On Unix systems, when a user logs on, their default shell which is set when the account is first created, is spawned for them automatically. We use that to spawn a program instead of a shell by creating a user, in this case named wiz which has its default shell set to some program like /usr/bin/top.

A new user should be added using the adduser utility which makes the appropriate changes. In order to check whether the user has been added correctly the /etc/passwd file should contain an entry like the following for our user wiz:

wiz:*:1000:1000:Wizardry and Steamworks:/home/wiz:/usr/bin/top

We duplicate the Pc console in /etc/gettytab and give it another name, while making sure that it has some new unique identifiers like Pa instead of Pc as well as specifying our username to automatically log on by using the al (automatic login) option.

P|Pc|Pc console:\
        :ht:np:sp#9600:
 
P|Pa|Pa console:\
        :ht:np:sp#9600:al=wiz

Then, we add the terminal to the /etc/ttys file which will launch the Po console on the first virtual terminal, then log-in our user named wiz that would launch wiz's shell which is /usr/bin/top:

ttyv0   "/usr/libexec/getty Po"         xterm   on  secure
# Virtual terminals
ttyv1   "/usr/libexec/getty Pc"         xterm   on  secure

There are instances where certain options from ports are not configurable using the port system. For example, there is a bug in FreeBSD 10.1 that prevents libidn to be installed in case you also have the mono compiler install. The issue stems from the fact that when libidn runs, it will also pick-up the mono install and attempt to install the chsarp bindings. The solution in that case is to go to /usr/ports/dns/libidn and edit the Makefile and add the following option:

CONFIGURE_ARGS= --disable-csharp

where all the parameters passed to the CONFIGURE_ARGS variable will be passed on to the autoconf configure script. Note that CONFIGURE_ARGS can also be passed as a parameter to make using the variable=value format.

A good idea is to keep ports updated and that can be achieved using the portsnap command. First, in order to update your ports, issue:

portsnap fetch extract

and then any time you wish to update the ports, issue:

portsnap fetch update

In order to update packages, you can use portmaster commonly found in /usr/ports/ports-mgmt/portmaster. You can check what new packages are available by issuing:

portmaster -L --index-only| egrep '(ew|ort) version|total install'

and, in order to update a package - say bash, issue:

portmaster bash

Alternatively, to update the whole distribution, you can issue:

portmaster -a

Some packages depend heavily on a time-zone being set. FreeBSD by default assumes UTC, in which case, it considers that no timezone setting is necessary. What happens is that if there is no /etc/localtime installed, then some programs such as the mono c-sharp compiler will bomb out claiming that they were unable to determine the time-zone.

In order to install a time-zone, copy a file (don't copy a directory) from /usr/share/zoneinfo/ to /etc/localtime. For example, to set to UTC time, issue:

cp /usr/share/zoneinfo/UTC /etc/localtime

In order to rebuild a port and the ports it depends on, issue:

portupgrade -Rf <portglob>

or

portmaster -f <portglob>

In order to rebuild a port and the ports that depend on it, issue:

portupgrade -rf <portglob>

or

portmaster -rf <portglob>

where <portglob> is a port path, ie: multimedia/mplayer

In order for an user to be able to elevate its privileges, the user needs to be part of the wheel group. Issue the command:

pw user mod USER -G wheel

as root in order to add USER to the wheel group.

First, install the GeoIP port:

cd /usr/ports/net/GeoIP
make config-recursive
make install clean

then change directory to /usr/local/share/GeoIP/:

cd /usr/local/share/GeoIP

and download the databases from maxmind.com:

curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
curl -O http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz

and extract them:

gunzip GeoIP.dat.gz
gunzip GeoIPASNum.dat.gz
gunzip GeoLiteCity.dat.gz

which should cover the installation of the databases.

In order to check that they are working correctly, issue, for instance:

/usr/local/bin/geoiplookup -f /usr/local/share/GeoIP/GeoLiteCity.dat 8.8.8.8

which should yield:

GeoIP City Edition, Rev 1: US, CA, California, Mountain View, 94040, 37.386002, -122.083801, 807, 650

The option:

fsck_y_enable="YES"

can be added to /etc/rc.conf which will make FreeBSD answer yes to all questions when performing the filesystem check (it is the equivalent of fsck -y).

Additionally, by specifying:

background_fsck="NO"

in /etc/rc.conf, the file system check will not run concurrently to the boot process and the file system check will be performed first and then the machine will boot.

In order to remove a user named USER from a group named GROUP, issue:

pw mod group GROUP -d USER

In order to add a user named USER to a group named GROUP, issue:

pw mod user USER -G GROUP

This can be achieved using the command:

setfacl -bn PATH

where PATH is the path to a file or folder.

i2p from security/i2p seems to be very broken on FreeBSD 10 due to a shell script that launches a Java service wrapper to start i2p. To start i2p, you would edit /etc/rc.conf and add the lines:

i2p_enable="YES"
i2p_user="i2p"

where i2p must be an user that you have previously configured.

After that, you would issue:

/usr/local/etc/rc.d/i2p install

which will install the service files to the home directory of the i2p from /etc/rc.conf.

Then, if you attempt to start the service:

/usr/local/etc/rc.d/i2p start

and monitor wrapper.log (usually found under the i2p user's home directory in a hidden folder named .i2p/), you will notice that it bombs out with various errors such as:

Launching a JVM...
javavm: warning: The use of 'javavm' as a synonym for 'java' is deprecated
JVM exited while loading the application.
Error: Could not find or load main class org.tanukisoftware.wrapper.WrapperSimpleApp
The value of wrapper.java.command does not appear to be a java binary.
The use of scripts is not supported. Trying to continue, but some features may not work correctly..

Which is obviously a class-path problem. The officially suggested workaround is to install sysutils/javaservicewrapper and then copy some files into the install path of i2p:

cd $HOME/i2p
cp /usr/local/bin/javaservicewrapper i2psvc
cp /usr/local/lib/javaservicewrapper/lib/wrapper.jar lib/
cp /usr/local/lib/javaservicewrapper/lib/libwrapper.so lib/

Unfortunately, that does not work either. The deep-magic lies in the wrapper.config file in the i2p install path (the path mentioned where you issued /usr/local/etc/rc.d/i2p install).

You need to edit wrapper.config and then find all occurrences of:

$INSTALL_PATH

and replace that variable with the hard-coded path to where you installed i2p. Apparently the install script does not set the environment variable properly such that you will have to hard-code it this way in order for i2p to start.

In order to have the ACLs applied to new files and folders created under a directory, default ACLs can be used.

The first step is to set the default ACL for the directory:

setfacl -dm u::rwx,m::rwx,g::rx,o::rx DIRECTORY

where:

• DIRECTORY is the directory to set the default ACL for.

This step is necessary before setting default ACLs that grant other users permissions, otherwise setting default user ACLs directly would result in:

setfacl: DIRECTORY: acl_calc_mask() failed: Invalid argument
setfacl: DIRECTORY: failed to set ACL mask

The final step is to set the default ACLs for the users you want:

setfacl -dm u:USER:rwx,g:GROUP:rwx DIRECTORY

where:

• USER is an user name,
• GROUP is a group name,
• DIRECTORY is the directory to set the ACLs for.

To set these permissions recursively (note that only directories may have default ACLs), you would have to use find:

find . -type d -exec setfacl -dm u:USER:rwx,g:GROUP:rwx '{}' \;

which will set default permissions for all directories and sub-directories starting from the current directory.