Table of Contents

Launching a Process on Boot

On Unix systems, when a user logs on, their default shell which is set when the account is first created, is spawned for them automatically. We use that to spawn a program instead of a shell by creating a user, in this case named wiz which has its default shell set to some program like /usr/bin/top.

A new user should be added using the adduser utility which makes the appropriate changes. In order to check whether the user has been added correctly the /etc/passwd file should contain an entry like the following for our user wiz:

wiz:*:1000:1000:Wizardry and Steamworks:/home/wiz:/usr/bin/top

We duplicate the Pc console in /etc/gettytab and give it another name, while making sure that it has some new unique identifiers like Pa instead of Pc as well as specifying our username to automatically log on by using the al (automatic login) option.

P|Pc|Pc console:\
        :ht:np:sp#9600:
 
P|Pa|Pa console:\
        :ht:np:sp#9600:al=wiz

Then, we add the terminal to the /etc/ttys file which will launch the Po console on the first virtual terminal, then log-in our user named wiz that would launch wiz's shell which is /usr/bin/top:

ttyv0   "/usr/libexec/getty Po"         xterm   on  secure
# Virtual terminals
ttyv1   "/usr/libexec/getty Pc"         xterm   on  secure

Passing Arguments to Autoconf

There are instances where certain options from ports are not configurable using the port system. For example, there is a bug in FreeBSD 10.1 that prevents libidn to be installed in case you also have the mono compiler install. The issue stems from the fact that when libidn runs, it will also pick-up the mono install and attempt to install the chsarp bindings. The solution in that case is to go to /usr/ports/dns/libidn and edit the Makefile and add the following option:

CONFIGURE_ARGS= --disable-csharp

where all the parameters passed to the CONFIGURE_ARGS variable will be passed on to the autoconf configure script. Note that CONFIGURE_ARGS can also be passed as a parameter to make using the variable=value format.

Updating Ports

A good idea is to keep ports updated and that can be achieved using the portsnap command. First, in order to update your ports, issue:

portsnap fetch extract

and then any time you wish to update the ports, issue:

portsnap fetch update

Updating Packages

In order to update packages, you can use portmaster commonly found in /usr/ports/ports-mgmt/portmaster. You can check what new packages are available by issuing:

portmaster -L --index-only| egrep '(ew|ort) version|total install'

and, in order to update a package - say bash, issue:

portmaster bash

Alternatively, to update the whole distribution, you can issue:

portmaster -a

Setting Time-Zome

Some packages depend heavily on a time-zone being set. FreeBSD by default assumes UTC, in which case, it considers that no timezone setting is necessary. What happens is that if there is no /etc/localtime installed, then some programs such as the mono c-sharp compiler will bomb out claiming that they were unable to determine the time-zone.

In order to install a time-zone, copy a file (don't copy a directory) from /usr/share/zoneinfo/ to /etc/localtime. For example, to set to UTC time, issue:

cp /usr/share/zoneinfo/UTC /etc/localtime

Reinstalling Ports

In order to rebuild a port and the ports it depends on, issue:

portupgrade -Rf <portglob>

or

portmaster -f <portglob>

In order to rebuild a port and the ports that depend on it, issue:

portupgrade -rf <portglob>

or

portmaster -rf <portglob>

where <portglob> is a port path, ie: multimedia/mplayer

Add User to Wheel Group

In order for an user to be able to elevate its privileges, the user needs to be part of the wheel group. Issue the command:

pw user mod USER -G wheel

as root in order to add USER to the wheel group.

Initialize GeoIP Databases

First, install the GeoIP port:

cd /usr/ports/net/GeoIP
make config-recursive
make install clean

then change directory to /usr/local/share/GeoIP/:

cd /usr/local/share/GeoIP

and download the databases from maxmind.com:

curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
curl -O http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz

and extract them:

gunzip GeoIP.dat.gz
gunzip GeoIPASNum.dat.gz
gunzip GeoLiteCity.dat.gz

which should cover the installation of the databases.

