it will not prompt for a password right away

The adduser command will make a series of prompts one after the other with information. One of the later prompts is for a password.

Like in linux such as debian there is the adduser command that is a script but it runs useradd with the required options is that how Free BSD works?

Here is an example of adding a user and also adding them to the wheel group so they can su to root. paste.debian.net/plain/1324360

The prompts all end with a colon and where I did not say anything after the colon I hit Enter and accepted the default value.

The critical prompt was "Login group is rwp2. Invite rwp2 into other groups?" where I entered "wheel" and then hit Enter.

nickgaw, Is there any access at mythic-beasts to the serial console? Can you reboot your system and get to the FreeBSD boot loader dialog? If so then you can boot to single user mode and have root access that way. That would almost certainly be the easiest access method.

Once you in the boot prompt what do you do to get to single user mode?

Hit space to pause the dialog from the count down timer.

Then stand by while I boot a system and look at exactly the prompts seen.

and press 5 until it says "serial console"

which i think is 3 times

If booting single user mode I don't think that is needed.

Press "S" for single user mode. That will boot to a root prompt.

In future is it always best to add a user account during the installation?

Both number 2 and the letter S boot to single user mode. It will boot to a prompt "Enter full pathname of shell or RETURN for /bin/sh:" where pressing Enter will provide a root shell.

Normally we always add a non-root user because ssh access by default requires a non-root user. And that user must be in the wheel group in order to su switch user to root.

I think this information should be mentioned in the installation screen somewhere.

I want to thank scoobybejesus for some of this because the two of us consulted on the topic earlier today. :-)

:)

Are you one of the Free BSD developers or just a normal user?

rwp: why doesn't the cd default to serial, video secondary. this wouldn't even be a problem if that was the case

nickgaw: just users

I am just a normal FreeBSD user. But I have been using Unix systems for a very long time. :-)

Mythic-beasts has debian as an automatically installed system I was mainly messing around with Free BSD just to see how screen reader frienly it was.

rtprio, In order to install using a serial console the setting depends upon which serial port is being used. But for both boot to the iso installer boot loader prompt then "set console=comconsole" which will cause the display to be wonky then type without looking "boot" and it will boot to the serial console.

If using COM1 then that is all that is needed. My Supermicro systems use COM3 for the IPMI SOL Serial-Over-LAN console that I use over the network and that requires "set comconsole_port=0x3e8" to be sent first. But that obviously depends upon the serial port to be used.

The default for my systems is 115200 bits per second but if there is a baud rate mismatch then add "set comconsole_speed=115200" or other as appropriate before changing to comconsole.

After the installation is complete then one would of course not want to do this every time so add comconsole_port=0x3e8 (COM3 for me) and console="comconsole,vidconsole" (with both outputs) to the /boot/loader.conf file and it will persistently boot using the serial console as configured.

On FreeBSD 14 nothing is required to enable a getty on the serial port. One is configured by default.

On FreeBSD 13 one needs to edit /etc/ttys and enable "ttyu2 "/usr/libexec/getty 3wire" vt100 onifconsole secure"

Having said all of the above I really think that if you can boot to the console then single user mode is the easiest method of access. :-)

Once the user account is setup I can access it threw ssh after this can I install other sets from the internet?

yes

rwp: for nearly all virtualization i've used, the single comconsole is sufficent

I would imagine that for a rented VPS from a provider that they would all use the first serial port.

bhyve does. kvm does

Perhaps I should not have mentioned it but when I first started trying to make the network console work it took me a long time to figure out that I needed to set comconsole_port=0x3e8 for the 3rd serial port and so I mentioned it here as an addendum for others.

I also prefixed my statement with the background that my Supermicro systems use COM3 for the IPMI SOL Serial-Over-LAN console.

nickgaw, You said "after this can I install other sets" and rtprio answered yes. I recommend using "pkg" the binary packages. Run "pkg" as root and it will configure itself on the first run. Then run pkg again with "pkg search foo" where foo is the name of anything you might want to install. Use "pkg install foo" to install the binary package of what you want to install.

Almost anything and everything you would ever want to install is pre-compiled into binary packages and available using "pkg".

I mean like installation sets.

Can I install more of them after installation?

What is an "installation set"?

during the installation it asks me about packages like X windows and 32 bit compatible libraries.

