Re: services(5): more cleanup
On Sun, 16 May 2021 01:11:51 + Aisha Tammy wrote: > I have a few machines which use something to the effect of `pass in on > egress proto tcp to port smtps ...`. > A quick question, does this mean that the port in pf.conf will also > have to be renamed? From experience doing the same Aisha, # pfctl -nf /etc/pf.conf will complain if there are unknown port or host names. These can be checked with getent(1) As pf starts before unbound when booting, any hostnames used by pf need to be in /etc/hosts & kept current. Cheers, Craig.
Re: Add $daemon_nice to rc.subr
Hi Thomas, This was previously discussed and rejected 5 years ago in thread: "Alter daemon scheduling priority with renice for rc.d" See: https://marc.info/?t=13874606661 Subsequently I found login.conf is perfect. Some examples: daemon-cellar:\ :priority=18:\ :tc=daemon: avahi_daemon:\ :tc=daemon-cellar: cupsd:\ :setenv=:\ :priority=12:\ :tc=daemon: cvsyncd:\ :tc=daemon-cellar: dbus_daemon:\ :tc=daemon-cellar: dhcp:\ :priority=15:\ :tc=daemon: identd:\ :priority=7:\ :tc=daemon: inetd:\ :priority=10:\ :tc=daemon: nmbd:\ :tc=daemon-cellar: smbd:\ :priority=9:\ :tc=daemon: spamd:\ :priority=5:\ :tc=daemon: spamlogd:\ :tc=spamd: squid:\ :priority=1:\ :openfiles-cur=4096:\ :openfiles-max=8192:\ :tc=daemon: sshd:\ :priority=-10:\ :tc=daemon: unbound:\ :priority=-5:\ :openfiles-cur=512:\ :openfiles-max=718:\ :tc=daemon: nsd:\ :priority=-5:\ :tc=daemon: etc. etc. etc. Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: Make df output more human friendly in daily(8)
Hi Daniel/Ingo, On Fri, 2 Oct 2020 15:41:31 -0400 Daniel Jakots wrote: > +next_part "Backing up filesystems with dump:" > +dump w | grep -vB1 ^Dump That command doesn't dump disks. w shows the operator what to dump. Cheers, Craig.
Re: Should rm(1) -Pf change file permission?
Hi Grégoire/all, On Fri, 30 Mar 2018 18:07:42 +0200 Grégoire Jadi wrote: > ... here is a small test to demonstrate ... Same behaviour noticed and previously bugged:- http://openbsd-archive.7691.n7.nabble.com/rm-P-doesn-t-overwrite-a-user-owned-read-only-file-td266276.html Regards, -- Craig Skinner | http://linkd.in/yGqkv7
Re: [patch] crontab(5) add -n option to suppress mail when the run was successful
On Mon, 11 Jun 2018 20:23:11 + Job Snijders wrote: > > With the above example crontab(5) entry you'll only receive a mail > from cron(8) if the cp(1) encountered some kind of error. Good one Job. Related: https://marc.info/?l=openbsd-tech&m=142075623225995 Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: Removing old video drivers
On Mon, 22 Apr 2019 18:47:23 +0200 Matthieu Herrb wrote: > If you're still using a machine with a graphics card supported by one > of these, please speak up, otherwise they are going to be removed: Is this a valid way to find out Matthieu? $ grep -i -e vga -e video /var/run/dmesg.boot vga1 at pci1 dev 1 function 0 "S3 Trio3D AGP" rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) $ grep -i -e vga -e video /var/run/dmesg.boot acpivideo0 at acpi0: IGD0 acpivout0 at acpivideo0: DD01 vga1 at pci0 dev 2 function 0 "Intel Pineview Video" rev 0x00 intagp0 at vga1 inteldrm0 at vga1 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) "Intel Pineview Video" rev 0x00 at pci0 dev 2 function 1 not configured uvideo0 at uhub0 port 8 configuration 1 interface 0 "Chicony Corp. Lenovo EasyCamera" rev 2.00/45.42 addr 3 video0 at uvideo0 Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: Removing old video drivers
On Tue, 23 Apr 2019 11:55:01 +0200 Matthieu Herrb wrote: > If you are actually running X, ... Not on the old "S3 Trio3D AGP" Pentium II 350MHz machines Matthieu, (these are used as small servers, some with VGA glass tube screens). > This is an Intel chipset supported by the current DRM driver. ... OK. Cheers! -- Craig Skinner | http://linkd.in/yGqkv7
Re: sysupgrade: Allow to use another directory for the sets
On Wed, 6 Nov 2019 13:41:07 +0100 Renaud Allard wrote: > Given the amount of people which encrypt /home directory on their > servers, it might be useful to be able to define another directory for > the sets in sysupgrade as /home_sysupgrade will not be available in that > case. How about /var/cache/sysupgrade/ as the default? i.e: sysupgrade caches files which are variable over time. Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: sysupgrade: Allow to use another directory for the sets
On Thu, 7 Nov 2019 14:42:32 + Stuart Henderson wrote: > On 2019/11/07 11:15, Craig Skinner wrote: > > On Wed, 6 Nov 2019 13:41:07 +0100 Renaud Allard wrote: > > > Given the amount of people which encrypt /home directory on their > > > servers, it might be useful to be able to define another directory for > > > the sets in sysupgrade as /home_sysupgrade will not be available in that > > > case. > > > > How about /var/cache/sysupgrade/ as the default? > > > > i.e: sysupgrade caches files which are variable over time. > > > > > > The merits of different filesystems were already discussed when choosing the > current default - disklabel auto layout usually leaves a fair amount of space > in /home, reduces risk of running out of space in a fairly import system fs, > and avoids consuming space on an fs where files are unpacked during the > upgrade install. > If the installer created a 750Mb /var/cache/ partition, and sysupgrade's cache directory is hard coded as /var/cache/sysupgrade/, would that simply solve the various problems people are having & scripting difficulties? Other tools which cache files in /home/ or /var/db/ could also use /var/cache/ Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: sysupgrade: Allow to use another directory for the sets
On Tue, 19 Nov 2019 10:35:56 + Stuart Henderson wrote: > We are short on partitions, there is a hard limit (14+swap), disklabel auto > defaults already use 9, and there need to be some free for typical user use > (ports, dest for "make release", people often want a separate /var/www and/or > /var/log). Oh, I wasn't thinking of single disk desktops, but multi-drive servers (which have plenty partition letters available to slice disks with). Here's another idea Stuart:- The special directory /tmp/vi.recover/ is exempt from boot & daily purging. Could a similar /tmp/sysupgrade/ default directory suit most situations? /tmp/ is normally mounted separately from / /home/ /var/ And probably not encrypted, nor over NFS. Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
[calendar] Addition of a United Kingdom holiday file
Hello there, Following on from a bit of discussion on & off misc@, below is an attempt at a United Kingdom calendar file, with major items already in calendar.holiday ommitted. e.g. New Year's Day, although it is an offical bank/public holiday. http://openbsd-archive.7691.n7.nabble.com/DIFF-New-Year-s-calendar-td286907.html The new file isn't super solid, but could be a resonable starting point. It would be difficult for an additional English language calendar file to be perfect due to a number of existing duplicate items, in multiple files, which I'm trying to tread quietly around numerous changes. Much of the formatting, grammar &c. is a matter of taste, while being similar to existing entries. There is an incorrect entry in calendar.holiday for an August bank holiday. The name was wrong & dates wrong for 2 countries. 2 other countries of the UK were missing it on a different date, and as it isn't of any international significance, I've corrected it in the new U.K. file. Some refs (watch out for multiple mistakes on Wikipedia): http://www.gov.scot/Topics/People/bank-holidays/ http://www.gov.uk/bank-holidays http://en.wikipedia.org/wiki/Public_holidays_in_the_United_Kingdom http://en.wikipedia.org/wiki/Bank_holiday http://en.wikipedia.org/wiki/Guy_Fawkes_Night http://en.wikipedia.org/wiki/Eleventh_Night Index: calendar.1 === RCS file: /cvs/src/usr.bin/calendar/calendar.1,v retrieving revision 1.40 diff -u -p -r1.40 calendar.1 --- calendar.1 7 Dec 2015 18:46:35 - 1.40 +++ calendar.1 13 Jan 2016 21:44:19 - @@ -237,6 +237,8 @@ Pagan holidays, celebrations and festiva Russian calendar. .It Pa calendar.space Cosmic history. +.It Pa calendar.united-kingdom +U.K. holidays, celebrations and festivals. .It Pa calendar.ushistory U.S. history. .It Pa calendar.usholiday Index: calendars/calendar.all === RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.all,v retrieving revision 1.5 diff -u -p -r1.5 calendar.all --- calendars/calendar.all 15 Mar 2013 08:37:10 - 1.5 +++ calendars/calendar.all 13 Jan 2016 21:44:19 - @@ -17,5 +17,6 @@ #include #include #include +#include #endif /* !_calendar_all_ */ Index: calendars/calendar.holiday === RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.holiday,v retrieving revision 1.33 diff -u -p -r1.33 calendar.holiday --- calendars/calendar.holiday 5 Jan 2016 08:28:02 - 1.33 +++ calendars/calendar.holiday 13 Jan 2016 21:44:20 - @@ -284,7 +284,6 @@ 08/03 Independence Day in Jamaica, Niger 08/03 Memorial Day of Archbishop Makarios in Cyprus 08/04 Freedom Day in Guyana -08/05* Bank Holiday in Scotland and Northern Ireland 08/06 Bank Holiday in Australia, British Columbia, Fiji, Iceland, Ireland, Ontario 08/06 Emancipation Day in Bahamas @@ -434,7 +433,7 @@ 11/30 Independence Day in Barbados, People's Democratic Yemen Republic 11/30 National Day in Benin 11/30 National Heroes Day in Philippines -11/30 St. Andrew's Day +11/30 Saint Andrew's Day (also a bank holiday in Scotland) 12/01 Independence Day in Central African Republic 12/01 World AIDS Day 12/01 National Day in Romania --- /dev/null Wed Jan 13 21:44:46 2016 +++ calendars/calendar.united-kingdom Wed Jan 13 21:42:48 2016 @@ -0,0 +1,40 @@ +/* + * United Kingdom holiday + * + * $OpenBSD$ + */ + +#ifndef _calendar_united-kingdom_ +#define _calendar_united-kingdom_ + +01/02 2nd January bank holiday in Scotland - another new year's holiday +01/25 Burns' Night in Scotland +02/14 Saint Valentine's Day +03/01 Saint David's Day in Wales +03/17 Saint Patrick's Day (also a bank holiday across Ireland) +03/20* Vernal Equinox +03/SunLast Daylight Saving Time begins; clocks move forward (last Sunday of March) +04/01 April Fool's Day +04/23 Saint George's Day in England +Easter-21 Mothering Sunday (Sunday 3 weeks before Easter Sunday) +Easter-2 Good Friday (bank holiday) +Easter+1 Easter Monday (bank holiday - except Scotland) +05/MonFirstEarly May Bank Holiday +05/MonThird* Victoria Day in Scotland (Monday on or immediately before 24th May) +05/MonLast Spring Bank Holiday +06/SunThirdFather's Day (3rd Sunday of June) +06/21* Summer Solstice +07/11 Eleventh Night in Northern Ireland +07/12 Battle of the Boyne/Orangemen's Day/The Twelfth - a bank holiday in Northern Ireland +08/MonFirstSummer Bank Holiday in Scotland +08/MonLast Summer Bank Holiday in England, Wales and Northern Ireland +09/22* Autumnal Equinox +10/SunLast Daylight Saving Time ends; clocks move back (last Sunday in October) +10/31 Halloween +11/05 Guy Fawkes' Night +11/11 Remembrance Day +11/SunSecond Remembrance Sunday +12/21* Winter Solstice +12/31 Hogmanay + +#endif /* !_calendar_united-kingdom_ */
[calendar] Addition of a New Zealand holiday file
G'day, Similar to the recent British calendar file, here's a New Zealand file. I've nuked a few NZ items from calendar.holiday due to them being spelt wrongly, rigid dates, and are in the new file anyway. Like some holidays, there's a bit of historical controversy & emotion surrounding a couple, so I reckon this is a reasonable solution. Here are the main references I used: http://employment.govt.nz/er/holidaysandleave/publicholidays/publicholidaydates/current.asp http://en.wikipedia.org/wiki/Public_holidays_in_New_Zealand http://www.anzac.govt.nz/today/ http://en.wikipedia.org/wiki/ANZAC http://en.wikipedia.org/wiki/Anzac_Day http://en.wikipedia.org/wiki/New_Zealand_Day http://en.wikipedia.org/wiki/Dominion_Day Despite what is on a lot of web pages ANZAC is all upper case, due to it being an acronym for 'Australian and New Zealand Army Corps' - a remembrance day. Various Pacific islands celebrate it too, but the list changes, along with places of battle, and other parts of the Empire where lots of Aussies & Kiwis are currently living, such as London. 2 provincial anniversary days fall on the same day, and those 2 provinces are geographical neighbours, so put 1 entry for those days. The only problem was with the provincial Marlborough Anniversary Day, which is observed on the first Monday after Labour Day. I couldn't find any other entries for MonFith or if it would roll over to the first Monday of the next month when needed, so I left it on the *date. The 5 summer anniversary days from January flop about to the nearest Monday, forwards & backwards. so they are *dates. This began in a misc@ discussion: http://openbsd-archive.7691.n7.nabble.com/DIFF-New-Year-s-calendar-td286907.html Cheers! Index: calendar.1 === RCS file: /cvs/src/usr.bin/calendar/calendar.1,v retrieving revision 1.41 diff -u -p -r1.41 calendar.1 --- calendar.1 14 Jan 2016 20:08:01 - 1.41 +++ calendar.1 18 Jan 2016 21:47:34 - @@ -228,6 +228,8 @@ Jewish holidays (should be updated yearl so that roving holidays are set correctly for the current year). .It Pa calendar.music Musical events, births, and deaths (strongly oriented toward rock n' roll). +.It Pa calendar.nz +New Zealand calendar. .It Pa calendar.openbsd .Ox related events. Index: calendars/calendar.all === RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.all,v retrieving revision 1.6 diff -u -p -r1.6 calendar.all --- calendars/calendar.all 14 Jan 2016 20:08:01 - 1.6 +++ calendars/calendar.all 18 Jan 2016 21:47:34 - @@ -18,5 +18,6 @@ #include #include #include +#include #endif /* !_calendar_all_ */ Index: calendars/calendar.holiday === RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.holiday,v retrieving revision 1.34 diff -u -p -r1.34 calendar.holiday --- calendars/calendar.holiday 14 Jan 2016 20:08:01 - 1.34 +++ calendars/calendar.holiday 18 Jan 2016 21:47:34 - @@ -44,7 +44,6 @@ 02/02 Candlemas 02/04 Independence Commemoration Day in Sri Lanka 02/05 Constitution Day in Mexico -02/06 New Zealand Day 02/07 Independence Day in Grenada 02/08 Preseren Day (Cultural Holiday) in Slovenia 02/09 St. Maron's Day in Lebanon @@ -137,7 +136,7 @@ 04/22 Oklahoma Day in Oklahoma 04/24 Victory Day in Togo 04/24* Pesach - First Day of Passover - Festival of Freedom -04/25 Anzac Day in Australia, New Zealand, Tonga, Western Samoa +04/25* ANZAC Day in Australia, New Zealand, and various other influenced places 04/25 Liberation Day in Italy 04/25 National Flag Day in Swaziland 04/26 Confederate Memorial Day in Florida & Georgia @@ -391,7 +390,6 @@ 10/23 Chulalongkron's Day in Thailand 10/24 Independence Day in Zambia 10/24 United Nations Day -10/25 Labor Day in New Zealand 10/25 Taiwan Restoration Day in Taiwan 10/26 Agam Day in Nauru 10/26 Armed Forces Day in Benin, Rwanda @@ -488,7 +486,6 @@ 06/02 Corpus Christi in Paraguay 06/MonFirstJefferson Davis's Birthday in Alabama & Mississippi (1st Monday) 06/MonFirstJefferson Davis's Birthday in Florida, Georgia, & S. Carolina -06/04 Queen's Birthday in New Zealand 06/06 His Majesty, Yang Di-Pertuan Agong's Birthday in Malaysia 06/11 Queen's Birthday 06/12 Peace with Bolivia in Paraguay --- /dev/null Mon Jan 18 21:47:42 2016 +++ calendars/calendar.nz Mon Jan 18 21:46:43 2016 @@ -0,0 +1,48 @@ +/* + * New Zealand holiday + * + * $OpenBSD$ + */ + +#ifndef _calendar_nz_ +#define _calendar_nz_ + +01/01 New Year's Day +01/02 Day after New Year's Day (public holiday) +02/06* New Zealand/Waitangi Day (public holiday) +02/14 Saint Valentine's Day +04/01 April Fools' Day +04/SunFirstDaylight Saving Time ends; clocks move back (first Sunday of April) +05/SunSecond Mother's Day (2nd Sunday in May) +06/MonFir
Re: [calendar] Addition of a New Zealand holiday file
On 2016-01-22 Fri 13:50 PM |, Peter Kane wrote: > Hi Craig > > I don't want to file this as a bug but I think New Plymouth Anniversary Day > would be better described as Taranaki Anniversay Day. I've never seen it > described as anything else on a New Zealand calendar (especially while living > there for a good many years). > You're right Peter. The wikipedia page has an alternative name, & I wrongly assumed it was part of the trendy place rename thing, such as Mount Egmont to invalid "Mount Taranaki". New Plymouth was were I was born & messed about while my father worked at building the offshore gas fueled power station there. I later worked at the Edinburgh Rolls Royce factory which built the 385kv heavy transformers for NZ - weird. A bit of wishfull self indulgence Nevertheless, I couldn't find any web hits for "New Plymouth Anniversary Day". Also, I had a double entry for "South Canterbury Anniversary Day", so here's both updated: Index: calendars/calendar.nz === RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.nz,v retrieving revision 1.1 diff -u -p -r1.1 calendar.nz --- calendars/calendar.nz 20 Jan 2016 19:12:28 - 1.1 +++ calendars/calendar.nz 22 Jan 2016 12:04:47 - @@ -30,14 +30,14 @@ 01/29* Auckland and Northland Anniversary Days 02/01* Nelson Anniversary Day 03/23* Otago Anniversary Day -03/MonSecond New Plymouth Anniversary Day +03/MonSecond Taranaki Anniversary Day Easter+2 Southland Anniversary Day 09/MonFourth South Canterbury Anniversary Day 09/FriThirdHawke's Bay Anniversary Day 11/01* Marlborough Anniversary Day 11/30* Chatham Islands Anniversary Day 12/01* Westland Anniversary Day -12/16* South Canterbury Anniversary Day +12/16* Canterbury Anniversary Day /* Seasonal days */ 03/20* Autumnal Equinox > As a side note, I think New Plymouth would be an excellent place for a > late-summer hackathon, given the pleasant beaches and mountainous terrain in > close proximity. > I reckon. Famous for its surfing & snowy mountain on the same day. Film makers love it there, especially of the Japanese ilk due to Mt Egmont being a Mt Fuji lookalike, with high air & light quality. Keep in mind the NZ song "Four Seasons In One Day" by Crowded House. > Diff below. > > Thanks, > Peter > > > Index: src/usr.bin/calendar/calendars/calendar.nz > === > RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.nz,v > retrieving revision 1.1 > diff -u -p -u -r1.1 calendar.nz > --- src/usr.bin/calendar/calendars/calendar.nz 20 Jan 2016 19:12:28 - > 1.1 > +++ src/usr.bin/calendar/calendars/calendar.nz 22 Jan 2016 00:36:33 - > @@ -30,7 +30,7 @@ > 01/29* Auckland and Northland Anniversary Days > 02/01* Nelson Anniversary Day > 03/23* Otago Anniversary Day > -03/MonSecond New Plymouth Anniversary Day > +03/MonSecond Taranaki Anniversary Day > Easter+2 Southland Anniversary Day > 09/MonFourth South Canterbury Anniversary Day > 09/FriThirdHawke's Bay Anniversary Day > > > > > - Forwarded message from Jason McIntyre - > > Date: Wed, 20 Jan 2016 19:12:57 +0000 > From: Jason McIntyre > To: tech@openbsd.org > Subject: Re: [calendar] Addition of a New Zealand holiday file > User-Agent: Mutt/1.5.24 (2015-08-30) > > On Mon, Jan 18, 2016 at 10:49:08PM +, Craig Skinner wrote: > > G'day, > > > > Similar to the recent British calendar file, here's a New Zealand file. > > > > committed, thanks. > jmc > -- Practical people would be more practical if they would take a little more time for dreaming. -- J. P. McEvoy
Re: security(8) mailbox check question
Hi all, On 2016-01-23 Sat 22:31 PM |, Joerg Jung wrote: > On Sat, Jan 23, 2016 at 08:31:09PM +0100, Ingo Schwarze wrote: > > This was discussed several times before. e.g: http://openbsd-archive.7691.n7.nabble.com/security-8-check-maildir-as-well-as-mailbox-permissions-td239848.html -- Ray's Rule of Precision: Measure with a micrometer. Mark with chalk. Cut with an axe.
