(1) or similar, from an actual session showing the problem). - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: grep weirdness
[EMAIL PROTECTED] wrote to [EMAIL PROTECTED]: On some of my hosts trying doing a recursive search gets a syntax error. On most it works. As all these systems are built from the same source tree, I am not sure where to look for the problem. artemis:~ grep -ilr taiwan *\ grep: unrecognized option `--showDropTarget' | does not work Usage: grep [OPTION]... PATTERN [FILE]... | Try `grep --help' for more information. / while Hmm... My guess is that * expands to something containing a leading hyphen, most likely called --showDropTarget :-) The * is expanded by the shell, not grep(1). Try grep -ilr taiwan . instead. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fxp0 only 300Kbits/sec ?
Mike Hogsett wrote to [EMAIL PROTECTED]: I am having a strange problem. I have this new Cisco Catalyst 2940T-24. On it I have 6 FreBSD/x86 boxes. The first 5 are running great. The 6th is only getting 300Kbits/sec out of its interface, but ... not right away after a reboot. I rebooted the host Saturday afternoon and I was again getting about 80Mbits/sec. Saturday night's backups ran great, and fast. So did Sunday's backups. But last night's backups are still running. My mrtg traffic graphs show that it is only getting 300Kbit/sec out of its interface. I confirmed this with an FTP directly to the host a few minutes ago (after killing off the backups). Nothing is mentioned in /var/log/messages. The switch claims the port is running at 100Mbits, full-duplex, as does the output of ifconfig. Suggestions? I have several dozen fxp0 cards in production.. Intel cards have been some of the most stable NICs I've used. That being said, problems do happen. You'll need to isolate the problem. More or less in order of invasiveness: Try the same host on a different switch port. Try the same switch port with a different (known-good) cable. Try the same host with a different NIC. If all of those produce identical sub-optimal results, the problem may be with your FreeBSD configuration... at which point you should let us know which release/patchlevel you're running, and what else the box is doing if it isn't a dedicated backup machine. Also, you'd do well to rule out other influences that may be placing undue load on the box, like some runaway process that takes some time after boot to grow large enough to slow the machine down. But, first things first, try the first three suggestions. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: problems with mod_php4 port
Derrick Ryalls wrote to 'Alfonso Romero' and 'freebsd-questions':
I updated the mod_php4 port, but it only has the files:
Makefile
pkg-message
I canĀ“t install it... where are the other files from this
port? The mod_php3 port is fine, but I need mod_php4!
What should I do?
Oddly enough, I recently installed mod_php4 and looking back, the
directory only has those files in it. What does it say when you type
make install?
Look at the Makefile:
MASTERDIR= ${.CURDIR}/../../lang/php4
WITHOUT_CLI=yes
.include ${MASTERDIR}/Makefile
Does that answer your question? :-)
- Ryan
--
Ryan Thompson [EMAIL PROTECTED]
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: set user-id
[ Please CC [EMAIL PROTECTED] (or Reply to All) when replying ] Gerald S. Stoller wrote to [EMAIL PROTECTED]: Please give complete examples. As posted, your example wouldn't run without invoking sh(1) first. I'm assuming it was something like: #!/bin/sh echo $USER | tee xx You're right, sorry, I had '#!/bin/ksh' as the first line. Yep. Interpreted script. How do I get set user-id to work? Your permissions are fine, but you're hitting a more subtle problem: S*id bits don't work for interpreted scripts (denoted by the shebang, #!), by design. If you'd compiled the equivalent example to a binary, I'd expect it to work as you intended. Now that you mention it, I recall finding this condition on HP-UX (Hewlett-Packard Unix) where I got around it by making a small compiled program that invoked the script. Well, why don't you just chmod 4755 /bin/ksh, then. :-D Anyway, it should be in the man pages of chmod and maybe someplace else. Since it is so easy to get around, why bother with this restriction? Presume that the person who wrote the script knows what he is doing and don't put in special cases!!! The main reason is you don't actually execute a script. If you type in /path/to/script, the OS first ensures that you have execute permission. If so, it checks the magic number of the file (first two bytes), which determine the executable type. If the magic number is a shebang (#!), execve(2) actually execve's the interpreter, with your script as an argument. Suppose you have a script executed with ./foo with #!/bin/ksh as the interpreter. It'll be executed just as if you'd run /bin/ksh ./foo Now you can see why the s*id bits on scripts don't mean anything. It *would* be possible to alter this behaviour at the OS level, and, although I haven't looked in a while, it would probably be a relatively trivial change. That, combined with the fact that this is a FAQ, suggests that there are good reasons why this feature hasn't been adopted. (And FreeBSD isn't alone, either :-) Namely, if the shell script allows for any interactive escapes, the caller has an interactive root shell. Also, shell scripts are particularly vulnerable to PATH modifications, if not set explicitly in the script. There are other challenges, too. These are by no means impossible to work around, but there are almost always stronger solutions, in my opinion. Shells have a lot of hidden complexity, in order to allow you to make simple scripts. I can think of one time in the last eight or ten years that I've been tempted to make a setuid script. I came to my senses quickly. :-) If you *really* want to have suid scripts, your binary wrapper idea is quite a common trick. Don't get fancy with it, though. A one-liner to execve(2) should really be all you need. Either that, or re-code the whole thing in C (or some other compiled language). C can introduce insecurities of its own, but at least you'd (arguably) have put them there yourself. :-) - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail delivery wierdness