Not sure what it is called in FreeBSD.

I don't know either.

I have never needed to know. I just install what I want. "pkg info | wc -l" says I have 133 binary packages installed on a headless server system. On my desktop it says 1037.

nickgaw: installation sets are ... i guess just sets of packages, right? one for gnome one for kde?

freebsd doesn't do that. just install the packages that you want

Also I personally don't ever install the lib32 files offered at install time. I have never needed them on 64-bit systems.

nickgaw: You are saying those options, Choose Optional System Components to install ([ ]base-dbg,[ ]kernel-dbg,[ ]lib32-dbg, [*] lib32, [ ]Ports, [ ]src, [ ]tests) Options.. ?

nickgaw: Glad to know that you have resolved your SSH User issue :).. now what do you want to do ? Apache/MariaDB/PHP etc or What ?

In section 2.5.3 "Selecting Components to Install" docs.freebsd.org/en/books/handbook/bsdinstall/#using-bsdinstall it shows an image of that dialog followed by a bullet point list of them described. It says, "lib32 - Compatibility libraries for running 32-bit applications on a 64-bit version of FreeBSD." I remove the selection of lib32 as I have never needed it on my 64-bit systems. Never missed it.

nickgaw, Have you resolved your root access issue to your VPS? It's not clear to me from what you have said so far. Are you still trying to solve the problem?

I had someone remote into the system and help me create a normal user account

And please for me verify that the non-root user account is in the "wheel" group?

I have two one with and without Zfs encryption

You can say "groups" to have it print out this information.

The most official command is probably "id" but that also prints out other information and "groups" keeps it purely to the group output list.

Once a user has no ZFS encryption can I add that to them later?

What do you mean by "ZFS encryption" in relation to "user"?? Do you mean the /home dataset has encryption turned off for one user dataset and turned on for another user dataset?

I think the safe answer is that to change from a dataset without encryption to a dataset with encryption one would create a new encrypted dataset and then copy the data from the old to the new and then delete the old.

That's a straight forward operation and it would guarantee that all of the data in the encrypted dataset became encrypted.

Normally when changing zfs properties they only take effect for new files in the dataset. I assume encryption would be the same.

adduser asked me if I wanted the home directory encrypted by ZFS.

By the way... If one wants to add the lib32 compatibility libraries later and they were not selected at installation time then the file can be downloaded (download.freebsd.org/ftp/releases/amd64/14.1-RELEASE) and then unpacked in the root directory with "tar xvf lib32.txz".

Ah... My test running adduser and pasted in was on a UFS file system without encryption capability so it did not offer it to me. paste.debian.net/plain/1324360

New in 14 is a new default of a separate /home dataset and each user created gets a dataset under it such as /home/rwp for my account. Previously individual datasets were not created.

If I wanted to encrypt my home dataset I would create a new dataset /home/rwp-encrypted or other name, then copy everything from my home to there. Then destroy my original dataset. Then rename the rwp-encrypted dataset to be named rwp and the task would be done.

I think the person helping with the installation did not know much about filesystems so ZFS is what was set by the default but not sure but at least the system is installed.

ZFS is an excellent choice. Very good. They did well on that point.

Can linux use ZFS or can I sshfs mount this virtual private server and edit directories and use nano to edit files?

I see mostly my own wall of text so I am going to back away from the keyboard for a while. Sounds like you are in good shape now.

Or how do I install nano on this server?

Ubuntu GNU/Linux can use ZFS by simply installing the zfs tools. I forget the name off the top of my head. Debian needs the kernel module installed and compiled.

pkg install nano

The Ubuntu package needing to be installed for zfs is zfsutils-linux

Should I answer yes to install the package manager?

Yes.

nickgaw: its required

Before I do anything else I am going to make a snapshot of this server in it's current state.

great idea

you got the serial console going now, yes?

I got ssh access going now.