Re: security(8) mailbox check question
Hi Ted, On 2016-01-23 Sat 17:27 PM |, Ted Unangst wrote: > > I think the possibility to fill up /var makes it a poor choice. For mail servers, /var/mail/ can be a seperate mount point. /var/log/ is commonly a mount point on servers. As is /var/www/ /var/spool/{smtpd,postfix} /var/[fav-SQL-db], etc. -- Cheers.
[calendar] United States holiday migrations
Hi folks, NOOP;- relocate USA state/national holidays from calendar.holiday into existing sparse calendar.usholiday file. As they're now in the USA holiday file, strip state names from holiday names where the state is named in the day itself. e.g: 'Oklahoma Day in Oklahoma' becomes 'Oklahoma Day'. e.g: 'Youth Day in Oklahoma' remains unchanged. Index: calendar.holiday === RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.holiday,v retrieving revision 1.35 diff -u -p -r1.35 calendar.holiday --- calendar.holiday20 Jan 2016 19:12:28 - 1.35 +++ calendar.holiday27 Jan 2016 22:52:23 - @@ -27,16 +27,12 @@ 01/15 Arbor Day in Jordan 01/16 Martyrs Day in Benin 01/18 Revolution Day in Tunisia -01/19 Confederate Heroes Day in Texas 01/19 Ethopian Epiphany in Ethiopia 01/19 Nameday of Archbishop Makarios in Cyprus 01/20 Army Day in Mali 01/20 National Heroes Day in Guinea-Bissau -01/MonThirdRobert E. Lee's Birthday in Alabama & Mississippi (3rd Monday) -01/MonThirdLee-Jackson Day in Virginia (3rd Monday) 01/21 Our Lady of Altagracia in Dominican Republic 01/23 Feast of St. Ildefonsus -01/23 National Handwriting Day 01/24 Economic Liberation Day in Togo 01/26 Republic Day in India 01/30 Australia Day in Australia @@ -60,11 +56,9 @@ 03/01 Samil Independence Movement Day in South Korea 03/01 St. David's Day, Cardiff 03/02 Peasants Day in Burma -03/02 Texas Independence day 03/02 Victory of Adowa in Ethiopia 03/03 Girl's Day in Japan 03/03 Throne Day in Morocco -03/04 Vermont Admission Day (admitted as 14th state in 1791) 03/05 Independence Day in Equatorial Guinea 03/06 Lantern Day, Bejing 03/07* Purim - Feast of Lots @@ -76,39 +70,31 @@ 03/09 Decoration Day in Liberia 03/09 Falgun Purnima Day in Nepal 03/10 Labor Day in South Korea -03/11 Johnny Appleseed Day; anniversary of the death of John Chapman 03/12 Commonwealth Day in Swaziland 03/12 Independence Day in Mauritius 03/12 Moshoeshoe's Birthday in Lesotho 03/12 Renovation Day in Gabon 03/13 National Day in Grenada 03/15 Day of the 1848 revolution in Hungary -03/16 Black Press Day; first Black newspaper founded in 1827 -03/17 Evacuation Day in Suffolk County, Massachusetts 03/17 St. Patrick's Day 03/19 St. Joseph's Day in Colombia, Costa Rica, Holy See, Liechtenstein, Bavaria, San Marino, Spain, Venezuela 03/19 Tree Planting Day in Lestho 03/20 Independence Day in Tunsia -03/20 Youth Day in Oklahoma 03/21 Afghan New Year in Afghanistan 03/21 Juarez' Birthday in Mexico 03/22 Abolition Day in Puerto Rico 03/23 Pakistan Day in Pakistan 03/25 Greek Independence Day in Cyprus 03/25 Lady Day (a.k.a. the Feast of the Annunciation) -03/25 Maryland Day in Maryland 03/25 National Holiday in Greece -03/MonLast Seward's Day in Alaska (last Monday) 03/26 Independence Day in Bangladesh -03/26 Prince Jonah Kuhio Kalanianaole Day in Hawaii 03/27 Armed Forces Day in Burma 03/29 Death of President Barthelemy Boganda in Central African Republic 03/29 Memorial Day in Madagascar 03/31 National Day in Malta 04/01 Youth Day in Benin 04/02 Malvinas Day in Argentina -04/02 Pascua Florida Day in Florida 04/04 Ching Ming Festival in Hong Kong 04/04 Liberation Day in Hungary 04/04 National Day in Senegal @@ -123,7 +109,6 @@ 04/13 Songkran Day in Thailand 04/14 Day of the Americas in Honduras 04/15 Bengali New Year in Bangladesh -04/MonThirdPatriot's Day in Maine & Massachusetts (3rd Monday) 04/16 De Diego's Birthday (celebrated in Puerto Rico) 04/16 Holy Week (5 days) in Venezuela 04/16 Tourist Week (5 days) in Uruguay @@ -131,39 +116,28 @@ 04/18 Independence Day in Chile, Zimbabwe 04/19 Declaration of Independence in Venezuela 04/19 Republic Day in Sierra Leone -04/21 San Jacinto Day in Texas -04/22 Arbor Day in Nebraska & Delaware -04/22 Oklahoma Day in Oklahoma 04/24 Victory Day in Togo 04/24* Pesach - First Day of Passover - Festival of Freedom 04/25* ANZAC Day in Australia, New Zealand, and various other influenced places 04/25 Liberation Day in Italy 04/25 National Flag Day in Swaziland -04/26 Confederate Memorial Day in Florida & Georgia 04/26 Union Day in Tanzania 04/27 Day of Uprising Against Occupation in Slovenia 04/27 Independence Day in Togo -04/MonLast Arbor Day in Wyoming (last Monday) -04/MonLast Confederate Memorial Day in Alabama & Mississippi (last Monday) 04/30 The Workers Day in Uruguay 05/01 Labor Day in many places -05/01 Law Day (decl. by Eisenhower) 05/01 May Day in many places 05/02 Constitution Day in Japan 05/03 Constitution Day in Poland -05/04 Rhode Island Independence Day 05/05 Children's Day in Japan, South Korea 05/05 Coronation Day in Thailand 05/05 Liberation Day in the Netherlands 05/06 Bataan Day in Philippines 05/06* Bank Holiday in UK 05/07 May Day in United Kingdo
Re: [calendar] United States holiday migrations
Hi Jason, On 2016-01-28 Thu 00:34 AM |, Jason McIntyre wrote: > On Wed, Jan 27, 2016 at 11:06:41PM +0000, Craig Skinner wrote: > > > > NOOP;- relocate USA state/national holidays from calendar.holiday > > into existing sparse calendar.usholiday file. > > > > i have to say i am less keen on this. i think calendar.holiday is pretty > much a us-centric file anyway, for fairly obvious reasons. i'm not sure > that splitting this file makes sense. we'll end up with a holiday file > with few entries, and which belong nowhere. > Errr, not really;- only ~10% of calendar.holiday is affected (53 lines), which about doubles the size of the skeleton calendar.usholiday file. I think most OpenBSD hackers are on the European continent, or at least outside of the U.S.A. anyway. My thought was to provide a place for more regional U.S. holidays to be added, to their file, without impacting the international scene. Following this diff, I want to group many items by state, to make it easier for their regional additions. Such as the New York Marathon, Albuquerque hot air balloon festival & wotnot! The Germans are already 4 times ahead of the combined States: $ wc -l de_DE.UTF-8/* | fgrep total 414 total The Americans could totally top that. I know lots of Brits love the States, so it would be easy for them to then include a fully loaded calendar.usholiday file. Cool. -- Hanson's Treatment of Time: There are never enough hours in a day, but always too many days before Saturday.
Re: [calendar] United States holiday migrations
Hiya, On 2016-01-28 Thu 22:09 PM |, Jason McIntyre wrote: > On Thu, Jan 28, 2016 at 09:02:17PM +0000, Craig Skinner wrote: > > > My thought was to provide a place for more regional U.S. holidays to be > > added, to their file, without impacting the international scene. > > > > Following this diff, I want to group many items by state, to make it > > easier for their regional additions. Such as the New York Marathon, > > Albuquerque hot air balloon festival & wotnot! > > > > ok, so submit a separate file for additions. some more local things > probably do make sense in a separate file. > To enable the calendar.usholiday file to grow in a clean way, I reckon stage 1 is to relocate their existing entries into that existing file. Stage 2 would be to do some grouping by state in calendar.usholiday. Stage 3 would be open season for new American holiday/event additions. Like the ~600 entry French festival file: calendar.fetes After that, there's about 100 entries at the foot of calendar.holiday I'd like to hoist up into date order, & follow up with further tidies. Cheers. -- This fortune is inoperative. Please try another.
Re: cp -i might violate POSIX
On 2016-03-05 Sat 01:41 AM |, Timo Buhrmester wrote: > From src/bin/cp/cp.c: > > while ((ch = getopt(argc, argv, "HLNPRfailprv")) != -1) > > [...] > > case 'i': > > iflag = isatty(fileno(stdin)); > The -i in cp -i is ignored if standard input isn't a tty. > $ print sun > /tmp/dry $ print rain > /tmp/wet $ type cp cp is an alias for 'cp -i' $ cp /tmp/wet /tmp/dry overwrite /tmp/dry? n $ cat /tmp/{wet,dry} rain sun $ nice cp /tmp/wet /tmp/dry $ cat /tmp/{wet,dry} rain rain# << whoops! Maybe it's just the alias being ignored by nice: $ print sun > /tmp/dry $ nice cp -i /tmp/wet /tmp/dry overwrite /tmp/dry? n $ cat /tmp/{wet,dry} rain sun
Re: spamd - blacklists
Hi Hans, On 2016-03-14 Mon 11:49 AM |, hans wrote: > On Mar 13 18:56:00, mm...@mykolab.com wrote: > > hans wrote: > > > The link to "the place to search for blacklists" is dead. > > > > Might be better to replace it than to remove it. > > Sure. Any suggestions? > Some DNSRBLs are available as files or rsync feeds. It takes a bit of digging about, so start with effective ones: http://www.intra2net.com/en/support/antispam/ http://www.spamcannibal.org/dnsbl_compare.shtml http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists http://multirbl.valli.org/list/ Offenders can be checked in all at once on: http://multirbl.valli.org/dnsbl-lookup/
Re: Remove handrolled function from spamd(8) for privdrop
Hi Ricardo, On 2016-03-14 Mon 16:15 PM |, Ricardo Mestre wrote: > > Comments? > http://marc.info/?l=openbsd-tech&m=145047019223179
Re: spamd - blacklists
Hi Stuart, On 2016-03-14 Mon 16:27 PM |, Stuart Henderson wrote: > > There aren't many who provide their whole dataset to anyone other > than paying customers - e.g. Spamhaus' rsync feeds are for > organisations with >5000 users and cost US$1700+/year. > I've found these free rsync feeds useful: The Passive Spam Block List (collates IPs sending to spam traps): http://psbl.org/howto/ CBL (SpamHaus) writes: "The PSBL is a solid and reliable DNSBL. Amazingly effective for such a modest effort. Generally recommended" http://www.abuseat.org/faq.html UCE Protect (IPs sending to spam traps, and more aggresive options): http://www.uceprotect.net/en/index.php?m=6&s=10 The Composite Blocking List (CBL - a big part of SpamHaus DNSRBLs) can be rsync'd after rego (free, execpt for spam filter service operators): http://www.abuseat.org/faq.html There are a few more paid rsync lists here: http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists Generally, everything has changed from file feeds to DNS.
