where can i get some late night help with freebsd jcjoey3652: Just ask away Either here or in #freebsd :P ##freebsd* wey hey thanks dxtr #freebsd seems to be locked and ##freebsd requires somekind of services Mkay my question is... So go ahead and ask i have a freebsd webserver and one of the directories has an htaccess file that point to a user file where syntax is user:hash, i cant access this site and i would like to. i have root access Well, either remove, move or rename the htaccess file then Or add another user i figured i could add another user to the user file ref'd in the ht file but i dont know how google it :) wouldnt know where to start, this is not the user file for the system, it is separet, dont know what to search for or i would have done that allready its just a one line file in the home directory what would you call that and i will gladly look it up i keep finding things on how to add users if you could enlight me id appreciate it, if not say so and ill leave. ok i get it see ya lata, bro win 21 Opps thats not bad What? delayed his b/w etc hrm up_the_irons? there? i got something you'll want :) makes it uber ez to setup fbsd boxes we wrote a pimp perl script even gave it colors hehe just msg me when u wake man i'll hoook it up Ooh pretty colors. mhoran: mrbit didn't say pretty colors, could be all teal on red or something like that or purple on blue http://www.tell-tale.net/web101/colors.htm bad times everyone get their FreeBSD boxes patched after last nites advisories? ooh i forgot to read up on that jail, opie and nfs..something. the link in the email for opie was broken though :( jail is a biggy oh, only applies to 8 yeah I patched that one right away in fact my only 8 box is my arp vps :) I'm having trouble rebuilding world on my test VPS for some reason :( oooh yeah... freebsd-update actually woke up! zfs snapshot -r zroot@pre-patch-3 gotta love that if it screws up - just roll back RandalSchwartz: I don't understand what I'm doing wrong. When I run snapshot, and then navigate to /.zfs/snapshot, it is empty. are you booting from zfs? RandalSchwartz: yessir. per your suggestion. did you make a snapshot of zroot ? zfs snapshot zroot@somethinghere I guess I've only ever done things like: zfs snapshot zroot@$(date).. should result in /.zfs/snapshot/ ... and I have that directory structure, but it's empty. I've tried doing zfs snapshot zroot/path/to/jail@$(date) and it remains the same. run roh. I can ping, but none of my services are up time to dig out the console login instructions ahh - it just took a few minutes now we're live is zroot/path/to/jail show up in "zfs list" ? you have to use the names that are there RandalSchwartz: zfs list - zroot/usr/jails/bodie RandalSchwartz: so I want a snapshot of that jail, I tried: zfs snapshot zroot/usr/jails/bodie@$(date), or is that incorrect? your shell undersands $(date) ? oh wait - date has spaces in it that's not gonna work date +%F do I have to have specifically enabled OPIE to be vulnerable ? doesn't look like I've done that what am I missing here? http://pastebin.com/1kcsS529 ahh - I see it.. yeah. enabled by default I thought opie was enabled by default, but the nfs vuln was not. cedwards - no, the .zfs is in the root of the filesystem so you need to look in /usr/jails/bodie/.zfs that's because the .zfs is per filesystem ahhh. there we go. and snapshots are cow, yes? so it only takes the space that has changed? doesn't include additions to the source, but changes or removals yes... it shares as many blocks as it can with history and future one copy to rule them all I have about 100 snapshots right now of my system managed by an automatic daemon I just did a du -sh in my .zfs/snapshot/2010-05-27 and it was 300M that surprised me..? sure - to "du" it shows the entire thing because it must I suppose that makes sense.. and if you made a second snapshot, that too would be 300M du can't ask the fs "what's the real chargable space" du *is* smart enough to know that the same inode seen repeatedly is charged once but this is below the inode leel level but they wouldn't really be 300M as they are referring to the original 300M? so is there a way to tell how large the snapshots actually are? if you deleted all other snapshots, this one remaining snapshot would be 300M :) zfs list -ospace -tsnapshot -r zroot that tells what the OS is keeping roughly associated with each snapshot but keep in mind, any shared block doesn't go away until the last snapshot referencing it is gone so does it really "belong" to a *particular* snapshot? no. I see a couple snapshots that I don't recall making.. zroot/usr/jails/basejail@20100422_18:58:03 - 17K zroot/usr/jails/basejail@20100520_11:11:48 - 229M might have been when you built the jails ezjail is zfs aware ohh, I did activate that in ezjail.conf and I created my jails using 'ezjail-admin create -i -s XG -c zfs name IP' interesting http://alblue.bandlem.com/2008/11/crontab-generated-zfs-snapshots.html Yeah - I use that that specifically? portinstall zfs-snapshot-mgmt it's in ports sadly, it uses ruby. but I got over that, because it works ruby *shudder* I have 10 minute snapshots for 2 hours then hour snapshots for 2 days then day snapshots for 2 weeks then week snapshots forevery occasionally, I delete one if I know I made a lot of changes and won't need those later I'm really disappointed at the blatant use of backticks in that post but the nice thing is, by default, I have a lot of ways to undo a mistake I'm using the concept, not the specifics there I use the ruby thing instead RandalSchwartz: fuck port*, fuck ruby. I wouldn't bitch so much if they didn't explode every freakin' time ruby was one of the upgraded packages :) ... or how portupgrade has suddenly decided not to bother with