jcjoey3652: where can i get some late night help with freebsd dxtr: jcjoey3652: Just ask away
Either here or in #freebsd :P
##freebsd* jcjoey3652: wey hey thanks dxtr
#freebsd seems to be locked and ##freebsd requires somekind of services dxtr: Mkay jcjoey3652: my question is... dxtr: So go ahead and ask jcjoey3652: i have a freebsd webserver and one of the directories has an htaccess file that point to a user file where syntax is user:hash, i cant access this site and i would like to.
i have root access dxtr: Well, either remove, move or rename the htaccess file then
Or add another user jcjoey3652: i figured i could add another user to the user file ref'd in the ht file but i dont know how dxtr: google it :) jcjoey3652: wouldnt know where to start, this is not the user file for the system, it is separet, dont know what to search for or i would have done that allready
its just a one line file in the home directory
what would you call that and i will gladly look it up
i keep finding things on how to add users
if you could enlight me id appreciate it, if not say so and ill leave.
ok i get it see ya lata, bro ***: jcjoey3652 has left dxtr: win 21
Opps ***: schmir has joined #arpnetworks
LT has joined #arpnetworks mrbit: thats not bad dxtr: What? mrbit: delayed
his b/w etc ***: mardraum has quit IRC (Quit: .)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
infrared has quit IRC (Ping timeout: 240 seconds)
cmeiklejohn has quit IRC (Quit: leaving)
cmeiklejohn has joined #arpnetworks
vtoms has joined #arpnetworks
ziyourenxiang has joined #arpnetworks
cmeiklejohn has quit IRC (Changing host)
cmeiklejohn has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
mick_laptop has quit IRC (Changing host)
mick_laptop has joined #arpnetworks
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
sentabi has joined #arpnetworks
LT has quit IRC (Quit: Leaving)
AndrewBC has quit IRC (Ping timeout: 240 seconds)
AndrewBC has joined #arpnetworks
AndrewBC has quit IRC (Ping timeout: 240 seconds)
AndrewBC has joined #arpnetworks mrbit: hrm
up_the_irons?
there?
i got something you'll want :)
makes it uber ez to setup fbsd boxes
we wrote a pimp perl script
even gave it colors
hehe
just msg me when u wake man
i'll hoook it up ***: visinin has joined #arpnetworks
Ehtyar has quit IRC (Remote host closed the connection)
Ehtyar has joined #arpnetworks mhoran: Ooh pretty colors. ***: visinin has quit IRC (Quit: word) Wraithan: mhoran: mrbit didn't say pretty colors, could be all teal on red or something like that
or purple on blue
http://www.tell-tale.net/web101/colors.htm
bad times ***: schmir has joined #arpnetworks
schmir has quit IRC (Ping timeout: 240 seconds)
schmir has joined #arpnetworks
vtoms has quit IRC (Remote host closed the connection)
vtoms has joined #arpnetworks
vtoms has quit IRC (Quit: Leaving.) cedwards: everyone get their FreeBSD boxes patched after last nites advisories? ***: sentabi is now known as sentabi[] bob__: ooh i forgot to read up on that ***: bob__ is now known as bob^^
sentabi| has joined #arpnetworks
sentabi| is now known as sentabi
sentabi[] has quit IRC () cedwards: jail, opie and nfs..something. ***: sentabi has quit IRC (Remote host closed the connection) cedwards: the link in the email for opie was broken though bob^^: :(
jail is a biggy
oh, only applies to 8 cedwards: yeah
I patched that one right away bob^^: in fact my only 8 box is my arp vps :) cedwards: I'm having trouble rebuilding world on my test VPS for some reason :( RandalSchwartz: oooh yeah... freebsd-update actually woke up!
zfs snapshot -r zroot@pre-patch-3
gotta love that
if it screws up - just roll back cedwards: RandalSchwartz: I don't understand what I'm doing wrong. When I run snapshot, and then navigate to /.zfs/snapshot, it is empty. RandalSchwartz: are you booting from zfs? cedwards: RandalSchwartz: yessir. per your suggestion. RandalSchwartz: did you make a snapshot of zroot ?
zfs snapshot zroot@somethinghere cedwards: I guess I've only ever done things like: zfs snapshot zroot@$(date).. RandalSchwartz: should result in /.zfs/snapshot/ ... ***: sentabi has joined #arpnetworks cedwards: and I have that directory structure, but it's empty.
