os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/FAQ/admin.sgml
Chris Piazza 26ae22e946 There is no such thing as sndstat0. Change the example 
to audio0 instead.
1999-08-05 21:55:28 +00:00

1056 lines
40 KiB
Text
Raw Blame History

<!-- $Id: admin.sgml,v 1.30 1999-08-05 21:55:28 cpiazza Exp $ -->
<!-- The FreeBSD Documentation Project -->
<sect>
<heading>System Administration<label id="admin"></heading>
<sect1>
<heading>Where are the system start-up configuration files?</heading>
<p>From 2.0.5R to 2.2.1R, the primary configuration file is
<tt>/etc/sysconfig</tt>. All the options are to be specified in
this file and other files such as <htmlurl
url="http://www.FreeBSD.org/cgi/man.cgi?rc" name="/etc/rc"> and
<tt>/etc/netstart</tt> just include it.
<p>Look in the <tt>/etc/sysconfig</tt> file and change the value to
match your system. This file is filled with comments to show what
to put in there.
<p>In post-2.2.1 and 3.0, <tt>/etc/sysconfig</tt> was renamed
to a more self-describing <htmlurl
url="http://www.FreeBSD.org/cgi/man.cgi?rc.conf(5)" name="rc.conf">
file and the syntax cleaned up a bit in the process.
<tt>/etc/netstart</tt> was also renamed to <tt>/etc/rc.network</tt>
so that all files could be copied with a <tt><htmlurl
url="http://www.FreeBSD.org/cgi/man.cgi?cp" name="cp"> /usr/src/etc/rc*
/etc</tt> command.
<p><tt>/etc/rc.local</tt> is here as always and may be used to
start up additional local services like <htmlurl
url="http://www.FreeBSD.org/cgi/ports.cgi?^inn" name="INN">
or set custom options.
<p>The <tt>/etc/rc.serial</tt> is for serial port initialization
(e.g. locking the port characteristics, and so on.).
<p>The <tt>/etc/rc.i386</tt> is for Intel-specifics settings, such
as iBCS2 emulation or the PC system console configuration.
<p>Starting with 2.1.0R, you can also have "local" startup files in a
directory specified in <tt>/etc/sysconfig</tt> (or
<tt>/etc/rc.conf</tt>):
<verb>
# Location of local startup files.
local_startup=/usr/local/etc/rc.local.d
</verb>
<p>Each file ending in <tt/.sh/ will be executed in alphabetical order.
<p>If you want to ensure a certain execution order without changing all
the file names, you can use a scheme similar to the following with
digits prepended to each file name to insure the ordering:
<verb>
10news.sh
15httpd.sh
20ssh.sh
</verb>
<p>It can be seen as ugly (or SysV :-)) but it provides a simple and
regular scheme for locally-added packages without resorting to
magical editing of <tt>/etc/rc.local</tt>. Many of the ports/packages
assume that <tt>/usr/local/etc/rc.d</tt> is a local startup directory.
<sect1>
<heading>How do I add a user easily?</heading>
<p>Use the <htmlurl url="http://www.FreeBSD.org/cgi/man.cgi?adduser"
name="adduser"> command. For more complicated usage, the
<htmlurl url="http://www.FreeBSD.org/cgi/man.cgi?pw" name="pw"> command.
<p>To remove the user again, use the <htmlurl
url="http://www.FreeBSD.org/cgi/man.cgi?rmuser" name="rmuser"> command.
<sect1>
<heading>How can I add my new hard disk to my FreeBSD system?</heading>
<p>See the Disk Formatting Tutorial at
<url url="../tutorials/diskformat/"
name="www.FreeBSD.org">.
<sect1>
<heading>I have a new removable drive, how do I use it?</heading>
<p>Whether it's a removable drive like a ZIP or an EZ drive (or
even a floppy, if you want to use it that way), or a new hard
disk, once it's installed and recognized by the system, and
you have your cartridge/floppy/whatever slotted in, things are
pretty much the same for all devices.
<p><label id="disklabel">(this section is based on <url
url="http://www.vmunix.com/mark/FreeBSD/ZIP-FAQ.html"
name="Mark Mayo's ZIP FAQ">)
<p>If it's a ZIP drive or a floppy , you've already got a DOS
filesystem on it, you can use a command like this:
<verb>
mount -t msdos /dev/fd0c /floppy
</verb>
<p>if it's a floppy, or this:
<verb>
mount -t msdos /dev/da2s4 /zip
</verb>
<p>for a ZIP disk with the factory configuration.
<p>For other disks, see how they're laid out using <tt/fdisk/ or
<tt>/stand/sysinstall</tt>.