Re: spamd & spamlogd open sync port 8025 as root
Hi Ricardo/All, On 2015-12-18 Fri 20:20 PM |, Craig Skinner wrote: > Hi! > > FYI;- I've noticed spamd & spamlogd open their high ports as root. > > These pf rules work, changing to 'user _spamd' doesn't: > > pass in on $ext_if inet proto udp \ > from $ext_if:network port > 1023 \ > to $ext_if:0 port spamd-sync \ > user root > > pass out on $ext_if inet proto udp \ > from $ext_if:0 port > 1023 \ > to $ext_if:network port spamd-sync \ > user root > > > $ fstat -u _spamd | fgrep internet > _spamd spamlogd28614* internet dgram udp *:12412 > _spamd spamd 14083* internet stream tcp 0x0 *:8025 > _spamd spamd 14084* internet stream tcp 0x0 127.0.0.1:8026 > _spamd spamd 14085* internet dgram udp 203.0.113.21:8025 > _spamd spamd 111543* internet stream tcp 0x0 *:8025 > _spamd spamd 111544* internet stream tcp 0x0 127.0.0.1:8026 > _spamd spamd 111545* internet dgram udp 203.0.113.21:8025 > _spamd spamd 114523* internet stream tcp 0x0 *:8025 > _spamd spamd 114524* internet stream tcp 0x0 127.0.0.1:8026 > _spamd spamd 114525* internet dgram udp 203.0.113.21:8025 > > > This box syslogs: > Dec 18 15:13:25 palm spamd[1408]: new WHITE from 203.0.113.20 for > 208.70.245.125, expires 1453562006 > > The WHITE would be from spamlogd sending to UDP 8025 as root > due to the pf rules above for that port require root to function. > > > The source files show all the sockets are opened before priv drop. > > As the ports are above 1023, is this necessary? - I'm not a C coder... > Thanks Ricardo for your patch moving spamd.c's port binding to the unpriv code block for this bug I found. With spamd rebuilt & restarted, I'm trying to inject some test data from another box which spamd syncs in both directions (as root). This claims to connect & hangs: (Nothing in the updated box's syslogs from spamd.) $ KEY_SHA1=$(sha1 -q /etc/mail/spamd.key) $ print "2 3 145880 145890 1.23.456.789 $KEY_SHA1 0" | nc -4uv mx.example.net 8025 Connection to mx.example.net 8025 port [udp/spamd-sync] succeeded! ^C tcpdump on the spamd modified sync receive mx.example.net box shows: Mar 18 18:35:28.334256 r2:d2:23:48:92:0e c3:p0:3a:c5:a5:2c 0800 60: 203.0.113.21.33635 > 203.0.113.20.8025: udp 1 Mar 18 18:35:28.334309 r2:d2:23:48:92:0e c3:p0:3a:c5:a5:2c 0800 60: 203.0.113.21.33635 > 203.0.113.20.8025: udp 1 Mar 18 18:35:28.334360 r2:d2:23:48:92:0e c3:p0:3a:c5:a5:2c 0800 60: 203.0.113.21.33635 > 203.0.113.20.8025: udp 1 Mar 18 18:35:28.334442 r2:d2:23:48:92:0e c3:p0:3a:c5:a5:2c 0800 60: 203.0.113.21.33635 > 203.0.113.20.8025: udp 1 Mar 18 18:35:28.339011 r2:d2:23:48:92:0e c3:p0:3a:c5:a5:2c 0800 124: 203.0.113.21.33635 > 203.0.113.20.8025: udp 82 How can test data be sent to spamd? Thanks. -- Some people claim that the UNIX learning curve is steep, but at least you only have to climb it once.
Re: www.openbsd.org/cgi-bin/man.cgi
On 2016-03-22 Tue 22:49 PM |, Bob Beck wrote: > > A few years back, Ingo moved it to the new mandoc based man.cgi, and > now we've actually moved this to a dedicated place - "man.openbsd.org" > Superb. What's next? $ ssh gu...@man.openbsd.org Welcome guest user to OpenBSD's online manual library. The only command available is 'man'. (For help; type 'man man[ENTER]'.) $
Re: machine slow with latest snapshot (bufcache related?) on sparc64
Try sp...@openbsd.org Markus. See: http://www.OpenBSD.Org/mail.html
Re: netstat(1) show only listening sockets
Hi Sebastian, On Sat, 1 Jul 2017 16:44:14 +0200 Sebastian Benoit wrote: > This makes netstat show only listening sockets for tcp sockets > when invoked as netstat -l. > > With it "netstat -l -finet -p tcp" is equivalent to > "netstat -a -finet | grep LISTEN" This shows listening UDP ports too: $ netstat -a -f inet | fgrep '*.*' Or limit to only 'Proto' & 'Local Address' fields: $ netstat -a -f inet | awk '/\*.\*/ { print $1"\t"$4 }' Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: [PATCH] etc/daily - handle purging accounting records a bit better
Hi Raf/all, On Sun, 9 Jul 2017 10:53:34 +0100 Raf Czlonka wrote: > > I've enabled accounting recently and have noticed these messages > in the daily(8) email: > > Day 1: > > Purging accounting records: > mv: /var/account/acct.2: No such file or directory > mv: /var/account/acct.1: No such file or directory > mv: /var/account/acct.0: No such file or directory > newsyslog(8) can rotate these & has worked well for me on multiple servers for the last 2 years: http://marc.info/?l=openbsd-tech&m=144049218130267 PS: I've never seen anything other than '0' in the 'CORE' column. Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: RFC 7217: random but stable addresses (take 3)
On Sat, 15 Jul 2017 06:58:40 +0200 Sebastien Marie wrote: > Could /etc/soii.key be added to /etc/changelist too please ? + /etc/mtree/special?
Re: openssl(1) not error exiting on full file system
Ping: On Tue, 11 Apr 2017 11:28:38 +0100 Craig Skinner wrote: > Hi again, > > On 2017-04-10 Mon 14:31 PM |, Craig Skinner wrote: > > On Mon, 10 Apr 2017 12:46:03 +0100 Craig Skinner wrote: > > > $ openssl enc -bf -salt \ > > > -pass file:/etc/myname -in /bsd \ > > > -out /altroot/tmp/bsd.crypto > > > > > > /altroot: write failed, file system is full > > > $ print $? > > > 0 > > > > openssl error exits for other output file creation problems: > ... .. http://marc.info/?l=openbsd-tech&m=149190654818169 http://marc.info/?t=14918248523
Re: [patch] Add -z and -Z to apmd for automatic suspend/hibernate
Hi Jesper/all, On Sun, 13 Aug 2017 14:13:42 +0200 Jesper Wallin wrote: > > ... someone on IRC also suggested sensorsd or even ksh and a > cronjob. I personally find it a bit too ducttapey though, especially > for a feature one would expect on a laptop. For what its worth, below is an unpriv duck tape cron ksh script, which I've been meaning to port & package up... (It is very reliable.) If the battery status is critical, it syslogs & wall(1)s. When disaster seems iminent, it starts a delayed shutdown(8), which it later kills if power is plugged. $ crontab -l | fgrep batt-crit */5 * * * * ~/bin/batt-crit $ cat ~/bin/batt-crit #!/bin/ksh # # $Id: batt-crit,v 1.14 2016/05/13 13:22:58 craig Exp $ # #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # # Copyright (c) 2015-2016 Craig R. Skinner # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # # A/C charger ! disconnected [[ $(apm -a) -ne 0 ]] && exit # Battery status ! critical [[ $(apm -b) -eq 2 ]] || exit 0 alias logger='logger -p daemon.crit' apm | tr -s '\n' ' ' | logger batt_lvl=$(apm -l) [[ ${batt_lvl} -gt 15 ]] && exit apm | wall [[ ${batt_lvl} -gt 5 ]] && exit warning='battery charge level critically low' shutdown -hp +${batt_lvl} ${warning} print "shutdown -hp +${batt_lvl} ${warning}" | logger renice -n 20 $$ > /dev/null count=100 until [[ ${count} -eq 0 ]] do sleep 20 [[ $(apm -a) -eq 0 ]] || { pgrep -l -f shutdown && { print 'killing...' pkill -l shutdown break } } let count-- done
Re: Is loss of read-only /usr permanent?
Hi RD/all, On 2016-05-13 Fri 17:16 PM |, RD Thrush wrote: > > # cp -p /etc/fstab /etc/fstab.orig > # sed -e 's,/usr ffs rw,/usr ffs ro,' /etc/fstab > # shutdown -f now > Shutdown NOW! > shutdown: [pid 82541] Something like this in /etc/rc might help here: rebuildlibs() { mount -d /usr | fgrep -wq ro && _ro_usr='true' [[ -n ${_ro_usr} ]] && mount -u -o 'nordonly' /usr ... .. [[ -n ${_ro_usr} ]] && mount -u -o 'rdonly' /usr } Let us know what works for you. Thanks! -- Paranoia doesn't mean the whole world isn't out to get you.
Re: Is loss of read-only /usr permanent?
On 2016-05-14 Sat 12:25 PM |, RD Thrush wrote: > > Thanks, Craig. That is much better than what I proposed > Another solution occured to me Bob;- ro /usr rw /usr/lib (an additional mount point) If power was lost during boot, most of /usr would be unaffected. The mods I mailed earlier could also be adapted for a ro /usr/lib too. Cheers! -- Q: What is the last thing a Kansas stripper takes off? A: Her bowling shoes.
xdm halt & reboot buttons
Hello, This diff presents 'Halt' and 'Reboot' buttons on the xdm screen. Other buttons could be added, such as 'Hibernate' & 'Suspend'. The message box remains after login but can be manually closed. Adapted from http://cafim.sssup.it/~giulio/other/Customization_XDM.html#starting-the-necessary-programs --- Xsetup_0~ Wed Aug 6 21:03:43 2014 +++ Xsetup_0Tue Jun 28 13:51:23 2016 @@ -1,8 +1,25 @@ #!/bin/sh -# $OpenBSD: Xsetup_0,v 1.3 2010/03/28 09:33:02 matthieu Exp $ +# $OpenBSD: Xsetup_0,v 1.2 2016/06/28 13:24:23 craig Exp $ if [ "$DISPLAY" = ":0" -o "$DISPLAY" = ":0.0" ] then xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail + + # Show Halt and Reboot buttons: + ( + xmessage -buttons 'Halt:20,Reboot:21' ' System: ' + case $? in + 20) + exec halt -p + ;; + 21) + exec reboot + ;; + *) + print "xmessage closed on $(date)" + ;; + esac + ) & + fi #sxpm OpenBSD.xpm &
Re: xdm halt & reboot buttons
Hello, On 2016-06-28 Tue 15:27 PM |, Craig Skinner wrote: > This diff presents 'Halt' and 'Reboot' buttons on the xdm screen. > Now it closes the message box + adds 'Hibernate' & 'Suspend' buttons. > > Adapted from http://cafim.sssup.it/~giulio/other/Customization_XDM.html > --- /etc/X11/xdm/Xsetup_0 2016/06/28 14:20:18 1.1 +++ /etc/X11/xdm/Xsetup_0 2016/06/28 17:14:54 @@ -1,8 +1,31 @@ #!/bin/sh -# $OpenBSD: Xsetup_0,v 1.1 2016/06/28 13:20:18 craig Exp $ +# $OpenBSD: Xsetup_0,v 1.6 2016/06/28 16:16:11 craig Exp $ if [ "$DISPLAY" = ":0" -o "$DISPLAY" = ":0.0" ] then xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail + + # Show Halt and Reboot buttons: + ( + xmessage -buttons 'Halt:20,Reboot:21,Suspend:22,Hibernate:23' ' System: ' + case $? in + 20) + halt -p >/dev/console 2>&1 + ;; + 21) + reboot >/dev/console 2>&1 + ;; + 22) + zzz >/dev/console 2>&1 + ;; + 23) + ZZZ >/dev/console 2>&1 + ;; + *) + print 'xdm halter closed' >/dev/console + ;; + esac + ) & + fi #sxpm OpenBSD.xpm & --- /etc/X11/xdm/GiveConsole2015/06/30 16:44:10 1.2 +++ /etc/X11/xdm/GiveConsole2016/06/28 17:07:28 @@ -1,6 +1,11 @@ #!/bin/sh # Assign ownership of the console to the invoking user -# $OpenBSD: GiveConsole,v 1.2 2015/06/30 15:44:10 craig Exp $ +# $OpenBSD: GiveConsole,v 1.3 2016/06/28 16:09:24 craig Exp $ +# + +# Started in Xsetup_0 +pkill xmessage + # # By convention, both xconsole and xterm -C check that the # console is owned by the invoking user and is readable before attaching
Re: xdm halt & reboot buttons
Hiya, On 2016-06-29 Wed 14:46 PM |, Craig Skinner wrote: > On 2016-06-28 Tue 15:27 PM |, Craig Skinner wrote: > > This diff presents 'Halt' and 'Reboot' buttons on the xdm screen. > > > > Now it closes the message box + adds 'Hibernate' & 'Suspend' buttons. > > > > > Adapted from http://cafim.sssup.it/~giulio/other/Customization_XDM.html > > > Send all the sub shell's output to the console, + battery & load stats: --- /etc/X11/xdm/Xsetup_0 2016/06/28 14:20:18 1.1 +++ /etc/X11/xdm/Xsetup_0 2016/06/30 16:16:09 @@ -1,8 +1,40 @@ #!/bin/sh -# $OpenBSD: Xsetup_0,v 1.1 2016/06/28 13:20:18 craig Exp $ +# $OpenBSD: Xsetup_0,v 1.12 2016/06/30 15:19:52 craig Exp $ if [ "$DISPLAY" = ":0" -o "$DISPLAY" = ":0.0" ] then xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail + + # Convenience GUI buttons via a backgrounded sub shell: + ( + while true + do + xmessage -buttons 'Halt:20,Reboot:21,Suspend:22,Hibernate:23,Battery?:24,Load?:25' ' System: ' + case $? in + 20) + halt -p && break + ;; + 21) + reboot && break + ;; + 22) + zzz + ;; + 23) + ZZZ + ;; + 24) + apm + ;; + 25) + uptime + ;; + *) + break + ;; + esac + done + ) >/dev/console 2>&1 & + fi #sxpm OpenBSD.xpm & --- /etc/X11/xdm/GiveConsole2015/06/30 16:44:10 1.2 +++ /etc/X11/xdm/GiveConsole2016/06/28 17:07:28 @@ -1,6 +1,11 @@ #!/bin/sh # Assign ownership of the console to the invoking user -# $OpenBSD: GiveConsole,v 1.2 2015/06/30 15:44:10 craig Exp $ +# $OpenBSD: GiveConsole,v 1.3 2016/06/28 16:09:24 craig Exp $ +# + +# Started in Xsetup_0 +pkill xmessage + # # By convention, both xconsole and xterm -C check that the # console is owned by the invoking user and is readable before attaching
Re: mandoc.db(5) without SQLite
On 2016-07-01 Fri 05:28 AM |, Ingo Schwarze wrote: > > Any thoughts? Wow!