[EMAIL PROTECTED] wrote to Free bsd : Hi all, I am trying to connect to an exchange server via my new gateway ipfilter fbsd 4.7 ipnat firewall. Telnetting to the server inside to port 25 reveals... Connected to 203.44.yyy.xx Escape character is ']'. Connection closed by foreign host. Why would it close instantly? That's usually the behaviour indicating that there is a server at 203.44.yyy.xx, but there is no service listening on port 25. (Or, maybe your fancy ipfilter firewall is simulating the equivalent). The first thing you should do is confirm that the server in question *is* actually listening on port 25. MS Exchange is pretty far beyond the charter of this list, but general network techniques would still apply: Try the same telnet test using the win32 telnet on the server itself. (i.e., telnet localhost:25, and try it by the public IP in case Exchange isn't listening on localhost for some reason). If it won't talk SMTP with you in either case, you won't get any farther. On the other hand, if the test is successful, try the same thing from the next hop (your FreeBSD gateway?). If you isolate the problem to the gateway (and/or every host directly connected to the other side of your gateway), you'd probably do well to forward your firewall rules and ipnat config to the list (as well as a description of what you're trying to accomplish with your config), in which case we'll be able to give you better specific instructions. Does this reveal while I can't send mail to any email account on it? Is this an exchange hassle? Is port 25 to be only tcp or udp as well. SMTP is a connection-oriented service. SMTP can, in theory, be used over transport layers other than TCP, but SMTP over UDP would require a fair hack to SMTP to implement. So, the short answer is, forget about UDP. :-) - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail delivery wierdness
[EMAIL PROTECTED] wrote to [EMAIL PROTECTED]: Hi Ryan... Hi Keith, Yep I can confirm it was NOT listening on :25 The techie on the ground swore black blue it was (always follow what you know!). I figured it wasn't but maybe it was somethjing I didn't understand?? He changed the config on exchange and voila! Now I can chat with smtp on the mail server from outside! :-) Next question. Squid is also on the gateway/firewall. Squid has nothing to do with SMTP. Mail is still not being delivered. What do you mean? Messages are being accepted for delivery, but are not arriving (indicating a problem with the innards of the Exchange config)? Or the SMTP sessions themselves are not completing? Be specific. Send actual output, where possible. Can I assume if I can chat via telnet to the exchange server : 25 Then mail can also get thru? Unless something really funny is happening, you've ruled out connection and firewall issues. See below, though. You definitely *haven't* ruled out SMTP issues, which is why you should verify the config of the Exchange server before you go any further. You've already confirmed one bug. Until you can deliver messages on the server itself, you won't learn much more by trying from other hosts. Surely that means a persistent session is set up and mail should also get to it. Actually, it means that you have an application-layer connection, in this case, over TCP. So far, no guarantees (or even promises) have been made by the server about mail delivery. At least, if you received any, you didn't include them in your message. :-) It isn't being delivered to mailboxes there so what the??? You mean *when* you use telnet to manually negotiate the SMTP session? Or are you assuming that, if you get any SMTP response, that other MUAs will behave correctly with the server, and that the server will behave predictably with the request? Output from a telnet session can be very enlightening, and easier to get than tcpdump output, for text-based protocols. :-) From your gateway, try a complete SMTP session, including delivery, with appropriate MAIL FROM, RCPT TO and header information. If SMTP isn't a second language to you, here's a real example. Lines beginning with (a decorative!) + indicate lines of actual input: $ telnet earl 25 Trying 207.195.92.130... Connected to earl.sasknow.net. Escape character is '^]'. 220 earl.sasknow.net ESMTP Sendmail 8.12.6p2/8.12.6; Mon, 21 Jul 2003 21:55:45 -0600 (CST) + HELO stimpy.sasknow.com 250 stimpy.sasknow.com Hello stimpy [207.195.92.132], pleased to meet you + MAIL FROM: [EMAIL PROTECTED] 250 2.1.0 [EMAIL PROTECTED] Sender ok + RCPT TO: [EMAIL PROTECTED] 250 2.1.5 [EMAIL PROTECTED] Recipient ok + DATA 354 Enter mail, end with . on a line by itself + From: [EMAIL PROTECTED] + To: [EMAIL PROTECTED] + Subject: Test message #1 + + THis is a test. + . 