From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 01:14:52 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5230316A4CE for ; Mon, 16 Feb 2004 01:14:52 -0800 (PST) Received: from brisefer.cediti.be (porquepix.cediti.be [213.189.188.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id D02CE43D2F for ; Mon, 16 Feb 2004 01:14:51 -0800 (PST) (envelope-from Olivier.Cherrier@cediti.be) Received: by brisefer.nat.cediti.be with Internet Mail Service (5.5.2653.19) id ; Mon, 16 Feb 2004 10:13:06 +0100 Message-ID: From: Olivier Cherrier To: freebsd-isp@freebsd.org Date: Mon, 16 Feb 2004 10:13:05 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Anybody Use 2 or More CPU at Production Env. ( SMP ) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 09:14:52 -0000 >Seconded. We have a few hundred Dual SMP PIII and Dual Xeon (2.4Ghz w/ >HT) machines running 4.9 without any hiccups whatsoever. Not so luck for me. I tried some times to run a 4.7-smp and 4.8-smp on a dual PIII - 733 MHz but I always falled in http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/48029 which is still in the 'open' state. I can imagine that 5.x is far more stable. oc From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 01:24:50 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93EE116A4CE for ; Mon, 16 Feb 2004 01:24:50 -0800 (PST) Received: from relay.kiev.sovam.com (relay.kiev.sovam.com [212.109.32.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5BCC243D31 for ; Mon, 16 Feb 2004 01:24:50 -0800 (PST) (envelope-from dimitry@al.org.ua) Received: from [212.109.32.116] (helo=svitonline.com) by relay.kiev.sovam.com with esmtp (Exim 4.30) id 1Asezg-0006Wa-TN; Mon, 16 Feb 2004 11:24:48 +0200 From: Dmitry Alyabyev To: freebsd-isp@freebsd.org Date: Mon, 16 Feb 2004 11:24:48 +0200 User-Agent: KMail/1.6 References: In-Reply-To: X-NCC-RegID: ua.svitonline MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200402161124.48262.dimitry@al.org.ua> X-Scanner-Signature: ef6c50392af5ec65634338665e82f3c2 X-DrWeb-checked: yes Subject: Re: Anybody Use 2 or More CPU at Production Env. ( SMP ) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dimitry@al.org.ua List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 09:24:50 -0000 On Monday 16 February 2004 11:13, Olivier Cherrier wrote: > >Seconded. We have a few hundred Dual SMP PIII and Dual Xeon (2.4Ghz w/ > >HT) machines running 4.9 without any hiccups whatsoever. > > Not so luck for me. > I tried some times to run a 4.7-smp and 4.8-smp on a dual PIII - 733 MHz > but I always falled in > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/48029 > which is still in the 'open' state. > > I can imagine that 5.x is far more stable. imho you have a problem with hardware (for ex. different CPUs stepping) -- Dimitry From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 06:56:38 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A18F16A4CE for ; Mon, 16 Feb 2004 06:56:38 -0800 (PST) Received: from brisefer.cediti.be (porquepix.cediti.be [213.189.188.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9843943D1D for ; Mon, 16 Feb 2004 06:56:37 -0800 (PST) (envelope-from Olivier.Cherrier@cediti.be) Received: by brisefer.nat.cediti.be with Internet Mail Service (5.5.2653.19) id ; Mon, 16 Feb 2004 15:54:52 +0100 Message-ID: From: Olivier Cherrier To: "'dimitry@al.org.ua'" , freebsd-isp@freebsd.org Date: Mon, 16 Feb 2004 15:54:45 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Anybody Use 2 or More CPU at Production Env. ( SMP ) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 14:56:38 -0000 >> Not so luck for me. >> I tried some times to run a 4.7-smp and 4.8-smp on a dual >PIII - 733 MHz >> but I always falled in >> http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/48029 >> which is still in the 'open' state. >> >> I can imagine that 5.x is far more stable. > >imho you have a problem with hardware (for ex. different CPUs stepping) I can not check anymore because it is not my own hardware. But before, the box ran perfectly with a Linux-SMP on it. oc From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 10:18:00 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A274816A4CE for ; Mon, 16 Feb 2004 10:18:00 -0800 (PST) Received: from deluge.umist.ac.uk (deluge.umist.ac.uk [130.88.120.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7983C43D1F for ; Mon, 16 Feb 2004 10:18:00 -0800 (PST) (envelope-from lewiz@black.lewiz.org) Received: from lh014.halls.umist.ac.uk ([130.88.163.14] helo=yellow.lewiz.org) by deluge.umist.ac.uk with esmtp (Exim 4.24) id 1AsnJf-0000OA-Jn for isp@freebsd.org; Mon, 16 Feb 2004 18:17:59 +0000 Received: from black.lewiz.org ([192.168.0.13]) by mail.lewiz.org with smtp (Exim 4.30; FreeBSD) id 1AsnM1-000IyT-UC for isp@freebsd.org; Mon, 16 Feb 2004 18:20:25 +0000 Received: (nullmailer pid 64853 invoked by uid 4001); Mon, 16 Feb 2004 18:17:59 -0000 Date: Mon, 16 Feb 2004 18:17:59 +0000 From: Lewis Thompson To: isp@freebsd.org Message-ID: <20040216181759.GA64843@lewiz.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline X-GPG-Fingerprint: 90A4 939E 3847 A3E4 8103 2A48 22DA B428 542F ED3F X-GPG-Info: http://www.lewiz.org/~lewiz/pgpkey / horowitz.surfnet.nl User-Agent: Mutt/1.5.6i X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean Subject: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 18:18:00 -0000 --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I was recommended to ask here for information on running Apache in a way that regular system users can access their home directories. I think this is quite a straightforward question -- I'd like to allow user fred to log in over HTTPS and have access to upload, delete, rename, etc. all of the files he has permission to access (or possibly restricted to just his home directory -- sort of a chroot). Is this possible using Apache (or maybe some other application)? And more importantly can it be done in a secure fashion? Thanks very much, -lewiz. --=20 I was so much older then, I'm younger than that now. --Bob Dylan, 1964. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org |- --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD4DBQFAMQlXItq0KFQv7T8RAitcAJ4oO9bBynBW0ptMe8w4OEiscn6ykgCYiTQJ Pk3Y9tzoUjMJV6J12z+iBA== =g7sH -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo-- From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 10:45:33 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F33716A4CE for ; Mon, 16 Feb 2004 10:45:33 -0800 (PST) Received: from thud.tbe.net (thud.tbe.net [209.123.109.174]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53E5543D1D for ; Mon, 16 Feb 2004 10:45:33 -0800 (PST) (envelope-from gary@tbe.net) Received: by thud.tbe.net (Postfix, from userid 1001) id 087FD1C941C; Mon, 16 Feb 2004 12:53:54 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by thud.tbe.net (Postfix) with ESMTP id 040E7DCFD4; Mon, 16 Feb 2004 12:53:53 -0500 (EST) Date: Mon, 16 Feb 2004 12:53:53 -0500 (EST) From: "Gary D. Margiotta" To: Lewis Thompson In-Reply-To: <20040216181759.GA64843@lewiz.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: isp@freebsd.org Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 18:45:33 -0000 It's certainly possible. First, look in the Apache conf, and look for where it sets up the section for user's personal web space. You can change that directory to be anything, and you'd either need to make the config understand and serve the home directory of the user (rather than just an html subdirectory), or vice versa, make the apache-served directory the home directory as specified in the passwd file. To allow directory browsing, you simply need to add 'Indexes' into your Options configuration directive under the above Apache config section, and that will give you a directory listing, instead of encountering a forbidden error when accessing a directory without a default landing page. You can set up secure (port 443) HTTPS access only on that broswer, you just have to set it up for SSL, and disallow port 80 traffic. And, you could make a port 80 jump page, which tells the user that they've reached the right place, but they have to connect using SSL instead of regular unencrypted http sessions. You can restrict users to their directories using the .htaccess feature, and a password table, which will require authentication into the directories when accessed through the browser. Also, on top of that, you can use the ftpchroot functionality to restrict each and every user to be allowed to ftp only into their home directory and stray nowhere else on the machine. All the above can be found by looking and reading through the config files and documentation for Apache, and the appropriate man pages in FBSD for things like ftpchroot. As for the security of running this way, I'll defer to others who may have thought about and tried this approach before. -Gary Running Windows is kinda like playing blackjack: User stays on success, reboots on failure On Mon, 16 Feb 2004, Lewis Thompson wrote: > Hi, > > I was recommended to ask here for information on running Apache in a way > that regular system users can access their home directories. > > I think this is quite a straightforward question -- I'd like to allow > user fred to log in over HTTPS and have access to upload, delete, > rename, etc. all of the files he has permission to access (or possibly > restricted to just his home directory -- sort of a chroot). > > Is this possible using Apache (or maybe some other application)? And > more importantly can it be done in a secure fashion? > > Thanks very much, > > -lewiz. > > -- > I was so much older then, I'm younger than that now. --Bob Dylan, 1964. > ------------------------------------------------------------------------ > -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org |- > From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 10:56:40 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77F4D16A4CE for ; Mon, 16 Feb 2004 10:56:40 -0800 (PST) Received: from mg3.xecu.net (mg3.xecu.net [216.127.136.