Re: xdm halt & reboot buttons
Hi Alexander, On 2016-06-30 Thu 20:58 PM |, Alexander Hall wrote: > > 1. xmessage has an sometimes useful, but in general awful, interface. Aye,... simple, in base & functional. The prettiness factor can be cosmetically altered with Xmessage* lines in /etc/X11/xdm/Xresources. See '! xmessage resources' mid way down: http://cafim.sssup.it/~giulio/other/Customization_XDM.html > > Maybe just add a button or two to the xdm login panel instead? > Good idea. I'll try to alter that instead Suggestions welcome! Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: xdm halt & reboot buttons
On 2016-07-01 Fri 14:22 PM |, Craig Skinner wrote: > On 2016-06-30 Thu 20:58 PM |, Alexander Hall wrote: > > > > Maybe just add a button or two to the xdm login panel instead? > > > > Good idea. I'll try to alter that instead Suggestions welcome! > Ugh,... that's beyond me. >From xdm(1), the AUTHENTICATION WIDGET is special purpose, with xlogin.Login.namePrompt and xlogin.Login.passwdPrompt, but not xlogin.Login.MyNewButton1, xlogin.Login.MyNewButton2, Sorry Alexander. Anyway, here's another attempt, with less buttons. The 1st xmessage window has no loop to break as shutdown & reboot are single instance actions. It also uses shutdown(8) to log to /var/log/authlog, and can be run by operator instead of root. The 2nd xmessage window on the top right of the screen diverts battery state info to the console below it. This needs a breakable loop to be run more than once. --- /etc/X11/xdm/Xsetup_0 2016/06/28 14:20:18 1.1 +++ /etc/X11/xdm/Xsetup_0 2016/07/01 20:30:24 @@ -1,8 +1,38 @@ #!/bin/sh -# $OpenBSD: Xsetup_0,v 1.1 2016/06/28 13:20:18 craig Exp $ +# $OpenBSD: Xsetup_0,v 1.13 2016/07/01 19:51:18 craig Exp $ if [ "$DISPLAY" = ":0" -o "$DISPLAY" = ":0.0" ] then xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail + + # Convenience GUI buttons via a backgrounded sub shell: + ( + xmessage -buttons 'Shutdown:20,Reboot:21' ' Machine:' + case $? in + 20) + shutdown -hp now 'xdm login screen' + ;; + 21) + shutdown -r now 'xdm login screen' + ;; + esac + ) >/dev/console 2>&1 & + + # Convenience GUI buttons via a backgrounded sub shell: + ( + while true + do + xmessage -geometry -0+0 -buttons 'Status:24' ' Battery:' + case $? in + 24) + apm + ;; + *) + break + ;; + esac + done + ) >/dev/console 2>&1 & + fi #sxpm OpenBSD.xpm & --- /etc/X11/xdm/GiveConsole2015/06/30 16:44:10 1.2 +++ /etc/X11/xdm/GiveConsole2016/06/28 17:07:28 @@ -1,6 +1,11 @@ #!/bin/sh # Assign ownership of the console to the invoking user -# $OpenBSD: GiveConsole,v 1.2 2015/06/30 15:44:10 craig Exp $ +# $OpenBSD: GiveConsole,v 1.3 2016/06/28 16:09:24 craig Exp $ +# + +# Started in Xsetup_0 +pkill xmessage + # # By convention, both xconsole and xterm -C check that the # console is owned by the invoking user and is readable before attaching
Re: xdm halt & reboot buttons
On 2016-07-01 Fri 18:01 PM |, Sebastien Marie wrote: > > It is the fact that xmessage would be run as root that worry me a bit. Good point Sebastien. > Now, as xmessage(1) would be only used to provide UI to user, it should > be possible to run it as _x11 (or other unpriviligied user). The useful > information is the exit code of the program, so the rest of the script > (the "case...esac" stuff) could be run as root and only read the exit > code of an unpriviligied one. > OK, I'll investigate that next. My 4th version uses shutdown(8), which can run as operator. I guess nobody could run apm(8) too. > About the "pkill" in GiveConsole, I think it should be more "restricted" > (with -U, -x ...) : else any running xmessage(1) program on the host > will be killed (remote X11 xmessage on the host while another user log > using xdm). Yeah, I've a space at the front of the message, so pgrep -l was getting a bit weird. But running xmessage as _x11 changes the situation! Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: xdm halt & reboot buttons
Hi Patrick, On 2016-07-01 Fri 10:38 AM |, patrick keshishian wrote: > > Only comment I (as a user) have, has to do with liking the > default look as-is. Same for me. It's not pretty, but it's in keeping with the rest of the landscape. Some CSS type guru could refashion the whole thing. > I like the idea of this being put in a separate script/program > (suggested by Alexander Hall); that way, it can easily be disabled > (reverted to original look) with a one-line comment. > Most of the ideas on the web are TCL or Perl windows, which means /usr/local/, which means ports, and they were so complicated, writing PID files, watcher processes to kill the scripts, ugh... The page I adapted as a starting point was so simple & in base. I hear you about easy on/off, + Alexander with an external widget. -- Craig Skinner | http://linkd.in/yGqkv7
Re: xdm halt & reboot buttons
Hello all, On 2016-07-01 Fri 18:01 PM |, Sebastien Marie wrote: > > It is the fact that xmessage would be run as root that worry me a bit. > [snip] > > Now, as xmessage(1) would be only used to provide UI to user, it should > be possible to run it as _x11 (or other unpriviligied user). The useful > information is the exit code of the program, so the rest of the script > (the "case...esac" stuff) could be run as root and only read the exit > code of an unpriviligied one. > > About the "pkill" in GiveConsole, I think it should be more "restricted" > (with -U, -x ...) : else any running xmessage(1) program on the host > will be killed (remote X11 xmessage on the host while another user log > using xdm). xmessage is now run as '_x11', shutdown as 'operator', and the status items as 'nobody'. Only user _x11's xmessage windows are pkilled. (Maybe the operator & nobody bits are overkill.) As Patrick requested, the bits can simply be disabled by easy comments. Feel free to further improve: --- /etc/X11/xdm/Xsetup_0 2016/06/28 14:20:18 1.1 +++ /etc/X11/xdm/Xsetup_0 2016/07/02 14:58:30 @@ -1,8 +1,52 @@ #!/bin/sh -# $OpenBSD: Xsetup_0,v 1.1 2016/06/28 13:20:18 craig Exp $ +# $OpenBSD: Xsetup_0,v 1.16 2016/07/02 14:03:14 craig Exp $ + +# Convenience GUI button items: +alias su_x11='su -s /bin/sh _x11 -c' +alias su_optr='su -s /bin/sh operator -c' +alias su_nbdy='su -s /bin/sh nobody -c' + +function _xdm_machine_shutdown +{ + su_x11 "xmessage -geometry +0+0 -buttons 'Shutdown:20,Reboot:21' ' Machine:'" + case $? in + 20) + su_optr "shutdown -hp now 'xdm login screen'" + ;; + 21) + su_optr "shutdown -r now 'xdm login screen'" + ;; + esac +} + +function _xdm_machine_status +{ + while true + do + su_x11 "xmessage -geometry -0+0 -buttons 'Battery:30,Load:31' ' Status:'" + case $? in + 30) + su_nbdy 'apm' + ;; + 31) + su_nbdy 'uptime' + ;; + # TODO: + #32) + # su_nbdy 'some-wifi-status-thing' + # ;; + *) + break + ;; + esac + done +} + if [ "$DISPLAY" = ":0" -o "$DISPLAY" = ":0.0" ] then xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail + _xdm_machine_shutdown >/dev/console 2>&1 & + _xdm_machine_status >/dev/console 2>&1 & fi #sxpm OpenBSD.xpm & --- /etc/X11/xdm/GiveConsole2015/06/30 16:44:10 1.2 +++ /etc/X11/xdm/GiveConsole2016/07/02 13:18:32 @@ -1,6 +1,11 @@ #!/bin/sh # Assign ownership of the console to the invoking user -# $OpenBSD: GiveConsole,v 1.2 2015/06/30 15:44:10 craig Exp $ +# $OpenBSD: GiveConsole,v 1.4 2016/07/02 12:24:40 craig Exp $ +# + +# Started in Xsetup_0 +pkill -U _x11 -x xmessage + # # By convention, both xconsole and xterm -C check that the # console is owned by the invoking user and is readable before attaching
Re: xdm halt & reboot buttons
On 2016-07-01 Fri 15:38 PM |, Matthieu Herrb wrote: > > If you spend some time providing a set of nice resouces for xmessages > and keep it minimalistic, I think we can include your suggestion. I've > been waiting for other comments. > Thanks Matthieu. I wasted a while making an arse of /etc/X11/xdm/Xresources, and some kangaroos are now blindly bouncing into buses. My monitor is in rehab Who is good at that GUI stuff? -- "Apathy is not the problem, it's the solution"
Re: xdm halt & reboot buttons
On 2016-07-02 Sat 11:21 AM |, Bob Beck wrote: > On Saturday, 2 July 2016, Craig Skinner wrote: > > > > xmessage is now run as '_x11', shutdown as 'operator', and the status > > items as 'nobody'. Only user _x11's xmessage windows are pkilled. > > > > Do not use nobody. > > that is a very bad practice. may as well call nobody NFS. > Thanks Bob;- user 'nobody' nuked & replaced by 'operator'. Anything else to get sorted? --- /etc/X11/xdm/Xsetup_0 2016/06/28 14:20:18 1.1 +++ /etc/X11/xdm/Xsetup_0 2016/07/04 13:20:56 @@ -1,8 +1,51 @@ #!/bin/sh -# $OpenBSD: Xsetup_0,v 1.1 2016/06/28 13:20:18 craig Exp $ +# $OpenBSD: Xsetup_0,v 1.17 2016/07/04 12:23:59 craig Exp $ + +# Convenience GUI button items: +alias su_x11='su -s /bin/sh _x11 -c' +alias su_optr='su -s /bin/sh operator -c' + +function _xdm_machine_shutdown +{ + su_x11 "xmessage -geometry +0+0 -buttons 'Shutdown:20,Reboot:21' ' Machine:'" + case $? in + 20) + su_optr "shutdown -hp now 'xdm login screen'" + ;; + 21) + su_optr "shutdown -r now 'xdm login screen'" + ;; + esac +} + +function _xdm_machine_status +{ + while true + do + su_x11 "xmessage -geometry -0+0 -buttons 'Battery:30,Load:31' ' Status:'" + case $? in + 30) + su_optr 'apm' + ;; + 31) + su_optr 'uptime' + ;; + # TODO: + #32) + # su_optr 'some-wifi-status-thing' + # ;; + *) + break + ;; + esac + done +} + if [ "$DISPLAY" = ":0" -o "$DISPLAY" = ":0.0" ] then xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail + _xdm_machine_shutdown >/dev/console 2>&1 & + _xdm_machine_status >/dev/console 2>&1 & fi #sxpm OpenBSD.xpm & --- /etc/X11/xdm/GiveConsole2015/06/30 16:44:10 1.2 +++ /etc/X11/xdm/GiveConsole2016/07/02 13:18:32 @@ -1,6 +1,11 @@ #!/bin/sh # Assign ownership of the console to the invoking user -# $OpenBSD: GiveConsole,v 1.2 2015/06/30 15:44:10 craig Exp $ +# $OpenBSD: GiveConsole,v 1.4 2016/07/02 12:24:40 craig Exp $ +# + +# Started in Xsetup_0 +pkill -U _x11 -x xmessage + # # By convention, both xconsole and xterm -C check that the # console is owned by the invoking user and is readable before attaching
Append system start up messages to new /var/log/dmesg in /etc/rc
Hi, With dmesg's new -s flag, append each boot's full log to a new /var/log/dmesg semi-private log file. Inspired by Alexander Hall's recent post: http://marc.info/?l=openbsd-misc&m=147674181621645 This works for me (on 5.9) & rotates correctly: Index: rc === RCS file: /cvs/src/etc/rc,v retrieving revision 1.486 diff -u -p -r1.486 rc --- rc 10 Jul 2016 09:08:18 - 1.486 +++ rc 19 Oct 2016 13:04:04 - @@ -563,4 +563,7 @@ start_daemon apmd sensorsd hotplugd watc echo '.' date -exit 0 +umask 027 +dmesg >>/var/log/dmesg +dmesg -s >>/var/log/dmesg +umask 022 Index: newsyslog.conf === RCS file: /cvs/src/etc/newsyslog.conf,v retrieving revision 1.35 diff -u -p -r1.35 newsyslog.conf --- newsyslog.conf 1 Jun 2016 16:57:07 - 1.35 +++ newsyslog.conf 19 Oct 2016 13:04:04 - @@ -10,6 +10,7 @@ /var/log/lpd-errs 640 7 10 * Z /var/log/maillog 640 7 *24Z /var/log/messages 644 5 300 * Z +/var/log/dmesg 640 3 100 * Z /var/log/secure600 7 *168 Z /var/log/wtmp 644 7 *$W6D4 B /var/log/xferlog 640 7 250 * Z
Re: Append system start up messages to new /var/log/dmesg in /etc/rc
Resend folks: On 2016-10-19 Wed 14:19 PM |, Craig Skinner wrote: > Hi, > > With dmesg's new -s flag, append each boot's full log to a new > /var/log/dmesg semi-private log file. > > Inspired by Alexander Hall's recent post: > http://marc.info/?l=openbsd-misc&m=147674181621645 > > This works for me (on 5.9) & rotates correctly: > > > > Index: rc > === > RCS file: /cvs/src/etc/rc,v > retrieving revision 1.486 > diff -u -p -r1.486 rc > --- rc10 Jul 2016 09:08:18 - 1.486 > +++ rc19 Oct 2016 13:04:04 - > @@ -563,4 +563,7 @@ start_daemon apmd sensorsd hotplugd watc > echo '.' > > date > -exit 0 > +umask 027 > +dmesg >>/var/log/dmesg > +dmesg -s >>/var/log/dmesg > +umask 022 > Index: newsyslog.conf > === > RCS file: /cvs/src/etc/newsyslog.conf,v > retrieving revision 1.35 > diff -u -p -r1.35 newsyslog.conf > --- newsyslog.conf1 Jun 2016 16:57:07 - 1.35 > +++ newsyslog.conf19 Oct 2016 13:04:04 - > @@ -10,6 +10,7 @@ > /var/log/lpd-errs640 7 10 * Z > /var/log/maillog 640 7 *24Z > /var/log/messages644 5 300 * Z > +/var/log/dmesg 640 3 100 * Z > /var/log/secure 600 7 * 168 Z > /var/log/wtmp644 7 *$W6D4 B > /var/log/xferlog 640 7 250 * Z > -- Craig Skinner | http://linkd.in/yGqkv7
[diff] rc.d/ntpd config test in new rc_pre()
Hello, Here's a diff for the ntpd rc script pre start, to check the config. Works (for me) with a non-default configuration file too. Test output below, with a deliberatly mangled alternate file. Index: ntpd === RCS file: /cvs/src/etc/rc.d/ntpd,v retrieving revision 1.2 diff -u -p -r1.2 ntpd --- ntpd14 Sep 2011 02:36:09 - 1.2 +++ ntpd27 Jun 2015 13:01:36 - @@ -9,4 +9,21 @@ daemon="/usr/sbin/ntpd" pexp="ntpd: \[priv\]" rc_reload=NO + +rc_pre() +{ + # ntpd [-dnSsv] [-f file] + unset ntpd_conf + [[ ${daemon_flags} == -*f* ]] && + { + for daemon_flag in ${daemon_flags} + do + [[ ${daemon_flag} == -* ]] && continue + ntpd_conf="-f ${daemon_flag}" + break + done + } + _rc_do ${daemon} -n ${ntpd_conf} +} + rc_cmd $1 $ sudo /etc/rc.d/ntpd -d start doing _rc_parse_conf doing _rc_quirks ntpd_flags >-sf /tmp/ntpd.conf< doing _rc_read_runfile doing rc_check ntpd doing rc_pre doing /usr/sbin/ntpd -n -f /tmp/ntpd.conf /tmp/ntpd.conf:5: syntax error /tmp/ntpd.conf:6: could not resolve "ntp.example.not.uk" # dud listen on /tmp/ntpd.conf:7: could not resolve "ntp.localdomain"# dud listen on /tmp/ntpd.conf:16: syntax error doing _rc_rm_runfile (failed) $ sudo /etc/rc.d/ntpd -d start doing _rc_parse_conf doing _rc_quirks ntpd_flags >-s< doing _rc_read_runfile doing rc_check ntpd doing rc_pre doing /usr/sbin/ntpd -n configuration OK doing rc_start doing _rc_write_runfile (ok) $ sudo /etc/rc.d/ntpd restart ntpd(ok) ntpd(ok)
Re: unwritable PKG_CACHE directory
On 2015-07-06 Mon 23:08 PM |, Chris Bennett wrote: > If you want to have a writable PKG_CACHE, why not do something simple > like /home/dude/pkg_cache? > $ printenv PKG_CACHE /var/cache/pkgs $ ls -lod /var/cache /var/cache/pkgs drwxr-xr-x 8 root wheel nodump 512 May 28 21:57 /var/cache/ drwxrwxr-x 2 root wheel - 8704 Jul 6 07:39 /var/cache/pkgs/ Those in wheel group can pkg_add -n, caching for later root install.