I've tried doing zfs snapshot zroot/path/to/jail@$(date) and it remains the same. RandalSchwartz: run roh. I can ping, but none of my services are up
time to dig out the console login instructions
ahh - it just took a few minutes
now we're live
is zroot/path/to/jail show up in "zfs list" ?
you have to use the names that are there cedwards: RandalSchwartz: zfs list - zroot/usr/jails/bodie
RandalSchwartz: so I want a snapshot of that jail, I tried: zfs snapshot zroot/usr/jails/bodie@$(date), or is that incorrect? RandalSchwartz: your shell undersands $(date) ?
oh wait - date has spaces in it
that's not gonna work cedwards: date +%F RandalSchwartz: do I have to have specifically enabled OPIE to be vulnerable ?
doesn't look like I've done that cedwards: what am I missing here? http://pastebin.com/1kcsS529 RandalSchwartz: ahh - I see it.. yeah. enabled by default cedwards: I thought opie was enabled by default, but the nfs vuln was not. RandalSchwartz: cedwards - no, the .zfs is in the root of the filesystem
so you need to look in /usr/jails/bodie/.zfs
that's because the .zfs is per filesystem cedwards: ahhh. there we go.
and snapshots are cow, yes? so it only takes the space that has changed?
doesn't include additions to the source, but changes or removals RandalSchwartz: yes... it shares as many blocks as it can with history and future
one copy to rule them all
I have about 100 snapshots right now of my system
managed by an automatic daemon cedwards: I just did a du -sh in my .zfs/snapshot/2010-05-27 and it was 300M
that surprised me..? RandalSchwartz: sure - to "du" it shows the entire thing
because it must cedwards: I suppose that makes sense.. RandalSchwartz: and if you made a second snapshot, that too would be 300M
du can't ask the fs "what's the real chargable space"
du *is* smart enough to know that the same inode seen repeatedly is charged once
but this is below the inode leel
level cedwards: but they wouldn't really be 300M as they are referring to the original 300M?
so is there a way to tell how large the snapshots actually are? RandalSchwartz: if you deleted all other snapshots, this one remaining snapshot would be 300M :)
zfs list -ospace -tsnapshot -r zroot
that tells what the OS is keeping roughly associated with each snapshot
but keep in mind, any shared block doesn't go away until the last snapshot referencing it is gone
so does it really "belong" to a *particular* snapshot? no. cedwards: I see a couple snapshots that I don't recall making..
zroot/usr/jails/basejail@20100422_18:58:03 - 17K
zroot/usr/jails/basejail@20100520_11:11:48 - 229M RandalSchwartz: might have been when you built the jails
ezjail is zfs aware cedwards: ohh, I did activate that in ezjail.conf
and I created my jails using 'ezjail-admin create -i -s XG -c zfs name IP' ***: schmir has quit IRC (Remote host closed the connection) cedwards: interesting http://alblue.bandlem.com/2008/11/crontab-generated-zfs-snapshots.html RandalSchwartz: Yeah - I use that cedwards: that specifically? RandalSchwartz: portinstall zfs-snapshot-mgmt
it's in ports
sadly, it uses ruby.
but I got over that, because it works cedwards: ruby *shudder* RandalSchwartz: I have 10 minute snapshots for 2 hours
then hour snapshots for 2 days
then day snapshots for 2 weeks
then week snapshots forevery
occasionally, I delete one if I know I made a lot of changes and won't need those later cedwards: I'm really disappointed at the blatant use of backticks in that post RandalSchwartz: but the nice thing is, by default, I have a lot of ways to undo a mistake
I'm using the concept, not the specifics there
I use the ruby thing instead jdoe: RandalSchwartz: fuck port*, fuck ruby. I wouldn't bitch so much if they didn't explode every freakin' time ruby was one of the upgraded packages :)
... or how portupgrade has suddenly decided not to bother with dependencies, so I have to keep running the upgrade until everything succeeds
(that's probably not ruby-related, I just wanted to get it off my chest.) RandalSchwartz: yeah
I've had "issues" too
no port system can ever work perfectly cedwards: one of the reasons I stick with portmaster is that it doesn't require ruby. RandalSchwartz: if I see ruby, I upgrade it by hand :)
cd /usr/ports/*/ruby; make config install jdoe: cedwards: silly personal biases prevent me from that. Shell scripts feel like a quick hack, something in a 'real' language, even if that language is ruby, feels more durable.
