Converting from slapd.conf(5) to a cn=config directory format
Discuss
slap* -f slapd.conf -F slapd.d/
(man slapd-config)
Friday, November 21, 2008
Thursday, November 13, 2008
SU Error - su: not running setuid If this error occures while you try to su, it means that you need to set SUID bit to su binary like below: $ su -
SU Error - su: not running setuid
If this error occures while you try to su, it means that you need to set SUID bit to su binary like below:
So above commands do:
notes: instead of `which su` you could use directly /path/to/su/binary if you know it, and you can use `which su` and it'll work on both Linux & FreeBSD.
This error occured after a buildworld. I suspect that because of file flags I use.
If this error occures while you try to su, it means that you need to set SUID bit to su binary like below:
$ su -
su: not running setuid
(BECOME ROOT SOMEHOW AND THEN...)
# ls -l `which su`
-r-xr-x--- 1 root wheel 14324 Apr 12 23:14 /usr/bin/su
# chmod u+s `which su`
# ls -l `which su`
-r-sr-x--- 1 root wheel - 14324 Apr 12 23:14 /usr/bin/su
# su - andrei
$ su -
Password:
So above commands do:
- ls -l `which su` - lists su binary
- chmod u+s `which su` - adds SUID bit to su binary
- exactly like 1.
- su to another user ( andrei in this case)
- su to root from a normal user. See that the error does not occure any more.
notes: instead of `which su` you could use directly /path/to/su/binary if you know it, and you can use `which su` and it'll work on both Linux & FreeBSD.
This error occured after a buildworld. I suspect that because of file flags I use.
Friday, November 7, 2008
turn off smux port 199
To turn off SMUX when you don't have the options of recompiling from source
to disable SMUX support, you have to give it an invalid IP address to bind
to. This may be OS specific. On Linux, if I put this in my snmpd.conf:
smuxsocket 1.0.0.0
I get an error at startup, and lsof or netstat show that snmpd is no longer
listenting on port 199. If you get and error message about the smuxsocket
token not being recognized, then you're out of luck. You'll have to recompile
from source (or just use local firewall rules to block connections to port
199).
to disable SMUX support, you have to give it an invalid IP address to bind
to. This may be OS specific. On Linux, if I put this in my snmpd.conf:
smuxsocket 1.0.0.0
I get an error at startup, and lsof or netstat show that snmpd is no longer
listenting on port 199. If you get and error message about the smuxsocket
token not being recognized, then you're out of luck. You'll have to recompile
from source (or just use local firewall rules to block connections to port
199).
How do I bind to a specific ip address? + tomcat
How do I bind to a specific ip address?
Each Connector element allows an address property. For example:
address="192.168.1.1"
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false" disableUploadTimeout="true" />
Wednesday, November 5, 2008
ping: socket: Operation not permitted
> iron# ping localhost
> ping: socket: Operation not permitted
>
> My issue is the sysmon program stops on a check for
> root access to ICMP. The jail root user doesn't have
> rights to create ICMP packets in a jail system.
>
> Can this be modified to skip with a sysmon.conf switch
> or turned off ?
yes:
puck:~/sysmon/sysmon> src/sysmond -h
Usage: src/sysmond [ -f config-file ] [ -n ] [ -d ] [ -v ] [ -t ]
[ -p port ] [ reload ]
-b : IP Address to listen on
-f config-file : Alternate config file location
DEFAULT: /usr/local/etc/sysmon.conf
-n : Don't do notifies
-d : Don't fork
-i : Disable ICMP
You can also use this sysctl to allow raw sockets
within a Jail:
security.jail.allow_raw_socketsroot@test:/usr/src# sysctl security.jail.allow_raw_sockets=1
security.jail.allow_raw_sockets: 0 -> 1
.cshrc
# $FreeBSD: src/etc/root/dot.cshrc,v 1.30 2007/05/29 06:37:58 dougb Exp $
#
# .cshrc - csh resource script, read at beginning of execution by each shell
#
# see also csh(1), environ(7).
#
alias h history 25
alias j jobs -l
alias la ls -a
alias lf ls -FA
alias ll ls -lA
# A righteous umask
umask 22
set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin
)
setenv PACKAGEROOT ftp5.us.FreeBSD.org
setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/
setenv EDITOR vi
setenv PAGER more
setenv BLOCKSIZE K
if ($?prompt) then
# An interactive shell -- set some stuff up
set prompt = "`/bin/hostname -s`# "
set filec
set history = 100
set savehist = 100
set mail = (/var/mail/$USER)
if ( $?tcsh ) then
bindkey "^W" backward-delete-word
bindkey -k up history-search-backward
bindkey -k down history-search-forward
endif
endif
set autolist
set autocorrect
alias ls gnuls -N --show-control-chars --color
alias l gnuls -l -N --show-control-chars --color
alias ll gnuls -al -N --show-control-chars --color
alias lld gnuls -ald -N --show-control-chars --color
set prompt = '%n@%m:%/%# '
#
# .cshrc - csh resource script, read at beginning of execution by each shell
#
# see also csh(1), environ(7).
#
alias h history 25
alias j jobs -l
alias la ls -a
alias lf ls -FA
alias ll ls -lA
# A righteous umask
umask 22
set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin
)
setenv PACKAGEROOT ftp5.us.FreeBSD.org
setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/
setenv EDITOR vi
setenv PAGER more
setenv BLOCKSIZE K
if ($?prompt) then
# An interactive shell -- set some stuff up
set prompt = "`/bin/hostname -s`# "
set filec
set history = 100
set savehist = 100
set mail = (/var/mail/$USER)
if ( $?tcsh ) then
bindkey "^W" backward-delete-word
bindkey -k up history-search-backward
bindkey -k down history-search-forward
endif
endif
set autolist
set autocorrect
alias ls gnuls -N --show-control-chars --color
alias l gnuls -l -N --show-control-chars --color
alias ll gnuls -al -N --show-control-chars --color
alias lld gnuls -ald -N --show-control-chars --color
set prompt = '%n@%m:%/%# '
Tuesday, November 4, 2008
Operation not permitted
mv: /usr/jail/camel/sbin: Directory not empty
mv: /usr/jail/camel/var/empty: Operation not permitted
mv: /usr/jail/camel/var: Directory not empty
mv: /usr/jail/camel: Directory not empty
mv: /usr/jail: Directory not empty
mv: /bin/rm /usr/jail: terminated with 1 (non-zero) status
I guess I ain't gotta worry about the sockets but what about the rest?
you need
chflags -R noschg yourdir
Subscribe to:
Posts (Atom)