250 2.0.0 h6M3tjQA009987 Message accepted for delivery + QUIT 221 2.0.0 earl.sasknow.net closing connection Connection closed by foreign host. A second or so later, this message was delivered to my local mailbox (capitalization typo and all) on another inner server, indicating that things worked fine. Headers added by the server confirmed the HELO and envelope information. If you receive anything other than 2xx replies from the first three lines (HELO, MAIL FROM, RCPT TO), it may indicate that you've supplied information that the server won't allow. (i.e., an invalid relay address, or maybe it's configured to only accept mail from hosts which resolve correctly... a potential show-stopper if, for example, you're using RFC1918 IPs with ipnat and haven't configured Windows to resolve them fwd+rev. Another good reason *not* to bother with further network testing until you've successfully delivered mail *on* the mail server in question through the loopback interface. One step at a time). If you get the message accepted for delivery (or other 2xx code from Exchange), the message should be delivered. If it isn't, you have more goofiness to resolve on the Windows server. If you're not sure of your results, send them to the list. So far, there isn't much related to FreeBSD, here, but I suppose this is of general interest to FreeBSD admins... so it is still marginally on-topic for -questions. :-) Hope this helps, - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: set user-id
Gerald S. Stoller wrote to [EMAIL PROTECTED]: FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Sat Apr 21 10:54:49 GMT 2001 [EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386 As root, I made a text file (named t ) that did something like echo $USER | tee xx Please give complete examples. As posted, your example wouldn't run without invoking sh(1) first. I'm assuming it was something like: #!/bin/sh echo $USER | tee xx and then had it set user-id (I did 'chmod 4755 t'). As a plain user, I made a directory that only root can write my current directory and then invoked t (by giving a path-name to it). It reported that the USER was the plain user and couldn't write into the directory. It appears that the set user-id didn't work, but I also checked t with ls -l and the permissions were rwsr-xr-x , exactly like that of passwd and xterm (except maybe for the write permission of the owner). How do I get set user-id to work? Your permissions are fine, but you're hitting a more subtle problem: S*id bits don't work for interpreted scripts (denoted by the shebang, #!), by design. If you'd compiled the equivalent example to a binary, I'd expect it to work as you intended. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: modules.old after an make world...
Joe Altman wrote to [EMAIL PROTECTED]: Is there any reason to keep this directory around, after making world? Only if you ever think you'll need to boot kernel.old again. Meaning, make sure your new kernel boots and your system runs, before getting too friendly with rm(1). :-) - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firewall
K Anderson wrote to RYAN vAN GINNEKEN: ipfw isn't some sort of daemon to be stopped and started. If you want to add rules, delete rules or what ever then you just do it. Yes, unless you're doing this over a network, in which case you want to make sure you don't break connectivity with an intermediate rule. Take a look at the script in /etc/rc.firewalls and you'll see that's all they are doing. so your firewall file should be a shell script. Even if you do man ipfw you'll see that in no way does ipfw accept a file name as an arguemnt. Pretty simple eh? While you can write a shell script to call firewall rules (in the style of /etc/rc.firewall), you're wrong in your subsequent assertion; ipfw *does* accept a pathname to a file which, according to ipfw(8): To ease configuration, rules can be put into a file which is processed using ipfw as shown in the first synopsis line. An absolute pathname must be used. The file will be read line by line and applied as argu- ments to the ipfw utility. And, actually, this is pretty darn convenient, especially in conjunction with firewall_type=/path/to/ruleset in rc.conf, once you have tested the ruleset, of course. :-) - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: need more space
Kenzo wrote to [EMAIL PROTECTED]: need more disk space This is a two part question. I'm running FBSD4.8 1. when I do a df -hi I get. df -hi Filesystem Size Used Avail Capacity iused ifree %iused Mounted on /dev/ad0s2a 126M 119M -2.6M 102% 2676 13578 16% / /dev/ad0s2f 252M 14K 232M 0% 8 32502 0% /tmp /dev/ad0s2g 21G 2.6G 17G 13% 196822 2580776 7% /usr /dev/ad0s2e 252M 20M 212M 8% 1144 31366 4% /var procfs 4.0K 4.0K 0B 100% 30 1014 3% /proc telling me that my / slice is pretty much full. How can I tell what is part of the / slice so that I can find what is taking the space and delete things that I don't need. I do this recursively. cd / ; du -xd 1 | sort -n Look at the last few lines of the output; you should see the directories consuming the largest amount of space. If it isn't yet obvious where you can free up space, re-run the above du(1) command on each of the largest directories. You've already put /tmp and /var on separate filesystems, but beware the contents of /root (root's home directory), if you do any work as root. You might have output