<p>The rest of the examples will be for a ZIP drive on da2, the third
SCSI disk.
<p>Unless it's a floppy, or a removable you plan on sharing with
other people, it's probably a better idea to stick a BSD file
system on it. You'll get long filename support, at least a 2X
improvement in performance, and a lot more stability. First, you
need to redo the DOS-level partitions/filesystems. You can either
use <htmlurl url="http://www.FreeBSD.org/cgi/man.cgi?fdisk"
name="fdisk"> or <tt>/stand/sysinstall</tt>, or for a small
drive that you don't want to bother with multiple operating system
support on, just blow away the whole FAT partition table (slices)
and just use the BSD partitioning:
<verb>
dd if=/dev/zero of=/dev/rda2 count=2
disklabel -Brw sd2 auto
</verb>
<p>You can use disklabel or <tt>/stand/sysinstall</tt> to create multiple
BSD partitions. You'll certainly want to do this if you're adding
swap space on a fixed disk, but it's probably irrelevant on a
removable drive like a ZIP.
<p>Finally, create a new file system, this one's on our ZIP drive
using the whole disk:
<verb>
newfs /dev/rda2c
</verb>
<p>and mount it:
<verb>
mount /dev/da2c /zip
</verb>
<p>and it's probably a good idea to add a line like this to
<htmlurl url="http://www.FreeBSD.org/cgi/man.cgi?fstab"
name="/etc/fstab"> so you can just type "mount /zip" in the
future:
<verb>
/dev/da2c /zip ffs rw,noauto 0 0
</verb>
<sect1>
<heading>How do I mount a secondary DOS partition?</heading>
<p>The secondary DOS partitions are found after ALL the primary
partitions. For example, if you have an "E" partition as the
second DOS partition on the second SCSI drive, you need to create
the special files for "slice 5" in /dev, then mount /dev/da1s5:
<verb>
# cd /dev
# ./MAKEDEV sd1s5
# mount -t msdos /dev/da1s5 /dos/e
</verb>
<sect1>
<heading>Can I mount other foreign filesystems under FreeBSD?</heading>
<p><bf/ Digital UNIX/ UFS CDROMs can be mounted directly on FreeBSD.
Mounting disk partitions from Digital UNIX and other systems
that support UFS may be more complex, depending on the details
of the disk partitioning for the operating system in question.
<p><bf/ Linux/: 2.2 and later have support for <bf/ext2fs/ partitions.
See <htmlurl url="http://www.FreeBSD.org/cgi/man.cgi?mount_ext2fs"
name="mount_ext2fs"> for more information.
<p><bf/ NT/: A read-only NTFS driver exists for FreeBSD. For more
information, see this tutorial by Mark Ovens at
<htmlurl url="http://www.users.globalnet.co.uk/~markov/ntfs_install.html"
name="http://www.users.globalnet.co.uk/~markov/ntfs_install.html">.
<p>Any other information on this subject would be appreciated.
<sect1>
<heading>How can I use the NT loader to boot FreeBSD?</heading>
<p>The general idea is that you copy the first sector of your
native root FreeBSD partition into a file in the DOS/NT
partition. Assuming you name that file something like
<tt>c:&bsol;bootsect.bsd</tt> (inspired by <tt>c:&bsol;bootsect.dos</tt>),
you can then edit the <tt>c:&bsol;boot.ini</tt> file to come up with
something like this:
<verb>
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows NT"
C:\BOOTSECT.BSD="FreeBSD"
C:\="DOS"
</verb>
<p>This procedure assumes that DOS, NT, FreeBSD, or whatever
have been installed into their respective fdisk partitions on the
<bf/same/ disk. In my case DOS &amp; NT are in the first fdisk
partition and FreeBSD is in the second. I also installed FreeBSD
to boot from its native partition, <bf/not/ the disk MBR.
<p>Mount a DOS-formatted floppy (if you've converted to NTFS) or the
FAT partition, under, say, <tt>/mnt</tt>.
<verb>
dd if=/dev/rda0a of=/mnt/bootsect.bsd bs=512 count=1
</verb>
<p>Reboot into DOS or NT. NTFS users copy the <tt/bootsect.bsd/
and/or the <tt/bootsect.lnx/ file from the floppy to
<tt/C:&bsol;/. Modify the attributes (permissions) on
<tt/boot.ini/ with:
<verb>
attrib -s -r c:\boot.ini
</verb>
<p>Edit to add the appropriate entries from the example
<tt/boot.ini/ above, and restore the attributes:
<verb>
attrib +s +r c:\boot.ini
</verb>
<p>If FreeBSD is booting from the MBR, restore it with the DOS
``<tt/fdisk/'' command after you reconfigure them to boot from their
native partitions.