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6094943D2F for ; Mon, 16 Feb 2004 10:56:40 -0800 (PST) (envelope-from andy@xecu.net) Received: by mg3.xecu.net (Postfix, from userid 1003) id 4158C3DAB08; Mon, 16 Feb 2004 13:56:39 -0500 (EST) Received: from thunder.xecu.net (thunder.xecu.net [216.127.136.208]) by mg3.xecu.net (Postfix) with ESMTP id EDFFA3DAE88; Mon, 16 Feb 2004 13:56:38 -0500 (EST) Date: Mon, 16 Feb 2004 13:56:36 -0500 (EST) From: Andy Dills To: Lewis Thompson In-Reply-To: <20040216181759.GA64843@lewiz.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: isp@freebsd.org Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 18:56:40 -0000 On Mon, 16 Feb 2004, Lewis Thompson wrote: > Hi, > > I was recommended to ask here for information on running Apache in a way > that regular system users can access their home directories. > > I think this is quite a straightforward question -- I'd like to allow > user fred to log in over HTTPS and have access to upload, delete, > rename, etc. all of the files he has permission to access (or possibly > restricted to just his home directory -- sort of a chroot). > > Is this possible using Apache (or maybe some other application)? And > more importantly can it be done in a secure fashion? Hmm...unless I'm overlooking something, what would be the problem with using ftpd? Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 12:05:47 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B3B416A4D0 for ; Mon, 16 Feb 2004 12:05:47 -0800 (PST) Received: from ioda-txdap01.iodamedia.net (unknown [64.5.44.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 497AC43D1D for ; Mon, 16 Feb 2004 12:05:47 -0800 (PST) (envelope-from shawnm@iodamedia.net) Received: from localhost (localhost [127.0.0.1]) by ioda-txdap01.iodamedia.net (Postfix) with ESMTP id DBDD034716; Mon, 16 Feb 2004 14:01:19 -0600 (CST) Received: from laptop02b (unknown [66.250.240.56]) by ioda-txdap01.iodamedia.net (Postfix) with SMTP id 7AF4A2CA91; Mon, 16 Feb 2004 14:01:18 -0600 (CST) From: "Shawn Mitchell" To: "Andy Dills" , "Lewis Thompson" Date: Mon, 16 Feb 2004 14:05:44 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: X-Virus-Scanned: by AMaViS 0.3.12 cc: isp@freebsd.org Subject: RE: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 20:05:47 -0000 I don't think this was his original question was referring to. He's going to be using a scripting language number one. If it is php, perl, python, or whatever else, it doesn't matter. Their going to be logging in via a web interface (via HTTPS). From there they can upload files, delete, rename, etc, through their web browser. This is no problem, there's several packages out there that can do this. (I use one writing in PHP for internal stuff) But here's where the problem is... What happens when someone else loads up the same type of package. They can then go scrolling through everyone else's directories. Since all the files will have to be owned by the web services user (apache, wwwrun, nobody, whatever) so that the "legit" file management software can write/read/etc them, any software installed by Joe User, will have the same type of access. Basically what he's asking, is how do you chroot VHOST's in apache. So that one vhost, can not access another vhosts files. chrooting in ftp (I use PureFTP since it supports a MySQL auth backend, but you can use whatever). Using .htaccess files only keeps general browsing, same as index files. Just another quick example... /home/joe/access_list <--- Access list for Joe's .htaccess files /home/tim/public_html/file_add.php <-- Some script Tim has in his directory file_add.php contents... $user_to_add = "tim:crypt_password"; $handle = fopen($filename, 'a'); fwrite($handle, $user_to_add); fclose($handle); And wham, thanks to Apache's scripting security and great vhost support, tim now has whatever access to joe's website. Same thing if he reads a config file on a vhost server, and get's his database username/password info as well. -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Andy Dills Sent: Monday, February 16, 2004 12:57 PM To: Lewis Thompson Cc: isp@freebsd.org Subject: Re: Apache and home directories (file browser). On Mon, 16 Feb 2004, Lewis Thompson wrote: > Hi, > > I was recommended to ask here for information on running Apache in a way > that regular system users can access their home directories. > > I think this is quite a straightforward question -- I'd like to allow > user fred to log in over HTTPS and have access to upload, delete, > rename, etc. all of the files he has permission to access (or possibly > restricted to just his home directory -- sort of a chroot). > > Is this possible using Apache (or maybe some other application)? And > more importantly can it be done in a secure fashion? Hmm...unless I'm overlooking something, what would be the problem with using ftpd? Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 13:44:41 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D59FF16A4CE for ; Mon, 16 Feb 2004 13:44:41 -0800 (PST) Received: from deluge.umist.ac.uk (deluge.umist.ac.uk [130.88.120.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8764A43D1F for ; Mon, 16 Feb 2004 13:44:41 -0800 (PST) (envelope-from lewiz@black.lewiz.org) Received: from lh014.halls.umist.ac.uk ([130.88.163.14] helo=yellow.lewiz.org) by deluge.umist.ac.uk with esmtp (Exim 4.24) id 1AsqXg-0005xn-9k; Mon, 16 Feb 2004 21:44:40 +0000 Received: from black.lewiz.org ([192.168.0.13]) by mail.lewiz.org with smtp (Exim 4.30; FreeBSD) id 1Asqa1-000JJP-3z; Mon, 16 Feb 2004 21:47:05 +0000 Received: (nullmailer pid 66056 invoked by uid 4001); Mon, 16 Feb 2004 21:44:38 -0000 Date: Mon, 16 Feb 2004 21:44:38 +0000 From: Lewis Thompson To: Shawn Mitchell Message-ID: <20040216214437.GC65551@lewiz.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uZ3hkaAS1mZxFaxD" Content-Disposition: inline In-Reply-To: X-GPG-Fingerprint: 90A4 939E 3847 A3E4 8103 2A48 22DA B428 542F ED3F X-GPG-Info: http://www.lewiz.org/~lewiz/pgpkey / horowitz.surfnet.nl User-Agent: Mutt/1.5.6i X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean cc: isp@freebsd.org Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 21:44:41 -0000 --uZ3hkaAS1mZxFaxD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 16, 2004 at 02:05:44PM -0600, Shawn Mitchell wrote: > Their going to be logging in via a web interface (via HTTPS). From > there they can upload files, delete, rename, etc, through their web > browser. Yes -- this is what I wanted :) > Since all the files will have to be owned by the web services user > (apache, wwwrun, nobody, whatever) so that the "legit" file management > software can write/read/etc them, any software installed by Joe User, > will have the same type of access. This is also the worry I had. I've currently got Apache setup with safe_mode enabled (but only for public_html dirs because I control the rest of the scripts). > Basically what he's asking, is how do you chroot VHOST's in apache. > So that one vhost, can not access another vhosts files. I think this is what I'm looking for, yes. Since I posted this I asked some questions on IRC and somebody mentioned that Apache can be chrooted to the uid of a script's owner (similar in a way to safe_mode in PHP). This would surely then allow files to be read/written by Apache in a secure fashion. My worry here is that Apache would have to be running as root to chroot -- can anybody confirm this for me? (Indeed, can anybody confirm that it is even possible to do this?) Thanks very much, -lewiz. --=20 I was so much older then, I'm younger than that now. --Bob Dylan, 1964. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org |- --uZ3hkaAS1mZxFaxD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAMTnFItq0KFQv7T8RAmRzAKDHiQoWD8KYBzU4Ad7EnWg3ZqOJSACfcIUM 8uDc8+grcZrOyo0UXsb/B8s= =DpC7 -----END PGP SIGNATURE----- --uZ3hkaAS1mZxFaxD-- From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 14:00:05 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFEFE16A4CE for ; Mon, 16 Feb 2004 14:00:05 -0800 (PST) Received: from mx2.dobleJ.net (243.Red-213-97-10.pooles.rima-tde.net [213.97.10.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA64D43D1F for ; Mon, 16 Feb 2004 14:00:04 -0800 (PST) (envelope-from juanjo.listas@dobleJ.net) X-Server: Reenviado vía mx2.dobleJ.net From: Juan Jose Sanchez Mesa To: X-Mailer: PocoMail 3.03 (1740) - Licensed Version Date: Mon, 16 Feb 2004 22:55:57 +0100 Message-ID: <2004216225557.966318@juanjo> In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable cc: isp@freebsd.org Subject: RE: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 22:00:06 -0000 > > What happens when someone else loads up the same type of package. They= can > then go scrolling through everyone else's directories. > In PHP, use safe_mode to avoid this. > > /home/joe/access_list <--- Access list for Joe's .htaccess files > /home/tim/public_html/file_add.php <-- Some script Tim has in his > directory > If you set open_base_dir value to '/home/tim/public_html/', the PHP executed= in this vhost, can't access any directory/file below it. From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 14:00:37 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4584B16A4D6 for ; Mon, 16 Feb 2004 14:00:37 -0800 (PST) Received: from mx2.dobleJ.net (243.Red-213-97-10.pooles.rima-tde.net [213.97.10.