[DIFF] /var/tmp in /etc/{weekly,locate.rc}
Change to /tmp as /var/tmp is usually a symlink to /tmp Also, /usr/tmp isn't in hier(7) Index: weekly === RCS file: /cvs/src/etc/weekly,v retrieving revision 1.26 diff -u -p -r1.26 weekly --- weekly 18 Apr 2014 10:00:48 - 1.26 +++ weekly 25 Jul 2015 15:09:01 - @@ -48,7 +48,7 @@ if [ -f /var/db/locate.database ]; then if TMP=`mktemp /var/db/locate.database.XX`; then trap 'rm -f $TMP; exit 1' 0 1 15 UPDATEDB="/usr/libexec/locate.updatedb" - echo "${UPDATEDB} --fcodes=- --tmpdir=${TMPDIR:-/var/tmp}" | \ + echo "${UPDATEDB} --fcodes=- --tmpdir=${TMPDIR:-/tmp}" | \ nice -5 su -m nobody 2>/dev/null 1>$TMP if [ -s "$TMP" ]; then chmod 444 $TMP Index: locate.rc === RCS file: /cvs/src/etc/locate.rc,v retrieving revision 1.6 diff -u -p -r1.6 locate.rc --- locate.rc 18 Sep 2003 09:20:13 - 1.6 +++ locate.rc 25 Jul 2015 15:09:01 - @@ -4,7 +4,7 @@ # # temp directory -TMPDIR="/var/tmp" +TMPDIR="/tmp" # the actual database FCODES="/var/db/locate.database" @@ -13,7 +13,7 @@ FCODES="/var/db/locate.database" SEARCHPATHS="/" # directories unwanted in output -PRUNEPATHS="/tmp /var/tmp /usr/tmp" +PRUNEPATHS="/tmp /var/tmp" # filesystems allowed. Beware: a non-listed filesystem will be pruned # and if the SEARCHPATHS starts in such a filesystem locate will build
[DIFF] System accounting records
Hello, The diffs below produce this output: daily(8) email segment (if verbose): System accounting records: COMMANDS TIME I/O CORE USER 6407 22.0270521 0 root 142 0.10 383 0 operator 440 1.070 0 sshd 1398 113.39 267245 0 _spamd 484 0.55 784 0 _postfix 4 0.002 0 _squid 76 0.10 118 0 _dovecot 8 0.01 21 0 _dovenull 36 0.01 333 0 _mlmmj 3198 4.57 9798 0 xxx 138 0.03 230 0 cvs 41 0.01 20 0 webmaster 76 0.27 581 0 postmaster 103 0.12 1152 0 sysadmin 153 0.04 224 0 hostmaster 53 0.01 91 0 x 4 0.014 0 xxx USER is left justified in right column due to passwd(5) names being upto 31 characters long. $ ls -lh /var/account total 844 -rw-r--r-- 1 root wheel 68.9K Jul 31 08:54 acct -rw-r--r-- 1 root wheel 0B Jul 31 02:00 acct.bak -rw-r--r-- 1 root wheel 56.0K Jul 31 01:30 acct.bak.0.gz -rw-r--r-- 1 root wheel 44.7K Jul 30 01:30 acct.bak.1.gz -rw-r--r-- 1 root wheel 37.8K Jul 29 01:30 acct.bak.2.gz -rw-r--r-- 1 root wheel 37.9K Jul 28 01:30 acct.bak.3.gz -rw-r--r-- 1 root wheel 24.2K Jul 27 01:30 acct.bak.4.gz -rw-r--r-- 1 root wheel 33.0K Jul 26 01:30 acct.bak.5.gz -rw-r--r-- 1 root wheel 46.8K Jul 25 01:30 acct.bak.6.gz -rw-r--r-- 1 root wheel 32.0K Jul 31 01:30 savacct -rw-r--r-- 1 root wheel 32.0K Jul 31 01:30 usracct Index: daily === RCS file: /cvs/src/etc/daily,v retrieving revision 1.83 diff -u -p -r1.83 daily --- daily 29 Apr 2015 00:10:44 - 1.83 +++ daily 31 Jul 2015 07:51:13 - @@ -64,14 +64,22 @@ fi # >/dev/null 2>&1; } #fi -next_part "Purging accounting records:" -if [ -f /var/account/acct ]; then - mv -f /var/account/acct.2 /var/account/acct.3 - mv -f /var/account/acct.1 /var/account/acct.2 - mv -f /var/account/acct.0 /var/account/acct.1 - cp -f /var/account/acct /var/account/acct.0 - sa -sq -fi + +next_part "System accounting records:" +acct='/var/account/acct' +[[ -f ${acct} && -s ${acct} ]] && +{ + # For rotation by newsyslog: + cp -p ${acct} ${acct}.bak + + if [[ ${VERBOSESTATUS} == '0' ]] + then + sa -sq + else + printf "%s%7s%9s%7s%7s\n" 'COMMANDS' 'TIME' 'I/O' 'CORE' 'USER' + sa -smi | awk '{ printf "%8d%7.2f%9d%7d %-s\n", $2, $3, $4, $5, $1 }' + fi +} # If ROOTBACKUP is set to 1 in the environment, and # if filesystem named /altroot is type ffs and mounted "xx", Index: newsyslog.conf === RCS file: /cvs/src/etc/newsyslog.conf,v retrieving revision 1.33 diff -u -p -r1.33 newsyslog.conf --- newsyslog.conf 27 Aug 2014 13:46:32 - 1.33 +++ newsyslog.conf 31 Jul 2015 07:51:13 - @@ -16,3 +16,4 @@ /var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd" /var/www/logs/access.log 644 4 *$W0 Z "pkill -USR1 -u root -U root -x httpd" /var/www/logs/error.log644 7 250 * Z "pkill -USR1 -u root -U root -x httpd" +/var/account/acct.bak 644 7 1* ZB
Re: [DIFF] System accounting records
On 2015-07-31 Fri 09:06 AM |, Craig Skinner wrote: > Hello, > > The diffs below produce this output: > > daily(8) email segment (if verbose): > > System accounting records: > COMMANDS TIME I/O CORE USER > 6407 22.0270521 0 root > 142 0.10 383 0 operator > 440 1.070 0 sshd > 1398 113.39 267245 0 _spamd > 484 0.55 784 0 _postfix >4 0.002 0 _squid > 76 0.10 118 0 _dovecot >8 0.01 21 0 _dovenull > 36 0.01 333 0 _mlmmj > 3198 4.57 9798 0 xxx > 138 0.03 230 0 cvs > 41 0.01 20 0 webmaster > 76 0.27 581 0 postmaster > 103 0.12 1152 0 sysadmin > 153 0.04 224 0 hostmaster > 53 0.01 91 0 x >4 0.014 0 xxx > > > USER is left justified in right column due to > passwd(5) names being upto 31 characters long. > > > $ ls -lh /var/account > total 844 > -rw-r--r-- 1 root wheel 68.9K Jul 31 08:54 acct > -rw-r--r-- 1 root wheel 0B Jul 31 02:00 acct.bak > -rw-r--r-- 1 root wheel 56.0K Jul 31 01:30 acct.bak.0.gz > -rw-r--r-- 1 root wheel 44.7K Jul 30 01:30 acct.bak.1.gz > -rw-r--r-- 1 root wheel 37.8K Jul 29 01:30 acct.bak.2.gz > -rw-r--r-- 1 root wheel 37.9K Jul 28 01:30 acct.bak.3.gz > -rw-r--r-- 1 root wheel 24.2K Jul 27 01:30 acct.bak.4.gz > -rw-r--r-- 1 root wheel 33.0K Jul 26 01:30 acct.bak.5.gz > -rw-r--r-- 1 root wheel 46.8K Jul 25 01:30 acct.bak.6.gz > -rw-r--r-- 1 root wheel 32.0K Jul 31 01:30 savacct > -rw-r--r-- 1 root wheel 32.0K Jul 31 01:30 usracct > > Arrrgh! Clash of sa(8) commands. Running 'sa -sq' quietly summarises the accounting file. While 'sa -smi' nukes the summary history files & only summarises what's in the live accounting file. I don't know if sa's '-i' & '-s' flags are intended to work this way when specified together, if they're incompatible, or this is a bug. Separated verbose stats to truncation works OK: (Tested Saturday -> Monday & nobody's weekly locatedb activity is saved) Index: daily === RCS file: /cvs/src/etc/daily,v retrieving revision 1.83 diff -u -p -r1.83 daily --- daily 29 Apr 2015 00:10:44 - 1.83 +++ daily 3 Aug 2015 10:15:52 - @@ -64,14 +64,23 @@ fi # >/dev/null 2>&1; } #fi -next_part "Purging accounting records:" -if [ -f /var/account/acct ]; then - mv -f /var/account/acct.2 /var/account/acct.3 - mv -f /var/account/acct.1 /var/account/acct.2 - mv -f /var/account/acct.0 /var/account/acct.1 - cp -f /var/account/acct /var/account/acct.0 + +next_part "System accounting records:" +acct='/var/account/acct' +[[ -f ${acct} && -s ${acct} ]] && +{ + [[ ${VERBOSESTATUS} == '0' ]] || + { + printf "%s%8s%9s%7s%7s\n" 'COMMANDS' 'TIME' 'I/O' 'CORE' 'USER' + sa -mi | awk '{ printf "%8d%8.2f%9d%7d %-s\n", $2, $3, $4, $5, $1 }' + } + + # For rotation by newsyslog: + cp -p ${acct} ${acct}.bak + + # Truncate & summarise merge the accounting file sa -sq -fi +} # If ROOTBACKUP is set to 1 in the environment, and # if filesystem named /altroot is type ffs and mounted "xx", Index: newsyslog.conf === RCS file: /cvs/src/etc/newsyslog.conf,v retrieving revision 1.33 diff -u -p -r1.33 newsyslog.conf --- newsyslog.conf 27 Aug 2014 13:46:32 - 1.33 +++ newsyslog.conf 3 Aug 2015 10:15:52 - @@ -16,3 +16,4 @@ /var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd" /var/www/logs/access.log 644 4 *$W0 Z "pkill -USR1 -u root -U root -x httpd" /var/www/logs/error.log644 7 250 * Z "pkill -USR1 -u root -U root -x httpd" +/var/account/acct.bak 644 7 1* ZB
Re: [DIFF] /var/tmp in /etc/{weekly,locate.rc}
ping: On 2015-07-25 Sat 16:12 PM |, Craig Skinner wrote: > Change to /tmp as /var/tmp is usually a symlink to /tmp > > Also, /usr/tmp isn't in hier(7) > > > Index: weekly > === > RCS file: /cvs/src/etc/weekly,v > retrieving revision 1.26 > diff -u -p -r1.26 weekly > --- weekly18 Apr 2014 10:00:48 - 1.26 > +++ weekly25 Jul 2015 15:09:01 - > @@ -48,7 +48,7 @@ if [ -f /var/db/locate.database ]; then > if TMP=`mktemp /var/db/locate.database.XX`; then > trap 'rm -f $TMP; exit 1' 0 1 15 > UPDATEDB="/usr/libexec/locate.updatedb" > - echo "${UPDATEDB} --fcodes=- --tmpdir=${TMPDIR:-/var/tmp}" | \ > + echo "${UPDATEDB} --fcodes=- --tmpdir=${TMPDIR:-/tmp}" | \ > nice -5 su -m nobody 2>/dev/null 1>$TMP > if [ -s "$TMP" ]; then > chmod 444 $TMP > Index: locate.rc > === > RCS file: /cvs/src/etc/locate.rc,v > retrieving revision 1.6 > diff -u -p -r1.6 locate.rc > --- locate.rc 18 Sep 2003 09:20:13 - 1.6 > +++ locate.rc 25 Jul 2015 15:09:01 - > @@ -4,7 +4,7 @@ > # > > # temp directory > -TMPDIR="/var/tmp" > +TMPDIR="/tmp" > > # the actual database > FCODES="/var/db/locate.database" > @@ -13,7 +13,7 @@ FCODES="/var/db/locate.database" > SEARCHPATHS="/" > > # directories unwanted in output > -PRUNEPATHS="/tmp /var/tmp /usr/tmp" > +PRUNEPATHS="/tmp /var/tmp" > > # filesystems allowed. Beware: a non-listed filesystem will be pruned > # and if the SEARCHPATHS starts in such a filesystem locate will build > -- The press conference "THEY" didn't want broadcast: http://www.youtube.com/watch?v=Bzim6hQUoC8&index=18&list=PLHLREeMe4S0OmV_BYAfWNWi0qQzu2FWzK
Re: [DIFF] System accounting records
ping: On 2015-08-03 Mon 11:38 AM |, Craig Skinner wrote: > On 2015-07-31 Fri 09:06 AM |, Craig Skinner wrote: > > Hello, > > > > The diffs below produce this output: > > > > daily(8) email segment (if verbose): > > > > System accounting records: > > COMMANDS TIME I/O CORE USER > > 6407 22.0270521 0 root > > 142 0.10 383 0 operator > > 440 1.070 0 sshd > > 1398 113.39 267245 0 _spamd > > 484 0.55 784 0 _postfix > >4 0.002 0 _squid > > 76 0.10 118 0 _dovecot > >8 0.01 21 0 _dovenull > > 36 0.01 333 0 _mlmmj > > 3198 4.57 9798 0 xxx > > 138 0.03 230 0 cvs > > 41 0.01 20 0 webmaster > > 76 0.27 581 0 postmaster > > 103 0.12 1152 0 sysadmin > > 153 0.04 224 0 hostmaster > > 53 0.01 91 0 x > >4 0.014 0 xxx > > > > > > USER is left justified in right column due to > > passwd(5) names being upto 31 characters long. > > > > > > $ ls -lh /var/account > > total 844 > > -rw-r--r-- 1 root wheel 68.9K Jul 31 08:54 acct > > -rw-r--r-- 1 root wheel 0B Jul 31 02:00 acct.bak > > -rw-r--r-- 1 root wheel 56.0K Jul 31 01:30 acct.bak.0.gz > > -rw-r--r-- 1 root wheel 44.7K Jul 30 01:30 acct.bak.1.gz > > -rw-r--r-- 1 root wheel 37.8K Jul 29 01:30 acct.bak.2.gz > > -rw-r--r-- 1 root wheel 37.9K Jul 28 01:30 acct.bak.3.gz > > -rw-r--r-- 1 root wheel 24.2K Jul 27 01:30 acct.bak.4.gz > > -rw-r--r-- 1 root wheel 33.0K Jul 26 01:30 acct.bak.5.gz > > -rw-r--r-- 1 root wheel 46.8K Jul 25 01:30 acct.bak.6.gz > > -rw-r--r-- 1 root wheel 32.0K Jul 31 01:30 savacct > > -rw-r--r-- 1 root wheel 32.0K Jul 31 01:30 usracct > > > > > Index: daily === RCS file: /cvs/src/etc/daily,v retrieving revision 1.83 diff -u -p -r1.83 daily --- daily 29 Apr 2015 00:10:44 - 1.83 +++ daily 31 Jul 2015 07:51:13 - @@ -64,14 +64,22 @@ fi # >/dev/null 2>&1; } #fi -next_part "Purging accounting records:" -if [ -f /var/account/acct ]; then - mv -f /var/account/acct.2 /var/account/acct.3 - mv -f /var/account/acct.1 /var/account/acct.2 - mv -f /var/account/acct.0 /var/account/acct.1 - cp -f /var/account/acct /var/account/acct.0 - sa -sq -fi + +next_part "System accounting records:" +acct='/var/account/acct' +[[ -f ${acct} && -s ${acct} ]] && +{ + # For rotation by newsyslog: + cp -p ${acct} ${acct}.bak + + if [[ ${VERBOSESTATUS} == '0' ]] + then + sa -sq + else + printf "%s%7s%9s%7s%7s\n" 'COMMANDS' 'TIME' 'I/O' 'CORE' 'USER' + sa -smi | awk '{ printf "%8d%7.2f%9d%7d %-s\n", $2, $3, $4, $5, $1 }' + fi +} # If ROOTBACKUP is set to 1 in the environment, and # if filesystem named /altroot is type ffs and mounted "xx", Index: newsyslog.conf === RCS file: /cvs/src/etc/newsyslog.conf,v retrieving revision 1.33 diff -u -p -r1.33 newsyslog.conf --- newsyslog.conf 27 Aug 2014 13:46:32 - 1.33 +++ newsyslog.conf 31 Jul 2015 07:51:13 - @@ -16,3 +16,4 @@ /var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd" /var/www/logs/access.log 644 4 *$W0 Z "pkill -USR1 -u root -U root -x httpd" /var/www/logs/error.log644 7 250 * Z "pkill -USR1 -u root -U root -x httpd" +/var/account/acct.bak 644 7 1* ZB
Re: [DIFF] System accounting records
D'oh! Wrong diff in last email, sorry. This one instead: On 2015-08-25 Tue 09:35 AM |, Craig Skinner wrote: > ping: > > On 2015-08-03 Mon 11:38 AM |, Craig Skinner wrote: > > On 2015-07-31 Fri 09:06 AM |, Craig Skinner wrote: > > > Hello, > > > > > > The diffs below produce this output: > > > > > > daily(8) email segment (if verbose): > > > > > > System accounting records: > > > COMMANDS TIME I/O CORE USER > > > 6407 22.0270521 0 root > > > 142 0.10 383 0 operator > > > 440 1.070 0 sshd > > > 1398 113.39 267245 0 _spamd > > > 484 0.55 784 0 _postfix > > >4 0.002 0 _squid > > > 76 0.10 118 0 _dovecot > > >8 0.01 21 0 _dovenull > > > 36 0.01 333 0 _mlmmj > > > 3198 4.57 9798 0 xxx > > > 138 0.03 230 0 cvs > > > 41 0.01 20 0 webmaster > > > 76 0.27 581 0 postmaster > > > 103 0.12 1152 0 sysadmin > > > 153 0.04 224 0 hostmaster > > > 53 0.01 91 0 x > > >4 0.014 0 xxx > > > > > > > > > USER is left justified in right column due to > > > passwd(5) names being upto 31 characters long. > > > > > > > > > $ ls -lh /var/account > > > total 844 > > > -rw-r--r-- 1 root wheel 68.9K Jul 31 08:54 acct > > > -rw-r--r-- 1 root wheel 0B Jul 31 02:00 acct.bak > > > -rw-r--r-- 1 root wheel 56.0K Jul 31 01:30 acct.bak.0.gz > > > -rw-r--r-- 1 root wheel 44.7K Jul 30 01:30 acct.bak.1.gz > > > -rw-r--r-- 1 root wheel 37.8K Jul 29 01:30 acct.bak.2.gz > > > -rw-r--r-- 1 root wheel 37.9K Jul 28 01:30 acct.bak.3.gz > > > -rw-r--r-- 1 root wheel 24.2K Jul 27 01:30 acct.bak.4.gz > > > -rw-r--r-- 1 root wheel 33.0K Jul 26 01:30 acct.bak.5.gz > > > -rw-r--r-- 1 root wheel 46.8K Jul 25 01:30 acct.bak.6.gz > > > -rw-r--r-- 1 root wheel 32.0K Jul 31 01:30 savacct > > > -rw-r--r-- 1 root wheel 32.0K Jul 31 01:30 usracct > > > > > > > > Index: daily === RCS file: /cvs/src/etc/daily,v retrieving revision 1.83 diff -u -p -r1.83 daily --- daily 29 Apr 2015 00:10:44 - 1.83 +++ daily 3 Aug 2015 10:15:52 - @@ -64,14 +64,23 @@ fi # >/dev/null 2>&1; } #fi -next_part "Purging accounting records:" -if [ -f /var/account/acct ]; then - mv -f /var/account/acct.2 /var/account/acct.3 - mv -f /var/account/acct.1 /var/account/acct.2 - mv -f /var/account/acct.0 /var/account/acct.1 - cp -f /var/account/acct /var/account/acct.0 + +next_part "System accounting records:" +acct='/var/account/acct' +[[ -f ${acct} && -s ${acct} ]] && +{ + [[ ${VERBOSESTATUS} == '0' ]] || + { + printf "%s%8s%9s%7s%7s\n" 'COMMANDS' 'TIME' 'I/O' 'CORE' 'USER' + sa -mi | awk '{ printf "%8d%8.2f%9d%7d %-s\n", $2, $3, $4, $5, $1 }' + } + + # For rotation by newsyslog: + cp -p ${acct} ${acct}.bak + + # Truncate & summarise merge the accounting file sa -sq -fi +} # If ROOTBACKUP is set to 1 in the environment, and # if filesystem named /altroot is type ffs and mounted "xx", Index: newsyslog.conf === RCS file: /cvs/src/etc/newsyslog.conf,v retrieving revision 1.33 diff -u -p -r1.33 newsyslog.conf --- newsyslog.conf 27 Aug 2014 13:46:32 - 1.33 +++ newsyslog.conf 3 Aug 2015 10:15:52 - @@ -16,3 +16,4 @@ /var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd" /var/www/logs/access.log 644 4 *$W0 Z "pkill -USR1 -u root -U root -x httpd" /var/www/logs/error.log644 7 250 * Z "pkill -USR1 -u root -U root -x httpd" +/var/account/acct.bak 644 7 1* ZB
Re: Cache-Control for httpd
Hi Manuel, On 2015-09-15 Tue 14:49 PM |, Manuel Giraud wrote: > > Questions: > - Is there any interest? As a user I'm interested: http://marc.info/?l=openbsd-misc&m=140976806917292&w=2 http://marc.info/?l=openbsd-misc&m=143591750200748&w=2
Fwd: [DIFF] user & group delete named in upgrade57.html
Fwd from misc@: - Forwarded message from Craig Skinner - Date: Wed, 9 Sep 2015 10:10:08 +0100 From: Craig Skinner To: m...@openbsd.org Subject: Re: [DIFF] user & group delete named in upgrade57.html User-Agent: Mutt/1.5.23 (2014-03-12) Resend: On 2015-08-31 Mon 10:52 AM |, Craig Skinner wrote: > Hi there, > > BIND is binned. > > --- upgrade57.htmlMon Aug 31 10:44:41 2015 > +++ upgrade57-del-named.html Mon Aug 31 10:46:46 2015 > @@ -495,6 +495,8 @@ rm -r /var/tmp > ln -s /tmp /var/tmp > > groupdel _lkm > +userdel named > +groupdel named > userdel smmsp > groupdel smmsp > - End forwarded message -
Re: spamd: speed up blacklist lookups
On Tue, 17 Oct 2017 05:38:33 -0600 "Todd C. Miller" wrote: > an upcoming diff that performs more lookups. Superb. -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: ksh(1): kill the "version" function
On Sun, 26 Nov 2017 21:55:21 +0100 Jeremie Courreges-Anglas wrote: > Yup. Before someone proposes to remove or significantly change the > content of the version string: please think about shell scripts out > there that might use KSH_VERSION. Long thread from Feb 2015: http://openbsd-archive.7691.n7.nabble.com/ksh-version-lies-td265560.html
Re: uniq: add -i option
On Thu, 21 Dec 2017 11:06:02 +0100 Theo Buehler wrote: > I committed a minimally tweaked version of your diff... Thanks everybody.