<sect1>
<heading>
How do I boot FreeBSD and Linux from LILO?
</heading>
<p>If you have FreeBSD and Linux on the same disk, just follow
LILO's installation instructions for booting a non-Linux operating
system. Very briefly, these are:
<p>Boot Linux, and add the following lines to
<tt>/etc/lilo.conf</tt>:
<verb>
other=/dev/hda2
table=/dev/hda
label=FreeBSD
</verb>
(the above assumes that your FreeBSD slice is known to Linux as
<tt>/dev/hda2</tt>; tailor to suit your setup). Then,
run <tt>lilo</tt> as root and you should be done.
<p>If FreeBSD resides on another disk, you need to add
``<tt>loader=/boot/chain.b</tt>'' to the LILO entry.
For example:
<verb>
other=/dev/dab4
table=/dev/dab
loader=/boot/chain.b
label=FreeBSD
</verb>
<p>In some cases you may need to specify the BIOS drive number
to the FreeBSD boot loader to successfully boot off the second disk.
For example, if your FreeBSD SCSI disk is probed by BIOS as BIOS
disk 1, at the FreeBSD boot loader prompt you need to specify:
<verb>
Boot: 1:da(0,a)/kernel
</verb>
<p>On FreeBSD 2.2.5 and later, you can configure <htmlurl
url="http://www.FreeBSD.org/cgi/man.cgi?boot(8)" name="boot(8)">
to automatically do this for you at boot time.
<p>The <htmlurl
url="http://sunsite.unc.edu/LDP/HOWTO/mini/Linux+FreeBSD.html"
name="Linux+FreeBSD mini-HOWTO"> is a good reference for
FreeBSD and Linux interoperability issues.
<sect1>
<heading>
How do I boot FreeBSD and Linux using BootEasy?
</heading>
<p>Install LILO at the start of your Linux boot partition instead of
in the Master Boot Record. You can then boot LILO from BootEasy.
<p>If you're running Windows-95 and Linux this is recommended anyway,
to make it simpler to get Linux booting again if you should need
to reinstall Windows95 (which is a Jealous Operating System, and
will bear no other Operating Systems in the Master Boot Record).
<sect1>
<heading>
Will a ``dangerously dedicated'' disk endanger my health?
</heading>
<p><label id="dedicate">The installation procedure allows you to chose
two different methods in partitioning your harddisk(s). The default way
makes it compatible with other operating systems on the same machine,
by using fdisk table entries (called ``slices'' in FreeBSD),
with a FreeBSD slice that employs partitions of its own.
Optionally, one can chose to install a boot-selector to switch
between the possible operating systems on the disk(s).
The alternative uses the entire disk for FreeBSD, and makes
no attempt to be compatible with other operating systems.
<p>So why it is called ``dangerous''? A disk in this mode
doesn't contain what normal PC utilities would consider a
valid fdisk table. Depending on how well they have been
designed, they might complain at you once they are getting
in contact with such a disk, or even worse, they might
damage the BSD bootstrap without even asking or notifying
you. In addition, the ``dangerously dedicated'' disk's layout
is known to confuse many BIOSsen, including those from AWARD
(eg. as found in HP Netserver and Micronics systems as well as
many others) and Symbios/NCR (for the popular 53C8xx range of
SCSI controllers). This isn't a complete list, there are more.
Symptoms of this confusion include the "read error" message
printed by the FreeBSD bootstrap when it can't find itself,
as well as system lockups when booting.
<p>Why have this mode at all then? It only saves a few kbytes
of disk space, and it can cause real problems for a new
installation. ``Dangerously dedicated'' mode's origins lie
in a desire to avoid one of the most common problems plaguing
new FreeBSD installers - matching the BIOS ``geometry'' numbers
for a disk to the disk itself.
<p>``Geometry'' is an outdated concept, but one still at the
heart of the PC's BIOS and its interaction with disks. When
the FreeBSD installer creates slices, it has to record the
location of these slices on the disk in a fashion that
corresponds with the way the BIOS expects to find them. If
it gets it wrong, you won't be able to boot.
<p>``Dangerously dedicated'' mode tries to work around this
by making the problem simpler. In some cases, it gets it right.
But it's meant to be used as a last-ditch alternative - there
are better ways to solve the problem 99 times out of 100.