logs, core files, or gawk-knows-what in root that you've forgotten about. When / starts getting full, that's usually where I look. :-) 2. would it be better to try and find what is taking all the space or just grow the slice with growfs? That'd be a bad idea. Anyway, 126M root is plenty for even -CURRENT in the standard config with /var and /tmp elsewhere... more than enough for 4.8. Find out what's consuming the space, and delete it, or (carefully) consider moving it to another filesystem. Can I make the /usr slice smaller and give some to / or can I link the directory that's taking all the space in / to somewhere in /usr? You can certainly do the latter, as long as you're careful of what you move out of the root filesystem. Under normal circumstances, you don't want to move any core OS binaries out of the root, and you definitely don't want to move anything that's used in the bootstrap process before the other filesystems are mounted. Root's home directory is usually fair game, because normally even without the other filesystems mounted, you can live without it. /tmp and /var are already separate filesystems. You can get rid of old/GENERIC kernels and modules, as long as you keep a boot disk around in the event that you need to change hardware in a hurry. (I usually leave GENERIC kicking around for that reason). You can also get rid of /stand, if you can live without sysinstall(8). You can selectively get rid of some of the binaries in /bin and /sbin if you're sure they won't be used either by you or the system. (grep -R command /etc /boot is an imperfect but reasonable guide). If you're very clever and know your *own* application well, you can shrink root to a fraction of what it is now. Now comes the part where I tell you that most of this is usually unnecessary. :-) Chances are good that you just need to do a bit of summer cleaning and adjust your usage habits a bit. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: need more space
Kenzo wrote to [EMAIL PROTECTED]: This is what I get whtn I run du -x / | sort -rn /tmp/du.out I see what I did wrong. thanks. 121371 / 70400 /root So my first suspicion was warranted. :-) 29404 /root/.mozilla For security reasons, and with few exceptions, you probably don't want to run everyday applications as root. One of UNIX's strengths, in general, is the ability to do almost everything as an unpriviliged user. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD FTP problem
[ CC: [EMAIL PROTECTED], reply to private email ] [ BCC: sender, kept anonymous ] Hello Ryan! I've seen your post at: http://groups.google.com/groups?hl=enlr=ie=UTF-8oe=UTF-8threadm=Pi ne.BSF.4.10.10001272241220.56704-10%40sasknow.comrnum=5prev=/gro ups%3Fq%3DFreeBSD%2B%2B425%2Bcan%27t%2Bbuild%2Bdata%2Bconnection:%2Bop eration%2Btimed%2Bout%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26se lm%3DPine.BSF.4.10.10001272241220.56704-10%2540sasknow.com%26rnum% 3D5 *extremely* long line wrapped. Knowing just a little bit about Google, this reduces to: http://groups.google.ca/groups?threadm=Pine.BSF.4.10.10001271959170.55593-10_sasknow.com%40ns.sol.net But, yes... That was little piece of history! :-) I'm having exacly the same problem with my FreeBSD4.8. Some houres ago... eveything was Ok but I don't know what has changed I can still FTP the FeeBSD server from my windows box but nothing more just the same arror as the one you've described: ... 425 can't build data connection: operation timed out ... :-((( Do you have any idea about how to get around this? Well, in my case, it turned out to be pilot error... FTP is a tricky protocol to allow through default-deny firewalls, and I had simultaneous bugs in my firewall config *and* FTPd config, with respect to passive transfers. It took me a while to spot. Check your firewall config carefully, and make sure you have a good understanding of how the FTP protocol works (in active and passive modes). Completely open your firewall temporarily (i.e., ipfw add 201 allow ip from any to any) and verify that things work there. If things work there (or fail differently), the problem is with your firewall (and possibly FTPd configuration, if you're using the ephemeral port range for PASV). If your tests fail in *exactly* the same manner as before, including the same timeout delays, you can ignore your firewall for the time being (but leave it open until you get FTP working, and *then* restrict it, so you're only testing one unknown at a time). Try running tcpdump and sockstat on the server to see what's coming and going for FTP traffic. /ports/net/trafshow might be helpful, too. Once you've tried that, feel free to send additional questions to [EMAIL PROTECTED] Hope this helps, - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD FTP problem