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC9D143D4C for ; Mon, 16 Feb 2004 14:00:10 -0800 (PST) (envelope-from juanjo.listas@dobleJ.net) X-Server: Reenviado vía mx2.dobleJ.net From: Juan Jose Sanchez Mesa To: X-Mailer: PocoMail 3.03 (1740) - Licensed Version Date: Mon, 16 Feb 2004 22:55:57 +0100 Message-ID: <2004216225557.966318@juanjo> In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable cc: isp@freebsd.org Subject: RE: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 22:00:38 -0000 > > What happens when someone else loads up the same type of package. They= can > then go scrolling through everyone else's directories. > In PHP, use safe_mode to avoid this. > > /home/joe/access_list <--- Access list for Joe's .htaccess files > /home/tim/public_html/file_add.php <-- Some script Tim has in his > directory > If you set open_base_dir value to '/home/tim/public_html/', the PHP executed= in this vhost, can't access any directory/file below it. From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 14:31:17 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6BF416A4CE for ; Mon, 16 Feb 2004 14:31:17 -0800 (PST) Received: from mg3.xecu.net (mg3.xecu.net [216.127.136.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id B04A143D1F for ; Mon, 16 Feb 2004 14:31:17 -0800 (PST) (envelope-from andy@xecu.net) Received: by mg3.xecu.net (Postfix, from userid 1003) id 738AF3DA350; Mon, 16 Feb 2004 17:31:16 -0500 (EST) Received: from thunder.xecu.net (thunder.xecu.net [216.127.136.208]) by mg3.xecu.net (Postfix) with ESMTP id 203243DA7FF; Mon, 16 Feb 2004 17:31:16 -0500 (EST) Date: Mon, 16 Feb 2004 17:31:13 -0500 (EST) From: Andy Dills To: Lewis Thompson In-Reply-To: <20040216214437.GC65551@lewiz.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: isp@freebsd.org Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 22:31:17 -0000 On Mon, 16 Feb 2004, Lewis Thompson wrote: > I think this is what I'm looking for, yes. Since I posted this I asked > some questions on IRC and somebody mentioned that Apache can be chrooted > to the uid of a script's owner (similar in a way to safe_mode in PHP). > This would surely then allow files to be read/written by Apache in a > secure fashion. > > My worry here is that Apache would have to be running as root to > chroot -- can anybody confirm this for me? (Indeed, can anybody confirm > that it is even possible to do this?) While you can chroot apache, that's serverwide, not per-virtualhost. If I were you and I wanted to do what you're talking about, I'd use suexec with perl scripts. AFAIK, that's the only way to do it correctly. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- From owner-freebsd-isp@FreeBSD.ORG Mon Feb 16 15:13:11 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 684DB16A4DD for ; Mon, 16 Feb 2004 15:13:11 -0800 (PST) Received: from cloudburst.umist.ac.uk (cloudburst.umist.ac.uk [130.88.119.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4072343D1D for ; Mon, 16 Feb 2004 15:13:11 -0800 (PST) (envelope-from lewiz@black.lewiz.org) Received: from lh014.halls.umist.ac.uk ([130.88.163.14] helo=yellow.lewiz.org) by cloudburst.umist.ac.uk with esmtp (Exim 4.24) id 1AsrvK-0004rL-CO; Mon, 16 Feb 2004 23:13:10 +0000 Received: from black.lewiz.org ([192.168.0.13]) by mail.lewiz.org with smtp (Exim 4.30; FreeBSD) id 1Asrxj-000JUF-OO; Mon, 16 Feb 2004 23:15:39 +0000 Received: (nullmailer pid 79131 invoked by uid 4001); Mon, 16 Feb 2004 23:13:12 -0000 Date: Mon, 16 Feb 2004 23:13:12 +0000 From: Lewis Thompson To: Juan Jose Sanchez Mesa Message-ID: <20040216231312.GB78809@lewiz.org> References: <2004216225557.966318@juanjo> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="61jdw2sOBCFtR2d/" Content-Disposition: inline In-Reply-To: <2004216225557.966318@juanjo> X-GPG-Fingerprint: 90A4 939E 3847 A3E4 8103 2A48 22DA B428 542F ED3F X-GPG-Info: http://www.lewiz.org/~lewiz/pgpkey / horowitz.surfnet.nl User-Agent: Mutt/1.5.6i X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean cc: isp@freebsd.org Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 23:13:11 -0000 --61jdw2sOBCFtR2d/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 16, 2004 at 10:55:57PM +0100, Juan Jose Sanchez Mesa wrote: > > /home/joe/access_list <--- Access list for Joe's .htaccess > > files /home/tim/public_html/file_add.php <-- Some script Tim has > > in his directory > > > If you set open_base_dir value to '/home/tim/public_html/', the PHP > executed in this vhost, can't access any directory/file below it. I understand this. However, I don't see that this helps reading/writing to home directories. I really want home directories to be owned by the ``correct'' person and not all by the www user. Maybe I'm jumping the gun and assuming you are trying to answer my question when you're not -- sorry if this is the case ;) -lewiz. --=20 I was so much older then, I'm younger than that now. --Bob Dylan, 1964. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org |- --61jdw2sOBCFtR2d/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAMU6IItq0KFQv7T8RAjWuAKD5HymocBnfPLYoJvl4LfZCCFG11wCeJFO3 otw64waXcfjW67+VAAKkMFI= =5TcY -----END PGP SIGNATURE----- --61jdw2sOBCFtR2d/-- From owner-freebsd-isp@FreeBSD.ORG Tue Feb 17 00:20:15 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50CBC16A4CE for ; Tue, 17 Feb 2004 00:20:15 -0800 (PST) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25D7843D1D for ; Tue, 17 Feb 2004 00:20:15 -0800 (PST) (envelope-from ml@sd2i.fr) Received: from sd2i.fr (nas-cbv-5-213-228-49-123.dial.proxad.net [213.228.49.123]) by postfix3-2.free.fr (Postfix) with ESMTP id 3AF27C29F for ; Tue, 17 Feb 2004 09:20:09 +0100 (CET) Date: Tue, 17 Feb 2004 09:19:56 +0100 Content-Type: text/plain; delsp=yes; charset=ISO-8859-1; format=flowed Mime-Version: 1.0 (Apple Message framework v553) From: ml@sd2i.fr To: isp@freebsd.org Content-Transfer-Encoding: quoted-printable In-Reply-To: <20040216231312.GB78809@lewiz.org> Message-Id: <11D5E5E6-6122-11D8-B0F6-000393CBDA8C@sd2i.fr> X-Mailer: Apple Mail (2.553) Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 08:20:15 -0000 Le mardi, 17 f=E9v 2004, =E0 00:13 Europe/Paris, Lewis Thompson a =E9crit = : > On Mon, Feb 16, 2004 at 10:55:57PM +0100, Juan Jose Sanchez Mesa = wrote: >>> /home/joe/access_list <--- Access list for Joe's .htaccess >>> files /home/tim/public_html/file_add.php <-- Some script Tim has >>> in his directory >>> >> If you set open_base_dir value to '/home/tim/public_html/', the PHP >> executed in this vhost, can't access any directory/file below it. > > I understand this. However, I don't see that this helps =20 > reading/writing > to home directories. I really want home directories to be owned by = the > ``correct'' person and not all by the www user. Take a look at www.suphp.org and you'll be able to chroot each vhost =20 without running apache as root. > > Maybe I'm jumping the gun and assuming you are trying to answer my > question when you're not -- sorry if this is the case ;) > > -lewiz. > > -- I was so much older then, I'm younger than that now. --Bob Dylan, =20= > 1964. > = -----------------------------------------------------------------------=20= > - > -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org =20= > |- > From owner-freebsd-isp@FreeBSD.ORG Tue Feb 17 08:25:01 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A074116A4CE for ; Tue, 17 Feb 2004 08:25:01 -0800 (PST) Received: from pegmatite.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 867FE43D1D for ; Tue, 17 Feb 2004 08:25:01 -0800 (PST) (envelope-from damian@sentex.net) Received: by pegmatite.sentex.ca (Postfix, from userid 1001) id 440A5B949; Tue, 17 Feb 2004 11:24:57 -0500 (EST) Date: Tue, 17 Feb 2004 11:24:57 -0500 From: Damian Gerow To: isp@freebsd.org Message-ID: <20040217162457.GB59940@sentex.net> Mail-Followup-To: isp@freebsd.org References: <20040216214437.GC65551@lewiz.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142 X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.4i Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 16:25:01 -0000 Thus spake Andy Dills (andy@xecu.net) [16/02/04 17:51]: > > I think this is what I'm looking for, yes. Since I posted this I asked > > some questions on IRC and somebody mentioned that Apache can be chrooted > > to the uid of a script's owner (similar in a way to safe_mode in PHP). > > This would surely then allow files to be read/written by Apache in a > > secure fashion. > While you can chroot apache, that's serverwide, not per-virtualhost. > > If I were you and I wanted to do what you're talking about, I'd use suexec > with perl scripts. AFAIK, that's the only way to do it correctly. I get the impression that's what was meant, and this is just a confusion of terms. You don't chroot to a uid, you generally 'drop' privileges to a uid. To answer the question.. > > My worry here is that Apache would have to be running as root to > > chroot -- can anybody confirm this for me? (Indeed, can anybody confirm > > that it is even possible to do this?) When you start Apache, you need to start it as root, then it drops privileges to, for later versions of FreeBSD, uid www. If you have suexec set up, I don't know exactly how it works, but it drops privileges from root (who starts httpd) to whichever user suexec is configured to. - Damian From owner-freebsd-isp@FreeBSD.ORG Tue Feb 17 09:30:56 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3E3516A4CE for ; Tue, 17 Feb 2004 09:30:56 -0800 (PST) Received: from bsdhosting.net (bsdhosting.net [65.39.221.113]) by mx1.FreeBSD.org (Postfix) with SMTP id B9AEE43D1D for ; Tue, 17 Feb 2004 09:30:56 -0800 (PST) (envelope-from jhopper@bsdhosting.net) Received: (qmail 98796 invoked from network); 17 Feb 2004 17:29:25 -0000 Received: from bsdhosting.net (HELO corp.digitaloasys.net) (jhopper@bsdhosting.net@65.39.221.113) by bsdhosting.net with SMTP; 17 Feb 2004 17:29:25 -0000 From: Justin Hopper To: isp@freebsd.org In-Reply-To: <20040216231312.GB78809@lewiz.org> References: <2004216225557.966318@juanjo> <20040216231312.GB78809@lewiz.org> Content-Type: text/plain Message-Id: <1077039055.3523.182.camel@work.gusalmighty.