<p>So, how do you avoid the need for ``DD'' mode when you're
installing? Start by making a note of the geometry that your
BIOS claims to be using for your disks. You can arrange to have
the kernel print this as it boots by specifying ``-v'' at the
``boot:'' prompt, or using ``boot -v'' in the loader. Just
before the installer starts, the kernel will print a list of
BIOS geometries. Don't panic - wait for the installer to start
and then use scrollback to read the numbers. Typically the BIOS
disk units will be in the same order that FreeBSD lists your
disks, first IDE, then SCSI.
<p>When you're slicing up your disk, check that the disk geometry
displayed in the FDISK screen is correct (ie. it matches the BIOS
numbers); if it's wrong, use the ``g'' key to fix it. You may have
to do this if there's absolutely nothing on the disk, or if the
disk has been moved from another system. Note that this is only
an issue with the disk that you're going to boot from; FreeBSD
will sort itself out just fine with any other disks you may have.
<p>Once you've got the BIOS and FreeBSD agreeing about the
geometry of the disk, your problems are almost guaranteed to be
over, and with no need for ``DD'' mode at all. If, however,
you are still greeted with the dreaded ``read error'' message
when you try to boot, it's time to cross your fingers and
go for it - there's nothing left to lose.
<p>To return a ``dangerously dedicated'' disk for normal PC
use, there are basically two options. The first is, you
write enough NULL bytes over the MBR to make any subsequent
installation believe this to be a blank disk. You can do
this for example with
<verb>
dd if=/dev/zero of=/dev/rda0 count=15
</verb>
<p>Alternatively, the undocumented DOS ``feature''
<verb>
fdisk /mbr
</verb>
<p>will to install a new master boot record as well, thus clobbering the
BSD bootstrap.
<sect1>
<heading>How can I add more swap space?</heading>
<p>The best way is to increase the size of your swap partition, or
take advantage of this convenient excuse to add another disk. The
general rule of thumb is to have around 2x the swap space as you have
main memory. However, if you have a very small amount of main memory
you may want to configure swap beyond that. It is also a good idea
to configure sufficient swap relative to anticipated future memory
upgrades so you do not have to futz with your swap configuration later.
<p>Adding swap onto a separate disk makes things faster than
simply adding swap onto the same disk. As an example, if you
are compiling source located on one disk, and the swap is on
another disk, this is much faster than both swap and compile
on the same disk. This is true for SCSI disks specifically.
<p>When you have several disks, configuring a swap partition on
each one is usually beneficial, even if you wind up putting swap on a
work disk. Typically, each fast disk in your system should have some
swap configured. FreeBSD supports up to 4 interleaved swap devices by
default. When configuring multiple swap partitions you generally
want to make them all about the same size, but people sometimes make
their primary swap parition larger in order to accomodate a kernel
core dump. Your primary swap partition must be at least as large as
main memory in order to be able to accomodate a kernel core.
<p>IDE drives are not able to allow access to both drives on
the same channel at the same time (FreeBSD doesn't support mode 4, so
all IDE disk I/O is ``programmed''). I would still suggest putting
your swap on a separate drive however. The drives are so cheap,
it is not worth worrying about.
<p>Swapping over NFS is only recommended if you do not have a local
disk to swap to. Swapping over NFS is slow and inefficient in FreeBSD
releases prior to 4.x, but reasonably fast in releases greater or
equal to 4.0. Even so, it will be limited to the network bandwidth
available and puts an additional burden on the NFS server.
<p>Here is an example for 64Mb vn-swap (<tt>/usr/swap0</tt>, though
of course you can use any name that you want).
<p>Make sure your kernel was built with the line
<verb>
pseudo-device vn 1 #Vnode driver (turns a file into a device)
</verb>
<p>in your config-file. The GENERIC kernel already contains this.
<enum>
<item>create a vn-device
<verb>
cd /dev
sh ./MAKEDEV vn0
</verb>
<item>create a swapfile (<tt>/usr/swap0</tt>)
<verb>
dd if=/dev/zero of=/usr/swap0 bs=1024k count=64
</verb>
<item>set proper permissions on (<tt>/usr/swap0</tt>)
<verb>
chmod 0600 /usr/swap0
</verb>
<item>enable the swap file in <tt>/etc/rc.conf</tt>
<verb>
swapfile="/usr/swap0" # Set to name of swapfile if aux swapfile desired.
</verb>
<item>reboot the machine
</enum>
<p>To enable the swap file immediately, type
<verb>
vnconfig -ce /dev/vn0c /usr/swap0 swap
</verb>
<sect1>
<heading>I'm having problems setting up my printer.</heading>
<p>Please have a look at the Handbook entry on printing. It
should cover most of your problem. See the
<url url="../handbook/printing.html" name="Handbook entry on printing.">
<sect1>
<heading>The keyboard mappings are wrong for my system.</heading>
<p>The kbdcontrol program has an option to load a keyboard map file.