Arcadius A. wrote to Ryan Thompson and FreeBSD Questions: but nothing more just the same arror as the one you've described: ... 425 can't build data connection: operation timed out ... :-((( Do you have any idea about how to get around this? Well, in my case, it turned out to be pilot error... FTP is a tricky protocol to allow through default-deny firewalls, and I had simultaneous bugs in my firewall config *and* FTPd config, with respect to passive transfers. It took me a while to spot. Check your firewall config carefully, and make sure you have a good understanding of how the FTP protocol works (in active and passive modes). Completely open your firewall temporarily (i.e., ipfw add 201 allow ip from any to any) and verify that things work there. If things work there (or fail differently), the problem is with your firewall (and possibly FTPd configuration, if you're using the ephemeral port range for PASV). If your tests fail in *exactly* the same manner as before, including the same timeout delays, you can ignore your firewall for the time being (but leave it open until you get FTP working, and *then* restrict it, so you're only testing one unknown at a time). Try running tcpdump and sockstat on the server to see what's coming and going for FTP traffic. /ports/net/trafshow might be helpful, too. Hello! Thanks for the reply! But I'm not running any firewall on my server... Ahh. So you're *not* having exactly the same problem. :-) So, my problem shouldn't be with the firewall on my server... About the configuration of FTPd, I cannot find the config file (ftpd.conf or ftpd.config or ftpd.cf )on my server(FreeBSD4.8 stable, built yesterday). From ftpd(8): FILES /etc/ftpusersList of unwelcome/restricted users. /etc/ftpchroot List of normal users who should be chroot'd. /etc/ftphostsVirtual hosting configuration file. /etc/ftpwelcome Welcome notice. /etc/ftpmotd Welcome notice after login. /var/run/nologin Displayed and access refused. /var/log/ftpdLog file for anonymous transfers. Note that I'm trying to connect to FreeBSD from a windows workstation both the workstation and the FreeBSD server are in the same LAN From my Windows box, I can easilly connect via FTP to other Linux sercers in my LAN or even out of the LAN.. But when I connect to my FreeBSD server, it connecs well... but I cannot do anything useful on the server I get the error ...425 can't build data connection: operation timed out... Try both active and passive modes for transfer. If you really have no firewall between the client and the server (remember the entire path from application to application is important), and there is no address translation going on, you should have no issues either way with the stock configurations of Windows and FreeBSD. If, on the other hand, you're running any sort of packet filter or Personal Firewall on the Windows machine, or using Internet Connection Sharing, or if your LAN is more than an unmanaged link layer switch/hub, you're no longer running a stock config, and the results may be unpredictable. From your description, your problems do seem to point to a misconfiguration of FreeBSD, but I wouldn't bet my server farm on that quite yet. I'd highly recommend you take my earlier advice and run tcpdump and/or trafshow on the server to see what's really going on... and, if possible, compare with similar output from the client. Try connecting with different clients, too. If you aren't familiar with analysis using tcpdump, try some Googling on the subject, or ask for help. Equivalent output from a complete FTP client session would also be extremely helpful in diagnosing your problem. At this point, nobody here will be able to do more than go on a hunch as to what's causing the problem. There is probably a simple answer, but I can think of dozens of ways to reproduce the error message you've reported. My server was running FreeBSD4.6 before and I didn't have any trouble with FTPd I just upgraded yesterday and still, I haven't noticed this problem I start getting this error just a while ago... :-( ... I've rebooted the server... but it didn't help Assuming you kept backups of your config, check the diffs carefully. Don't suppose you can revert back to your old config and verify that this is still an issue? - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: New hard drive (was: )
[Tip: Your message did not contain a subject. Choose an appropriate subject line for your questions in the future, please ] [EMAIL PROTECTED] wrote to [EMAIL PROTECTED]: FreeBSD- If i buy a UATA133 Bare Hard Drive, do i have to buy a disk controller. Not likely, unless you're on really old or really obscure hardware. Anything newer than the second-generation Pentium-I should have an on-board dual-channel IDE controller built in. If you are using fairly old hardware, though, beware that several Pentium-I BIOSes can not support drives over 8GB, although if it was a good motherboard at the time, your vendor may have published an upgrade. These are getting hard to find, though. If your hardware is much newer than that, I don't think you'll have much to worry about. If i have to and i buy a PCI one does in connect to the hard drive via jumpers 40- or 80-pin ribbon cable, yes. Jumpers on the drive control the mode of the drive (slave, master/single drive, cable select). Assuming your motherboard has an on-board controller, you'd connect the drive directly to the motherboard. or does the mother board just connect it to the hard drive. Also is there any compadibility issues with certain hard drives as far as SCSI and IDE go, like which type of disk controller you have to use. And if i have to buy one which protocol do you reccommend, and what is a good compadible controller for FreeBSD?E-mail me back SCSI is very expensive, and requires more experience to set up. SCSI is suitable for more high-end applications. It sounds like you're just getting your feet wet with this stuff, so I hope you aren't strapped with the responsibility of building a heavy production server. Thus, I'd recommend you go with IDE, for cost and simplicity. Hope this helps, - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question regarding quotas
