FreeBSD – UNIX Administratosphere

FreeBSD 6.3 RC-2 on a Compaq Armada E500

FreeBSD 6.2 has been on this machine for a while, but then I tried to upgrade all of the applications using the ports tree. This almost worked, except upgrading to Xorg turned out to be a massive headache and nothing worked.

It was then that FreeBSD 6.3 RC-2 was announced. I thought, why not? So off I went.

It installed well – if you don’t count my not providing enough room for /usr/local. With my “full-featured” (ha!) list of software, I wound up needing more than the original 2 Gb I originally alloted for /usr/local; with 4 Gb it worked. I also had to change the boot options, as it was still set to use 6.3-RC1 instead of 6.3-RC2. Changing the name in the options screen worked just fine.

Then after loading, I had to load the proper kernel – it couldn’t find the kernel. I selected /boot/GENERIC/kernel and all was well. At the boot loader prompt:

load /boot/GENERIC/kernel boot

I had to configure Xorg. This was another headache. There was an excellent article from Julien Valroff about instaling Debian GNU/Linux on this machine. Despite the difference in operating systems, the fundamentals were similar. Another fantastic resource was this old page by Frank Steiner. Despite the age, the descriptions are relevant and useful (though, again, it is about Linux). There is a page on the Gentoo Wiki that describes the machine as well, though the other pages are more descriptive.

The screen display descriptions turned out to be the easiest; the problem was the mouse. Some descriptions suggest that the synaptics driver should work. However, this never did work for me. Using the standard PS/2 mouse driver and protocol worked just fine.

I also had to up the maximum files available, though for what reason I forget. Add this line to /etc/sysctl.conf to fix this problem:

kern.maxfiles=10000

Sound was another matter. It took a bit to figure out. First off, all the Linux directions suggested using lspci to see if it was there; this is Linux-specific. The FreeBSD counterpart is pciconf. Running pciconf -lv presents this:

pcm0@pci0:8:0: class=0x040100 card=0xb1120e11 chip=0x1978125d rev=0x10 hdr=0x00 vendor = 'ESS Technology' device = 'ES1978 Maestro-2E Audiodrive, ES1970 Canyon3D' class = multimedia subclass = audio

Thus, I knew that the sound was recognized. I just had to figure out how to get things to work with it. This means kernel support, da?

First attempts to load a driver turned up short; nothing is found in /boot/modules (!). The search path had to be changed to /boot/GENERIC:

kldconfig -i /boot/GENERIC

After this, load the snd_maestro driver:

kldload snd_maestro

After this, sound will work! Amarok is great…… and sound on this machine is excellent too!

Seeing as a I was trying to load KDE on here, the next step (once Xorg is working) is to add a startkde command to the .xinitrc file (in one’s home directory).

To make the system boot properly (and so you don’t have to load kernel modules manually all the time), the /boot/loader.conf file had to be created with this:

# Directory (in /boot) containing kernel and modules kernel="GENERIC" # Load maestro driver snd_maestro_load="YES"

This then worked well.

I’m enjoying this machine again – though I am attempting to make it more of a usable desktop, which means more memory and all of the niggling setup work – like bootup splash screens, configuring kdm, and more – but hey, we’re system admins here, right?

Tips on using the UNIX find command

When I used find, it took a while before I was able to use it regularly without looking it up. For a smart introduction, this article from the Debian/Ubuntu Tips and Tricks site is good. The GNU project has all of their manuals on the web, including the GNU find manual.

There is much more to the find command than just these introductory topics, however. First, let us consider the tricks and traps of the find command:

The original find command required the -print option or nothing was printed at all. Today, the GNU find does not require -print, and most other find commands seem to have followed suit.
Using the -exec option to find is less efficient than using the xargs command; in the Sun Manager’s mailing list there was a nice summary from Steve Nelson of this contrast.
Watch out for filenames with spaces and other things; the GNU find contains a -print0 option (and GNU xargs has a -0 option to match) just for this reason. These options use an ASCII NUL to separate filenames.

Some tips for using find:

Multiple options can be placed in sequence with AND and OR boolean options (and parenthesis). For example, to find all files containing “house” in the name that are newer than two days and are larger than 10K, try this:

find . -name “*house*” -size +10240 -mtime -2

This is where some of the power of find can be seen.

Use all appropriate options. The more you can narrow down the selection, the less you have to look. For example, the -type and -xdev options can be quite useful. The -type options selects a file based on its type, and the -xdev prevents the file “scan” from going to another disk volume (refusing to cross mount points, for example). Thus, you can look for all regular directories on the current disk from a starting point like this:

find /var/tmp -xdev -type d -print

Get to know all of find’s options.

Use xargs instead of -exec. Find will spawn a new process for each execution of -exec (though GNU find might be different). xargs will load a single process (binary) into memory, parcels out the arguments (one to a line on stdin) into a set of command arguments, and runs the binary as necessary – repeating this process as often as necessary.

For example, an “exec” of rm would spawn a process for rm, load the rm binary for each file, run it once for each file, and release process memory. Using xargs, the rm binary is loaded once, then as many arguments as possible are read from the standard input, rm is run with these arguments. If there are more arguments, xargs repeats the process.

Don’t use find / . Doing a find on a large number of files can slow the system down drastically. Typically this is used by an administrator in order to find a file somewhere on the hard drive. Better yet is to perform this command sequence overnight:

find / -print > /.masterfile

Then the /.masterfile can be searched using grep instead of tying the system up with lots of disk I/O during the day when users are counting on excellent system performance.

