Blame
Date:
Mon Jan 23 05:00:25 2023 UTC
Message:
Daily backup
01
2023-01-22
jrmu
version=pmwiki-2.2.130 ordered=1 urlencoded=1
02
2023-01-22
jrmu
agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
03
2023-01-22
jrmu
author=zen
04
2023-01-22
jrmu
charset=UTF-8
05
2023-01-22
jrmu
csum=OpenBSD FAQ link refenrece
06
2023-01-22
jrmu
ctime=1610210326
07
2023-01-22
jrmu
host=78.35.163.217
08
2023-01-22
jrmu
name=Openbsd.Loginconf
09
2023-01-22
jrmu
rev=17
10
2023-01-22
jrmu
targets=Openbsd.Vipw,Grep.Usage,Openbsd.Singleuser
11
2023-01-22
jrmu
text=(:title login.conf:)%0a%0a!!! Login Class%0a%0aLogin classes allow you to control how many resources are allocated for each user. The limits can be edited in [[https://man.openbsd.org/login.conf|/etc/login.conf]]. For example, here is a login class created for network services:%0a%0a[@%0aservice:\%0a :openfiles-cur=4096:\%0a :openfiles-max=8182:\%0a :openfiles=4096:\%0a :stacksize-cur=48M:\%0a :stacksize-max=48M:\%0a :maxproc-max=infinity:\%0a :maxproc-cur=4096:\%0a :tc=daemon:%0a@]%0a%0a'''WARNING''': Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.%0a%0aEach time a network service creates a new connection for a user, it requires at least one file descriptor. So, if your file descriptor limit is set too low, the service will be unable to make new connections to networks. openfiles sets the maximum number of open file descriptors per process. -cur specifies the current limit and -max specifies the maximum limit.%0a%0aThe current and maximum stack size controls how much stack memory a user can use. We set it at 48M to give each service plenty of room.%0a%0a@@maxproc@@ limits how many processes a user in this class can create. We set the maximum to infinity and the current amount to 4096. @@tc=daemon@@ means that the default values will come from the @@daemon@@ login class.%0a%0aNow we will change @@username@@'s default login class to @@service@@:%0a%0a[@%0a$ doas usermod -L service username%0a@]%0a%0aThis can also be edited with a text editor using [[openbsd/vipw]].%0a%0aTo confirm that the login class has been changed, check [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%0a[@%0a$ doas grep '^username' /etc/master.passwd%0ausername:*:1001:1001:service:0:0:groupname:/home/username:/sbin/nologin%0a@]%0a%0a[[grep/usage|grep]] searches for the line that begins with @@username@@ in [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%0aThe 5th field should have the correct login class name:%0a%0a[@%0a$ doas grep '^username' /etc/master.passwd | cut -d : -f 5%0aservice%0a@]%0a%0a'''NOTE''': If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:%0a%0aTo delete:%0a%0a[@%0a$ doas rm /etc/login.conf.db%0a@]%0a%0aTo create the database:%0a%0a[@%0a$ doas cap_mkdb /etc/login.conf%0a@]%0a%0a!! Checking Limits%0a%0aYou should confirm the login class has been configured correctly using [[https://man.openbsd.org/ulimit|ulimit]].%0a%0aIf necessary, you may need temporarily change the login shell to ksh:%0a%0a[@%0a$ doas chsh -s /bin/ksh username%0a@]%0a%0aNext, we login with the login class username:%0a%0a[@%0a$ doas su -c service username%0a$ ulimit -a%0atime(cpu-seconds) unlimited%0afile(blocks) unlimited%0acoredump(blocks) unlimited%0adata(kbytes) 33554432%0astack(kbytes) 32768%0alockedmem(kbytes) 329478%0amemory(kbytes) 985092%0anofiles(descriptors) 4096%0aprocesses 1310%0a@]%0a%0a@@ulimit -a@@ displays all process limits for our current user.%0a%0a'''WARNING''': If limits are not what you expect, you may have an error in your configuration!%0a%0aPress ctrl+d to signal the end of file to logout%0a%0aOnce done, you may need to restore the login shell:%0a%0a[@%0a$ doas chsh -s /path/to/original/shell ngircd%0a@]%0a%0aReplace @@/path/to/original/shell@@ with the original shell (it may be @@/sbin/nologin@@).