👍

Now root can login with ssh either with a password and a key

How do I delete users?

rmuser

How do I remove a ZFS data set?

for a deleted user?

root@freebsd:~ # Jul 26 02:01:34 freebsd sm-msp-queue[785]: 46N3ULdP000678: SYSERR(root): makeconnection: cannot create socket: Address family not supported by protocol family

how to fix?

nickgaw: zfs destroy

Soni: disable sendmail; otherwise it's harmless

what purposes does sendmail serve?

nickgaw: first verify that deleted user has ZFS Dataset by command : df -Th or mount probably at last line zroot/home/<Deleted_User_Name> mounted on /home/<Deleted_User_Name>, then command: zfs destory zroot/home/<Your_Removed_UserName>

Soni: it uh, sends mail

yes but what's it used by

auditing?

also, this is a dev machine for fucking around with sockets, so we expect we're gonna want to test it with sendmail at some point...

hard to believe sendmail is still a thing

(for fucking around with socket implementation)

Sendmail the venerable old mail transport agent is newly disabled by default in 14.

In previous releases it was (amazingly in IMNHO) enabled by default and always needed to be disabled.

it's not that vulnerable. it's also only listening locally

But even though we say that Sendmail is not needed we do usually need /usr/sbin/sendmail to be available and installed and I use Postfix for it.

cannot for for the dail mail/sendmail is removed from OS. Who the hell wants mail over proper logs

andd SponiX hard to believe they haven't rewritten it in rust

The problem is the design of Sendmail being one large monolithic program with a Turing complete configuration language that is quite an arcane sed-like thing, running as root. What could possibly go wrong? Well, historically many root level compromise vulnerabilities.

Meanwhile... Several good alternatives already exist and have for decades and so most people run one of the alternatives. I use Postfix.

proper logs are nice

But Soni's question is why would anyone need email? Because there is a generation of people who don't use and don't like email.

Postfix and Sendmail both create proper logs. Exim (another alternative) logs are not so nice in my opinion.

rwp: we're on IRC, ofc we know what email is. have you looked at v6ops recently?

I have not. Tell me about it?

If you know about email then why ask about Sendmail?

we have finally fixed our disk space issues, so we can begin working on "CLAT-in-libc" (needs better name) without running out of disk space

(now, we do have a bit of a "running out of RAM" problem, but that's nothing -j1 can't solve)

what is clat

ipv6 trans tech

A customer-side translator (CLAT), which is not a Juniper Networks product, translates the IPv4 packet to IPv6 by embedding the IPv4 source and destination addresses in IPv6 /96 prefixes, and sends the packet over an IPv6 network to the PLAT. ?

see RFC 6877

that sounds unpleasant

All IPv4 addresses as a number are also IPv6 addresses as a number and can be translated to IPv6. 93.184.215.14 is ::ffff:5db8:d70e for example. I am thinking that's what's being talked about here. Maybe. Probably.

no, that's not it

no, that's not it

refer to RFC 6877

also ::ffff:5db8:d70e is not a routable address

RFC 8925 is pretty neat too

i swear people are trying harder to make ipv6 work over v4 or v4 over v6 rather than just dual homing or moving to ipv6

ppl don't wanna maintain/deploy dual stack networks

so yes, they work hard to move the dual-stack to the edge so they can run a single-stack backbone

the purpose of "CLAT-in-libc" is to provide access to github on an otherwise IPv6-only OS

Maybe the problem is using Github? Seriously. Other platforms support IPv6 natively. Have you contemplated using Gitlab or Source Hut? (Regardless I must afk while I relocate.)

have you ever tried to threaten developers if they don't move off of github? it doesn't go well.

the problem is github

after using a few other ones, i find github rather annoying

but alas

Soni: the libc is ... in the OS? rather than... a juniper device?

If I remove a user account why is the UUID not freed up for later use as the zfs set appears to be still there also so how do I just remove everything for that user including the zfs set for that user?

you removed it with rmuser?

as i recall adduser crudely guesses the next uid to use;

yes with rmuser

zfs destroy the name of the dat set worked.

Now they both have encryption.

you could use pw(8) to create a user without promps and specify the uid/gid you want to use. check the man pages

Is there an easy way to just retreve the source tree and put it into /usr/src?

pkg install git; cd /usr/; git clone git.freebsd.org/src.git

After this snapshot is created no clue as to why it is taking so long I will do that I do not want to break this working system now that it is setup.

what is taking so long?

Do other virtual private server companies exist that have Free BSD natively rather then me having to install it manually with sited assistance?