Josh Brooks wrote to Lowell Gilbert: Again, I am just trying to take an arbitrary directory, say: /export/data7/homes/jerry and place a configurable limit on how big that directory can get, without mounting it as its own filesystem... FreeBSD doesn't support any filesystems that do this proactively. From an OS point of view, it doesn't really make sense. However, I can see a few scenarios where this would be helpful, and it is more than possible to enforce directory size limits reactively. For example: #!/bin/sh if [ $# -ne 1 ]; then echo usage: $0 pathname 12 exit 2 fi QUOTA=102400; # Max. usage, kilobytes SIZE=`du -xd 0 $1 | cut -f 1` echo Directory size is $SIZE if [ $SIZE -gt $QUOTA ]; then echo $1 is over quota;# Take appropriate action, here... else echo $1 is OK; fi That's an illustrative example; it'll be easy to extend that to loop over an arbitrary list of users (or all system users). You can then run it periodically from cron(8) to check disk usage at the interval of your choosing, and react accordingly. As others have mentioned, users may find other directories and filesystems to store files, thereby circumventing your quota check. So, it's up to you to harden your system to mitigate that. Also, as this is a reactive approach, your users still have the ability to fill up your disk, but at least you can react appropriately (and possibly automatically). Though, I think I've at least answered your question. :-) Hope this helps, - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ports -- download change options
Bill Campbell wrote to [EMAIL PROTECTED]: When I tried installing cups on FreeBSD 4.8 today, the install balked part way through saying that a file couldn't be downloaded, a Samsung file from www.linuxprinting.org. It turns out that that file was just updated today so the time and checksum don't match what's in the ports database. I manually downloaded the file from ftp.freebsd.org which still had the older version, and the build is now going. My main question, being a freebsd newbie, is what's the accepted procedure for dealing with things like this? Here's what I'd suggest for ports bugs on ports you don't maintain. This checklist grew out of years of port use, port maintainership, and reading the documentation others have written. So, it's my own, and not my own at all. IMHO, YMMV, IANAL, FWIW, AFAIC, TIOLI. It seems to work, though. :-) 1. Ensure your ports collection is up to date. The distinfo may already be up to date. 2. Let the fetch process fetch the updated version, and ignore the checksum with make NO_CHECKSUM=yes. Beware the risk to integrity and security when using this option; verify the contents of the distfile yourself if you're paranoid. This will get you up and running. 3. Check for an recently opened PR for the port you're building, to see if a fix might be in progress. 4. Verify that the distfile version you have downloaded is indeed updated, builds correctly, and is really the correct version of the distfile, and not some transient mishap from the master sites. Consider sending an email to [EMAIL PROTECTED] if you're unsure of how to proceed, based on what you've observed. CC the MAINTAINER of the port if you do this. 5. Email the MAINTAINER of the port to point out your findings, and possibly include a patch. If the maintainer is [EMAIL PROTECTED], consider assuming maintainership of the port if you are up to the task. Otherwise, submit your own PR. 6. Give the maintainer time to update the port. If you don't receive a response after a while (at *least* a week, longer in the summer months), you might try another polite reminder, wait another week, and then submit your own PR, indicating that the maintainer seems to be unresponsive. 7. Give the ports committers time to commit the change. Urgent fixes are usually committed within a couple of days. Less urgent fixes, sometimes longer. If it remains uncommitted for a while, you might consider sending a message to [EMAIL PROTECTED] and request that a committer look at your PR. 8. Once committed, give yourself a pat on the back for helping the project in one small but important way. If you end up submitting a PR, sending a patch will drastically improve the response time of the committers/maintainer. If you're not sure how to do this, ask [EMAIL PROTECTED] Someone will help you with your particular problem. The general idea is to reduce the load on the committers. I think the above is a rather methodical approach... you might skip a step or two, depending on the circumstances. Namely, if you don't have time/expertise to track down the bug yourself, at least email someone. :-) Hope this helps, - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Small Database Software Recommendation
Rod Person wrote to [EMAIL PROTECTED]:
Hi Guys,
I'm looking for a small database application to create a database of all
may dvds and cds. I think mysql my be too much overkill, since it would
be running on my laptop. Any suggestions.
Yes.
It's raining in Saskatoon. Feels like a rant coming on. :-)
Fully define the requirements before choosing the technology.
MySQL *might* be overkill. I could recommend anything from flat files to
Oracle, though, and be wrong, depending on exactly what it is you want
to accomplish. For a simple key/value hash that you might encounter in
the decades old album catalogue problem, Berkeley DB, or maybe Perl's
built-in %hash functions would be the way to go.