%0a%0a!! Troubleshooting%0a%0aSuppose /etc/login.conf and /etc/login.conf.db are missing or deleted. You might see this error:%0a%0a[@%0aOpenBSD/amd64 (username.example.com) (tty00)%0a%0alogin: root%0alogin: Failure to retrieve default class%0a@]%0a%0aThe way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq10.html#LostPW|OpenBSD FAQ]].%0a%0aOnce you boot into [[openbsd/singleuser|single user mode]], mount / and /usr partitions in read-write mode, set the correct terminal type, then edit [[https://man.openbsd.org/login.conf|login.conf]]:%0a%0a[@%0a# mount -rw /%0a# mount /usr%0a# export TERM=xterm%0a# vi /etc/login.conf%0a@]%0a%0aThe default login.conf can be downloaded from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy and paste this into /etc/login.conf, save, then quit.%0a%0aIf login.conf uses a database, recreate the database:%0a%0a[@%0a# cap_mkdb /etc/login.conf%0a@]%0a%0aThen reboot and login as usual:%0a%0a[@%0a# shutdown -r now %0a@]%0a
12
2023-01-22
jrmu
time=1674082085
13
2023-01-22
jrmu
title=login.conf
14
2023-01-22
jrmu
author:1674082085=zen
15
2023-01-22
jrmu
csum:1674082085=OpenBSD FAQ link refenrece
16
2023-01-22
jrmu
diff:1674082085:1655655427:minor=116c116%0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq10.html#LostPW|OpenBSD FAQ]].%0a---%0a> The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]].%0a
17
2023-01-22
jrmu
host:1674082085=78.35.163.217
18
2023-01-22
jrmu
author:1655655427=jrmu
19
2023-01-22
jrmu
diff:1655655427:1655654164:=96,103d95%0a%3c %0a%3c Once done, you may need to restore the login shell:%0a%3c %0a%3c [@%0a%3c $ doas chsh -s /path/to/original/shell ngircd%0a%3c @]%0a%3c %0a%3c Replace @@/path/to/original/shell@@ with the original shell (it may be @@/sbin/nologin@@).%0a
20
2023-01-22
jrmu
host:1655655427=38.87.162.8
21
2023-01-22
jrmu
author:1655654164=jrmu
22
2023-01-22
jrmu
diff:1655654164:1655651528:=35,36c35,36%0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%3c %0a---%0a> To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a> %0a42c42%0a%3c [[grep/usage|grep]] searches for the line that begins with @@username@@ in [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a---%0a> [[grep/usage|grep]] searches for the line that begins with @@username@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a
23
2023-01-22
jrmu
host:1655654164=38.87.162.8
24
2023-01-22
jrmu
author:1655651528=jrmu
25
2023-01-22
jrmu
diff:1655651528:1655167360:=42,43c42,43%0a%3c [[grep/usage|grep]] searches for the line that begins with @@username@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a%3c %0a---%0a> [[grep/usage|grep]] searches for the line that begins with @@znc@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a> %0a75c75%0a%3c Next, we login with the login class username:%0a---%0a> Next, we login with the login class znc:%0a
26
2023-01-22
jrmu
host:1655651528=38.87.162.8
27
2023-01-22
jrmu
author:1655167360=jrmu
28
2023-01-22
jrmu
diff:1655167360:1655166253:=35c35%0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a---%0a> To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/passwd]].%0a
29
2023-01-22
jrmu
host:1655167360=38.87.162.154
30
2023-01-22
jrmu
author:1655166253=jrmu
31
2023-01-22
jrmu