Re: Drop register keyword from less(1)
On 2015-11-02 Mon 15:57 PM |, Ted Unangst wrote: > > I would say less has reached the point in its lifecycle where it can only get > bigger and worse, so there's some merit to putting it on a diet. > Ha! Less less(1).
Re: give cron a sensible default max load_avg for batch jobs
On 2015-11-14 Sat 05:57 AM |, Todd C. Miller wrote: > The quesion no one seems to be asking here is "who actually runs > batch". Anyone? > I do, on small servers with an average uptime(1) load of ~0.2
spamd & spamlogd open sync port 8025 as root
Hi! FYI;- I've noticed spamd & spamlogd open their high ports as root. These pf rules work, changing to 'user _spamd' doesn't: pass in on $ext_if inet proto udp \ from $ext_if:network port > 1023 \ to $ext_if:0 port spamd-sync \ user root pass out on $ext_if inet proto udp \ from $ext_if:0 port > 1023 \ to $ext_if:network port spamd-sync \ user root $ fstat -u _spamd | fgrep internet _spamd spamlogd28614* internet dgram udp *:12412 _spamd spamd 14083* internet stream tcp 0x0 *:8025 _spamd spamd 14084* internet stream tcp 0x0 127.0.0.1:8026 _spamd spamd 14085* internet dgram udp 78.33.153.147:8025 _spamd spamd 111543* internet stream tcp 0x0 *:8025 _spamd spamd 111544* internet stream tcp 0x0 127.0.0.1:8026 _spamd spamd 111545* internet dgram udp 78.33.153.147:8025 _spamd spamd 114523* internet stream tcp 0x0 *:8025 _spamd spamd 114524* internet stream tcp 0x0 127.0.0.1:8026 _spamd spamd 114525* internet dgram udp 78.33.153.147:8025 This box syslogs: Dec 18 15:13:25 palm spamd[1408]: new WHITE from 78.33.153.148 for 208.70.245.125, expires 1453562006 The WHITE would be from spamlogd sending to UDP 8025 as root due to the pf rules above for that port require root to function. The source files show all the sockets are opened before priv drop. As the ports are above 1023, is this necessary? - I'm not a C coder... The more recent commit logs & source don't seem to have changed in this regard from: $ head -n 5 /var/run/dmesg.boot OpenBSD 5.7 (GENERIC) #738: Sun Mar 8 10:59:31 MDT 2015 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 349 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,PERF real mem = 267849728 (255MB)
Re: /var/tmp in current
On 2014-11-18 Tue 12:58 PM |, Martin Schr??der wrote: > > See hier(7): > > A symbolic link to the system /tmp directory. To protect other users > of /var from overfill conditions, this is no longer a space you can > trust to retain storage over a reboot. Periodically cleaned by > daily(8). > My machines all mount /var/tmp separately. Is the /var/tmp link to be considered a backwards compatable artifact? -- RS800 Yacht Racing Nationals, Eastbourne 2013 http://youtu.be/cmcTjxKOWdY
Re: [source-changes] relayd.conf.5 (an hex -> a hex)
On 2014-12-22 Mon 19:34 PM |, Christopher Vance wrote: > Whether a or an is appropriate will depend on whether the h is pronounced. > In England (i.e. where the English language comes from) h is often a silent letter. 76% of people born in England since 1982 still do not pronounce it: http://en.wikipedia.org/wiki/H#Name_in_English http://english.stackexchange.com/questions/23396/is-the-history-of-h-dropping-in-english-in-any-way-related-to-the-silent-h-of-fr Other countries of the United Kingdom (Scotland, Ireland, Wales) are different, as are other countries of the British Empire. Meh...
Jan's crontab.5 diff
http://marc.info/?l=openbsd-misc&m=142031621606691&w=2 - Forwarded message from Jan Stary - Date: Sat, 3 Jan 2015 21:15:58 +0100 From: Jan Stary To: m...@openbsd.org Subject: Re: Failed cron jobs are silent On Jan 03 19:05:11, open...@crowsons.com wrote: > set the MAILTO variable in crontab. > man 5 crontab not man 1 crontab MAILTO If MAILTO is defined and non-empty, mail is sent to the user so named. If MAILTO is defined but empty (MAILTO = ""), no mail will be sent. Otherwise mail is sent to the owner of the crontab. This is useful for pseudo-users that lack an alias that would otherwise redirect the mail to a real person. There seems to be a slight discrepancy between what cron.1 says and what crontab.5 says. I just put * * * * * true * * * * * false * * * * * echo -n * * * * * echo into my crontab (current/amd64). Echo sends an email, because it has an output (even if just the newline). The mail goes either to me, or whatever I set MAILTO to be. None of the others send any mail, regardless of MAILTO, because there is no output from the command. So it seems crontab.5 is slightly inacurate. Jan Index: crontab.5 === RCS file: /cvs/src/usr.sbin/cron/crontab.5,v retrieving revision 1.33 diff -u -p -r1.33 crontab.5 --- crontab.5 30 Jan 2014 20:02:42 - 1.33 +++ crontab.5 3 Jan 2015 20:12:08 - @@ -255,14 +255,16 @@ May not be overridden by settings in the If .Ev MAILTO is defined and non-empty, -mail is sent to the user so named. +mail is sent to the user so named +if the command produces any output. If .Ev MAILTO is defined but empty .Pq Ev MAILTO = Qq , no mail will be sent. Otherwise mail is sent to the owner of the -.Nm . +.Nm +if the command produces any output. This is useful for pseudo-users that lack an alias that would otherwise redirect the mail to a real person. .It Ev SHELL - End forwarded message -
[Feature request] Failed cron/at/batch jobs mail exit code != 0
Could cron/at/batch be altered to mail the exit code of failed silent jobs? http://marc.info/?t=14203004412&r=1&w=2 - Forwarded message from Craig Skinner - Date: Sat, 3 Jan 2015 15:50:36 +0000 From: Craig Skinner To: m...@openbsd.org Subject: Failed cron jobs are silent Back in the memory of somewhere??? I worked, failed cronjobs would mail their return code if not zero. Something like: "Cron Job false exited with return code 1" I cannae mind if it was Solaris or Linux, or whatever they were using... Can OpenBSD's cron do that too? Here's some silent & noisey sample shite jobs: - Forwarded message from Cron Daemon - Date: Sat, 3 Jan 2015 15:30:02 + (GMT) From: Cron Daemon To: skin...@britvault.co.uk Subject: Cron crontab -l # Silent: * * * * * true * * * * * false * * * * * exit * * * * * exit 111 # http://en.wikipedia.org/wiki/111_(emergency_telephone_number) # Mail: * * * * * false || print -u2 "exited with return code $?" * * * * * false || print -u2 'http://en.wikipedia.org/wiki/One_Tree_Hill_(song)' * * * * * crontab -l * * * * * logname; umask; pwd; printenv | sort - End forwarded message -
Rotate & compress accounting logs with newsyslog
Produces:- $ ls -lh /var/account total 8472 -rw-r--r-- 1 root wheel 2.7M Feb 6 19:20 acct -rw-r--r-- 1 root wheel 187K Feb 6 01:30 acct.bak.0.gz -rw-r--r-- 1 root wheel 206K Feb 5 01:30 acct.bak.1.gz -rw-r--r-- 1 root wheel 175K Feb 4 01:30 acct.bak.2.gz -rw-r--r-- 1 root wheel 215K Feb 3 01:30 acct.bak.3.gz -rw-r--r-- 1 root wheel 185K Feb 2 01:30 acct.bak.4.gz -rw-r--r-- 1 root wheel 188K Feb 1 01:30 acct.bak.5.gz -rw-r--r-- 1 root wheel 184K Jan 31 01:30 acct.bak.6.gz -rw-r--r-- 1 root wheel 64.0K Feb 6 01:30 savacct -rw-r--r-- 1 root wheel 32.0K Feb 6 01:30 usracct Via an epoch newsyslog entry & force it in daily after copying to .bak A zero sized file is skipped (accounting previously turned off). Diffs:- Index: daily === RCS file: /cvs/src/etc/daily,v retrieving revision 1.82 diff -u -p -r1.82 daily --- daily 17 Nov 2014 18:19:08 - 1.82 +++ daily 6 Feb 2015 19:23:26 - @@ -1,3 +1,4 @@ +: # # $OpenBSD: daily,v 1.82 2014/11/17 18:19:08 deraadt Exp $ # From: @(#)daily 8.2 (Berkeley) 1/25/94 @@ -65,13 +66,16 @@ fi #fi next_part "Purging accounting records:" -if [ -f /var/account/acct ]; then - mv -f /var/account/acct.2 /var/account/acct.3 - mv -f /var/account/acct.1 /var/account/acct.2 - mv -f /var/account/acct.0 /var/account/acct.1 - cp -f /var/account/acct /var/account/acct.0 +acct='/var/account/acct' +[[ -f ${acct} && -s ${acct} ]] && +{ + cp -pf ${acct} ${acct}.bak && + { + newsyslog -F ${acct}.bak + rm ${acct}.bak + } sa -sq -fi +} # If ROOTBACKUP is set to 1 in the environment, and # if filesystem named /altroot is type ffs and mounted "xx", Index: newsyslog.conf === RCS file: /cvs/src/etc/newsyslog.conf,v retrieving revision 1.33 diff -u -p -r1.33 newsyslog.conf --- newsyslog.conf 27 Aug 2014 13:46:32 - 1.33 +++ newsyslog.conf 6 Feb 2015 19:23:26 - @@ -16,3 +16,4 @@ /var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd" /var/www/logs/access.log 644 4 *$W0 Z "pkill -USR1 -u root -U root -x httpd" /var/www/logs/error.log644 7 250 * Z "pkill -USR1 -u root -U root -x httpd" +/var/account/acct.bak 644 7 *@19700101 ZB -- There was a young man named Crockett Whose balls got caught in a socket. His wife was a bitch, And she threw the switch, As Crockett went off like a rocket.
Re: ksh version lies
On 2015-02-16 Mon 09:22 AM |, Todd C. Miller wrote: > There are scripts that use KSH_VERSION to determine whether they > are being run under ksh or a Bourne shell. That seems like a > reasonable thing to do. I don't really care what the version > number is set to. Korn scripts here that drive dump has a system that allows admins to hook in per machine/partition scripts to shutdown databases, daemons, before unmounting, for dumping. They just check for ' KSH ' in $KSH_VERSION Other scripts do this: [[ -o sh ]] && { print -u2 'Not Korn shell' exit 70 #EX_SOFTWARE } Could there be an init set -o for ksh on, instead of $KSH_VERSION?
[DIFF] /etc/rc: gracefully shut down base daemons too
Produces (on 5.6 release) - with start up order reversed: # halt -p stopping package daemons: greyscanner postfix sshguard. stopping base daemons: cron spamlogd spamd sshd ntpd unbound nsd pflogd syslogd. syncing disks... done Index: rc === RCS file: /cvs/src/etc/rc,v retrieving revision 1.447 diff -u -p -r1.447 rc --- rc 22 Jan 2015 19:00:24 - 1.447 +++ rc 17 Feb 2015 13:16:05 - @@ -131,17 +131,42 @@ fill_baddynamic() } } -start_daemon() +start_stop_daemon() { - local _n - for _n; do - eval _do=\${${_n}_flags} - if [ X"${_do}" != X"NO" ]; then - /etc/rc.d/${_n} start - fi + local _start_stop=$1 + local _daemon _daemon_script + shift + + for _daemon + do + eval _do=\${${_daemon}_flags} + [[ ${_do} == 'NO' ]] && continue + + _daemon_script="/etc/rc.d/${_daemon}" + [[ -e ${_daemon_script} ]] || + { + print -n -- " ${_daemon}(absent)" + continue + } + [[ -x ${_daemon_script} ]] || + { + print -n -- " ${_daemon}(inexecutable)" + continue + } + ${_daemon_script} ${_start_stop} done } +start_daemon() +{ + start_stop_daemon 'start' $* +} + +stop_daemon() +{ + start_stop_daemon 'stop' $* +} + make_keys() { if [ ! -f /etc/isakmpd/private/local.key ]; then @@ -269,12 +294,24 @@ if [ X"$1" = X"shutdown" ]; then while [ -n "${pkg_scripts}" ]; do _r=${pkg_scripts##* } pkg_scripts=${pkg_scripts%%*( )${_r}} - [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop + stop_daemon ${_r} done echo '.' fi [ -f /etc/rc.shutdown ] && sh /etc/rc.shutdown + + print -n 'stopping base daemons:' + _daemons=$(egrep "start_daemon[[:blank:]][[:alnum:]]" /etc/rc | + sed s"/start_daemon//") + while [[ -n ${_daemons} ]] + do + _daemon=${_daemons##* } + _daemons=${_daemons%%*( )${_daemon}} + stop_daemon ${_daemon} + done + print '.' + else echo single user: not running shutdown scripts fi @@ -513,11 +550,7 @@ rm -f /etc/rc.firsttime.run if [ -n "${pkg_scripts}" ]; then echo -n 'starting package daemons:' for _r in $pkg_scripts; do - if [ -x /etc/rc.d/${_r} ]; then - start_daemon ${_r} - else - echo -n " ${_r}(absent)" - fi + start_daemon ${_r} done echo '.' fi
Re: [DIFF] /etc/rc: gracefully shut down base daemons too
On 2015-02-17 Tue 14:24 PM |, Antoine Jacoutot wrote: > On Tue, Feb 17, 2015 at 01:20:03PM +0000, Craig Skinner wrote: > > Produces (on 5.6 release) - with start up order reversed: > > > > # halt -p > > stopping package daemons: greyscanner postfix sshguard. > > stopping base daemons: cron spamlogd spamd sshd ntpd unbound nsd pflogd > > syslogd. > > syncing disks... done > > I cooked a patch for that a few months ago (actually >1 year ago iirc) but we > decided not to go down that road for a reason I cannot recall right now. > And I was using the information from /var/run/rc.d instead to know what to > shutdown exactly instead of greping /etc/rc. > Would the reverse boot order be maintained by looking at items in /var/run/rc.d? -- The way to make a small fortune in the commodities market is to start with a large fortune.