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Tue, 17 Feb 2004 09:30:55 -0800 Content-Transfer-Encoding: 7bit Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 17:30:57 -0000 On Mon, 2004-02-16 at 15:13, Lewis Thompson wrote: > On Mon, Feb 16, 2004 at 10:55:57PM +0100, Juan Jose Sanchez Mesa wrote: > > > /home/joe/access_list <--- Access list for Joe's .htaccess > > > files /home/tim/public_html/file_add.php <-- Some script Tim has > > > in his directory > > > > > If you set open_base_dir value to '/home/tim/public_html/', the PHP > > executed in this vhost, can't access any directory/file below it. > > I understand this. However, I don't see that this helps reading/writing > to home directories. I really want home directories to be owned by the > ``correct'' person and not all by the www user. > > Maybe I'm jumping the gun and assuming you are trying to answer my > question when you're not -- sorry if this is the case ;) > > -lewiz. If you are only going to allow access to the webserver through a particular language, such as PHP or CGI, then either suPHP or suexec should work fine to setuid the Apache process to the user while the script is being run. However, if you will be using Apache in a normal fashion, where users can run PHP scripts, CGIs, etc., then you'll want to take a look at something that provides a setuid function higher up in Apache's pipeline. There is the per_child module, which ships with Apache 2.x, but it is still in the "experimental" branch and I've heard that the project was abandoned or has stalled. There is another project that has branched off of it but I cannot recall its name. If you ask on the apache-modules@covalent.net list, there are people who know (probably on this list too). We had a similar need with one of our products and ended up writing our own module that setuid the Apache process to a user that was tied to a virtual host. The process would then handle the request as the specified user, executing PHP, browsing, executing CGIs, etc. The module has so far worked really well and we might be releasing it as Open Source in the near future. -- Justin Hopper UNIX Systems Engineer BSDHosting.net Hosting Division of Digital Oasys Inc. http://www.bsdhosting.net From owner-freebsd-isp@FreeBSD.ORG Tue Feb 17 19:25:51 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 231BF16A4CE for ; Tue, 17 Feb 2004 19:25:51 -0800 (PST) Received: from pgh.nepinc.com (pgh.nepinc.com [66.207.129.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6B9243D2D for ; Tue, 17 Feb 2004 19:25:50 -0800 (PST) (envelope-from jimd@nepinc.com) Received: from jimslaptop.home.jcdurham.com (18.gibs5.xdsl.nauticom.net [209.195.184.19]) (authenticated bits=0) by pgh.nepinc.com (8.12.9p2/8.12.8) with ESMTP id i1I3Qsfu038436; Tue, 17 Feb 2004 22:26:55 -0500 (EST) (envelope-from jimd@nepinc.com) From: Jim Durham Organization: NEP Supershooters To: Olivier Cherrier , freebsd-isp@freebsd.org Date: Tue, 17 Feb 2004 22:25:44 -0500 User-Agent: KMail/1.5.4 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200402172225.44020.jimd@nepinc.com> Subject: Re: Anybody Use 2 or More CPU at Production Env. ( SMP ) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 03:25:51 -0000 On Monday 16 February 2004 04:13 am, Olivier Cherrier wrote: > >Seconded. We have a few hundred Dual SMP PIII and Dual Xeon (2.4Ghz w/ > >HT) machines running 4.9 without any hiccups whatsoever. > > Not so luck for me. > I tried some times to run a 4.7-smp and 4.8-smp on a dual PIII - 733 MHz > but I always falled in > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/48029 > which is still in the 'open' state. > > I can imagine that 5.x is far more stable. I have just put on some Dell 2650's with Dual Xeons on 4.9. In 5 years of running FreeBSD in a production environment, I had one wierd reboot a few years ago and that's all, until the Dells. The mail server has been up since September and it has rebooted once for no reason and the new file server has been done it three times in a month. i used to get 300 days and better of uptime with the old single-CPU systems, so this is sort of unnerving. Really, I used to take them down only for kernel upgrades and to blow out the dust! No log entries, no panic messages..just ...gone suddenly and rebooting. Seen anything like this at all with your Dual SMP Xeons? -Jim From owner-freebsd-isp@FreeBSD.ORG Wed Feb 18 03:13:30 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CBC316A4CE for ; Wed, 18 Feb 2004 03:13:30 -0800 (PST) Received: from relay.kiev.sovam.com (relay.kiev.sovam.com [212.109.32.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23F2343D1D for ; Wed, 18 Feb 2004 03:13:30 -0800 (PST) (envelope-from dimitry@al.org.ua) Received: from [212.109.32.116] (helo=svitonline.com) by relay.kiev.sovam.com with esmtp (Exim 4.30) id 1AtPdw-000EJt-Cs; Wed, 18 Feb 2004 13:13:28 +0200 From: Dmitry Alyabyev To: Justin Hopper Date: Wed, 18 Feb 2004 13:13:27 +0200 User-Agent: KMail/1.6 References: <20040216231312.GB78809@lewiz.org> <1077039055.3523.182.camel@work.gusalmighty.com> In-Reply-To: <1077039055.3523.182.camel@work.gusalmighty.com> X-NCC-RegID: ua.svitonline MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="koi8-u" Content-Transfer-Encoding: 7bit Message-Id: <200402181313.27648.dimitry@al.org.ua> X-Scanner-Signature: b36477657b07eb27dc67b07df918f397 X-DrWeb-checked: yes cc: freebsd-isp@freebsd.org Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dimitry@al.org.ua List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 11:13:30 -0000 On Tuesday 17 February 2004 19:30, Justin Hopper wrote: [skip] > We had a similar need with one of our products and ended up writing our > own module that setuid the Apache process to a user that was tied to a > virtual host. The process would then handle the request as the > specified user, executing PHP, browsing, executing CGIs, etc. The > module has so far worked really well and we might be releasing it as > Open Source in the near future. Justin, please bring a line here then -- Dimitry From owner-freebsd-isp@FreeBSD.ORG Wed Feb 18 04:50:03 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AAEC16A4CE; Wed, 18 Feb 2004 04:50:02 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 46A2843D1D; Wed, 18 Feb 2004 04:50:02 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1ICnxAB040442 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 18 Feb 2004 15:50:00 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1ICnxoj040441; Wed, 18 Feb 2004 15:49:59 +0300 (MSK) Date: Wed, 18 Feb 2004 15:49:58 +0300 From: Gleb Smirnoff To: freebsd-isp@freebsd.org Message-ID: <20040218124958.GB40340@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , freebsd-isp@freebsd.org, freebsd-net@freebsd.org References: <20040121114502.GC17802@cell.sick.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20040121114502.GC17802@cell.sick.ru> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 12:50:03 -0000 Dear collegues, a port of ng_netflow has been just commited to ports tree. It builds both on STABLE and CURRENT, and was tested to work on really busy routers. As before, I'd be glad for any kind of feedback: ideas, patches and else. Thanks. (Also crossposted to -net). -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE On Wed, Jan 21, 2004 at 02:45:02PM +0300, Gleb Smirnoff wrote: T> in recent time I have written down a netgraph node implementing T> Cisco's Netflow version 5 export feature on a FreeBSD router. T> T> It is currently in alpha state. However I've been succesfully T> using it for two weeks on a couple of routers. T> T> I'd be glad if someone will use it, and I'd be glad for any kind T> of feedback: ideas, patches and else. T> T> Source can be downloaded from http://sourceforge.net/projects/ng-netflow From owner-freebsd-isp@FreeBSD.ORG Wed Feb 18 05:09:08 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0356F16A4CE for ; Wed, 18 Feb 2004 05:09:08 -0800 (PST) Received: from psknet.com (kennedy.psknet.com [63.171.251.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id D791843D1D for ; Wed, 18 Feb 2004 05:09:07 -0800 (PST) (envelope-from troy@psknet.com) Received: from [151.199.96.174] (helo=tws) by psknet.com with asmtp (TLSv1:RC4-MD5:128) (Exim 4.20) id 1AtRRc-000EBa-Ol; Wed, 18 Feb 2004 08:08:53 -0500 From: "Troy Settle" To: "'Jim Durham'" , "'Olivier Cherrier'" , Date: Wed, 18 Feb 2004 08:08:57 -0500 Message-ID: <008101c3f620$5ec522b0$c800a8c0@tws> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: <200402172225.44020.jimd@nepinc.