diff:1655166253:1655165922:=99,100c99,100%0a%3c Suppose /etc/login.conf and /etc/login.conf.db are missing or deleted. You might see this error:%0a%3c %0a---%0a> Suppose /etc/login.conf and /etc/login.conf.db are missing or were deleted. You might see this error:%0a> %0a102,103c102,103%0a%3c OpenBSD/amd64 (username.example.com) (tty00)%0a%3c %0a---%0a> OpenBSD/amd64 (example.ircnow.org) (tty00)%0a> %0a108,111c108,109%0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]].%0a%3c %0a%3c Once you boot into [[openbsd/singleuser|single user mode]], mount / and /usr partitions in read-write mode, set the correct terminal type, then edit [[https://man.openbsd.org/login.conf|login.conf]]:%0a%3c %0a---%0a> The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]]:%0a> %0a113,116c111,114%0a%3c # mount -rw /%0a%3c # mount /usr%0a%3c # export TERM=xterm%0a%3c # vi /etc/login.conf%0a---%0a> $ vmctl stop username%0a> stopping vm user: requested to shutdown vm 11%0a> $ vmctl start username%0a> vmctl: started vm 11 successfully, tty /dev/ttypa%0a119,122c117,118%0a%3c The default login.conf can be downloaded from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy and paste this into /etc/login.conf, save, then quit.%0a%3c %0a%3c If login.conf uses a database, recreate the database:%0a%3c %0a---%0a> You then have to quickly load the console before the system boots:%0a> %0a124c120,130%0a%3c # cap_mkdb /etc/login.conf%0a---%0a> coconut$ vmctl console username%0a> Connected to /dev/ttypa (speed 115200)%0a> Using drive 0, partition 3.%0a> Loading......%0a> probing: pc0 com0 mem[638K 510M a20=on]%0a> disk: hd0+%0a> >> OpenBSD/amd64 BOOT 3.52%0a> /%0a> com0: 115200 baud%0a> switching console to com0%0a> >> OpenBSD/amd64 BOOT 3.52%0a127,128c133,136%0a%3c Then reboot and login as usual:%0a%3c %0a---%0a> (Hint: You may want to press some alphanumeric letters on your keyboard to prevent automatic bootup, then delete them)%0a> %0a> Type @@boot -s@@ to boot into single user mode:%0a> %0a130c138,146%0a%3c # shutdown -r now %0a---%0a> boot> boot -s%0a> ...%0a> com0: console%0a> vscsi0 at root%0a> scsibus3 at vscsi0: 256 targets%0a> softraid0 at root%0a> scsibus4 at softraid0: 256 targets%0a> root on sd0a (6dd62d70bdd3bab6.a) swap on sd0b dump on sd0b%0a> Enter pathname of shell or RETURN for sh:%0a131a148,167%0a> %0a> Press enter to continue:%0a> %0a> [@%0a> # mount -rw /%0a> # mount /usr%0a> # export TERM=xterm%0a> # vi /etc/login.conf%0a> @]%0a> %0a> Here we are mounting the root partition as read-write (previously it was read-only). Then, we mount /usr in order to have access to basic system utilities. Then, we set the terminal type, then edit /etc/login.conf.%0a> %0a> You can grab the default login.conf from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy paste this into /etc/login.conf, save, then quit.%0a> %0a> [@%0a> # cap_mkdb /etc/login.conf%0a> # shutdown -r now %0a> @]%0a> %0a> Now, log in as usual.%0a
32
2023-01-22
jrmu
host:1655166253=38.87.162.154
33
2023-01-22
jrmu
author:1655165922=jrmu
34
2023-01-22
jrmu
diff:1655165922:1654997073:=51,54c51,52%0a%3c '''NOTE''': If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:%0a%3c %0a%3c To delete:%0a%3c %0a---%0a> '''NOTE''': If /etc/login.conf.db exists, make sure to delete it, otherwise login.conf changes won't apply:%0a> %0a57,62d54%0a%3c @]%0a%3c %0a%3c To create the database:%0a%3c %0a%3c [@%0a%3c $ doas cap_mkdb /etc/login.conf%0a
35
2023-01-22
jrmu
host:1655165922=38.87.162.154
36
2023-01-22
jrmu
author:1654997073=jrmu
37
2023-01-22
jrmu
diff:1654997073:1654997043:=87a88,185%0a> %0a> !! Troubleshooting%0a> %0a> If a network service is frequently disconnecting, these are the most likely causes:%0a> %0a> # mismatch of ports or SSL (using plaintext on 6697 or SSL on 6667)%0a> # SSL is not supported%0a> # user has a server password where none belongs (most likely he confused server password with nickserv password)%0a> # ident is not working%0a> # ircd bans a certain username or ident for no good reason (the ircd mistakenly assumes your connection is a bot and glines it)%0a> # typo of server name or IP address%0a> # dns lookup error%0a> %0a> You may be need to install icu4c-68.2v0.%0a> %0a> !!! IPv4/IPv6 mismatch%0a> %0a> If a znc user has a bindhost that is IPv6 only but the network is IPv4 only, or vice versa, it will not connect.