Differences

This shows you the differences between two versions of the page.

--- fuss:freebsd [2016/11/12 12:45] – [Remove ACL Entries] office
+++ fuss:freebsd [2022/04/19 08:28] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
+====== Launching a Process on Boot ======
+On Unix systems, when a user logs on, their default shell which is set when the account is first created, is spawned for them automatically. We use that to spawn a program instead of a shell by creating a user, in this case named ''wiz'' which has its default shell set to some program like ''/usr/bin/top''.
+A new user should be added using the ''adduser'' utility which makes the appropriate changes. In order to check whether the user has been added correctly the ''/etc/passwd'' file should contain an entry like the following for our user ''wiz'':
+<code sh>
+wiz:*:1000:1000:Wizardry and Steamworks:/home/wiz:/usr/bin/top
+</code>
+We duplicate the Pc console in ''/etc/gettytab'' and give it another name, while making sure that it has some new unique identifiers like ''Pa'' instead of ''Pc'' as well as specifying our username to automatically log on by using the ''al'' (automatic login) option.
+<code sh>
+P|Pc|Pc console:\
+        :ht:np:sp#9600:
+P|Pa|Pa console:\
+        :ht:np:sp#9600:al=wiz
+</code>
+Then, we add the terminal to the ''/etc/ttys'' file which will launch the ''Po'' console on the first virtual terminal, then log-in our user named ''wiz'' that would launch ''wiz'''s shell which is ''/usr/bin/top'':
+<code sh>
+ttyv0   "/usr/libexec/getty Po"         xterm   on  secure
+# Virtual terminals
+ttyv1   "/usr/libexec/getty Pc"         xterm   on  secure
+</code>
+====== Passing Arguments to Autoconf ======
+There are instances where certain options from ports are not configurable using the port system. For example, there is a bug in FreeBSD 10.1 that prevents ''libidn'' to be installed in case you also have the ''mono'' compiler install. The issue stems from the fact that when ''libidn'' runs, it will also pick-up the ''mono'' install and attempt to install the chsarp bindings. The solution in that case is to go to ''/usr/ports/dns/libidn'' and edit the ''Makefile'' and add the following option:
+<code bash>
+CONFIGURE_ARGS= --disable-csharp
+</code>
+where all the parameters passed to the ''CONFIGURE_ARGS'' variable will be passed on to the autoconf ''configure'' script. Note that ''CONFIGURE_ARGS'' can also be passed as a parameter to ''make'' using the ''variable=value'' format.
+====== Updating Ports ======
+A good idea is to keep ports updated and that can be achieved using the ''portsnap'' command. First, in order to update your ports, issue:
+<code bash>
+portsnap fetch extract
+</code>
+and then any time you wish to update the ports, issue:
+<code bash>
+portsnap fetch update
+</code>
+====== Updating Packages ======
+In order to update packages, you can use ''portmaster'' commonly found in ''/usr/ports/ports-mgmt/portmaster''. You can check what new packages are available by issuing:
+<code bash>
+portmaster -L --index-only| egrep '(ew|ort) version|total install'
+</code>
+and, in order to update a package - say ''bash'', issue:
+<code bash>
+portmaster bash
+</code>
+Alternatively, to update the whole distribution, you can issue:
+<code bash>
+portmaster -a
+</code>
+====== Setting Time-Zome ======
+Some packages depend heavily on a time-zone being set. FreeBSD by default assumes UTC, in which case, it considers that no timezone setting is necessary. What happens is that if there is no ''/etc/localtime'' installed, then some programs such as the ''mono'' c-sharp compiler will bomb out claiming that they were unable to determine the time-zone.
+In order to install a time-zone, copy a file (don't copy a directory) from ''/usr/share/zoneinfo/'' to ''/etc/localtime''. For example, to set to ''UTC'' time, issue:
+<code bash>
+cp /usr/share/zoneinfo/UTC /etc/localtime
+</code>
+====== Reinstalling Ports ======
+In order to rebuild a port and the ports it depends on, issue:
+<code bash>
+portupgrade -Rf <portglob>
+</code>
+or
+<code bash>
+portmaster -f <portglob>
+</code>
+In order to rebuild a port and the ports that depend on it, issue:
+<code bash>
+portupgrade -rf <portglob>
+</code>
+or
+<code bash>
+portmaster -rf <portglob>
+</code>
+where ''<portglob>'' is a port path, ie: ''multimedia/mplayer''
+====== Add User to Wheel Group ======
+In order for an user to be able to elevate its privileges, the user needs to be part of the ''wheel'' group. Issue the command:
+<code bash>
+pw user mod USER -G wheel
+</code>
+as root in order to add ''USER'' to the ''wheel'' group.
+====== Initialize GeoIP Databases ======
+First, install the ''GeoIP'' port:
+<code bash>
+cd /usr/ports/net/GeoIP
+make config-recursive
+make install clean
+</code>
+then change directory to ''/usr/local/share/GeoIP/'':
+<code bash>
+cd /usr/local/share/GeoIP
+</code>
+and download the [[http://dev.maxmind.com/geoip/legacy/geolite/|databases from maxmind.com]]:
+<code bash>
+curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
+curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
+curl -O http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
+</code>
+and extract them:
+<code bash>
+gunzip GeoIP.dat.gz
+gunzip GeoIPASNum.dat.gz
+gunzip GeoLiteCity.dat.gz
+</code>
+which should cover the installation of the databases.