Under <tt>/usr/share/syscons/keymaps</tt> are a number of map
files. Choose the one relevant to your system and load it.
<verb>
kbdcontrol -l uk.iso
</verb>
<p>Both the <tt>/usr/share/syscons/keymaps</tt> and the <tt/.kbd/
extension are assumed by
<htmlurl url="http://www.FreeBSD.org/cgi/man.cgi?kbdcontrol"
name="kbdcontrol">.
<p>This can be configured in <tt>/etc/sysconfig</tt> (or <htmlurl
url="http://www.FreeBSD.org/cgi/man.cgi?rc.conf(5)" name="rc.conf">).
See the appropriate comments in this file.
<p>In 2.0.5R and later, everything related to text fonts, keyboard
mapping is in <tt>/usr/share/examples/syscons</tt>.
<p>The following mappings are currently supported:
<itemize>
<!-- generate by `kbdmap -p' -->
<item>Belgian ISO-8859-1
<item>Brazilian 275 keyboard Codepage 850
<item>Brazilian 275 keyboard ISO-8859-1
<item>Danish Codepage 865
<item>Danish ISO-8859-1
<item>French ISO-8859-1
<item>German Codepage 850
<item>German ISO-8859-1
<item>Italian ISO-8859-1
<item>Japanese 106
<item>Japanese 106x
<item>Latin American
<item>Norwegian ISO-8859-1
<item>Polish ISO-8859-2 (programmer's)
<item>Russian Codepage 866 (alternative)
<item>Russian koi8-r (shift)
<item>Russian koi8-r
<item>Spanish ISO-8859-1
<item>Swedish Codepage 850
<item>Swedish ISO-8859-1
<item>Swiss-German ISO-8859-1
<item>United Kingdom Codepage 850
<item>United Kingdom ISO-8859-1
<item>United States of America ISO-8859-1
<item>United States of America dvorak
<item>United States of America dvorakx
</itemize>
<sect1>
<heading>I can't get user quotas to work properly.</heading>
<p>
<enum>
<item>Don't turn on quotas on '/',
<item>Put the quota file on the file system that the quotas are
to be enforced on. ie:
<verb>
FS QUOTA FILE
/usr /usr/admin/quotas
/home /home/admin/quotas
...
</verb>
</enum>
<sect1>
<heading>What's inappropriate about my ccd?</heading>
<p>The symptom of this is:
<verb>
# ccdconfig -C
ccdconfig: ioctl (CCDIOCSET): /dev/ccd0c: Inappropriate file type or format
#
</verb>
<p>This usually happens when you are trying to concatenate the
`c' partitions, which default to type `unused'. The ccd
driver requires the underlying partition type to be
FS_BSDFFS. Edit the disklabel of the disks you are trying
to concatenate and change the types of partitions to
`4.2BSD'.
<sect1>
<heading>Why can't I edit the disklabel on my ccd?</heading>
<p>The symptom of this is:
<verb>
# disklabel ccd0
(it prints something sensible here, so let's try to edit it)
# disklabel -e ccd0
(edit, save, quit)
disklabel: ioctl DIOCWDINFO: No disk label on disk;
use "disklabel -r" to install initial label
#
</verb>
<p>This is because the disklabel returned by ccd is actually a
`fake' one that is not really on the disk. You can solve
this problem by writing it back explicitly, as in:
<verb>
# disklabel ccd0 > /tmp/disklabel.tmp
# disklabel -Rr ccd0 /tmp/disklabel.tmp
# disklabel -e ccd0
(this will work now)
</verb>
<sect1>
<heading>Does FreeBSD support System V IPC primitives?</heading>
<p>Yes, FreeBSD supports System V-style IPC. This includes shared
memory, messages and semaphores. You need to add the following
lines to your kernel config to enable them.
<verb>
options SYSVSHM
options "SHMMAXPGS=64" # 256Kb of sharable memory
options SYSVSEM # enable for semaphores
options SYSVMSG # enable for messaging
</verb>
<p>Recompile and install.
<p><bf/NOTE:/ You may need to increase SHMMAXPGS to some
ridiculous number like 4096 (16M!) if you want to run
GIMP. 256Kb is plenty for X11R6 shared memory.
<sect1>
<heading>
How do I use sendmail for mail delivery with UUCP?<label id="uucpmail">
</heading>
<p>The sendmail configuration that ships with FreeBSD is
suited for sites that connect directly to the Internet.