In order to check that they are working correctly, issue, for instance:

/usr/local/bin/geoiplookup -f /usr/local/share/GeoIP/GeoLiteCity.dat 8.8.8.8

which should yield:

GeoIP City Edition, Rev 1: US, CA, California, Mountain View, 94040, 37.386002, -122.083801, 807, 650

Ports Cheat-Sheet

Command Purpose
make rmconfig Removes the configuration of the current port.
make rmconfig-recursive Removes the configuration of the current port and all ports depending on the current port.
make config Configures the current port.
make config-recursive Configures the current port and all ports depending on the current port.
make depends Compiles all the ports that the current port depends on.
make showconfig Show the build options for the current port.
make showconfig-recursive Show the build options for the current port and all ports built by the current port.

Automatically Repair Filesystem on Boot

The option:

fsck_y_enable="YES"

can be added to /etc/rc.conf which will make FreeBSD answer yes to all questions when performing the filesystem check (it is the equivalent of fsck -y).

Additionally, by specifying:

background_fsck="NO"

in /etc/rc.conf, the file system check will not run concurrently to the boot process and the file system check will be performed first and then the machine will boot.

Adding and Removing Users from Groups

In order to remove a user named USER from a group named GROUP, issue:

pw mod group GROUP -d USER

In order to add a user named USER to a group named GROUP, issue:

pw mod user USER -G GROUP

Remove ACL Entries

This can be achieved using the command:

setfacl -bn PATH

where PATH is the path to a file or folder.

i2p on FreeBSD 10

i2p from security/i2p seems to be very broken on FreeBSD 10 due to a shell script that launches a Java service wrapper to start i2p. To start i2p, you would edit /etc/rc.conf and add the lines:

i2p_enable="YES"
i2p_user="i2p"

where i2p must be an user that you have previously configured.

After that, you would issue:

/usr/local/etc/rc.d/i2p install

which will install the service files to the home directory of the i2p from /etc/rc.conf.

Then, if you attempt to start the service:

/usr/local/etc/rc.d/i2p start

and monitor wrapper.log (usually found under the i2p user's home directory in a hidden folder named .i2p/), you will notice that it bombs out with various errors such as:

Launching a JVM...
javavm: warning: The use of 'javavm' as a synonym for 'java' is deprecated
JVM exited while loading the application.
Error: Could not find or load main class org.tanukisoftware.wrapper.WrapperSimpleApp
The value of wrapper.java.command does not appear to be a java binary.
The use of scripts is not supported. Trying to continue, but some features may not work correctly..

Which is obviously a class-path problem. The officially suggested workaround is to install sysutils/javaservicewrapper and then copy some files into the install path of i2p:

cd $HOME/i2p
cp /usr/local/bin/javaservicewrapper i2psvc
cp /usr/local/lib/javaservicewrapper/lib/wrapper.jar lib/
cp /usr/local/lib/javaservicewrapper/lib/libwrapper.so lib/

Unfortunately, that does not work either. The deep-magic lies in the wrapper.config file in the i2p install path (the path mentioned where you issued /usr/local/etc/rc.d/i2p install).

You need to edit wrapper.config and then find all occurrences of:

$INSTALL_PATH

and replace that variable with the hard-coded path to where you installed i2p. Apparently the install script does not set the environment variable properly such that you will have to hard-code it this way in order for i2p to start.

Set Default ACLs for Newly Created Files

In order to have the ACLs applied to new files and folders created under a directory, default ACLs can be used.

The first step is to set the default ACL for the directory:

setfacl -dm u::rwx,m::rwx,g::rx,o::rx DIRECTORY

where:

This step is necessary before setting default ACLs that grant other users permissions, otherwise setting default user ACLs directly would result in:

setfacl: DIRECTORY: acl_calc_mask() failed: Invalid argument
setfacl: DIRECTORY: failed to set ACL mask

The final step is to set the default ACLs for the users you want:

setfacl -dm u:USER:rwx,g:GROUP:rwx DIRECTORY

where:

To set these permissions recursively (note that only directories may have default ACLs), you would have to use find:

find . -type d -exec setfacl -dm u:USER:rwx,g:GROUP:rwx '{}' \;

which will set default permissions for all directories and sub-directories starting from the current directory.