Remember to quote special characters. In particular, any regular expressions and the left and right parenthesis should be quoted. Typically, the regular expressions are put into double quotes, and left and right parens are quoted with a backslash.

Be wary of extensions to POSIX.1 find. It’s not that they are bad, but rather that you cannot count on them being present. Unfortunately, some of the most useful options fall into this category – but as long as you are aware of them, they can be used appropriately. Some options in this category are:

-print0
-maxdepth
-mindepth
-iname
-ls

In particular, the -print0 is the most useful of the lot.

The BSD man page also brings up an interesting point about find and find options:

Historically, the -d, -L and -x options were implemented using the pri-
maries -depth, -follow, and -xdev. These primaries always evaluated to
true. As they were really global variables that took effect before the
traversal began, some legal expressions could have unexpected results.
An example is the expression -print -o -depth. As -print always evalu-
ates to true, the standard order of evaluation implies that -depth would
never be evaluated. This is not the case.

This has been a source of confusion in the past; considering them as global options (and placing them first) will provide some relief. Note that the -d, -L and -x options are likely BSD-specific.

New operating system releases!

This is just amazing: did everybody coordinate this? Within the last three weeks or so, we’ve seen these releases come out:

Ubunutu 7.10 Gutsy Gibbon (and Kubuntu, Edubuntu, Xubuntu, et al)
OpenBSD 4.2
Fedora 8
Red Hat Enterprise 5.1
OpenVMS 8.3-1H1
FreeBSD 7 Beta 2
FreeBSD 6.3 Beta 1
OpenSUSE 10.3
Macintosh OS X 10.5
NetBSD 4.0 RC3
AIX 6.1

Several of these were released on the same day, November 1.

What next? Am I really supposed to choose just one? Sigh. And I just installed OpenBSD 4.1 and Fedora 7, too – not to mention installing FreeBSD 6.2 not too long ago.

From all the talk, I’ll have to try Kubuntu again. So many systems, so little time.

I have been using OpenSUSE 10.3 (with KDE). I just love it – and I love the new menu format, too.

Update: Sigh. I should have known. Microsoft Windows Vista celebrated its 1st Anniversary on Nov. 8.

Locking out root!

This is not as far fetched as it sounds; every Macintosh OS X system comes configured in this way: it is impossible to log in as root.

How does one do things as root then? I shall reveal the secret…

First of all, one needs to make sure that the program sudo is available and correctly configured. It must be configured to allow you (or the system owner) to switch to root. Best to test this directly before doing anything to the root account.

Once you have verified that you can switch to root using sudo, then it is time to actually lock the root account. Before doing so, open a root shell using sudo or a direct log in as root. Then execute:

# passwd -l root

There! Now no one can log in as root – don’t you feel much better? Well…. you can become root (by using sudo) but logging in directly as root is impossible.

If passwd does not recognize the -l option, then just put an asterisk (*) into the password field, wherever it is. HP-UX, Linux, and Solaris all recognize the -l option; FreeBSD uses the -l option for a different purpose.

For FreeBSD (and quite probably, OpenBSD and NetBSD as well), use the vipw command to lock out not only the root account, but the toor account as well. The toor account is identical to the root account (including userid) but allows user customization.

When combined with the wheel group, this will lock down your root account quite effectively. Just don’t stop there: remember to use multiple defenses. However, that’s a topic for another day.

Update: This is most useful in situations where a normal user will always have access (workstations come to mind). If your normal users are authenticated via NIS, or Active Directory, or LDAP, don’t do this! If root logins are locked out, and none of the users can log in…….. then what? Uh oh….

A “new” file pager: view

I, like most people I know, adore the file pager less. However, for whatever inconceivable reason, new UNIX systems (Linux doesn’t count here!) virtually never come with less. So… what to do when less is missing?

HP-UX, for one, comes with more and pg. Everything comes with more – but once you’ve used less you’ll never want to use a standard more again. The pager pg really isn’t any better.

Is there a solution? Yes – view.

What is view? The program view is a file pager which is included on virtually all UNIX and Linux systems. The view program is available, for example, in Solaris 9, HP-UX 11i v2, FreeBSD 6.2, Red Hat Linux 9, and more.

If you know vi, then you’ll know view. Why? Because view is actually vi in disguise, acting as a file pager with read-only access to the file.

The biggest drawback to view is that it does not handle stdin; that is, using view as the destination of a pipe gets very messy very fast (i.e., don’t do that!).

Apparently, vim handles this situation much better. Perhaps much better: there are ways to specify the use of vim with less keymappings, and to use view (i.e., vim) for general pager use! There are directions on how to make vim work as a man page viewer complete with syntax highlighting. Here is the quick and dirty instructions (for ksh):

export MANPAGER="col -b | view -c 'set ft=man nomod nolist' -"

For less key bindings, use (for ksh again):

export MANPAGER="col -b | /usr/share/vim/vim61/macros/less.sh -c 'set ft=man nomod nolist' -"

Be sure to use the right macro location for your version of vim. If you check out the original directions, be sure to read all of the comments: there are directions on how to properly configure the environment so reading man pages inside vim will work properly, and so that non-English locales can be handled properly, and more.

Next time you find yourself suffering without less – stop suffering through more and use view instead. You’ll be glad you did.