Sites that wish to exchange their mail via UUCP must install
another sendmail configuration file.
<p>Tweaking <tt>/etc/sendmail.cf</tt> manually is considered
something for purists. Sendmail version 8 comes with a
new approach of generating config files via some
<htmlurl url="http://www.FreeBSD.org/cgi/man.cgi?m4"
name="m4"> preprocessing, where the actual hand-crafted configuration
is on a higher abstraction level. You should use the
configuration files under
<verb>
/usr/src/usr.sbin/sendmail/cf
</verb>
<p>If you didn't install your system with full sources, the sendmail
config stuff has been broken out into a separate source distribution
tarball just for you. Assuming you've got your CD-ROM mounted, do:
<verb>
cd /usr/src
tar -xvzf /cdrom/dists/src/ssmailcf.aa
</verb>
<p>Don't panic, this is only a few hundred kilobytes in size.
The file <tt>README</tt> in the <tt>cf</tt> directory can
serve as a basic introduction to m4 configuration.
<p>For UUCP delivery, you are best advised to use the
<em>mailertable</em> feature. This constitutes a database
that sendmail can use to base its routing decision upon.
<p>First, you have to create your <tt>.mc</tt> file. The
directory <tt>/usr/src/usr.sbin/sendmail/cf/cf</tt> is the
home of these files. Look around, there are already a few
examples. Assuming you have named your file <tt>foo.mc</tt>,
all you need to do in order to convert it into a valid
<tt>sendmail.cf</tt> is:
<verb>
cd /usr/src/usr.sbin/sendmail/cf/cf
make foo.cf
cp foo.cf /etc/sendmail.cf
</verb>
<p>A typical <tt>.mc</tt> file might look like:
<verb>
include(`../m4/cf.m4')
VERSIONID(`Your version number')
OSTYPE(bsd4.4)
FEATURE(nodns)
FEATURE(nocanonify)
FEATURE(mailertable)
define(`UUCP_RELAY', your.uucp.relay)
define(`UUCP_MAX_SIZE', 200000)
MAILER(local)
MAILER(smtp)
MAILER(uucp)
Cw your.alias.host.name
Cw youruucpnodename.UUCP
</verb>
<p>The <em>nodns</em> and <em>nocanonify</em> features will
prevent any usage of the DNS during mail delivery. The
<em>UUCP_RELAY</em> clause is needed for bizarre reasons,
don't ask. Simply put an Internet hostname there that
is able to handle .UUCP pseudo-domain addresses; most likely,
you will enter the mail relay of your ISP there.
<p>Once you've got this, you need this file called
<tt>/etc/mailertable</tt>. A typical example of this
gender again:
<verb>
#
# makemap hash /etc/mailertable.db < /etc/mailertable
#
horus.interface-business.de uucp-dom:horus
.interface-business.de uucp-dom:if-bus
interface-business.de uucp-dom:if-bus
.heep.sax.de smtp8:%1
horus.UUCP uucp-dom:horus
if-bus.UUCP uucp-dom:if-bus
. uucp-dom:sax
</verb>
<p>As you can see, this is part of a real-life file. The first
three lines handle special cases where domain-addressed mail
should not be sent out to the default route, but instead to
some UUCP neighbor in order to ``shortcut'' the delivery
path. The next line handles mail to the local Ethernet
domain that can be delivered using SMTP. Finally, the UUCP
neighbors are mentioned in the .UUCP pseudo-domain notation,
to allow for a ``uucp-neighbor!recipient'' override of the
default rules. The last line is always a single dot, matching
everything else, with UUCP delivery to a UUCP neighbor that
serves as your universal mail gateway to the world. All of
the node names behind the <tt>uucp-dom:</tt> keyword must
be valid UUCP neighbors, as you can verify using the
command <tt>uuname</tt>.
<p>As a reminder that this file needs to be converted into a
DBM database file before being usable, the command line to
accomplish this is best placed as a comment at the top of
the mailertable. You always have to execute this command
each time you change your mailertable.
<p>Final hint: if you are uncertain whether some particular
mail routing would work, remember the <tt>-bt</tt> option to
sendmail. It starts sendmail in <em>address test mode</em>;
simply enter ``0 '', followed by the address you wish to
test for the mail routing. The last line tells you the used
internal mail agent, the destination host this agent will be
called with, and the (possibly translated) address. Leave
this mode by typing Control-D.
<verb>
j@uriah 191% sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> 0 foo@interface-business.de
rewrite: ruleset 0 input: foo @ interface-business . de
...
rewrite: ruleset 0 returns: $# uucp-dom $@ if-bus $: foo \
< @ interface-business . de >
> ^D
j@uriah 192%
</verb>
<sect1>
<heading>
How do I set up mail with a dialup connection to the 'net?