%0a> %0a> To prevent this, you '''must''' use a symbolic hostname (such as username.example.com) for the bindhost. Each hostname needs a single [[dns/records|A record]] and a single [[dns/records|AAAA record]] in the [[nsd/zone|DNS zone]]. If any part is misconfigured, users will be unable to connect.%0a> %0a> To check if any bindhosts are incorrectly using fixed IPv6 or IPv4 addresses, run:%0a> %0a> [@%0a> # sed -nE '/.*(\%3cBindHost|\%3cDCCBindHost) = (.*:.*|[0-9.]+)/s//\2/p' /home/znc/home/znc/.znc/configs/znc.conf%0a> @]%0a> %0a> If you see IP addresses like the following, then your bindhosts are incorrectly set to use IPv4 or IPv6 addreses directly instead of symbolic hostnames:%0a> %0a> [@%0a> 192.168.1.1%0a> 2001:db8::%0a> @]%0a> %0a> !!! Bindhost Errors%0a> %0a> A quick way to check if there are DNS errors is to run%0a> the following two commands:%0a> %0a> [@%0a> # sed -nE '/.*(\%3cBindHost|\%3cDCCBindHost) = (.*)/s//\2/p' /home/znc/home/znc/.znc/configs/znc.conf | xargs -n 1 -t host%0a> @]%0a> %0a> Every hostname should have both an IPv4 and IPv6 address. The IPv4 address should match your [[openbsd/ddos|DDoS-filtered]] public address. Each IPv6 address should be unique.%0a> %0a> If you see duplicate entries (the same hostname returns multiple IPv6 addresses), you must delete the duplicate [[dns/vhost|DNS entries]].%0a> %0a> Here are error messages that indicate there are DNS problems with the bindhost:%0a> %0a> [@%0a> host username.example.com%0a> ;; connection timed out; no servers could be reached%0a> @]%0a> %0a> There is an error because means that the DNS server could not be reached.%0a> %0a> [@%0a> host username.example.com%0a> Host username.example.com not found: 3(NXDOMAIN)%0a> @]%0a> %0a> This indicates there are no DNS records for the bindhost.%0a> %0a> [@%0a> $ doas grep -i host /home/znc/home/znc/.znc/configs/znc.conf | grep -v > ~/bindhost%0a> $ vi ~/bindhost%0a> @]%0a> %0a> Then with vi:%0a> %0a> [@%0a> :%25s_.* = _host _g%0a> @]%0a> %0a> Then:%0a> %0a> [@%0a> $ sh ~/bindhost%0a> @]%0a> %0a> If you see any records there with only a single IPv4 address but no IPv6, or a single IPv6 but no IPv4, or any NXDOMAIN responses, you need to fix your DNS records. There should be exactly one shared IPv4 and one unique IPv6 for each hostname, and zero NXDOMAIN responses.%0a> %0a> !!! Missing libraries%0a> %0a> If you are get errors such as:%0a> %0a> [@%0a> ld.so: znc: can't load library 'libc++abi.so.5.0'%0a> @]%0a> %0a> Then you may be on the wrong OpenBSD version (6.9 or earlier); or you did not apply [[openbsd/syspatch|syspatch]]; or you did not upgrade all dependencies:%0a> %0a> [@%0a> $ doas syspatch%0a> $ doas pkg_add -Uu%0a> @]%0a> %0a> Delete the build folder and compile again.%0a
38
2023-01-22
jrmu
host:1654997073=38.87.162.154
39
2023-01-22
jrmu
author:1654997043=jrmu
40
2023-01-22
jrmu
diff:1654997043:1654996979:=91c91%0a%3c If a network service is frequently disconnecting, these are the most likely causes:%0a---%0a> If your user is getting disconnected, these are the most likely causes:%0a
41
2023-01-22
jrmu
host:1654997043=38.87.162.154
42
2023-01-22
jrmu
author:1654996979=jrmu
43
2023-01-22
jrmu
diff:1654996979:1654996887:=85c85%0a%3c '''WARNING''': If limits are not what you expect, you may have an error in your configuration!%0a---%0a> '''WARNING''': If nofiles(descriptors) is not 4096, you may have an error in your configuration!%0a
44
2023-01-22
jrmu
host:1654996979=38.87.162.154
45
2023-01-22
jrmu
author:1654996887=jrmu
46
2023-01-22
jrmu