No clue the progress bar on their web site says $40.

even after browser closing and relaunching they say this feature is in alpha.

it is moving but slowly.

uh, i think there are a few freebsd providers, but not many

What are the main differences in the different BSD's?

i was able to use dd to overwrite the linux partition on an oracle vps

What hosting company was that with?

nickgaw: cloud.oracle.com

i was able to use dd to overwrite the linux partition on an oracle vps to install freebsd

What operating system do they suggest you use?

oracle suggests you use oracle linux, but they do have freebsd images if you use arm64

I did not know they had their own linux version what packaging manager do they use?

i think it's rpm based but we're really out in the weeds

you can sign up for a free account and get yourself a free freebsd vm there

On this channel do they not like talking about other operating systems?

or oracle linux, should you want

i don't think it's strongly enforced as long as it gets back on track eventually

Lets say Free BSD gets a new release can I upgrade on line natively without reinstalling?

yes, you can, "man freebsd-update"

What is the kernel file name on Free BSD?

it's /boot/kernel/kernel

you have a lot of questions; i suggest you check out the freebsd handbook, which has quite a lot of these topics addressed

Just for testing and not for installation can I rebuild the kernel on Free BSD and is it different then the linux kernel building process?

you can and it is different

Once pkg is installed if I remove all packages can I remove pkg?

i suppose you could

in the couple years I've used FreeBSD I've never really compiled my own kernel, you just load/unload kernel modules really (and I'm from late 90's linux when we compiled kernels every time a new one came out)

I'm sure if you have some niche case it might make sense to, otherwise "it just works"(tm)

K5KGT: usually true. but on a small vm i made a kernel that was 5mb rather than generic which was 28mb

so it was both a space and memory savings

that's a good savings, but, niche case

I mainly want to for testing purposes like the generic kernel and not for normal use as my normal user account.

yes, on a modern system with 4,8 or more ram, wholly unnecessary

nickgaw: you can build one, sure, just follow the link i sent you

Yes building those kernels in linux for the speakup screen reader for every release was a mess but now it is in the staging area and debian has it for installation and the system talks after the installation.

yeah the handbook is awesome, if you need more dive into Lucas's "Absolue FreeBSD", it's gotten me out of more than one pickle (stopping boot process at a spot and fixing things, then resuming boot)

nickgaw: how does the screen reader handle say, the output of a c compiler

"Absolute FreeBSD" (sorry)

Well if errors come out it just reads them but if things go well you just get your shell prompt back.

You mean like make?

right

It reads out the commands that make runs but I usually use -s to keep it quiet as all I care about is the finished build.

Is that book someone was talking about around on line for free or is it something I have to buy?

it is a book to purchase

I will have to see if it is in any electronic format.

that handbook will probably get you a long way; generally i regret buying tech books as things seem out of date so quickly

Yes this is true.

Is it suggested to build everything as a normal user and not root?

yes; only elevate privileges for things when you need them. same montra is true for most computer systems

In the future to select all installation options like packages to install do you just type in the letters for teach option then hit enter or type them in with spaces in them?

Why when using sftp with an encrypted user account with zfs after connecting can I not put files to my home directory and the directory listing is empty?

I have prometheus and grafana set and working on my dedicated server (FreeBSD 14.1 + ZFS + nvme disks) - (running around 10 wordpress sites; nginx, maria-db, php-fpm), the Wired memory seems pretty high, is that normal? Here's the output: i.ibb.co/25y5HmV/output.png

tercaL: very likely ZFS ARC. the max default is practically all your ram - see docs.freebsd.org/en/books/handbook/zfs/#zfs-advanced-tuning

but then it is a cache and utilizes your investment. so unless nothing else suffers, it's fine. on linux you would see this large number of the buffered side i guess

ridcully: Thanks a lot, very informative reply and link. I got; vfs.zfs.dirty_data_max_max="17179869184" and vfs.zfs.dirty_data_max_percent="25" on 64 GB of ram server. And it seems ARC does fine, here's my zfs-stats output; pastebin.mozilla.org/kWiWOozU

focusing on "ARC Efficiency:" section there.. it seems ARC gives me opportunity for my server to read directly from RAM without wrestling much with disk i/o, right?

