Category Archives: Unix/Linux

Changing a User’s Password on FreeBSD

Before getting into how to change a user’s password on FreeBSD, let’s have a quick revision on how that can be done on a Linux system.

As a user we can change the password by typing:

$ passwd
Changing password for user kenno.
Changing password for kenno.
Current password: 
...

Or with a root account, we can change/set the password for another user:

# passwd kenno
Changing password for user kenno.
New password: 
...

How about a FreeBSD? It should be the same way as how it’s done on Linux right? Right? Well, not quite.

On a FreeBSD system, in addition to run the passwd command, we also need to generate the password databases to be “in sync” with the plain text files.

# pwd_mkdb /etc/master.passwd

You can learn more about both passwd and pwd_mkdb, by running:

$ man passwd
$ man pwd_mkdb

Ref: Can’t change user password

FreeBSD upgrade pool ‘zroot’

Today I successfully upgraded my FreeBSD home nas server from 10.3 to 11.0. This is the final release of version 11.0, though the official announcement is expected to be made on September 28.

After the system upgrade, I need to also upgrade the 2 zpools (tank and zroot) so they can have new features. Upgrading tank was easy, all I needed to do was running this command:

# zpool upgrade tank
This system supports ZFS pool feature flags.

Enabled the following features on 'tank':
  sha512
  skein

For zroot, in addition to running the above command (by replacing the actually zpool name to zroot), I also need to update the boot code.

root@nas:~ # zpool upgrade zroot
This system supports ZFS pool feature flags.

Enabled the following features on 'zroot':
  sha512
  skein

If you boot from pool 'zroot', don't forget to update boot code.
Assuming you use GPT partitioning and da0 is your boot disk
the following command will do it:

        gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da0

What’s the boot code? Good question. Not sure what it is, I’ll find out later by reading the FreeBSD document.

The boot disk in my server is not da0. How do we find out what it is?

root@nas:~ # gpart show
=>       34  125045357  ada4  GPT  (60G)
         34       1024     1  freebsd-boot  (512K)
       1058    4194304     2  freebsd-swap  (2.0G)
    4195362  120850029     3  freebsd-zfs  (58G)

In my case, it’s ada4, and the partition the boot sits on is ada4p1.
So, I can now proceed to update the boot code:

root@nas:~ # gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada4
partcode written to ada4p1
bootcode written to ada4

Reboot the machine, and voilla it’s “still” working.

FreeBSD git fatal: Unable to find remote helper for ‘https’

I just found out that git is not fully functional on my FreeBSD (11) box. It was installed from port (using portmaster git). I can clone a repo using SSH key, but not with HTTPS.

I’m not quite sure if it’s always been this way. Here is how to fix it:

1) Reinstall curl

# pkg remove curl
# portmaster curl

2) Reinstall git

# pkg remove git
# portmaster git

Why did I install git from port? Well, ‘cuz there is no binary package for FreeBSD 11 arm, which runs on my Raspberry Pi B+.

Installing Pip with Python 3.5 on FreeBSD

Here is a quick note serves as a self-reminder on how to get pip working or installed on FreeBSD 10.3.

# pkg install python35

There is no package for pip, at least at the time of this writing, on FreeBSD. To have it install, run the following command:

# python3.5 -m ensurepip

While you’re at it, you might as well update pip:

# pip3.5 install --upgrade pip

Thanks to this post in the FreeBSD forum: https://forums.freebsd.org/threads/52702/.

PF firewall rule for DNS server

A reminder to readers, most of these blog posts are to remind me what I have done or fixed some problems. What works for me may not work for you. Most of the time, they aren’t even the best practice.

Here’s a snippet of the PF firewall rule on my FreeBSD box which acts as a DNS server. Basically, the firewall opens up UDP port 53 to allow LAN access it.

ext_if = "ue0"
...
pass in on $ext_if proto udp from 192.168.1.0/24 to any port 53 keep state

Reference: IPFW rules for DNS Resolvers

Remove a file/directory starting with dash/hyphen

I just noticed that in the /root directory, there exists a directory with its name starting with a dash: -p in my FreeBSD box.

root@raspbsd:~ # ls -l
total 144
drwxr-xr-x  2 root  wheel    512 May  5 18:26 -p
drwxr-xr-x  2 root  wheel    512 May  5 20:45 .byobu
drwxr-xr-x  3 root  wheel    512 May  5 20:45 .cache
-rw-r--r--  2 root  wheel    959 Jan 23 00:59 .cshrc

As much as I wanted to get rid of it, I was curious to find out what’s inside that directory.

root@raspbsd:~ # cd -p/
Usage: cd [-plvn][-|...

That didn’t work. After a short while of trying many things, I figured out 2 ways to do it.

root@raspbsd:~ # cd \-p
root@raspbsd:~/-p # 

Another way (1) is to add ‘./’ in front of it:

root@raspbsd:~ # cd ./-p
root@raspbsd:~/-p #

Finally, after confirming that the ‘-p’ hold no file, it can be deleted as:

 # rmdir ./-p

Notice that, # rmdir \-p does not work though. I should have put a disclaimer on the top. I only tested this on FreeBSD, but it should also work on Linux. If you decide to follow my instruction to remove any files on your system, do it cautiously. I will not be responsible for your action ^_^.