... even though it clearly isn't. RandalSchwartz: ruby is better than c-shell, that's for sure jdoe: RandalSchwartz: suppose you're updating something like... trac is what comes to mind. New version of trac pushed out, means new plugins which all depend on it etc.
portupgrade, for me, will upgrade trac and then skip everything else. cedwards: I figure if sh can manage the init system and all the cron scripting that keep things running, it's good enough to manage ports too. jdoe: which is decidedly irritating behaviour that it never used to do.
cedwards: bear in mind that init scripts and cron are basically "run this"
... and whatever it runs is what really does the heavy lifting.
in both of those uses sh is more the glue that holds real programs together :P cedwards: but most of the "run these" are shell scripts.
sh/bash and perl are the duct tape that hold the internet together RandalSchwartz: indeed ***: visinin has joined #arpnetworks cedwards: I use portmaster -atd to upgrade all, plus dependencies and delete previous versions.
hasn't failed me yet.. jdoe: portupgrade -aRrv *used* to do that for me.
now it's hit-or-miss and for no obvious reason. cedwards: actually, one of the main reasons I looked for and found portmaster is that my machines are old and slow.
having that additional dependency of ruby18, rubydb, etc just took too long to keep updated.
portmaster was quick, had no depends and is included in the Handbook. Seemed like a good solution for me. RandalSchwartz: there are options in portinstall/portupgrade that aren't in portmaster though
and once it gets fired up, it's a lot faster cedwards: RandalSchwartz: this seems to also display snapshots: zfs list -t all
although I'm not sure what REFER means[17:26] <RandalSchwartz> yes - -t all includes -t snapshot RandalSchwartz: "man zfs" :) cedwards: yeah. there's quite a bit in there. RandalSchwartz: if I recall, the space is charged to the *first* snapshot that uses it
so if it also happens to be shared with later ones, they don't show it cedwards: I'd like to figure out how to shrink a zfs that I'm currently using for a jail. RandalSchwartz: I'm not smart about jails yet -: cedwards feels like he has a lot of questions this evening. cedwards: is there an equivalent to portsnap for /usr/src? RandalSchwartz: freebsd-update goes from release to release
csup if you're following -current cedwards: but that's binary update vs src and compiled, isn't it? RandalSchwartz: freebsd-update moves you to a new release (now -p3)
and also updates the /usr/src tree
if you're doing something besides -RELEASE, you need csup
my servers are running 8.0-RELEASE cedwards: I'm following RELENG_8_0. RandalSchwartz: is that the same as release? cedwards: which is 8.0-RELEASE-p3 currently, but I build everything in /usr/src RandalSchwartz: ahh - yeah, so you could have been using freebsd-update cedwards: I like the idea of compiling everything, and I have some things I filter out.
I guess, if you're not compiling, you do jails in the same way?
I use 'ezjail-admin update -i' to move my built world into basejail.
if you're doing binary updates, I guess it puts the same snapshot in, just using a different ezjail-update option? ***: infrared has joined #arpnetworks amdprophet: up_the_irons: you around? up_the_irons: maybe amdprophet: james (the guy who pays for our servers) needs to update his credit card info
email support? up_the_irons: http://support.arpnetworks.com/faqs/billing/how-do-i-update-my-credit-card-billing-information -: amdprophet facepalms amdprophet: sorry up_the_irons: i love it when i can pull a faq entry verbatim
;) amdprophet: haha infrared: owned up_the_irons: actually... i should have a bot for that
i see those all the time in, like, ##linux
;) amdprophet: there's a nice ruby gem for irc bots infrared: ruby-- -: infrared runs amdprophet: just make it search for any sentence with a question mark and have it say RTFM infrared: up_the_irons: any idea when you will be doing my upgrade? up_the_irons: haha
infrared: you said I could take it down whenever, right? I can do it tonight then infrared: up_the_irons: no rush, tonight will be fine. take it down whenever you want. right now I'm just using it to rysnc my ~/dev -: infrared hugs is ~/dev infrared: his* up_the_irons: infrared: ok infrared: up_the_irons: do you offer opensuse? up_the_irons: infrared: not officially, but I could boot the install media if anyone wants to install it manually
is it me, or is dovecot WAAAAAAY faster that courier-imap ? infrared: sounds like more work that it's worth.