Consider your requirements. What is the system for? Who will be using
it? What hidden and evident features must it have? What *tasks* (a.k.a.
use cases) will the users carry out? What other less tangible goals
are to be accomplished by the system? Which constraints and standards
must the system adhere to?
Once you have the above, you can begin to consider the architecture of
your system, and, once you've done that, choosing a specific technology
might be appropriate.
Requirements specification is *never* overkill.
As far as defining less tangible goals, though, I want to learn ${X}
is a valid goal.
Hope this helps,
- Ryan
--
Ryan Thompson [EMAIL PROTECTED]
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
SSH to a box behind NAT
Hi all,
I have a FreeBSD server behind NAT (on an RFC1918 address). The NAT
machine is actually an NT box on a network we don't have access to.
(So, it is not possible, for instance, to set up port based NAT for
inbound SSH, which is one of two things I'd normally do). The server
can, however, initiate arbitrary outbound connections.
So, I'm fishing for a tech workaround to this management problem. :-)
I need to be able to have an interactive SSH session on the server
(Server) from another host (Manager) on the Internet (for remote
management). That is, I need to connect to Server to do remote
management.
--- NAT ---
[ Server ] --- [ NT Gateway ] --- { Internet } --- [ Manager ]
192.168.0.2192.168.0.1 207.1.1.1
24.1.1.1
Manager is a highly available FreeBSD server (i.e., static public IP).
The first thing that comes to mind is some kind of pull technique to
have *Server* initiate the connection. Server already initiates cron'd
SSH connections to Manager to do automated backup/rsync tasks, but I
can't think of a way to actually start an interactive login in that
manner.
So far the best I've come up with is to configure a secure known path
on Manager for batch scripts (so, not really interactive, but close
enough for 90% of tasks) and have Server simply attempt to scp (pull)
the file at regular intervals, and execute its contents. Server can
capture the output and scp (push) that back to Manager. Manager never
actually initiates anything. Obviously, this will be a leading cause
of ass pain in troubleshooting scenarios, and will be a *real* pain
for anything that actually requires an interactive session.
Unfortunately, that idea has, so far, been the *last* thing to come to
mind. Any *other* ideas? :-)
Thanks,
- Ryan
--
Ryan Thompson [EMAIL PROTECTED]
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: suid shell script
Paul Lathrop wrote to Jonathan Chen: Thanks for your response. Now my question is - how does one automate tasks requiring root privileges? From /usr/ports/security/sudo/pkg-descr: Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Sudo allows you to micro-manage as much as you like, so you can assign specific privileges to specific users, without the need to hand out root passwords. I can't imagine life without it. It's also easy to set up. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: your mail
DoubleF wrote to Paul Lathrop: Hi, Thanks for your response. Now my question is - how does one automate tasks requiring root privileges? When one does not know Perl, one uses C programs, I suppose. They are real binaries, and can be suid. It works. Just mind your security... :-) I'll second that. I'm just shuddering at the thought a production server somewhere with a whole platoon of 10- or 20-line quickly hacked and poorly maintained C programs, all suid root. Not saying that shell scripts can't be quickly hacked or poorly maintained either, but at least their correctness is typically a little easier to verify, and you don't normally have to worry about unfortunate things like buffer overflows. I'd also like to remind the original poster about the security risks associated with suid binaries. There are many subtle ways in which suid binaries can bite one in the ass... especially where other local users are present. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: SSH to a box behind NAT
Nathan Kinkade wrote to Ryan Thompson: Unfortunately, that idea has, so far, been the *last* thing to come to mind. Any *other* ideas? :-) Thanks, - Ryan Could you have Server start an xterm, or similar, and have it send the display to Manager - with something like 'xterm -display Manager:0' from Server? This is assuming that you are running X on Manager. That's a reasonable idea. Thanks. Neither Manager nor Server have X installed (and, typically, Manager itself is accessed remotely, too), but I suppose that isn't out of the question. Once it's deployed, Server will be a thousand kilometers away from here in a locked office, sans head, sans in-house IT. Remote managability is therefore somewhat of a necessity. :-) - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: SSH to a box behind NAT
James Long wrote to Ryan Thompson: Then I'd suggest creating a ppp-over-ssh tunnel ala Greg Bond's http://www.itga.com.au/~gnb/vpn/ Have (Server) initiate the tunnel, and let the other end of the tunnel terminate at (Manager). You can then use the tunnel to effectively bypass the NT NAT box. Now *that* is an excellent solution. Thanks! - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Some question
Kostya Odnoralov wrote to [EMAIL PROTECTED]: Hi All! Please help me. We'll try. 1) Advise to me good console-based mp3 player from ports collections. audio/mpg123 would definitely be my first choice. 2) Where can i find good documentation about how to make gateway. Classical example: external 193.178.228.xxx, internal 10.20.30.xxx. How bring up routed? There are lots of ways to do this. It sounds like you want to want to route from a private (RFC1918) network to/from the public Internet. Right? To do that (successfully), you'll need to do some kind of translation. You likely won't need to do any routing at all, except to set a default route to your gateway, on all internal hosts. Do some reading on NAT (network address translation). natd(8) would be a good place to start. There are also plenty of web-based tutorials and documents that you can find by doing some web searches for the terms I've mentioned here. It sounds like static NAT may be the way to go in your case. Also, to ease in the configuration of each internal host (if you have more than one or two), consider using DHCP. (isc-dhcpd), to dynamically configure the network settings per host. That being said, I'm just guessing at what you're really trying to do. If I've guessed incorrectly, please reply with more detail. ;-) Thanks, - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FTP incoming directory. Damned Hooligans.