dependencies, so I have to keep running the upgrade until everything succeeds (that's probably not ruby-related, I just wanted to get it off my chest.) yeah I've had "issues" too no port system can ever work perfectly one of the reasons I stick with portmaster is that it doesn't require ruby. if I see ruby, I upgrade it by hand :) cd /usr/ports/*/ruby; make config install cedwards: silly personal biases prevent me from that. Shell scripts feel like a quick hack, something in a 'real' language, even if that language is ruby, feels more durable. ... even though it clearly isn't. ruby is better than c-shell, that's for sure RandalSchwartz: suppose you're updating something like... trac is what comes to mind. New version of trac pushed out, means new plugins which all depend on it etc. portupgrade, for me, will upgrade trac and then skip everything else. I figure if sh can manage the init system and all the cron scripting that keep things running, it's good enough to manage ports too. which is decidedly irritating behaviour that it never used to do. cedwards: bear in mind that init scripts and cron are basically "run this" ... and whatever it runs is what really does the heavy lifting. in both of those uses sh is more the glue that holds real programs together :P but most of the "run these" are shell scripts. sh/bash and perl are the duct tape that hold the internet together indeed I use portmaster -atd to upgrade all, plus dependencies and delete previous versions. hasn't failed me yet.. portupgrade -aRrv *used* to do that for me. now it's hit-or-miss and for no obvious reason. actually, one of the main reasons I looked for and found portmaster is that my machines are old and slow. having that additional dependency of ruby18, rubydb, etc just took too long to keep updated. portmaster was quick, had no depends and is included in the Handbook. Seemed like a good solution for me. there are options in portinstall/portupgrade that aren't in portmaster though and once it gets fired up, it's a lot faster RandalSchwartz: this seems to also display snapshots: zfs list -t all although I'm not sure what REFER means\ yes - -t all includes -t snapshot "man zfs" :) yeah. there's quite a bit in there. if I recall, the space is charged to the *first* snapshot that uses it so if it also happens to be shared with later ones, they don't show it I'd like to figure out how to shrink a zfs that I'm currently using for a jail. I'm not smart about jails yet is there an equivalent to portsnap for /usr/src? freebsd-update goes from release to release csup if you're following -current but that's binary update vs src and compiled, isn't it? freebsd-update moves you to a new release (now -p3) and also updates the /usr/src tree if you're doing something besides -RELEASE, you need csup my servers are running 8.0-RELEASE I'm following RELENG_8_0. is that the same as release? which is 8.0-RELEASE-p3 currently, but I build everything in /usr/src ahh - yeah, so you could have been using freebsd-update I like the idea of compiling everything, and I have some things I filter out. I guess, if you're not compiling, you do jails in the same way? I use 'ezjail-admin update -i' to move my built world into basejail. if you're doing binary updates, I guess it puts the same snapshot in, just using a different ezjail-update option? up_the_irons: you around? maybe james (the guy who pays for our servers) needs to update his credit card info email support? http://support.arpnetworks.com/faqs/billing/how-do-i-update-my-credit-card-billing-information sorry i love it when i can pull a faq entry verbatim ;) haha owned actually... i should have a bot for that i see those all the time in, like, ##linux ;) there's a nice ruby gem for irc bots ruby-- just make it search for any sentence with a question mark and have it say RTFM up_the_irons: any idea when you will be doing my upgrade? haha infrared: you said I could take it down whenever, right? I can do it tonight then up_the_irons: no rush, tonight will be fine. take it down whenever you want. right now I'm just using it to rysnc my ~/dev his* infrared: ok up_the_irons: do you offer opensuse? infrared: not officially, but I could boot the install media if anyone wants to install it manually is it me, or is dovecot WAAAAAAY faster that courier-imap ? sounds like more work that it's worth. up_the_irons: are you a qmail user? infrared: was, just switched to postfix postfix for me the patching is insane patching? qmail's patching to make it work? i suppose is it that unportable? no, for features i suppose postfix is nearly out of the box having to patch for every feature is what eventually drove me away from qmail. I just don't have time for that. up_the_irons: no, dovecot is way faster than courier imap. yeah - I use postfix+dovecot dovecot + postfix is a great combination. I read 85% of the postfix manual cover to cover, and I must say, it is quite awesome jdoe: nice I also read almost the whole Dovecot wiki, and it is also pretty cool the problem I find is, between the two of them, the number of config options is nearly infinite. so many possible ways to setup a mail server. makes it hard to find quality guides online. my only beef with dovecot is the weird quantum state of sieve. yeah, that's true, which is why I just went with the standard Postfix docs. Once you have a solid base understanding, you can quickly identify which guides are for you and which are not I guess it'll be in the next major release, but last time I built it it was annoying. jdoe: yeah, I'm not using sieve I'm using managesieve and I love server-side filtering I have no strong feelings either way, getting it working the first time sucked though. ugh! my buildworld keeps failing on lib32 stuff. I thought I solved this