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: Anybody Use 2 or More CPU at Production Env. ( SMP ) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 13:09:08 -0000 Using an Intel board with dual 2.4Ghz Xeons, 4GB, and some Adaptec RAID controller. Been running solid for nearly a year. $ uptime 8:04AM up 151 days, 1:49, 2 users, load averages: 0.17, 0.22, 0.19 I think there was some critical udpate needed about 5 months ago (ssh?) that caused me to update from cvsup. It could have been when I replaced my UPS, but that wouldn't make sense, as I have dual PSUs on here as well. -- Troy Settle Pulaski Networks http://www.psknet.com 866.477.5638 > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Jim Durham > Sent: Tuesday, February 17, 2004 10:26 PM > To: Olivier Cherrier; freebsd-isp@freebsd.org > Subject: Re: Anybody Use 2 or More CPU at Production Env. ( SMP ) > > > On Monday 16 February 2004 04:13 am, Olivier Cherrier wrote: > > >Seconded. We have a few hundred Dual SMP PIII and Dual > Xeon (2.4Ghz w/ > > >HT) machines running 4.9 without any hiccups whatsoever. > > > > Not so luck for me. > > I tried some times to run a 4.7-smp and 4.8-smp on a dual > PIII - 733 MHz > > but I always falled in > > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/48029 > > which is still in the 'open' state. > > > > I can imagine that 5.x is far more stable. > > I have just put on some Dell 2650's with Dual Xeons on 4.9. > In 5 years of > running FreeBSD in a production environment, I had one wierd > reboot a few > years ago and that's all, until the Dells. The mail server > has been up since > September and it has rebooted once for no reason and the new > file server has > been done it three times in a month. > > i used to get 300 days and better of uptime with the old > single-CPU systems, > so this is sort of unnerving. Really, I used to take them > down only for > kernel upgrades and to blow out the dust! > > No log entries, no panic messages..just ...gone suddenly and > rebooting. > > Seen anything like this at all with your Dual SMP Xeons? > > -Jim > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Wed Feb 18 13:50:01 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36E8416A4CE for ; Wed, 18 Feb 2004 13:50:01 -0800 (PST) Received: from krusty.intranet.com.mx (krusty.intranet.com.mx [200.33.246.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB2CF43D1D for ; Wed, 18 Feb 2004 13:50:00 -0800 (PST) (envelope-from jbiquez@icsmx.com) Received: from intra1ofi.icsmx.com ([200.33.246.4]) by krusty.intranet.com.mx (8.12.9/8.12.9) with ESMTP id i1ILn1sc059241 for ; Wed, 18 Feb 2004 15:50:21 -0600 (CST) (envelope-from jbiquez@icsmx.com) Message-Id: <5.1.0.14.2.20040218151027.037213d0@mail.icsmx.com> X-Sender: jbiquez@mail.icsmx.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 18 Feb 2004 15:46:27 -0600 To: freebsd-isp@freebsd.org From: Jorge Biquez In-Reply-To: <008101c3f620$5ec522b0$c800a8c0@tws> References: <200402172225.44020.jimd@nepinc.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: RE: Anybody Use 2 or More CPU at Production Env. ( SMP ) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 21:50:01 -0000 Hello all. I've been running on a Gigabyte GA-6VXDC7 (PIII 1.0 ghz 1gb ram scsi cards) without a problems also. Running 4.9 (is running Apache only). No problems for more than a year. Troy. Can you tell what's the model of your Intel Motherboard? Take care. At 08:08 a.m. 18/02/04 -0500, you wrote: >Using an Intel board with dual 2.4Ghz Xeons, 4GB, and some Adaptec RAID >controller. Been running solid for nearly a year. > >$ uptime > 8:04AM up 151 days, 1:49, 2 users, load averages: 0.17, 0.22, 0.19 > >I think there was some critical udpate needed about 5 months ago (ssh?) >that caused me to update from cvsup. It could have been when I >replaced my UPS, but that wouldn't make sense, as I have dual PSUs on >here as well. > > >-- > Troy Settle > Pulaski Networks > http://www.psknet.com > 866.477.5638 > > > > -----Original Message----- > > From: owner-freebsd-isp@freebsd.org > > [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Jim Durham > > Sent: Tuesday, February 17, 2004 10:26 PM > > To: Olivier Cherrier; freebsd-isp@freebsd.org > > Subject: Re: Anybody Use 2 or More CPU at Production Env. ( SMP ) > > > > > > On Monday 16 February 2004 04:13 am, Olivier Cherrier wrote: > > > >Seconded. We have a few hundred Dual SMP PIII and Dual > > Xeon (2.4Ghz w/ > > > >HT) machines running 4.9 without any hiccups whatsoever. > > > > > > Not so luck for me. > > > I tried some times to run a 4.7-smp and 4.8-smp on a dual > > PIII - 733 MHz > > > but I always falled in > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/48029 > > > which is still in the 'open' state. > > > > > > I can imagine that 5.x is far more stable. > > > > I have just put on some Dell 2650's with Dual Xeons on 4.9. > > In 5 years of > > running FreeBSD in a production environment, I had one wierd > > reboot a few > > years ago and that's all, until the Dells. The mail server > > has been up since > > September and it has rebooted once for no reason and the new > > file server has > > been done it three times in a month. > > > > i used to get 300 days and better of uptime with the old > > single-CPU systems, > > so this is sort of unnerving. Really, I used to take them > > down only for > > kernel upgrades and to blow out the dust! > > > > No log entries, no panic messages..just ...gone suddenly and > > rebooting. > > > > Seen anything like this at all with your Dual SMP Xeons? > > > > -Jim > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Feb 18 16:42:58 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 517CB16A4CE for ; Wed, 18 Feb 2004 16:42:58 -0800 (PST) Received: from hotmail.com (law10-f14.law10.hotmail.com [64.4.15.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B38343D2D for ; Wed, 18 Feb 2004 16:42:58 -0800 (PST) (envelope-from andrew__nelson@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 18 Feb 2004 16:42:58 -0800 Received: from 203.12.22.34 by lw10fd.law10.hotmail.msn.com with HTTP; Thu, 19 Feb 2004 00:42:58 GMT X-Originating-IP: [203.12.22.34] X-Originating-Email: [andrew__nelson@hotmail.com] X-Sender: andrew__nelson@hotmail.com From: "Andrew Nelson" To: freebsd-isp@freebsd.org Date: Thu, 19 Feb 2004 11:42:58 +1100 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 19 Feb 2004 00:42:58.0196 (UTC) FILETIME=[51E93D40:01C3F681] Subject: Cannot rsh as root (FreeBSD 5.2) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2004 00:42:58 -0000 Hi, I have an internal group of machines which I rdist files around between. I can't rdist (or rsh) to any of the machines running FreeBSD 5.2 from my root account (but the other FreeBSD 4.8 machines work fine) I just get: "rshd: Login incorrect." I've created /root/.rhosts added "auth sufficient pam_rootok.so" to /etc/pam.d/rsh and even made sure the root accounts have the same shell and password. The only difference I can see between the configurations is that 5.2's pam config layout changes.. can anyone help? thanks, Andrew. _________________________________________________________________ Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/mobilemania/default.asp From owner-freebsd-isp@FreeBSD.ORG Thu Feb 19 04:54:09 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1C8C16A4D7 for ; Thu, 19 Feb 2004 04:54:09 -0800 (PST) Received: from koti.synty.net (www.svk.fi [213.173.139.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F59943D1D for ; Thu, 19 Feb 2004 04:54:09 -0800 (PST) (envelope-from listat@synty.net) Received: by koti.synty.net (Postfix, from userid 565) id 120BAAEA2F; Thu, 19 Feb 2004 07:54:07 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by koti.synty.net (Postfix) with ESMTP id 114F6B6954 for ; Thu, 19 Feb 2004 14:54:07 +0200 (EET) Date: Thu, 19 Feb 2004 14:54:07 +0200 (EET) From: VA To: freebsd-isp@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: firewalling policy X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: VA List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2004 12:54:10 -0000 Hi fellow SysAdmins, I'm building a FreeBSD route/firewall for a little heavier use. I will use pf for firewall because it's more familiar and since I need to maintain a few OpenBSD boxes as well. Anyways I was hoping to get an opinion for a firewall rule structure. There are 10 physical NICs (Intel Dual 100Mbs) and also a bunch of VLANs. What is the best point to firewall? Naturally default block strategy assumed. I know each interface need rules to achieve good security, but what about external interface (WAN link)? Is it safe just to firewall each internal interface, because otherwise I need "double rules" and it get's more complicated. Any other hints to give or good optimized examples for pf in larger enviroment? I will surely make a public document once I get this up and running. Thanks in advance and specially all you developers of this great OS! -Vesa, SysAdmin, Finland From owner-freebsd-isp@FreeBSD.ORG Thu Feb 19 08:49:07 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E42116A4CE for ; Thu, 19 Feb 2004 08:49:07 -0800 (PST) Received: from networld.psi.br (unknown [200.181.21.