up_the_irons: are you a qmail user? up_the_irons: infrared: was, just switched to postfix RandalSchwartz: postfix for me infrared: the patching is insane RandalSchwartz: patching? infrared: qmail's patching RandalSchwartz: to make it work? infrared: i suppose RandalSchwartz: is it that unportable? infrared: no, for features i suppose RandalSchwartz: postfix is nearly out of the box up_the_irons: having to patch for every feature is what eventually drove me away from qmail. I just don't have time for that. jdoe: up_the_irons: no, dovecot is way faster than courier imap. RandalSchwartz: yeah - I use postfix+dovecot cedwards: dovecot + postfix is a great combination. up_the_irons: I read 85% of the postfix manual cover to cover, and I must say, it is quite awesome
jdoe: nice
I also read almost the whole Dovecot wiki, and it is also pretty cool cedwards: the problem I find is, between the two of them, the number of config options is nearly infinite.
so many possible ways to setup a mail server. makes it hard to find quality guides online. jdoe: my only beef with dovecot is the weird quantum state of sieve. up_the_irons: yeah, that's true, which is why I just went with the standard Postfix docs. Once you have a solid base understanding, you can quickly identify which guides are for you and which are not jdoe: I guess it'll be in the next major release, but last time I built it it was annoying. up_the_irons: jdoe: yeah, I'm not using sieve cedwards: I'm using managesieve and I love server-side filtering jdoe: I have no strong feelings either way, getting it working the first time sucked though. cedwards: ugh! my buildworld keeps failing on lib32 stuff.
I thought I solved this problem up_the_irons: dovecot or sieve? I found dovecot itself to be breeze; although I did just come from the qmail world, where everything is a BITCH infrared: i liked qmail because vpopmail is easy cedwards: I'm glad that I initially learned on dovecot and postfix. jdoe: I started with qmail
postfix was a step up.
I took one look at sendmail's m4 bullshit and said no thanks. cedwards: when I used to teach Linux (Red Hat) we'd cover postfix and sendmail.
rule #1 of sendmail: use postfix, and I'd skip the chapter ;) jdoe: I was also a security nerd too.
... I still am, to some extent, but then I wouldn't have touched sendmail with my 10 foot wang. up_the_irons: hahahaha ***: visinin has quit IRC (Quit: home) cedwards: jdoe: let me guess. you use openbsd and djbdns too? :) jdoe: I used to use djbdns, yeah.
never used openbsd until now. I side with that slashdot article :P RandalSchwartz: which one? mhoran: djbnix RandalSchwartz: thre's only one? :) jdoe: RandalSchwartz: it occurs to me that it wasn't actually a slashdot article, it was a thread on the 4.7 release article cedwards: the one that says openbsd isn't super-duper secure? jdoe: that's the one, yeah.
or rather, that openbsd's process isn't conducive to security. cedwards: I'm sure they go to a lot of trouble to audit every piece of code, but if you're just as (in)secure as the next guy as soon as you install a port.. what's the difference? jdoe: my issue is more with the NIH syndrome they have.
I mean, fine, if you want to claim you came up with w^x independently of PaX, despite them having posted on the mailing lists like... a year before... well, fine, that's kinda douche-y but whatever.
but if you're going to reimplement it *worse*? cedwards: granted they have developed some cool stuff up_the_irons: No other *BSD has originated more apps that are now mainstream than OpenBSD, despite not many people using the OS itself. OpenSSH, is ubiquitous. pf is another great example. jdoe: cedwards: if you say systrace I'm going to smack you ;)
up_the_irons: sure. openssh, openbgpd, openntpd, etc. are all great. up_the_irons: jdoe: what thread? was it that guy bitching that openbsd is insecure because it has no MAC controls? jdoe: up_the_irons: same article, I think. up_the_irons: yeah i read that one jdoe: although I don't think he bothered with the pax vs. w^x nonsense. cedwards: jdoe: I was referring to the open* apps, like up_the_irons listed.
actually, is openntpd better than ntpd? I've read it isn't as accurate jdoe: that's questionable.
my understanding is that under some circumstances it might not be, but even then the difference is so minor as to be pedantic. cedwards: I know it lets you bind to an ip:port, which ntpd does not, but so far that is the biggest difference I've seen.