Reference: (1) http://www.electrictoolbox.com/delete-file-starting-with-dash-hyphen/

ISC Dhcpd Duplicate UID Lease

Someone asked this question in one of his blog posts:

Ever see this?

dhcpd: uid lease 192.168.1.150 for client xx:xx:xx:xx:xx:xx is duplicate on 192.168.1/24

Yes, I’m seeing something like that now in the my dhdcp logs. Here is the actual message:

DHCPREQUEST for 192.168.1.109 from 08:00:27:6e:61:b8 via eth0
DHCPACK on 192.168.1.109 to 08:00:27:6e:61:b8 via eth0
DHCPINFORM from 192.168.1.109 via eth0
DHCPACK to 192.168.1.109 (08:00:27:6e:61:b8) via eth0
uid lease 192.168.1.224 for client 08:00:27:6e:61:b8 is duplicate on 192.168.1.0/24
DHCPREQUEST for 192.168.1.109 from 08:00:27:6e:61:b8 via eth0
DHCPACK on 192.168.1.109 to 08:00:27:6e:61:b8 via eth0

I think I know why this happened. Basically, the machine with MAC address of ’08:00:27:6e:61:b8′ used to have grab an IP address
from the pool. Then later on, I have created a reservation for it.

host mathtXXX-win {
    hardware ethernet 08:00:27:6e:61:b8;
    fixed-address 192.168.1.109;
}

On Centos 7, the lease file is located at: /var/lib/dhcpd/dhcpd.leases. Here’s the duplicated lease for mathtXXX:

lease 192.168.1.224 {
  starts 3 2015/06/10 01:44:21;
  ends 3 2015/06/10 01:49:24;
  tstp 3 2015/06/10 01:49:24;
  cltt 3 2015/06/10 01:44:21;
  binding state free;
  hardware ethernet 08:00:27:6e:61:b8;
  uid "\001\010\000'na\270";
}

By removing the above block and restarting dhcpd service, the “uid lease duplicate” message no longer appears in the log.

Install PostgreSQL server on Raspberry Pi from FreeBSD port

Before I wrote this blog post, I had thought there was no binary package for PostgreSQL server for FreeBSD 11 running on Raspberry Pi. Hmm… how wrong I was! I just wasted the whole night compiling Postgres from source. DOH!

Anyhow, here’s the step I took to do it. If you’re familiar with FreeBSD, there’s nothing new here. But, I only use FreeBSD once in awhile, and so I tend to forget a lot what I do.

cd /usr/ports/databases/postgresql94-server
make config
make install clean

After a very long time of waiting, I was presented with the following message:

To initialize the database, run                                                                                              
                                                                                                                             
  /usr/local/etc/rc.d/postgresql initdb                                                                                      
                                                                                                                             
You can then start PostgreSQL by running:                                                                                    
                                                                                                                             
  /usr/local/etc/rc.d/postgresql start                                                                                       
                                                                                                                             
For postmaster settings, see ~pgsql/data/postgresql.conf                                                                     
                                                                                                                             
NB. FreeBSD's PostgreSQL port logs to syslog by default                                                                      
    See ~pgsql/data/postgresql.conf for more info                                                                            
                                                                                                                             
======================================================================                                                       
                                                                                                                             
To run PostgreSQL at startup, add                                                                                            
'postgresql_enable="YES"' to /etc/rc.conf      

Let’s initialize the database:

 # /usr/local/etc/rc.d/postgresql initdb                                
Cannot 'initdb' postgresql. Set postgresql_enable to YES in /etc/rc.conf or use 'oneinitdb' instead of 'initdb'.

Ahh.. ok.

# echo 'postgresql_enable="YES"' >> /etc/rc.conf

Please note that I used ‘>>’ to append the above line to /etc/rc.conf. Alternatively, just append that line with a text editor such as Vim or Nano.

# /usr/local/etc/rc.d/postgresql initdb                                
The files belonging to this database system will be owned by user "pgsql".
This user must also own the server process.

The database cluster will be initialized with locale "C".
The default text search configuration will be set to "english".

Data page checksums are disabled.

creating directory /usr/local/pgsql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
creating template1 database in /usr/local/pgsql/data/base/1 ... ok
initializing pg_authid ... ok
initializing dependencies ... ok
creating system views ... ok
loading system objects' descriptions ... ok
creating collations ... ok
creating conversions ... ok
creating dictionaries ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
loading PL/pgSQL server-side language ... ok
vacuuming database template1 ... ok 
opying template1 to template0 ... ok
copying template1 to postgres ... ok
syncing data to disk ... ok

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    /usr/local/bin/postgres -D /usr/local/pgsql/data
or
    /usr/local/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start

That’s it. Well, next time I want to install Postgres server again, I’ll run this command instead:

# pkg install postgresql94-server-9.4.2