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id E557743D1F for ; Thu, 19 Feb 2004 08:49:06 -0800 (PST) (envelope-from felipe@neuwald.biz) Received: from [200.101.110.166] (account felipe@neuwald.biz HELO [10.1.1.3]) by networld.psi.br (CommuniGate Pro SMTP 4.1.8) with ESMTP id 2561697; Thu, 19 Feb 2004 13:48:40 -0300 From: Felipe Neuwald To: VA , freebsd-isp@freebsd.org In-Reply-To: References: Content-Type: text/plain; charset=ISO-8859-1 Message-Id: <1077209435.286.6.camel@buscape.freebsd> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Thu, 19 Feb 2004 13:50:38 -0300 Content-Transfer-Encoding: quoted-printable Subject: Re: firewalling policy X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: felipe@neuwald.biz List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2004 16:49:07 -0000 Hi VA, On Thu, 2004-02-19 at 09:54, VA wrote: > Hi fellow SysAdmins, >=20 > I'm building a FreeBSD route/firewall for a little heavier use. I will us= e=20 > pf for firewall because it's more familiar and since I need to maintain a= =20 > few OpenBSD boxes as well. >=20 > Anyways I was hoping to get an opinion for a firewall rule structure. > There are 10 physical NICs (Intel Dual 100Mbs) and also a bunch of VLANs. >=20 > What is the best point to firewall? Naturally default block strategy=20 > assumed. I know each interface need rules to achieve good security, but=20 > what about external interface (WAN=20 > link)? Is it safe just to firewall each internal interface, because=20 > otherwise I need "double rules" and it get's more complicated. Make your firewall and your network secure from outside creating rules applicable to your WAN interface. You have more 9 other interfaces, so, make the rules according to networks and hosts that will be behind this interfaces. The best phrase that I ever listened about the free software world: read, write and execute... a thousand times... :-) > Any other hints to give or good optimized examples for pf in larger=20 > enviroment? I will surely make a public document once I get this up and=20 > running. > Thanks in advance and specially all you developers of this great OS! >=20 > -Vesa, SysAdmin, Finland > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" --=20 Felipe Neuwald felipe@neuwald.biz "Mi espada desconocer=E1 su funda, mientras dure el oprobio y la injusticia que sojuzga a mi pueblo" Sim=F3n Bol=EDvar From owner-freebsd-isp@FreeBSD.ORG Thu Feb 19 13:13:36 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC3D116A4CE for ; Thu, 19 Feb 2004 13:13:36 -0800 (PST) Received: from cloudburst.umist.ac.uk (cloudburst.umist.ac.uk [130.88.119.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8519543D2F for ; Thu, 19 Feb 2004 13:13:36 -0800 (PST) (envelope-from lewiz@black.lewiz.org) Received: from lh014.halls.umist.ac.uk ([130.88.163.14] helo=yellow.lewiz.org) by cloudburst.umist.ac.uk with esmtp (Exim 4.24) id 1AtvUF-0007jO-Fx for isp@freebsd.org; Thu, 19 Feb 2004 21:13:35 +0000 Received: from black.lewiz.org ([192.168.0.13]) by mail.lewiz.org with smtp (Exim 4.30; FreeBSD) id 1AtvWo-0004Bs-W8 for isp@freebsd.org; Thu, 19 Feb 2004 21:16:14 +0000 Received: (nullmailer pid 971 invoked by uid 4001); Thu, 19 Feb 2004 21:13:35 -0000 Date: Thu, 19 Feb 2004 21:13:35 +0000 From: Lewis Thompson To: isp@freebsd.org Message-ID: <20040219211335.GA926@lewiz.org> References: <20040216181759.GA64843@lewiz.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline In-Reply-To: <20040216181759.GA64843@lewiz.org> X-GPG-Fingerprint: 90A4 939E 3847 A3E4 8103 2A48 22DA B428 542F ED3F X-GPG-Info: http://www.lewiz.org/~lewiz/pgpkey / horowitz.surfnet.nl User-Agent: Mutt/1.5.6i X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2004 21:13:36 -0000 --FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 16, 2004 at 06:17:59PM +0000, Lewis Thompson wrote: > I was recommended to ask here for information on running Apache in a > way that regular system users can access their home directories. A friend of mine inadvertently mentioned FTP while we were discussing this one day. I think the best solution to my problem is to use some PHP (or other language) FTP client. This way I can securely allow access to a home directory. I don't want to allow direct FTP access for various reasons but through a web interface I am keen on the idea. Using a web FTP client that is locked to a specific server they can provide their username/passwd without any requirement for chrooting vhosts, etc. I think this is the way I will go. Thanks very much to everybody who helped me out with suggestions. I'll probably use a lot of these at some time, anyway ;) -lewiz. --=20 I was so much older then, I'm younger than that now. --Bob Dylan, 1964. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jabber:lewiz@jabber.org | url:www.lewiz.org |- --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFANSb/Itq0KFQv7T8RAv9uAJ94ShjiENkcVZPJYq+Xup7y0oE1owCgve/D 6tpZNrFW0tmt2vzi00l997U= =UBfg -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- From owner-freebsd-isp@FreeBSD.ORG Fri Feb 20 12:16:58 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66B4116A4CE for ; Fri, 20 Feb 2004 12:16:58 -0800 (PST) Received: from svr01.globalupload.com (unknown [216.127.78.109]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18AC043D1D for ; Fri, 20 Feb 2004 12:16:58 -0800 (PST) (envelope-from amd@headru.sh) Received: from localhost.localdomain (host81-133-31-61.in-addr.btopenworld.com [81.133.31.61]) (authenticated (0 bits)) by svr01.globalupload.com (8.11.6/8.11.6) with ESMTP id i1K8u7n10132 for ; Fri, 20 Feb 2004 14:56:07 +0600 Date: Fri, 20 Feb 2004 20:12:58 +0000 From: alan To: freebsd-isp@freebsd.org Message-ID: <20040220201258.GA7902@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: Balsa 2.0.6 Subject: Re: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2004 20:16:58 -0000 Please be aware that allowing uploads through php is quite insecure. A lot of php-Nuke hacks have been accomplished that way. google for security info on uploads through php. alan From owner-freebsd-isp@FreeBSD.ORG Fri Feb 20 14:37:29 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D8DF16A4CE; Fri, 20 Feb 2004 14:37:29 -0800 (PST) Received: from gualeguaychu.gov.ar (host154.200-117-43.telecom.net.ar [200.117.43.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FED343D2D; Fri, 20 Feb 2004 14:37:29 -0800 (PST) (envelope-from rjpereyra@gualeguaychu.gov.ar) Received: by gualeguaychu.gov.ar (Postfix, from userid 1061) id E51D14955; Fri, 20 Feb 2004 19:37:49 -0300 (ART) Date: Fri, 20 Feb 2004 19:37:49 -0300 From: Roberto Pereyra To: freebsd-isp@freebsd.org Message-ID: <20040220223749.GA3693@gualeguaychu.gov.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i cc: freebsd-questions@freebsd.org Subject: dialup question ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2004 22:37:29 -0000 Hi all ! A question: I want to configure a simple dial-up server and have this ppp.conf -------------------------- default: pap: set debug phase lcp chat set timeout 0 set debug phase lcp chat enable pap set ifaddr 192.168.0.1 192.168.0.101-192.168.0.104 255.255.255.0 enable proxy accept dns set dns 192.168.0.1 load server set radius /etc/radius.conf ------------------------------------ My dial-up server (192.168.0.170) is not the internet gateway (192.168.0.1) The line: set ifaddr 192.168.0.1 192.168.0.101-192.168.0.104 255.255.255.0 is right ? the first ip must be the system gateway or must be the dial-up server ip ? Thanks in advance roberto From owner-freebsd-isp@FreeBSD.ORG Fri Feb 20 18:57:19 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 530A116A4CE for ; Fri, 20 Feb 2004 18:57:19 -0800 (PST) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB2D543D1D for ; Fri, 20 Feb 2004 18:57:18 -0800 (PST) (envelope-from sten.daniel.sorsdal@wan.no) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Date: Sat, 21 Feb 2004 03:57:13 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: firewalling policy Thread-Index: AcP2/kXT3zs20r9yRkKzWfPnn8jvqABJLAQg From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "VA" , Subject: RE: firewalling policy X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 02:57:19 -0000 > What is the best point to firewall? Naturally default block=20 > strategy assumed. I know each interface need rules to achieve=20 > good security, but what about external interface (WAN link)? =20 > Is it safe just to firewall each internal interface, because=20 > otherwise I need "double rules" and it get's more complicated. >=20 > Any other hints to give or good optimized examples for pf in=20 > larger enviroment? I will surely make a public document once=20 > I get this up and running. > Thanks in advance and specially all you developers of this great OS! >=20 I pretty much always go for a setup in this order and i always group my rules by first incoming and then outgoing per interface; a) drop all attempts at spoofing b) no redundancy (duplicate rules) c) block/accept packets as early as possible (preferably on incoming) This method leaves few rules on outgoing segments and usually only for=20 the local rules for the firewall and makes efficient use of state = tables. With a large ruleset it becomes difficult to maintain anything with duplicate rules.=20 If this is about a firewalling/routing internet traffic (public ip = addresses) i would be extra careful about sources you can not trust when it comes = to=20 keeping state. a SYN attack or multiple instances of a virus like = blaster=20 can make the firewall slow or at worst unresponsive/crash.=20 Good luck with the firewall! _// Sten Daniel S=F8rsdal From owner-freebsd-isp@FreeBSD.ORG Fri Feb 20 21:23:27 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6A3016A4CE for ; Fri, 20 Feb 2004 21:23:27 -0800 (PST) Received: from ioda-txdap01.iodamedia.net (unknown [64.5.44.