problem dovecot or sieve? I found dovecot itself to be breeze; although I did just come from the qmail world, where everything is a BITCH i liked qmail because vpopmail is easy I'm glad that I initially learned on dovecot and postfix. I started with qmail postfix was a step up. I took one look at sendmail's m4 bullshit and said no thanks. when I used to teach Linux (Red Hat) we'd cover postfix and sendmail. rule #1 of sendmail: use postfix, and I'd skip the chapter ;) I was also a security nerd too. ... I still am, to some extent, but then I wouldn't have touched sendmail with my 10 foot wang. hahahaha jdoe: let me guess. you use openbsd and djbdns too? :) I used to use djbdns, yeah. never used openbsd until now. I side with that slashdot article :P which one? djbnix thre's only one? :) RandalSchwartz: it occurs to me that it wasn't actually a slashdot article, it was a thread on the 4.7 release article the one that says openbsd isn't super-duper secure? that's the one, yeah. or rather, that openbsd's process isn't conducive to security. I'm sure they go to a lot of trouble to audit every piece of code, but if you're just as (in)secure as the next guy as soon as you install a port.. what's the difference? my issue is more with the NIH syndrome they have. I mean, fine, if you want to claim you came up with w^x independently of PaX, despite them having posted on the mailing lists like... a year before... well, fine, that's kinda douche-y but whatever. but if you're going to reimplement it *worse*? granted they have developed some cool stuff No other *BSD has originated more apps that are now mainstream than OpenBSD, despite not many people using the OS itself. OpenSSH, is ubiquitous. pf is another great example. cedwards: if you say systrace I'm going to smack you ;) up_the_irons: sure. openssh, openbgpd, openntpd, etc. are all great. jdoe: what thread? was it that guy bitching that openbsd is insecure because it has no MAC controls? up_the_irons: same article, I think. yeah i read that one although I don't think he bothered with the pax vs. w^x nonsense. jdoe: I was referring to the open* apps, like up_the_irons listed. actually, is openntpd better than ntpd? I've read it isn't as accurate that's questionable. my understanding is that under some circumstances it might not be, but even then the difference is so minor as to be pedantic. I know it lets you bind to an ip:port, which ntpd does not, but so far that is the biggest difference I've seen. I think I stick with ntpd mainly because it's part of base. if I can use something from base over a port, I prefer to. it's just time people sheesh o/~ if I could save time... in a bottle... o/~ what was the original reason behind creating openntpd? or was it simply NIH? infrared: spoken like someone who's never needed to care :) cedwards: security jdoe: we have 1 time server accessing the internet in a DMZ, every other internal server hits that one....so.. i don't really care we use two internally, although I keep pushing for another. "a man with two watches is never sure what time it is", as they say. heh yeah - I was going there damn you beat me looking for someone to trade two Samsung 22s for a 30" msg me kthx :( i'm tired of dual monitors you have a 30"? no, i want a 30 but, sadly, my personal infrastructure is often more HA and redundant than that at work. i have two 22s hard to tell lol I guess that's what happens when you don't have Project managers in your way. "here's $10 for your wife." "okay, seems like a fair trade." cedwards: yep it is cedwards: the more I venture in the "supported/commerical" world, the more I realize how much those companies/products suck I've got an R900 (16cpu, 64G RAM) machine just sitting in the rack because the Project Managers can't decide what to do with it. cedwards: we have board members that don't a thing about computers making decisions I wonder why the hell is it any of their business. They should be facilitating, not decision making. let the boots on the ground decide what they need, and let them make it happen. cedwards: they can ship it to me if they can't figure out what to do with it ;) hah so, in the interim I'm running F@H on that beast until they decide. cedwards: and we're about to go from GroupWise to Exchange because the CEO "doesn't like it".. .and she doesn't care that it's an extra $250K up_the_irons idiots did u see the msg i left for u ? ok i'm done venting mrbit: yeah, you can email it to me if you like; but I think I have the easiest way to deploy a FreeBSD server already ;) it's like, all automated and stuff well, maybe a little copy & paste but i don't do any manual config up_the_irons: does it have a turbo button? infrared: turbo *and* an "11" ll? 11+ "It goes to 11" infrared: http://www.imdb.com/title/tt0088258/ up_the_irons: ... er, to update an expiry date for billing info, do I open a ticket or...? http://support.arpnetworks.com/faqs/billing/how-do-i-update-my-credit-card-billing-information another one! jdoe: I think we've been over this http://support.arpnetworks.com/faqs/billing/how-do-i-update-my-credit-card-billing-information woo infrared: the software we write (and our customers) are very time sensitive. haha jinx? jdoe: if it is easier to just email the new exp date, that is fine too infrared: this, more specifically - http://www.imdb.com/title/tt0088258/quotes?qt0261726 I LOL at that every time you have to imagine the british accent too up_the_irons: CVV changed too, fuck it, order form is safer. :) this looks very promising toward my using FreeBSD on my desktop. http://chromium.jaggeri.com/ i loves me some chromium ok thats what this other guy told me at least you said it nicely :) i like this.. everything tweaked one ach box the way u want it witih COLORS! :P shrug.