Those of you in / around Paris, what changes are you seeing with the Olympics?

dvl, probably a topic for -social, but what I've seen starting yesterday was 1- oodles of cops with rifles, and 2- restrictions on circulation.

i heard the trains aren't working as well too :-D

lw: Sabotage isn't much fun.

dvl: i kind of support anyone taking direct action against bread and circuses, etc. although i'm sure it's annoying for people who aren't involved

lw!

jbo

\o/

hi, there is a tool named amdgpu_top, an AMD GPU usage monitor similar to radeontop from ports, that I successfully compiled on FreeBSD with drm-kmod installed. However, running it depends on Linux /sys interface. Does LinuxKPI provide any emulation of it?

vedranm: docs.freebsd.org/en/books/handbook/linuxemu

scoobybejesus: yes, that's Linuxulator, that's not helpful as it doesn't expose directories from drm-kmod drivers loaded via LinuxKPI in /compat/sys

ah, so /compat/linux/sys isn't what you need?

/compat/sys is quite limited, in that it's only meant to target the things needed for userland compatibility, and LKPI is deliberately not trying to emulate entire Linux kernel (just enough for DRM, and hopefully soon WiFi).

If I was looking at amdgpu_top, I'd probably investingate whether the values are accessible via sysctl(8) or sysctl(3) and give that information to the developer, if they're interested in making it more portable.

Hello, does anyone have any experience/thoughts about ZFS+HAST vs ZFS+glusterfs? I'll test them both in my environment, and I'm inclined to say ZFS+HAST because it's all in base, but I'd appreciate if anyone has any thoughts on the subject.

rpratt: they solve completely different problems. HAST is if you need failover from one system to another, where either system can serve the request load. GlusterFS is when you need to distribute data over many different systems, where no single system could store all the data by itself.

Gotcha, so using glusterfs is NOT the solution for failover. Thank you, I appreciate it.

GlusterFS can be used for failover but it probably wouldn't be my first choice

mostly because of the limitations it imposes on clients

/24

My assumption, and I could be absolutely wrong, moosefs/lizardfs and ceph fall into the same category as glusterfs?

i am not familiar with moosefs or lizardfs. Ceph is more similar to Gluster than HAST, yes

although, having used both (on Linux, not FreeBSD) i greatly preferred Ceph to Gluster and found it a lot more useful

My understanding is that ceph has more options, but gluster is 'easier' . I'm still working on fact-finding before I jump into this. It'll be a data store for about 40 virtual machines, so nothing too crazy.

this has probably changed since i used it, which was many years ago, but Ceph provides native support for NFS and iSCSI, whereas i recall Gluster requires you use their specific Gluster protocol on each client

that might be out of date, though

i also have the impression that Ceph doesn't support FreeBSD well, if at all

but if you just want two replicated systems that provide iSCSI volumes to VM hosts, i think HAST is what you want

(of course HAST itself doesn't provide failover functionality, so you have to add that yourself)

Part of me is debating just a zfs send every 5 minutes or so, vs trying to do an intelligent active/passive. Probably less stuff to break/get confused.

if you can survive 5 minutes of data loss and don't need automatic failover, that would certainly be the easiest option

although i think i'd still prefer manual HAST in that case

I'll give HAST a try and see how it shakes out, and I'll keep the zfs send as a backup plan in case it gets weird. Thank you for taking the time to talk about this with me.

dhclient[553]: XMT: Solicit on vtnet0, interval 7850ms.

can anyone help me with all this soliciting but no address?

what's XMT?

i'm assuming it's short for 'transmit'

Am I looking in the wrong place or are the FreeBSD docs missing a chapter about setting up network address translation? The old docs had it, but I can't find it in the new ones

debdrup: thx

apparently the tool is doing something since I get messages like amdgpu: pp_get_power_profile_mode was not implemented. amdgpu: pp_dpm_get_mclk_od was not implemented. amdgpu: pp_dpm_get_sclk_od was not implemented. in dmesg

What I am trying to do is share an openvpn connection (using tun interface) on a Freebsd host using NAT, but I am getting an error "ipfw: getsockopt(IP_FW_XADD): Protocol not available". I guess it's not doable?

tuaris: docs.freebsd.org/en/books/handbook/firewalls/index.html ?

Ah.. I was looking in the wrong place under advanced networking, and the search on the left didn't bring that up.

no worries

Hello is anyone here ?

yep, we're here

I am trying to a USB Bluetooth device that works on FreeBSD

rt : Do you think this will work - > amazon.com/Edimax-BT-8500-Bluetooth…ad383193955aae7e38dd4f&gad_source=1

i don't know, i don't use bluetooth