diff:1654996887:1654996432:=38c38%0a%3c $ doas grep '^username' /etc/master.passwd%0a---%0a> $ doas grep '^service' /etc/master.passwd%0a44,45c44,45%0a%3c The 5th field should have the correct login class name:%0a%3c %0a---%0a> The 5th field should have the correct login class name.%0a> %0a57,59c57%0a%3c !! Checking Limits%0a%3c %0a%3c You should confirm the login class has been configured correctly using [[https://man.openbsd.org/ulimit|ulimit]].%0a---%0a> !! Testing the login class%0a
47
2023-01-22
jrmu
host:1654996887=38.87.162.154
48
2023-01-22
jrmu
author:1654996432=jrmu
49
2023-01-22
jrmu
diff:1654996432:1654995885:=42,45c42,45%0a%3c [[grep/usage|grep]] searches for the line that begins with @@znc@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a%3c %0a%3c The 5th field should have the correct login class name.%0a%3c %0a---%0a> [[grep/usage|grep]] searches for the line that begins with @@znc@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/passwd]].%0a> %0a> The 5th field needs to say znc:%0a> %0a47,48c47,48%0a%3c $ doas grep '^username' /etc/master.passwd | cut -d : -f 5%0a%3c service%0a---%0a> $ doas grep '^znc' /etc/passwd | cut -d : -f 5%0a> znc%0a57,60c57,58%0a%3c !! Testing the login class%0a%3c %0a%3c If necessary, you may need temporarily change the login shell to ksh:%0a%3c %0a---%0a> Next, we temporarily change znc's shell to ksh:%0a> %0a62c60%0a%3c $ doas chsh -s /bin/ksh username%0a---%0a> $ doas chsh -s /bin/ksh znc%0a65,66c63,64%0a%3c Next, we login with the login class znc:%0a%3c %0a---%0a> Next, we login with the username znc, with the login class znc:%0a> %0a68c66%0a%3c $ doas su -c service username%0a---%0a> $ doas su -c znc znc%0a
50
2023-01-22
jrmu
host:1654996432=38.87.162.154
51
2023-01-22
jrmu
author:1654995885=jrmu
52
2023-01-22
jrmu
diff:1654995885:1654995214:=2a3%0a> %0a5,6c6,7%0a%3c Login classes allow you to control how many resources are allocated for each user. The limits can be edited in [[https://man.openbsd.org/login.conf|/etc/login.conf]]. For example, here is a login class created for network services:%0a%3c %0a---%0a> Add the following lines to the end of [[https://man.openbsd.org/login.conf|/etc/login.conf]]:%0a> %0a8c9%0a%3c service:\%0a---%0a> znc:\%0a19,24c20,27%0a%3c '''WARNING''': Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.%0a%3c %0a%3c Each time a network service creates a new connection for a user, it requires at least one file descriptor. So, if your file descriptor limit is set too low, the service will be unable to make new connections to networks. openfiles sets the maximum number of open file descriptors per process. -cur specifies the current limit and -max specifies the maximum limit.%0a%3c %0a%3c The current and maximum stack size controls how much stack memory a user can use. We set it at 48M to give each service plenty of room.%0a%3c %0a---%0a> '''WARNING''': Use tabs and not spaces. Spaces will fail and as a result, znc will not get the file resources it needs.%0a> %0a> The [[openbsd/loginconf|login.conf]] guide explains the attributes in more detail.%0a> %0a> Each time znc creates a new connection for a user, it requires at least one file descriptor. So, if your file descriptor limit is set too low, znc will be unable to make new connections to networks. openfiles sets the maximum number of open file descriptors per process. -cur specifies the current limit and -max specifies the maximum limit.%0a> %0a> The current and maximum stack size controls how much stack memory a user can use. We set it at 48M to give ZNC plenty of room.%0a> %0a27,28c30,31%0a%3c Now we will change @@username@@'s default login class to @@service@@:%0a%3c %0a---%0a> Now we change znc's default login class to znc:%0a> %0a30c33%0a%3c $ doas usermod -L service username%0a---%0a> $ doas usermod -L znc znc%0a38,39c41,42%0a%3c $ doas grep '^service' /etc/master.passwd%0a%3c username:*:1001:1001:service:0:0:groupname:/home/username:/sbin/nologin%0a---%0a> $ doas grep '^znc' /etc/passwd%0a> znc:*:1001:1001:znc:0:0:znc:/home/znc:/sbin/nologin%0a