<label id="ispmail">
</heading>
<p>If you've got a statically assigned IP number, you should not
need to adjust anything from the default. Set your host name up
as your assigned internet name and sendmail will do the rest.
<p>If you've got a dynamically assigned IP number and use a dialup
<bf/ppp/ connection to the internet, you will probably be given a
mailbox on your ISPs mail server. Lets assume your ISPs domain is
<tt/myISP.com/, and that your user name is <tt/user/. Lets also
assume you've called your machine <tt/bsd.home/ and that your ISP
has told you that you may use <tt/relay.myISP.com/ as a mail relay.
<p>In order to retrieve mail from your mailbox, you'll need to
install a retrieval agent. <bf/Fetchmail/ is a good choice as it
supports many different protocols. Usually, POP3 will be provided
by your ISP. If you've chosen to use user-ppp, you can automatically
fetch your mail when a connection to the 'net is established with the
following entry in <tt>/etc/ppp/ppp.linkup</tt>:
<verb>
MYADDR:
!bg su user -c fetchmail
</verb>
<p>If you are using <tt>sendmail</tt> (as shown below) to deliver mail to
non-local accounts, put the command
<verb>
!bg su user -c "sendmail -q"
</verb>
after the above shown entry. This forces sendmail to process your
mailqueue as soon as the connection to the 'net is established.
<p>I'm assuming that you have an account for <tt/user/ on <tt/bsd.home/.
In the home directory of <tt/user/ on <tt/bsd.home/, create a
<tt/.fetchmailrc/ file:
<verb>
poll myISP.com protocol pop3 fetchall pass MySecret;
</verb>
<p>Needless to say, this file should not be readable by anyone except
<tt/user/ as it contains the password <tt/MySecret/.
<p>In order to send mail with the correct <bf/from:/ header, you must
tell sendmail to use <tt/user@myISP.com/ rather than
<tt/user@bsd.home/. You may also wish to tell sendmail to send all
mail via <tt/relay.myISP.com/, allowing quicker mail transmission.
<p>The following <tt/.mc/ file should suffice:
<verb>
VERSIONID(`bsd.home.mc version 1.0')
OSTYPE(bsd4.4)dnl
FEATURE(nouucp)dnl
MAILER(local)dnl
MAILER(smtp)dnl
Cwlocalhost
Cwbsd.home
MASQUERADE_AS(`myISP.com')dnl
FEATURE(allmasquerade)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(nocanonify)dnl
FEATURE(nodns)dnl
define(SMART_HOST, `relay.myISP.com')
Dmbsd.home
define(`confDOMAIN_NAME',`bsd.home')dnl
define(`confDELIVERY_MODE',`deferred')dnl
</verb>
<p>Refer to the previous section for details of how to turn this
<tt/.mc/ file into a <tt/sendmail.cf/ file. Also, don't forget to
restart sendmail after updating sendmail.cf.
<sect1>
<heading>Eek! I forgot the root password!</heading>
<p>Don't Panic! Simply restart the system, type -s at the Boot: prompt
to enter Single User mode. At the question about the shell to use,
hit ENTER. You'll be dropped to a # prompt. Enter <tt>mount -u /</tt> to
remount your root filesystem read/write, then run <tt/mount -a/ to
remount all the filesystems. Run <tt/passwd root/ to
change the root password then run <tt/exit/
to continue booting.
<sect1>
<heading>How do I keep Control-Alt-Delete from rebooting the system?
</heading>
<p>Edit the keymap you are using for the console and replace the
<tt/boot/ keywords with <tt/nop/. The default keymap is
<tt>/usr/share/syscons/keymaps/us.iso.kbd</tt>. You may have to instruct
<tt>/etc/rc.conf</tt> to load this keymap explicitly for the change to
take effect. Of course if you are using an alternate keymap for your
country, you should edit that one instead.
<sect1>
<heading>How do I reformat DOS text files to UNIX ones?</heading>
<p>Simply use this perl command:
<verb>
perl -i.bak -npe 's/\r\n/\n/g' file ...
</verb>
<p>file is the file(s) to process. The modification is done in-place,
with the original file stored with a .bak extension.
<p>Alternatively you can use the <htmlurl
url="http://www.FreeBSD.org/cgi/man.cgi?tr" name="tr"> command:
<verb>
tr -d '\r' &lt; dos-text-file &gt; unix-file
</verb>
<p>dos-text-file is the file containing DOS text while
unix-file will contain the converted output. This can
be quite a bit faster than using perl.