Alvaro Gil wrote to [EMAIL PROTECTED]: I was trying to upload some stuff on my server today and I realized the /user partition was 100% full. After investigating a bit I found that the public ftp incoming directory I had set up for some friends as full of directories and sub directories. This last happened to us about 3 years ago, at which time I noted granting any sort of upload permission to anonymous FTP was a bad idea. At least without limits in place. Some said scanned by pitbull. Is this some kind of worm floating around. Not that I'm aware of. Most likely as another poster suggested. Unfortunately I had to 86 the incoming directory. Damned Internet hooligans. If you still for some reason need to grant anonymous upload privilege (I can't really see why), then I'd advise looking into a more sophisticated FTP daemon that can implement storage quotas. (ProFTPd is one such application). That won't prevent 'attacks' like this, but it will at least mitigate the impact on storage, other users, and traffic charges. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: dual-boot question
chip wiegand wrote to [EMAIL PROTECTED]: Any suggestions on how to install win98 without wiping out the boot partition, or how to recreate the dual-boot menu? 1) Use a utility to save a copy of your MBR to disk, and then restore it after the Win98 install. 2) Install Win98, and then use a pair of FreeBSD boot disks to access sysinstall and install the default boot manager. 2 is probably quicker, unless you've done something magical and bizzare with your MBR. - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Watching users
sagacious wrote to [EMAIL PROTECTED]: Hello list, I need to watch either via an open terminal, using Watch or some other method. I remember seeing fortune freebsd-tips saying how if I used tcsh I could type a command that would tell me everyone who logs in and out of my system. Can you please tell me how I can have a daemon or prog running that will do nothing except log logins via sshd and ftp to a file, or better yet, email me when someone logs in? I have watch installed and I am about to hit the manpage but I posted here first because I don't think watch will do what I want it to. The ideal thing would be for it to email me whenever someone logs in or out. Thanks. Hmm... So you want something that will simply just flip a switch and let you know if/when someone logs in or out. I won't ask why. :-) The shell script solution (run this as yourself from cron once per minute). This is untested, by the way. :-) #!/bin/sh [ ! -e /tmp/who.last ] /usr/bin/touch /tmp/who.last if [ ! -f /tmp/who.last ]; then echo /tmp/who.last is not a regular file! exit 1 fi /usr/bin/who | /usr/bin/diff /tmp/who.last - /usr/bin/who /tmp/who.last You'll get a diff output mailed to the owner of the cron task, or no output (and no email) if nobody logged in our out in the last minute. Test it, though, before you turn it on and leave for a week. Better yet, run as nobody and send the output to mail yourself. Or mail it to your cell phone if you want audio feedback. :-) The script should be reasonably secure, but I haven't even verified that it works, so I make no guarantees whatsoever. :-) - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901 1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: heh
sagacious wrote to [EMAIL PROTECTED]: There is a file in my website root called ?* I knew I didn't make the file so I made a test directory called foo went into it and touched some quick files and directories. I typed rm ?* and sure as I thought it deleted all the test files. Good test. :-) rm \?\* Someone really has it out for me lately. Ha! I think my box has been compromised and im not sure where to start. Unplug it from the network, start analysing logs and your filesystems (or back up this data to analyse later, if the box is critical to operations). Perform a complete OS re-install and restore data from a known good back-up. If you perform regular backups, and document your system configuration, this should not be a terribly daunting task, even for a moderate configuration. If you have made several backups since the break-in occurred, you have more work ahead of you. Do *not* risk restoring harmful data and re-introducing the exploit. They got in via that god damn sshd exploit so I closed the port in my router. How do I remove this file without messing up my box. OK. Even if you know how they got in, and successfully plugged the hole, assume that your box is still compromised. The first thing that most root kits do is install other backdoors... as they expect you to find the original hole and close it quickly. Thus the advice to rebuild your filesystems and start over. sagacious (Mike) Network administrator The unixhideout network http://www.unixhideout.com -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901 1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