Re: [DIFF] /etc/rc: gracefully shut down base daemons too
On 2015-02-17 Tue 14:24 PM |, Antoine Jacoutot wrote: > On Tue, Feb 17, 2015 at 01:20:03PM +0000, Craig Skinner wrote: > > Produces (on 5.6 release) - with start up order reversed: > > > > # halt -p > > stopping package daemons: greyscanner postfix sshguard. > > stopping base daemons: cron spamlogd spamd sshd ntpd unbound nsd pflogd > > syslogd. > > syncing disks... done > > I cooked a patch for that a few months ago (actually >1 year ago iirc) but we > decided not to go down that road for a reason I cannot recall right now. > And I was using the information from /var/run/rc.d instead to know what to > shutdown exactly instead of greping /etc/rc. > Changed to skip pflogd, syslogd & check /var/run/rc.d/ Index: rc === RCS file: /cvs/src/etc/rc,v retrieving revision 1.447 diff -u -p -r1.447 rc --- rc 22 Jan 2015 19:00:24 - 1.447 +++ rc 20 Feb 2015 16:38:49 - @@ -131,17 +131,42 @@ fill_baddynamic() } } -start_daemon() +start_stop_daemon() { - local _n - for _n; do - eval _do=\${${_n}_flags} - if [ X"${_do}" != X"NO" ]; then - /etc/rc.d/${_n} start - fi + local _start_stop=$1 + local _daemon _daemon_script + shift + + for _daemon + do + eval _do=\${${_daemon}_flags} + [[ ${_do} == 'NO' ]] && continue + + _daemon_script="/etc/rc.d/${_daemon}" + [[ -e ${_daemon_script} ]] || + { + print -n -- " ${_daemon}(absent)" + continue + } + [[ -x ${_daemon_script} ]] || + { + print -n -- " ${_daemon}(inexecutable)" + continue + } + ${_daemon_script} ${_start_stop} done } +start_daemon() +{ + start_stop_daemon 'start' $* +} + +stop_daemon() +{ + start_stop_daemon 'stop' $* +} + make_keys() { if [ ! -f /etc/isakmpd/private/local.key ]; then @@ -269,12 +294,26 @@ if [ X"$1" = X"shutdown" ]; then while [ -n "${pkg_scripts}" ]; do _r=${pkg_scripts##* } pkg_scripts=${pkg_scripts%%*( )${_r}} - [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop + stop_daemon ${_r} done echo '.' fi [ -f /etc/rc.shutdown ] && sh /etc/rc.shutdown + + print -n 'stopping base daemons:' + set -A _daemons $(egrep "start_daemon[[:blank:]][[:alnum:]]" /etc/rc) + for _daemon in $(jot ${#_daemons[*]} ${#_daemons[*]} 1) + do + _daemon=${_daemons[${_daemon}]} + [[ ${_daemon} == 'start_daemon' ]] && continue + [[ -f /var/run/rc.d/${_daemon} ]] || continue + [[ ${_daemon} == 'pflogd' ]] && continue + [[ ${_daemon} == 'syslogd' ]] && continue + stop_daemon ${_daemon} + done + print '.' + else echo single user: not running shutdown scripts fi @@ -513,11 +552,7 @@ rm -f /etc/rc.firsttime.run if [ -n "${pkg_scripts}" ]; then echo -n 'starting package daemons:' for _r in $pkg_scripts; do - if [ -x /etc/rc.d/${_r} ]; then - start_daemon ${_r} - else - echo -n " ${_r}(absent)" - fi + start_daemon ${_r} done echo '.' fi
Re: [DIFF] /etc/rc: gracefully shut down base daemons too
On 2015-02-20 Fri 18:12 PM |, Ingo Schwarze wrote: > Craig Skinner wrote on Fri, Feb 20, 2015 at 04:41:17PM +: > > > Changed to skip pflogd, syslogd & check /var/run/rc.d/ > > No, we don't want it, and we have given reasons > > Which problem are you trying to solve? > OpenBSD runs great Ingo. I guessed gracefully shutting down daemons was the decent thing to do. Oh well. for the archives, in case there is a future need. -- "Do you cheat on your wife?" asked the psychiatrist. "Who else?" answered the patient.
Re: Rotate & compress accounting logs with newsyslog
Resend: On 2015-02-06 Fri 19:37 PM |, Craig Skinner wrote: > Produces:- > > $ ls -lh /var/account > total 8472 > -rw-r--r-- 1 root wheel 2.7M Feb 6 19:20 acct > -rw-r--r-- 1 root wheel 187K Feb 6 01:30 acct.bak.0.gz > -rw-r--r-- 1 root wheel 206K Feb 5 01:30 acct.bak.1.gz > -rw-r--r-- 1 root wheel 175K Feb 4 01:30 acct.bak.2.gz > -rw-r--r-- 1 root wheel 215K Feb 3 01:30 acct.bak.3.gz > -rw-r--r-- 1 root wheel 185K Feb 2 01:30 acct.bak.4.gz > -rw-r--r-- 1 root wheel 188K Feb 1 01:30 acct.bak.5.gz > -rw-r--r-- 1 root wheel 184K Jan 31 01:30 acct.bak.6.gz > -rw-r--r-- 1 root wheel 64.0K Feb 6 01:30 savacct > -rw-r--r-- 1 root wheel 32.0K Feb 6 01:30 usracct > > > Via an epoch newsyslog entry & force it in daily after copying to .bak > > A zero sized file is skipped (accounting previously turned off). > > > Diffs:- > > Index: daily > === > RCS file: /cvs/src/etc/daily,v > retrieving revision 1.82 > diff -u -p -r1.82 daily > --- daily 17 Nov 2014 18:19:08 - 1.82 > +++ daily 6 Feb 2015 19:23:26 - > @@ -1,3 +1,4 @@ > +: > # > #$OpenBSD: daily,v 1.82 2014/11/17 18:19:08 deraadt Exp $ > #From: @(#)daily 8.2 (Berkeley) 1/25/94 > @@ -65,13 +66,16 @@ fi > #fi > > next_part "Purging accounting records:" > -if [ -f /var/account/acct ]; then > - mv -f /var/account/acct.2 /var/account/acct.3 > - mv -f /var/account/acct.1 /var/account/acct.2 > - mv -f /var/account/acct.0 /var/account/acct.1 > - cp -f /var/account/acct /var/account/acct.0 > +acct='/var/account/acct' > +[[ -f ${acct} && -s ${acct} ]] && > +{ > + cp -pf ${acct} ${acct}.bak && > + { > + newsyslog -F ${acct}.bak > + rm ${acct}.bak > + } > sa -sq > -fi > +} > > # If ROOTBACKUP is set to 1 in the environment, and > # if filesystem named /altroot is type ffs and mounted "xx", > Index: newsyslog.conf > === > RCS file: /cvs/src/etc/newsyslog.conf,v > retrieving revision 1.33 > diff -u -p -r1.33 newsyslog.conf > --- newsyslog.conf27 Aug 2014 13:46:32 - 1.33 > +++ newsyslog.conf6 Feb 2015 19:23:26 - > @@ -16,3 +16,4 @@ > /var/log/pflog 600 3 250 * ZB "pkill > -HUP -u root -U root -t - -x pflogd" > /var/www/logs/access.log 644 4 *$W0 Z "pkill -USR1 -u > root -U root -x httpd" > /var/www/logs/error.log 644 7 250 * Z "pkill > -USR1 -u root -U root -x httpd" > +/var/account/acct.bak644 7 *@19700101 > ZB > >
getty[3246]: (null): Bad file descriptor
Hi, It seems getty(8) needs an argument (in /etc/ttys at least): Otherwise, loads of this in /var/log/authlog after rebooting: Apr 13 15:27:03 pine getty[31932]: (null): Bad file descriptor Apr 13 15:27:03 pine getty[12802]: (null): Bad file descriptor Apr 13 15:27:03 pine getty[17719]: (null): Bad file descriptor Apr 13 15:27:03 pine getty[30241]: (null): Bad file descriptor Apr 13 15:27:03 pine getty[19066]: (null): Bad file descriptor Apr 13 15:27:03 pine getty[23566]: (null): Bad file descriptor Apr 13 15:27:03 pine getty[2623]: (null): Bad file descriptor Apr 13 15:27:03 pine getty[3246]: (null): Bad file descriptor Apr 13 15:27:04 pine getty[19976]: (null): Bad file descriptor Apr 13 15:27:04 pine init: getty repeating too quickly on port /dev/tty00, sleeping getty(8) says the 'default' table is used when no argument is given. Noticed when changing /etc/gettytab default speed to 9600 baud: default:\ :np:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#9600: With this entry in /etc/ttys: tty00 "/usr/libexec/getty"xterm on secure $ uanme -msrv OpenBSD 5.6 GENERIC#274 i386
Re: autoinstall(8) tweaks
On 2015-04-15 Wed 12:05 PM |, Vincent Gross wrote: > > The default allocation is actually easy to rework right after a fresh > install, as /usr/src, /usr/obj and /home are at the end. Ssh as > root, kill /usr/src, /usr/obj and /home, optionally extend /usr/local, > and then repartition as you wish. > Maybe try install.site or rc.firsttime to automate that. > As for swap and /tmp, you can move /tmp to the end, at worst you will > lose 4G worth of disk space you can add to swap. >
Re: man, man.conf and /usr/ports/infrastructure/man
On 2015-04-18 Sat 16:21 PM |, Theo de Raadt wrote: > > If the ports infrastructure manual pages were simply part of a package > that is neccessary for building ports, then the manuals could show up > in /usr/local/man, removing the need for any configuration. > Slick idea. -- Cat, n.: Lapwarmer with built-in buzzer.
Fwd: sudo not honouring $PATH, $MAIL & umask
FYI: - Forwarded message from Craig Skinner - Date: Sat, 31 Jan 2015 11:02:39 + (GMT) From: Craig Skinner To: b...@openbsd.org Subject: sudo not honouring $PATH, $MAIL & umask >Synopsis: sudo not honouring $PATH, $MAIL & umask >Category: user >Environment: System : OpenBSD 5.6 Details : OpenBSD 5.6 (GENERIC) #274: Fri Aug 8 00:05:13 MDT 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC Architecture: OpenBSD.i386 Machine : i386 >Description: sudo -H -i -u username does not honour username's login(.conf) settings of $PATH, $MAIL & umask login(1): login enters information into the environment (see environ(7)) specifying the user's home directory (HOME), command interpreter (SHELL), search path (PATH), terminal type (TERM), and user name (both LOGNAME and USER). ENVIRONMENT login sets the following environment variables: HOME MAIL sudo(8): Command Environment .. On BSD systems, if the use_loginclass option is enabled, the environment is initialized based on the path and setenv settings in /etc/login.conf. The new environment contains the TERM, PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in addition to variables from the invoking process permitted by the env_check and env_keep options. This is effectively a whitelist for environment variables. >How-To-Repeat: Environment setup: $ userinfo craig | egrep '^shell|^class' class staff shell /bin/ksh $ userinfo david | egrep '^shell|^class' class shell /bin/ksh $ stat /etc/profile /etc/ksh.kshrc stat: /etc/profile: No such file or directory stat: /etc/ksh.kshrc: No such file or directory $ stat ~craig/.profile ~craig/.kshrc stat: /home/craig/.profile: No such file or directory stat: /home/craig/.kshrc: No such file or directory $ sudo stat ~david/.profile ~david/.kshrc stat: /home/david/.profile: No such file or directory stat: /home/david/.kshrc: No such file or directory $ getcap -s path -f /etc/login.conf staff /usr/bin /bin /usr/sbin /sbin /usr/local/bin /usr/local/sbin ~/bin $ getcap -s umask -f /etc/login.conf staff 077 $ getcap -s path -f /etc/login.conf default /usr/bin /bin /usr/local/bin ~/bin $ getcap -s umask -f /etc/login.conf default 022 $ egrep 'env_|Defaults' /etc/sudoers | grep -v ^# Defaults env_keep +="FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK EDITOR VISUAL" Defaults:%wsrc env_keep +="DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF" Defaults:%wsrc env_keep +="MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR" Defaults:%wsrc env_keep +="PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY" Defaults:%wsrc env_keep +="SUBPACKAGE WRKOBJDIR SUDO_PORT_V1" Defaults env_keep +="ftp_proxy http_proxy" Defaults always_set_home, ignore_dot, use_loginclass $ printenv LOGNAME; printenv PATH; printenv MAIL; umask craig /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/home/craig/bin /var/mail/craig 077 Here, $PATH, $MAIL & umask are unchanged: $ /usr/bin/sudo -H -i -u david $ printenv LOGNAME; printenv PATH; printenv MAIL; umask david /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/home/craig/bin /var/mail/craig 077 Compare the difference when logging in as that user: $ exit $ login david Password: $ printenv LOGNAME; printenv PATH; printenv MAIL; umask david /usr/bin:/bin:/usr/local/bin:/home/david/bin 022 SSH login gains correct $MAIL, along with $PATH & umask: $ ssh localhost david Password: $ printenv LOGNAME; printenv PATH; printenv MAIL; umask david /usr/bin:/bin:/usr/local/bin:/home/david/bin /var/mail/david 022 Note that login looses $MAIL again: $ login david Password: $ printenv LOGNAME; printenv PATH; printenv MAIL; umask david /usr/bin:/bin:/usr/local/bin:/home/david/bin 022 >Fix: The sudo users mailing list said the 3 issues I identified are known bugs, which have been fixed in newer sudo versions: http://thread.gmane.org/gmane.comp.tools.sudo.user/4367 $ sudo -V Sudo version 1.7.2p8 http://www.sudo.ws/sudo/stable.html "The current stable release of sudo is 1.8.11p2" Sudo bug 387 refers to MAIL being fixed in 1.7.4: http://www.sudo.ws/bugs/show_bug.cgi?id=387 Sudo bug 527 (FreeBSD "sudo -i" doesn't use variables from /etc/login.conf) seems to be similar: http://www.sudo.ws/bugs/show_bug.cgi?id=527 which is logged as Fixed in sudo 1.8.4 Maybe that fix also covers the login.conf path & umask issues: http://www.sudo.ws/sudo/stable.html#1.8.4 On systems that use login.conf, sudo -i now sets environment variables based on login.conf. http://www.sudo.ws/sudo/stable.html#1.8.5 The initial evironment created when env_reset is in effect now
dump blast aways
Hi there, For cron driven nightly backups, recently I've added 'dump -w' parsing to my scripts. Noticing those mount points with fstab(5) fs_freq values of '1' are no longer dumped nightly, but every 2nd night, I found this: $ fgrep -n seconds /usr/src/sbin/dump/optr.c 393:date[16] = '\0';/* blast away seconds and year */ Therefore, for a 04:00am nightly job, I'd have to keep incrementing a delay of 1 minute every night, so dump -w outputs those 1 day frequency mounts, along with those of longer expires. Could optr.c do some sort of fuzzy logic to also include those mounts which would be considered stale within the next 15/60 minutes? Maybe simply blasting away minutes as well would do the trick! Cheers. -- Any sufficiently advanced technology is indistinguishable from a rigged demo.
/etc/daily /tmp purge mods; skip open files with fstat test
Hi tech, Here's a daily(8) email, showing purged unreferenced open files in /tmp: - Forwarded message from Charlie Root - ... .. Checking filesystems: ** /dev/rwd0a (NO WRITE) ** Last Mounted on / ** Root file system 2474 files, 24716 used, 14539 free (275 frags, 1783 blocks, 0.7% fragmentation) ... .. . ** /dev/rwd0j (NO WRITE) ** Last Mounted on /tmp UNREF FILE I=3 OWNER=_squid MODE=100600 SIZE=8 MTIME=May 3 01:30 2015 CLEAR? no UNREF FILE I=4 OWNER=_squid MODE=100600 SIZE=8216 MTIME=May 3 01:30 2015 CLEAR? no UNREF FILE I=5 OWNER=_squid MODE=100600 SIZE=44 MTIME=May 3 01:30 2015 CLEAR? no 55 files, 157 used, 248826 free (42 frags, 31098 blocks, 0.0% fragmentation) ... .. - End forwarded message - Here are Squid's /tmp files following a daemon restart: $ fstat -u _squid -f /tmp USER CMD PID FD MOUNTINUM MODE R/WSZ|DV _squid squid 66734 /tmp3 -rw--- rw8 _squid squid 66735 /tmp4 -rw--- rw 8216 _squid squid 66736 /tmp5 -rw--- rw 44 $ find /tmp -maxdepth 1 -type f -user _squid -ls 34 -rw---1 _squid wheel 8 May 10 01:30 /tmp/e378568b39344b2594a38dc74f20c87d5ded81fbd3e2f3e210844537fad87caf.shm 4 20 -rw---1 _squid wheel8216 May 10 01:30 /tmp/9c0c04602d25164c1e3019612d4c1914336991e7917bb5b92efe3eb6731eefd7.shm 54 -rw---1 _squid wheel 44 May 10 01:30 /tmp/d51f7f4517395797c558a832fcca245513620ade8a553bf4259712be6ac4663c.shm Here's a diff of a modified /etc/daily /tmp purge portion: o replace test(1) '-L' with '-h' due to: -L ... "Do not rely on its existence; use -h instead" o don't cd nor find(1) execdir, rather full path find. o file find stage;- o read found & skip directories for rm(1), check found item isn't open with fstat. o securely random pattern overwrite stale files. o directory find stage;- o find only empty directories for rmdir(1). o 5 day stale directories. o similarily order ignores of .X11-unix, .ICE-unix & portslocks. o also purge stale;- o pipes. o sockets. o dangling symlinks. Index: daily === RCS file: /cvs/src/etc/daily,v retrieving revision 1.83 diff -u -p -r1.83 daily --- daily 29 Apr 2015 00:10:44 - 1.83 +++ daily 14 May 2015 15:53:00 - @@ -45,16 +45,32 @@ start_part "Running daily.local:" run_script "daily.local" next_part "Removing scratch and junk files:" -if [ -d /tmp -a ! -L /tmp ]; then - cd /tmp && { - find -x . \ - \( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \ - -o -path ./portslocks -o -path './tmux-*' \) \ - -prune -o -type f -atime +7 -execdir rm -f -- {} \; 2>/dev/null - find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ - ! -path ./.ICE-unix ! -path ./portslocks ! -name . \ - -execdir rmdir -- {} \; >/dev/null 2>&1; } -fi +[[ -d /tmp && ! -h /tmp ]] && +{ + # stale files, not still held open: + find -x /tmp \( -path '/tmp/ssh-*' -o -path '/tmp/tmux-*' \ + -o -path /tmp/.X11-unix -o -path /tmp/.ICE-unix \ + -o -path /tmp/portslocks \) -prune \ + -o -type f -atime +7 | while read found + do + [[ -d ${found} ]] && continue + fstat ${found} | grep -q ${found}$ || rm -P -- ${found} + done + + # stale dangling symlinks: + find -Lx /tmp -type l -ctime +14 \ + -exec rm -- {} \; + + # stale pipes & sockets: + find -x /tmp \( -type p -o -type s \) -ctime +40 \ + -exec rm -- {} \; + + # stale directories: + find -x /tmp -type d -mtime +5 -empty \ + ! -name /tmp ! -path /tmp/vi.recover \ + ! -path /tmp/.X11-unix ! -path /tmp/.ICE-unix \ + ! -path /tmp/portslocks -exec rmdir -- {} \; +} # Additional junk directory cleanup would go like this: #if [ -d /scratch -a ! -L /scratch ]; then Would it be a good idea to move the /scratch example out of the /etc/daily script, and into daily(8), as an example for daily.local?