<sect1>
<heading>How do I kill processes by name?</heading>
<p>Use <htmlurl url="http://www.FreeBSD.org/cgi/man.cgi?killall"
name="killall">.
<sect1>
<heading>Why is su bugging me about not being in root's ACL?
</heading>
<p>The error comes from the Kerberos distributed authentication system.
The problem isn't fatal but annoying. You can either run su with the -K
option, or uninstall Kerberos as described in the next question.
<sect1>
<heading>How do I uninstall Kerberos?</heading>
<p>To remove Kerberos from the system, reinstall the bin distribution
for the release you are running. If you have the CDROM, you can
mount the cd (we'll assume on /cdrom) and run
<verb>
cd /cdrom/bin
./install.sh
</verb>
<sect1>
<heading>How do I add pseudoterminals to the system?</heading>
<p>If you have lots of telnet, ssh, X, or screen users, you'll probably run
out of pseudoterminals. Here's how to add more:
<enum>
<item>Build and install a new kernel with the line
<verb>
pseudo-device pty 256
</verb>
<p>in the configuration file.
<item>Run the command
<verb>
# cd /dev
# ./MAKEDEV pty{1,2,3,4,5,6,7}
</verb>
<p>to make 256 device nodes for the new terminals.
<item>Edit <tt>/etc/ttys</tt> and add lines for each of the 256
terminals. They should match the form of the existing entries, i.e. they look like
<verb>
ttyqc none network
</verb>
<p>The order of the letter designations is <tt>tty[pqrsPQRS][0-9a-v]</tt>,
using a regular expression.
<item>Reboot the system with the new kernel and you're ready to go.
</enum>
<sect1>
<heading>I can't create the snd0 device!</heading>
<p>The command to create the devices for the sound card is:
<verb>
# cd /dev
# sh MAKEDEV snd0
</verb>
<p>However, this does not make a device named <tt>/dev/snd0</tt>.
Instead, it creates devices named <tt>mixer0</tt>, <tt>audio0</tt>,
<tt>dsp0</tt>, and others. Running the command is still necessary
to add sound devices, however.
<sect1>
<heading>How do I re-read /etc/rc.conf and re-start /etc/rc without
a reboot?</heading>
<p>Go into single user mode and than back to multi user mode.
On the console do:
<verb>
# shutdown now
(Note: without -r or -h)
# return
# exit
</verb>
<sect1>
<heading>What is a sandbox?</heading>
<p>&quot;Sandbox&quot; is a security term. It can mean two things:
<itemize>
<item>
<p>A process which is placed inside a set of virtual walls
that are designed to prevent someone who breaks into the
process from being able to break into the wider system.
<p>The process is said to be able to "play" inside the
walls. That is, nothing the process does in regards to
executing code is supposed to be able to breech the walls
so you do not have to do a detailed audit of its code to
be able to say certain things about its security.
<p>The walls might be a userid, for example. This is the
definition used in the security and named man pages.
<p>Take the 'ntalk' service, for example (see
/etc/inetd.conf). This service used to run as userid
root. Now it runs as userid tty. The tty user is a
sandbox designed to make it more difficult for someone
who has successfully hacked into the system via ntalk from
being able to hack beyond that user id.
</item>
<item>
<p>A process which is placed inside a simulation of the
machine. This is more hard-core. Basically it means that
someone who is able to break into the process may believe
that he can break into the wider machine but is, in fact,
only breaking into a simulation of that machine and not
modifying any real data.
<p>The most common way to accomplish this is to build a
simulated environment in a subdirectory and then run the
processes in that directory chroot'd (i.e. "/" for that
process is this directory, not the real "/" of the
system).
<p>Another common use is to mount an underlying filesystem
read-only and then create a filesystem layer on top of it
that gives a process a seemingly writeable view into that
filesystem. The process may believe it is able to write
to those files, but only the process sees the effects
&dash; other processes in the system do not, necessarily.
<p>An attempt is made to make this sort of sandbox so
transparent that the user (or hacker) does not realize
that he is sitting in it.
</item>
</itemize>
<p>UNIX implements two core sanboxes. One is at the process
level, and one is at the userid level.
<p>Every UNIX process is completely firewalled off from every
other UNIX process. One process can not modify the address space
of another. This is unlike Windows where a process can easily
overwrite the address space of any other, leading to a crash.
<p>A UNIX process is owned by a patricular userid. If the
userid is not the root user, it serves to firewall the process
off from processes owned by other users. The userid is also
used to firewall off on-disk data.
</sect>
Reference in a new issue View git blame Copy permalink