+In order to check that they are working correctly, issue, for instance:
+<code>
+/usr/local/bin/geoiplookup -f /usr/local/share/GeoIP/GeoLiteCity.dat 8.8.8.8
+</code>
+which should yield:
+<code>
+GeoIP City Edition, Rev 1: US, CA, California, Mountain View, 94040, 37.386002, -122.083801, 807, 650
+</code>
+====== Ports Cheat-Sheet ======
+^ Command ^ Purpose ^
+| ''make rmconfig'' | Removes the configuration of the current port. |
+| ''make rmconfig-recursive'' | Removes the configuration of the current port and all ports depending on the current port. |
+| ''make config'' | Configures the current port. |
+| ''make config-recursive'' | Configures the current port and all ports depending on the current port. |
+| ''make depends'' | Compiles all the ports that the current port depends on. |
+| ''make showconfig'' | Show the build options for the current port. |
+| ''make showconfig-recursive'' | Show the build options for the current port and all ports built by the current port. |
+====== Automatically Repair Filesystem on Boot ======
+The option:
+<code>
+fsck_y_enable="YES"
+</code>
+can be added to ''/etc/rc.conf'' which will make FreeBSD answer yes to all questions when performing the filesystem check (it is the equivalent of ''fsck -y'').
+Additionally, by specifying:
+<code>
+background_fsck="NO"
+</code>
+in ''/etc/rc.conf'', the file system check will not run concurrently to the boot process and the file system check will be performed first and then the machine will boot.
+====== Adding and Removing Users from Groups ======
+In order to remove a user named ''USER'' from a group named ''GROUP'', issue:
+<code bash>
+pw mod group GROUP -d USER
+</code>
+In order to add a user named ''USER'' to a group named ''GROUP'', issue:
+<code bash>
+pw mod user USER -G GROUP
+</code>
+====== Remove ACL Entries ======
+This can be achieved using the command:
+<code bash>
+setfacl -bn PATH
+</code>
+where ''PATH'' is the path to a file or folder.
+====== i2p on FreeBSD 10 ======
+''i2p'' from ''security/i2p'' seems to be very broken on FreeBSD 10 due to a shell script that launches a Java service wrapper to start ''i2p''. To start ''i2p'', you would edit ''/etc/rc.conf'' and add the lines:
+<code>
+i2p_enable="YES"
+i2p_user="i2p"
+</code>
+where ''i2p'' must be an user that you have previously configured.
+After that, you would issue:
+<code bash>
+/usr/local/etc/rc.d/i2p install
+</code>
+which will install the service files to the home directory of the ''i2p'' from ''/etc/rc.conf''.
+Then, if you attempt to start the service:
+<code bash>
+/usr/local/etc/rc.d/i2p start
+</code>
+and monitor ''wrapper.log'' (usually found under the ''i2p'' user's home directory in a hidden folder named ''.i2p/''), you will notice that it bombs out with various errors such as:
+<code>
+Launching a JVM...
+javavm: warning: The use of 'javavm' as a synonym for 'java' is deprecated
+JVM exited while loading the application.
+Error: Could not find or load main class org.tanukisoftware.wrapper.WrapperSimpleApp
+The value of wrapper.java.command does not appear to be a java binary.
+The use of scripts is not supported. Trying to continue, but some features may not work correctly..
+</code>
+Which is obviously a class-path problem. The officially suggested workaround is to install ''sysutils/javaservicewrapper'' and then copy some files into the install path of ''i2p'':
+<code bash>
+cd $HOME/i2p
+cp /usr/local/bin/javaservicewrapper i2psvc
+cp /usr/local/lib/javaservicewrapper/lib/wrapper.jar lib/
+cp /usr/local/lib/javaservicewrapper/lib/libwrapper.so lib/
+</code>
+Unfortunately, that does not work either. The deep-magic lies in the ''wrapper.config'' file in the ''i2p'' install path (the path mentioned where you issued ''/usr/local/etc/rc.d/i2p install'').
+You need to edit ''wrapper.config'' and then find all occurrences of:
+<code>
+$INSTALL_PATH
+</code>
+and replace that variable with the hard-coded path to where you installed i2p. Apparently the install script does not set the environment variable properly such that you will have to hard-code it this way in order for i2p to start.
+====== Set Default ACLs for Newly Created Files ======
+In order to have the ACLs applied to new files and folders created under a directory, default ACLs can be used.
+The first step is to set the default ACL for the directory:
+<code bash>
+setfacl -dm u::rwx,m::rwx,g::rx,o::rx DIRECTORY
+</code>
+where:
+  * ''DIRECTORY'' is the directory to set the default ACL for.
+This step is necessary before setting default ACLs that grant other users permissions, otherwise setting default user ACLs directly would result in:
+<code>
+setfacl: DIRECTORY: acl_calc_mask() failed: Invalid argument
+setfacl: DIRECTORY: failed to set ACL mask
+</code>
+The final step is to set the default ACLs for the users you want:
+<code bash>
+setfacl -dm u:USER:rwx,g:GROUP:rwx DIRECTORY
+</code>
+where:
+  * ''USER'' is an user name,
+  * ''GROUP'' is a group name,
+  * ''DIRECTORY'' is the directory to set the ACLs for.
+To set these permissions recursively (note that only directories may have default ACLs), you would have to use ''find'':
+<code bash>
+find . -type d -exec setfacl -dm u:USER:rwx,g:GROUP:rwx '{}' \;
+</code>
+which will set default permissions for all directories and sub-directories starting from the current directory.