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id C563B43D2F for ; Fri, 20 Feb 2004 21:23:27 -0800 (PST) (envelope-from shawnm@iodamedia.net) Received: from localhost (localhost [127.0.0.1]) by ioda-txdap01.iodamedia.net (Postfix) with ESMTP id 2C4AC34704; Fri, 20 Feb 2004 23:18:22 -0600 (CST) Received: from zeus (CPE-65-31-214-62.kc.rr.com [65.31.214.62]) by ioda-txdap01.iodamedia.net (Postfix) with SMTP id B3C5E2C950; Fri, 20 Feb 2004 23:18:20 -0600 (CST) From: "Shawn Mitchell" To: "Freebsd-Isp" , "alan" Date: Fri, 20 Feb 2004 23:23:25 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <20040220201258.GA7902@localhost.localdomain> Importance: Normal X-Virus-Scanned: by AMaViS 0.3.12 Subject: RE: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 05:23:28 -0000 It's just like any programming language. If you don't dot all of your i's and cross your 't's, then your open for something here and there. I'm not saying php-Nuke is bad, just that it's complicated enough, that chances are something's not double check here and there. Like any and ALL programming languages, YOU SHOULD NEVER TRUST YOUR INPUT. Check it, double check it, reverse it, check it again, and still don't trust it. my $0.02's worth (or $0.002 in England now) -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of alan Sent: Friday, February 20, 2004 2:13 PM To: freebsd-isp@freebsd.org Subject: Re: Apache and home directories (file browser). Please be aware that allowing uploads through php is quite insecure. A lot of php-Nuke hacks have been accomplished that way. google for security info on uploads through php. alan _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Sat Feb 21 00:34:30 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9088016A4CE for ; Sat, 21 Feb 2004 00:34:30 -0800 (PST) Received: from koti.synty.net (www.svk.fi [213.173.139.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59B5443D1D for ; Sat, 21 Feb 2004 00:34:30 -0800 (PST) (envelope-from listat@synty.net) Received: by koti.synty.net (Postfix, from userid 565) id 44EF6AEA2A; Sat, 21 Feb 2004 03:34:28 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by koti.synty.net (Postfix) with ESMTP id 44426B6954 for ; Sat, 21 Feb 2004 10:34:28 +0200 (EET) Date: Sat, 21 Feb 2004 10:34:28 +0200 (EET) From: VA To: freebsd-isp@freebsd.org In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: thanks - firewalling policy X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: VA List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 08:34:30 -0000 Thanks for the replies on this. After I had sent the message I realized that it was a kind of dumb one. Naturally rules must be used on all interfaces. I just got little overwhelmed ... the amount of interfaces requires to be extra careful. :-) Well I better get started or I never finish it. Interesting to see how it performs in production. -Vesa, SysAdmin From owner-freebsd-isp@FreeBSD.ORG Sat Feb 21 01:24:54 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36E0F16A4CE; Sat, 21 Feb 2004 01:24:54 -0800 (PST) Received: from mail015.syd.optusnet.com.au (mail015.syd.optusnet.com.au [211.29.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B64443D3F; Sat, 21 Feb 2004 01:24:53 -0800 (PST) (envelope-from tfrank@optushome.com.au) Received: from marvin.home.local (c211-28-241-189.eburwd5.vic.optusnet.com.au [211.28.241.189])i1L9OnL31480; Sat, 21 Feb 2004 20:24:50 +1100 Received: by marvin.home.local (Postfix, from userid 1001) id 8D1EC3DA; Sat, 21 Feb 2004 20:24:49 +1100 (EST) Date: Sat, 21 Feb 2004 20:24:49 +1100 From: Tony Frank To: Roberto Pereyra Message-ID: <20040221092449.GE98919@marvin.home.local> References: <20040220223749.GA3693@gualeguaychu.gov.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040220223749.GA3693@gualeguaychu.gov.ar> User-Agent: Mutt/1.4.2.1i cc: freebsd-isp@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: dialup question ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 09:24:54 -0000 Hi, On Fri, Feb 20, 2004 at 07:37:49PM -0300, Roberto Pereyra wrote: > > A question: > > I want to configure a simple dial-up server and have this ppp.conf > > -------------------------- > default: > > pap: > set debug phase lcp chat > set timeout 0 set debug phase lcp chat > enable pap > set ifaddr 192.168.0.1 192.168.0.101-192.168.0.104 255.255.255.0 > enable proxy > accept dns > set dns 192.168.0.1 > load server > set radius /etc/radius.conf > ------------------------------------ > > My dial-up server (192.168.0.170) is not the internet gateway (192.168.0.1) > > The line: > > set ifaddr 192.168.0.1 192.168.0.101-192.168.0.104 255.255.255.0 > > is right ? the first ip must be the system gateway or must be the dial-up server ip ? I think it should be the gateway as you are going to be proxying the dialup users onto your local LAN. The dialup box will proxy-arp the dialup users to the LAN and will forward their packets to the gateway. I have a similar setup to what you describe. In my case the dialup is also the gateway which makes it simpler. My config is: server: set timeout 0 set enddisc mac enable chap chap81 pap passwdauth enable proxy set ifaddr 192.168.3.2 192.168.3.80-192.168.3.100 255.255.255.255 set server /var/run/ppp/ppp-server-%d "" 0177 set dns 192.168.3.2 set nbns 192.168.3.2 accept dns Regards, Tony From owner-freebsd-isp@FreeBSD.ORG Sat Feb 21 06:42:17 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EEE116A4CE for ; Sat, 21 Feb 2004 06:42:17 -0800 (PST) Received: from mx-primary.securedomainservice.net (mx-primary.securedomainservice.net [213.187.191.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B8D543D1F for ; Sat, 21 Feb 2004 06:42:17 -0800 (PST) (envelope-from rasmus@postboks.org) Received: from localhost ([127.0.0.1] helo=secure.easyisp.org) by mx-primary.securedomainservice.net with smtp (Exim 4.30; FreeBSD) id 1AuYKY-000IOb-TP for isp@freebsd.org; Sat, 21 Feb 2004 15:42:10 +0100 Received: from 80.202.200.163 (SquirrelMail authenticated user ftpman@postboks.org) by secure.easyisp.org with HTTP; Sat, 21 Feb 2004 15:42:10 +0100 (CET) Message-ID: <63567.80.202.200.163.1077374530.squirrel@secure.easyisp.org> Date: Sat, 21 Feb 2004 15:42:10 +0100 (CET) From: "Rasmus Fauske" To: isp@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal X-Abuse: Report abuse to: abuse@easyisp.no Subject: Mutli ip jail patch X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 14:42:17 -0000 Hi, Can someone send me a copy of the multi ip jail patch from garage.freebsd.pl (the site has been down for days) -- Rasmus Fauske easyisp.no From owner-freebsd-isp@FreeBSD.ORG Sat Feb 21 06:42:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 860C416A4CE; Sat, 21 Feb 2004 06:42:43 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1861C43D1F; Sat, 21 Feb 2004 06:42:43 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AuYKp-0009Ke-HK; Sat, 21 Feb 2004 17:42:27 +0300 From: "Vasenin Alexander aka BlackSir" To: "Gleb Smirnoff" , Date: Sat, 21 Feb 2004 17:42:21 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20040218124958.GB40340@cell.sick.ru> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details. Content preview: On my test system kldload /modules/ng_netflow.ko returns: kldload: can't load ./ng_netflow.ko: Exec format error After ng_make_node_common undefined [...] Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 14:42:43 -0000 On my test system kldload /modules/ng_netflow.ko returns: kldload: can't load ./ng_netflow.ko: Exec format error After this there is a message in dmesg: link_elf: symbol ng_make_node_common undefined # uname -a FreeBSD inet.park7.number.ru 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Fri Feb 6 18:44:04 MSK 2004 root@inet.park7.number.ru:/usr/obj/usr/src/sys/GENERIC_number_ru_20040206 i386 Overrides from GENERIC kernel: options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPFW2 # by BlackSir - enables IPFW2 options IPDIVERT #divert sockets options RANDOM_IP_ID options DUMMYNET options BRIDGE compile&install log: [root@inet.park7.number.ru] cd /usr/ports/net/ng_netflow/ [root@inet.park7.number.ru] make install clean ===> Vulnerability check disabled ===> Extracting for ng_netflow-0.2.1 >> Checksum OK for ng_netflow-0.2.1.tar.gz. ===> Patching for ng_netflow-0.2.1 ===> Configuring for ng_netflow-0.2.1 ===> Building for ng_netflow-0.2.1 ===> ng_netflow Warning: Object directory not changed from original /usr/ports/net/ng_netflow/work/ng_netflow-0.2.1/ng_netflow @ -> /usr/src/sys machine -> /usr/src/sys/i386/include cc -O -pipe -g -I/usr/ports/net/ng_netflow/work/ng_netflow-0.2.1/ng_netflo w -D_KERNEL -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes - Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extension s -ansi -DKLD_MODULE -nostdinc -I- -I/usr/ports/net/ng_netflow/work/ng_netfl ow-0.2.1/ng_netflow -I. -I@ -I@/../include -I/usr/include -mpreferred-stack -boundary=2 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -W missing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -c ng_netflow.c cc -O -pipe -g -I/usr/ports/net/ng_netflow/work/ng_netflow-0.2.1/ng_netflo w -D_KERNEL -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes - Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extension s -ansi -DKLD_MODULE -nostdinc -I- -I/usr/ports/net/ng_netflow/work/ng_netfl ow-0.2.1/ng_netflow -I. -I@ -I@/../include -I/usr/include -mpreferred-stack -boundary=2 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -W missing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -c netflow.c ld -r -o ng_netflow.kld ng_netflow.o netflow.o gensetdefs ng_netflow.kld cc -O -pipe -g -I/usr/ports/net/ng_netflow/work/ng_netflow-0.2.1/ng_netflo w -D_KERNEL -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes - Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extension s -ansi -DKLD_MODULE -nostdinc -I- -I/usr/ports/net/ng_netflow/work/ng_netfl ow-0.2.1/ng_netflow -I. -I@ -I@/../include -I/usr/include -mpreferred-stack -boundary=2 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -W missing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -c setdef0.c cc -O -pipe -g -I/usr/ports/net/ng_netflow/work/ng_netflow-0.2.1/ng_netflo w -D_KERNEL -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes - Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extension s -ansi -DKLD_MODULE -nostdinc -I- -I/usr/ports/net/ng_netflow/work/ng_netfl ow-0.2.1/ng_netflow -I. -I@ -I@/../include -I/usr/include -mpreferred-stack -boundary=2 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -W missing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -c setdef1.c ld -Bshareable -o ng_netflow.ko setdef0.o ng_netflow.kld setdef1.o ===> flowctl Warning: Object directory not changed from original /usr/ports/net/ng_netflow/work/ng_netflow-0.2.1/flowctl cc -O -pipe -g -Wall -Wformat -c flowctl.c cc -O -pipe -g -Wall -Wformat -o flowctl flowctl.o -lnetgraph gzip -cn ng_netflow.4 > ng_netflow.4.gz gzip -cn flowctl.8 > flowctl.8.gz ===> Installing for ng_netflow-0.2.1 ===> Generating temporary packing list ===> Checking if net/ng_netflow already installed ===> ng_netflow install -o root -g wheel -m 555 ng_netflow.ko /modules ===> flowctl install -s -o root -g wheel -m 555 flowctl /usr/local/sbin install -o root -g wheel -m 444 ng_netflow.4.gz /usr/local/man/man4 install -o root -g wheel -m 444 flowctl.8.gz /usr/local/man/man8 **************************************************************************** *** * This port contains a prebuilt kernel module. Due to the ever changing * * nature of FreeBSD it may be necessary to rebuild the module after a kernel * * source update. To do this reinstall the port. * **************************************************************************** *** ===> Registering installation for ng_netflow-0.2.1 ===> Cleaning for ng_netflow-0.2.1 Any ideas? Vasenin Alexander aka BlackSir > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Gleb Smirnoff > Sent: Wednesday, February 18, 2004 3:50 PM > To: freebsd-isp@freebsd.org > Cc: freebsd-net@freebsd.org > Subject: Re: ng_netflow: testers are welcome From owner-freebsd-isp@FreeBSD.ORG Sat Feb 21 06:52:55 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AE7C16A4CE; Sat, 21 Feb 2004 06:52:55 -0800 (PST) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D89343D2D; Sat, 21 Feb 2004 06:52:55 -0800 (PST) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 6655B1FFD5E; Sat, 21 Feb 2004 15:52:53 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id A8CBB1FF905; Sat, 21 Feb 2004 15:52:51 +0100 (CET) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id CCC0D154C7; Sat, 21 Feb 2004 14:52:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id C27A51538F; Sat, 21 Feb 2004 14:52:43 +0000 (UTC) Date: Sat, 21 Feb 2004 14:52:43 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Vasenin Alexander aka BlackSir In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 14:52:55 -0000 On Sat, 21 Feb 2004, Vasenin Alexander aka BlackSir wrote: > On my test system kldload /modules/ng_netflow.ko returns: kldload: can't > load ./ng_netflow.ko: Exec format error > After this there is a message in dmesg: link_elf: symbol ng_make_node_common > undefined do a kldload netgraph before -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/ From owner-freebsd-isp@FreeBSD.ORG Sat Feb 21 07:05:03 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3B8916A4CE; Sat, 21 Feb 2004 07:05:03 -0800 (PST) Received: from mail.zvezda.number.ru (unknown [213.247.150.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68A4E43D1D; Sat, 21 Feb 2004 07:05:03 -0800 (PST) (envelope-from blacksir@number.ru) Received: from host212-5-99-220.izmaylovo.ru ([212.5.99.220] helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1AuYgV-000A2I-45; Sat, 21 Feb 2004 18:04:51 +0300 From: "Vasenin Alexander aka BlackSir" To: "Bjoern A. Zeeb" Date: Sat, 21 Feb 2004 18:04:45 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "inet.zvezda.number.ru", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details.or README? BlackSir > Content analysis details: (-100.0 points, 5.0 required) pts rule name description -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 15:05:03 -0000 Thanks! Maybe this should be added to a pkg-message or README? BlackSir > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Bjoern A. Zeeb > Sent: Saturday, February 21, 2004 5:53 PM > To: Vasenin Alexander aka BlackSir > Cc: freebsd-isp@freebsd.org; freebsd-net@freebsd.org > Subject: RE: ng_netflow: testers are welcome > do a > kldload netgraph > before From owner-freebsd-isp@FreeBSD.ORG Sat Feb 21 11:44:33 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A05EA16A4CE; Sat, 21 Feb 2004 11:44:33 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 967A243D1D; Sat, 21 Feb 2004 11:44:33 -0800 (PST) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([24.7.73.28]) by comcast.net (rwcrmhc12) with ESMTP id <200402211944290140015m37e>; Sat, 21 Feb 2004 19:44:33 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id LAA37064; Sat, 21 Feb 2004 11:44:28 -0800 (PST) Date: Sat, 21 Feb 2004 11:44:27 -0800 (PST) From: Julian Elischer To: Vasenin Alexander aka BlackSir In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: freebsd-net@freebsd.org Subject: RE: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 19:44:33 -0000 more likely the depednency should be registerred so that it is done automatically. On Sat, 21 Feb 2004, Vasenin Alexander aka BlackSir wrote: > Thanks! Maybe this should be added to a pkg-message or README? > BlackSir > > > -----Original Message----- > > From: owner-freebsd-isp@freebsd.org > > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Bjoern A. Zeeb > > Sent: Saturday, February 21, 2004 5:53 PM > > To: Vasenin Alexander aka BlackSir > > Cc: freebsd-isp@freebsd.org; freebsd-net@freebsd.org > > Subject: RE: ng_netflow: testers are welcome > > > do a > > kldload netgraph > > before > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Sat Feb 21 15:58:34 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12C8616A4CE; Sat, 21 Feb 2004 15:58:34 -0800 (PST) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50FF143D1D; Sat, 21 Feb 2004 15:58:33 -0800 (PST) (envelope-from glebius@cell.sick.ru) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i1LNwLQE062436 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 22 Feb 2004 02:58:22 +0300 (MSK) (envelope-from glebius@cell.sick.ru) Received: (from glebius@localhost) by cell.sick.ru (8.12.9/8.12.6/Submit) id i1LNwG59062435; Sun, 22 Feb 2004 02:58:16 +0300 (MSK) Date: Sun, 22 Feb 2004 02:58:15 +0300 From: Gleb Smirnoff To: Julian Elischer Message-ID: <20040221235815.GA62385@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Julian Elischer , Vasenin Alexander aka BlackSir , freebsd-isp@freebsd.org, "Bjoern A. Zeeb" , freebsd-net@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.6i cc: freebsd-isp@freebsd.org cc: "Bjoern A. Zeeb" cc: Vasenin Alexander aka BlackSir cc: freebsd-net@freebsd.org Subject: Re: ng_netflow: testers are welcome X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 23:58:34 -0000 On Sat, Feb 21, 2004 at 11:44:27AM -0800, Julian Elischer wrote: J> more likely the depednency should be registerred so that it is J> done automatically. Is it possible to make port dependant on kernel module shipped with base system? How? For example sysutils/ips is not dependant on ipfw. It is obvious that ipfw is required for it, as well as in case of netgraph and ng_netflow. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE From owner-freebsd-isp@FreeBSD.ORG Sat Feb 21 16:51:07 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5477516A4CE for ; Sat, 21 Feb 2004 16:51:07 -0800 (PST) Received: from toq9-srv.bellnexxia.net (toq9-srv.bellnexxia.net [209.226.175.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3EEA43D1D for ; Sat, 21 Feb 2004 16:51:06 -0800 (PST) (envelope-from sfulton-lists@esoteric.ca) Received: from optical.esoteric.ca ([65.95.195.195]) by tomts16-srv.bellnexxia.netESMTP <20040222003107.NPXR28580.tomts16-srv.bellnexxia.net@optical.esoteric.ca> for ; Sat, 21 Feb 2004 19:31:07 -0500 Message-Id: <5.2.1.1.2.20040221192800.023ea5b8@mail.ituitive.net> X-Sender: sfulton-lists@esoteric.ca@mail.esoteric.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.1 Date: Sat, 21 Feb 2004 19:31:08 -0500 To: freebsd-isp@freebsd.org From: Stephen Fulton Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: FreeBSD 4.9 hangs when accessing NetApp NFS mounts. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 00:51:07 -0000 Hi all, I'm having a problem with FreeBSD 4.9 accessing our NetApp. It appears that when FreeBSD accesses a large file (100MB for instance), it will read part of it, then the program locks up. Afterwards, anything that tries to access any NFS drive locks. Only a reboot will solve this. I did some Google'ing, and looked at the Handbook, and set the NFS drives read & write to 1024, and this improved things slightly, but the problem remains. Can anyone suggest something? -- Steve