I think I stick with ntpd mainly because it's part of base. if I can use something from base over a port, I prefer to. infrared: it's just time people
sheesh RandalSchwartz: o/~ if I could save time... in a bottle... o/~ cedwards: what was the original reason behind creating openntpd? or was it simply NIH? jdoe: infrared: spoken like someone who's never needed to care :)
cedwards: security infrared: jdoe: we have 1 time server accessing the internet in a DMZ, every other internal server hits that one....so.. i don't really care cedwards: we use two internally, although I keep pushing for another.
"a man with two watches is never sure what time it is", as they say. infrared: heh RandalSchwartz: yeah - I was going there
damn you beat me infrared: looking for someone to trade two Samsung 22s for a 30" msg me kthx
:( i'm tired of dual monitors RandalSchwartz: you have a 30"? infrared: no, i want a 30 cedwards: but, sadly, my personal infrastructure is often more HA and redundant than that at work. infrared: i have two 22s RandalSchwartz: hard to tell infrared: lol cedwards: I guess that's what happens when you don't have Project managers in your way. RandalSchwartz: "here's $10 for your wife." "okay, seems like a fair trade." up_the_irons: cedwards: yep it is infrared: cedwards: the more I venture in the "supported/commerical" world, the more I realize how much those companies/products suck cedwards: I've got an R900 (16cpu, 64G RAM) machine just sitting in the rack because the Project Managers can't decide what to do with it. infrared: cedwards: we have board members that don't a thing about computers making decisions cedwards: I wonder why the hell is it any of their business. They should be facilitating, not decision making.
let the boots on the ground decide what they need, and let them make it happen. up_the_irons: cedwards: they can ship it to me if they can't figure out what to do with it ;) infrared: hah cedwards: so, in the interim I'm running F@H on that beast until they decide. infrared: cedwards: and we're about to go from GroupWise to Exchange because the CEO "doesn't like it".. .and she doesn't care that it's an extra $250K mrbit: up_the_irons infrared: idiots mrbit: did u see the msg i left for u
? infrared: ok i'm done venting up_the_irons: mrbit: yeah, you can email it to me if you like; but I think I have the easiest way to deploy a FreeBSD server already ;)
it's like, all automated cedwards: and stuff up_the_irons: well, maybe a little copy & paste
but i don't do any manual config infrared: up_the_irons: does it have a turbo button? up_the_irons: infrared: turbo *and* an "11" infrared: ll? cedwards: 11+ up_the_irons: "It goes to 11" cedwards: infrared: http://www.imdb.com/title/tt0088258/ jdoe: up_the_irons: ... er, to update an expiry date for billing info, do I open a ticket or...? up_the_irons: http://support.arpnetworks.com/faqs/billing/how-do-i-update-my-credit-card-billing-information
another one! cedwards: jdoe: I think we've been over this http://support.arpnetworks.com/faqs/billing/how-do-i-update-my-credit-card-billing-information up_the_irons: woo jdoe: infrared: the software we write (and our customers) are very time sensitive. infrared: haha cedwards: jinx? -: infrared wants an "It's in the wiki" shirt up_the_irons: jdoe: if it is easier to just email the new exp date, that is fine too cedwards: infrared: this, more specifically - http://www.imdb.com/title/tt0088258/quotes?qt0261726 up_the_irons: I LOL at that every time
you have to imagine the british accent too -: cedwards wonders if that is streamed on his netflix account. jdoe: up_the_irons: CVV changed too, fuck it, order form is safer. up_the_irons: :) cedwards: this looks very promising toward my using FreeBSD on my desktop. http://chromium.jaggeri.com/
i loves me some chromium ***: heavysixer has quit IRC (Quit: heavysixer)
visinin has joined #arpnetworks mrbit: ok
thats what this other guy told me
at least you said it nicely
:)
i like this..
everything tweaked one ach box the way u want it
witih COLORS!
:P jdoe: shrug.