Re: /etc/daily /tmp purge mods; skip open files with fstat test
On 2015-05-14 Thu 11:24 AM |, Todd C. Miller wrote: > On Thu, 14 May 2015 17:48:49 +0100, Stuart Henderson wrote: > > > > > Even not allowing for TOCTOU problems I'd be wary of running fstat > > automatically. > > If it is only used to detect when a file is in use that we would > otherwise delete it seems reasonable. It is always annoying when > daily removes /tmp files that are actually in use just because of > their date. > In the diff, there's no /dev/null redirects. Any errors could be obvious. Maybe some adventurous men could experiment with it for a fortnight & see how it goes. Cool, -- http://www.stuff.co.nz/travel/themes/adventure/68507731/swiss-daredevil-yves-jetman-rossy-soars-over-dubai
Re: newsyslog timestamp
Hiya, On Wed, 15 Mar 2017 02:19:10 +1100 bytevolcano wrote: > Is it worth making newsyslog use the syslog API instead of directly > writing to the top of the file? From syslogd(8): CAVEATS syslogd does not create files, it only logs to existing ones. Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
cksum not working with both -a and -C flags together
Hiya, When cksum(1) is used with a -C checklist listing multiple algorithms, and a single -a algorithm is specified, cksum doesn't select the correct -a [algorithm], nor the correct line in the -C [checklist]: $ uname -mrsv # standard 6.0 release OpenBSD 6.0 GENERIC#1917 i386 $ date Tue 28/Mar/2017 15:18:53 (BST) $ cksum -b -a cksum,MD5,RMD160,SHA1,SHA256 -h /tmp/bsd.digest /bsd $ cat /tmp/bsd.digest 933381050 10877658 /bsd MD5 (/bsd) = UFLKDWb0/g2onutHh770Vg== RMD160 (/bsd) = 3+idOPx57UFW02kkQE1wVL1MK+E= SHA1 (/bsd) = yH1U9YEeLz5dqvjwvvQPPuKt2Qc= SHA256 (/bsd) = bBwEp0Ns/t8yHBZmNuMdn9e/xU3pehB+yBRJMrAkyNY= $ cksum -a cksum -C /tmp/bsd.digest /bsd (CKSUM) /bsd: OK $ cksum -a MD5 -C /tmp/bsd.digest /bsd (MD5) /bsd: OK $ cksum -a RMD160 -C /tmp/bsd.digest /bsd (MD5) /bsd: OK $ cksum -a SHA1 -C /tmp/bsd.digest /bsd (MD5) /bsd: OK $ cksum -a SHA256 -C /tmp/bsd.digest /bsd (MD5) /bsd: OK $ vi /tmp/bsd.digest# change the line order $ cat /tmp/bsd.digest SHA256 (/bsd) = bBwEp0Ns/t8yHBZmNuMdn9e/xU3pehB+yBRJMrAkyNY= RMD160 (/bsd) = 3+idOPx57UFW02kkQE1wVL1MK+E= 933381050 10877658 /bsd SHA1 (/bsd) = yH1U9YEeLz5dqvjwvvQPPuKt2Qc= MD5 (/bsd) = UFLKDWb0/g2onutHh770Vg== $ cksum -a cksum -C /tmp/bsd.digest /bsd (SHA256) /bsd: OK $ cksum -a MD5 -C /tmp/bsd.digest /bsd (SHA256) /bsd: OK $ cksum -a RMD160 -C /tmp/bsd.digest /bsd (SHA256) /bsd: OK $ cksum -a SHA1 -C /tmp/bsd.digest /bsd (SHA256) /bsd: OK $ cksum -a SHA256 -C /tmp/bsd.digest /bsd (SHA256) /bsd: OK $ vi /tmp/bsd.digest# nuke all but 1 line $ cat /tmp/bsd.digest RMD160 (/bsd) = 3+idOPx57UFW02kkQE1wVL1MK+E= $ cksum -a RMD160 -C /tmp/bsd.digest /bsd (RMD160) /bsd: OK $ cksum -a SHA256 -C /tmp/bsd.digest /bsd (RMD160) /bsd: OK $ cksum -a MD5 -C /tmp/bsd.digest /bsd (RMD160) /bsd: OK etc... Is this enough to go on, or would you like it in a bug report? Regards, -- Craig Skinner | http://linkd.in/yGqkv7
gzip not exiting 2 when not compressible
Hello there, >From gzip(1): DESCRIPTION .. ... If compression would not reduce the size of a file, the file is ignored (unless -f is used). EXIT STATUS ... 2 At least one of the specified files was not compressed since -f was not specified and compression would have resulted in a size increase. On a default 5.6 release machine, the man page behaviour is seen: $ uname -mrsv OpenBSD 5.6 GENERIC#274 i386 $ cd $(mktemp -d) $ cp /bsd . $ while stat -f "%Dz" bsd > do > gzip bsd || { print "exit code: $?"; break; }; > mv bsd.gz bsd > done 10659734 4822361 4819987 exit code: 2 $ On a default 6.0 release machine, gzip keeps on going/growing: $ uname -mrsv OpenBSD 6.0 GENERIC#1917 i386 $ cd $(mktemp -d) $ cp /bsd . $ while stat -f "%Dz" bsd > do > gzip bsd || { print "exit code: $?"; break; }; > mv bsd.gz bsd > done 10877658 4903863 4901041 4902548 4904065 4905582 4907089 4908606 4910109 4911631 4913153 ^C The 3rd compression at 4902548 bytes is bigger, and so are the rest. On the 5.6 machine, gzip exits 2 when attempting the 3rd round. Bug? -- Craig Skinner | http://linkd.in/yGqkv7
Re: gzip not exiting 2 when not compressible
On Thu, 06 Apr 2017 15:57:15 -0600 Todd C. Miller wrote: > This was fixed after 6.0 came out. Thanks Todd.
openssl(1) not error exiting on full file system
Hello, When encrypting a file with openssl(1), it exits cleanly when there is not enough disk space: $ df /altroot Filesystem SizeUsed Avail Capacity Mounted on /dev/wd1a 100M 52.5M 42.7M55%/altroot $ while cp /bsd /altroot/tmp/bsd.${RANDOM} > do > df /altroot > done Filesystem SizeUsed Avail Capacity Mounted on /dev/wd1a 100M 62.9M 32.3M66%/altroot Filesystem SizeUsed Avail Capacity Mounted on /dev/wd1a 100M 73.3M 21.9M77%/altroot Filesystem SizeUsed Avail Capacity Mounted on /dev/wd1a 100M 83.7M 11.5M88%/altroot Filesystem SizeUsed Avail Capacity Mounted on /dev/wd1a 100M 94.0M1.1M99%/altroot /altroot: write failed, file system is full cp: /altroot/tmp/bsd.25298: No space left on device $ df /altroot Filesystem SizeUsed Avail Capacity Mounted on /dev/wd1a 100M 95.1M 36.0K 100%/altroot $ ls -lh /altroot/tmp/ total 87328 -rw-r- 1 operator wheel 10.4M Apr 10 12:22 bsd.16165 -rw-r- 1 operator wheel 10.4M Apr 10 12:21 bsd.16877 -rw-r- 1 operator wheel 1.1M Apr 10 12:22 bsd.25298 -rw-r- 1 operator wheel 10.4M Apr 10 12:22 bsd.728 -rw-r- 1 operator wheel 10.4M Apr 10 12:22 bsd.7450 $ rm /altroot/tmp/bsd.25298 remove /altroot/tmp/bsd.25298? y $ cp /bsd /altroot/tmp/bsd.25298 /altroot: write failed, file system is full cp: /altroot/tmp/bsd.25298: No space left on device $ print $? 1 $ rm /altroot/tmp/bsd.25298 remove /altroot/tmp/bsd.25298? y $ df /altroot Filesystem SizeUsed Avail Capacity Mounted on /dev/wd1a 100M 94.0M1.1M99%/altroot $ openssl enc -bf -salt \ -pass file:/etc/myname -in /bsd \ -out /altroot/tmp/bsd.crypto /altroot: write failed, file system is full $ print $? 0 $ ls -lh /altroot/tmp/ total 87424 -rw-r- 1 operator wheel 10.4M Apr 10 12:22 bsd.16165 -rw-r- 1 operator wheel 10.4M Apr 10 12:21 bsd.16877 -rw-r- 1 operator wheel 10.4M Apr 10 12:22 bsd.728 -rw-r- 1 operator wheel 10.4M Apr 10 12:22 bsd.7450 -rw-r- 1 operator wheel 1.1M Apr 10 12:26 bsd.crypto Bug? -- Craig Skinner | http://linkd.in/yGqkv7
Re: openssl(1) not error exiting on full file system
On Mon, 10 Apr 2017 12:46:03 +0100 Craig Skinner wrote: > $ openssl enc -bf -salt \ > -pass file:/etc/myname -in /bsd \ > -out /altroot/tmp/bsd.crypto > > /altroot: write failed, file system is full > $ print $? > 0 Whoops;- I forgot to mention this is a default 6.0 release machine: $ uname -msrv OpenBSD 6.0 GENERIC#1917 i386 Would 74 from sysexits.h be the code to return?: EX_IOERR -- An error occurred while doing I/O on some file. Thanks, -- Craig Skinner | http://linkd.in/yGqkv7
Re: openssl(1) not error exiting on full file system
Hi again, On 2017-04-10 Mon 14:31 PM |, Craig Skinner wrote: > On Mon, 10 Apr 2017 12:46:03 +0100 Craig Skinner wrote: > > $ openssl enc -bf -salt \ > > -pass file:/etc/myname -in /bsd \ > > -out /altroot/tmp/bsd.crypto > > > > /altroot: write failed, file system is full > > $ print $? > > 0 > openssl error exits for other output file creation problems: $ openssl bf -pass file:/etc/myname -in /bsd -out /var/empty/bsd.crypto /var/empty/bsd.crypto: Permission denied 2133286928:error:0200100D:system library:fopen:Permission denied:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('/var/empty/bsd.crypto', 'w') 2133286928:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257: $ print $? 1 $ openssl bf -pass file:/etc/myname -in /bsd -out /no/where/bsd.crypto /no/where/bsd.crypto: No such file or directory 2216844688:error:02001002:system library:fopen:No such file or directory:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('/no/where/bsd.crypto', 'w') 2216844688:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257: $ print $? 1 > > Would 74 from sysexits.h be the code to return?: > EX_IOERR -- An error occurred while doing I/O on some file. > Perhaps this is more relevant: EX_CANTCREAT -- A (user specified) output file cannot be created. Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: cksum not working with both -a and -C flags together
On 2017-03-28 Tue 11:56 AM |, Todd C. Miller wrote: > On Tue, 28 Mar 2017 09:33:53 -0600, "Todd C. Miller" wrote: > > > It seems to me that in -C mode it should really process all the > > checksums that match the specified file(s), but the documentation > > does not actually specify what the behavior is in this case. > > Here's a diff that accomplishes that. > Yep: $ cksum -b -a cksum,MD5,RMD160,SHA1,SHA256 -h /tmp/bsd.digest /bsd $ cksum -C /tmp/bsd.digest /bsd (CKSUM) /bsd: OK (MD5) /bsd: OK (RMD160) /bsd: OK (SHA1) /bsd: OK (SHA256) /bsd: OK # Scramble line order: $ vi /tmp/bsd.digest $ cksum -C /tmp/bsd.digest /bsd (MD5) /bsd: OK (SHA256) /bsd: OK (CKSUM) /bsd: OK (SHA1) /bsd: OK (RMD160) /bsd: OK # Only SHA* digests, a bad MD5 digest & some junk: $ mv /tmp/bsd.digest /tmp/bsd.digest~ $ fgrep SHA /tmp/bsd.digest~ > /tmp/bsd.digest $ print 'MD5 (/bsd) = I-no-thinky-so-fail-me==' >> /tmp/bsd.digest $ print 'JUNK (/bsd) = road-killed-dead-beef==' >> /tmp/bsd.digest $ cksum -C /tmp/bsd.digest /bsd (SHA256) /bsd: OK (SHA1) /bsd: OK (MD5) /bsd: FAILED print $? 1 # Reorder check list, making valid digests last: $ sort -o /tmp/bsd.digest /tmp/bsd.digest $ cksum -C /tmp/bsd.digest /bsd (MD5) /bsd: FAILED (SHA1) /bsd: OK (SHA256) /bsd: OK $ print $? 1
Re: cksum not working with both -a and -C flags together
On Tue, 28 Mar 2017 11:56:19 -0600 "Todd C. Miller" wrote: > On Tue, 28 Mar 2017 09:33:53 -0600, "Todd C. Miller" wrote: > > > It seems to me that in -C mode it should really process all the > > checksums that match the specified file(s), but the documentation > > does not actually specify what the behavior is in this case. > > Here's a diff that accomplishes that. > > - todd Who's OK with Todd's proved patch? > > Index: bin/md5/md5.c > === > RCS file: /cvs/src/bin/md5/md5.c,v > retrieving revision 1.89 > diff -u -p -u -r1.89 md5.c > --- bin/md5/md5.c 16 Dec 2016 17:55:26 - 1.89 > +++ bin/md5/md5.c 28 Mar 2017 17:54:05 - > @@ -554,6 +554,7 @@ digest_filelist(const char *file, struct > char *lbuf = NULL; > FILE *listfp, *fp; > size_t len, nread; > + int *sel_found = NULL; > u_char data[32 * 1024]; > union ANY_CTX context; > struct hash_function *hf; > @@ -565,6 +566,12 @@ digest_filelist(const char *file, struct > return(1); > } > > + if (sel != NULL) { > + sel_found = calloc((size_t)selcount, > sizeof(*sel_found)); > + if (sel_found == NULL) > + err(1, NULL); > + } > + > algorithm_max = algorithm_min = strlen(functions[0].name); > for (hf = &functions[1]; hf->name != NULL; hf++) { > len = strlen(hf->name); > @@ -673,13 +680,11 @@ digest_filelist(const char *file, struct > /* >* If only a selection of files is wanted, proceed > only >* if the filename matches one of those in the > selection. > - * Mark found files by setting them to NULL so that > we can > - * detect files that are missing from the checklist > later. */ > - if (sel) { > + if (sel != NULL) { > for (i = 0; i < selcount; i++) { > - if (sel[i] && strcmp(sel[i], > filename) == 0) { > - sel[i] = NULL; > + if (strcmp(sel[i], filename) == 0) { > + sel_found[i] = 1; > break; > } > } > @@ -725,6 +730,17 @@ digest_filelist(const char *file, struct > if (!found) > warnx("%s: no properly formatted checksum lines > found", file); free(lbuf); > + if (sel_found != NULL) { > + /* > + * Mark found files by setting them to NULL so that > we can > + * detect files that are missing from the checklist > later. > + */ > + for (i = 0; i < selcount; i++) { > + if (sel_found[i]) > + sel[i] = NULL; > + } > + free(sel_found); > + } > return(error || !found); > } > >