53
2023-01-22
jrmu
host:1654995885=38.87.162.154
54
2023-01-22
jrmu
author:1654995214=jrmu
55
2023-01-22
jrmu
diff:1654995214:1610212591:=3,7c3,6%0a%3c %0a%3c !!! Login Class%0a%3c %0a%3c Add the following lines to the end of [[https://man.openbsd.org/login.conf|/etc/login.conf]]:%0a%3c %0a---%0a> !! Troubleshooting%0a> %0a> Suppose /etc/login.conf and /etc/login.conf.db are missing or were deleted. You might see this error:%0a> %0a9,17c8,11%0a%3c znc:\%0a%3c :openfiles-cur=4096:\%0a%3c :openfiles-max=8182:\%0a%3c :openfiles=4096:\%0a%3c :stacksize-cur=48M:\%0a%3c :stacksize-max=48M:\%0a%3c :maxproc-max=infinity:\%0a%3c :maxproc-cur=4096:\%0a%3c :tc=daemon:%0a---%0a> OpenBSD/amd64 (example.ircnow.org) (tty00)%0a> %0a> login: root%0a> login: Failure to retrieve default class%0a20,31c14,15%0a%3c '''WARNING''': Use tabs and not spaces. Spaces will fail and as a result, znc will not get the file resources it needs.%0a%3c %0a%3c The [[openbsd/loginconf|login.conf]] guide explains the attributes in more detail.%0a%3c %0a%3c Each time znc creates a new connection for a user, it requires at least one file descriptor. So, if your file descriptor limit is set too low, znc will be unable to make new connections to networks. openfiles sets the maximum number of open file descriptors per process. -cur specifies the current limit and -max specifies the maximum limit.%0a%3c %0a%3c The current and maximum stack size controls how much stack memory a user can use. We set it at 48M to give ZNC plenty of room.%0a%3c %0a%3c @@maxproc@@ limits how many processes a user in this class can create. We set the maximum to infinity and the current amount to 4096. @@tc=daemon@@ means that the default values will come from the @@daemon@@ login class.%0a%3c %0a%3c Now we change znc's default login class to znc:%0a%3c %0a---%0a> The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]]:%0a> %0a33c17,20%0a%3c $ doas usermod -L znc znc%0a---%0a> $ vmctl stop username%0a> stopping vm user: requested to shutdown vm 11%0a> $ vmctl start username%0a> vmctl: started vm 11 successfully, tty /dev/ttypa%0a36,39c23,24%0a%3c This can also be edited with a text editor using [[openbsd/vipw]].%0a%3c %0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/passwd]].%0a%3c %0a---%0a> You then have to quickly load the console before the system boots:%0a> %0a41,42c26,36%0a%3c $ doas grep '^znc' /etc/passwd%0a%3c znc:*:1001:1001:znc:0:0:znc:/home/znc:/sbin/nologin%0a---%0a> coconut$ vmctl console username%0a> Connected to /dev/ttypa (speed 115200)%0a> Using drive 0, partition 3.%0a> Loading......%0a> probing: pc0 com0 mem[638K 510M a20=on]%0a> disk: hd0+%0a> >> OpenBSD/amd64 BOOT 3.52%0a> /%0a> com0: 115200 baud%0a> switching console to com0%0a> >> OpenBSD/amd64 BOOT 3.52%0a45,48c39,42%0a%3c [[grep/usage|grep]] searches for the line that begins with @@znc@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/passwd]].%0a%3c %0a%3c The 5th field needs to say znc:%0a%3c %0a---%0a> (Hint: You may want to press some alphanumeric letters on your keyboard to prevent automatic bootup, then delete them)%0a> %0a> Type @@boot -s@@ to boot into single user mode:%0a> %0a50,51c44,52%0a%3c $ doas grep '^znc' /etc/passwd | cut -d : -f 5%0a%3c znc%0a---%0a> boot> boot -s%0a> ...%0a> com0: console%0a> vscsi0 at root%0a> scsibus3 at vscsi0: 256 targets%0a> softraid0 at root%0a> scsibus4 at softraid0: 256 targets%0a> root on sd0a (6dd62d70bdd3bab6.a) swap on sd0b dump on sd0b%0a> Enter pathname of shell or RETURN for sh:%0a54,55c55,56%0a%3c '''NOTE''': If /etc/login.conf.db exists, make sure to delete it, otherwise login.conf changes won't apply:%0a%3c %0a---%0a> Press enter to continue:%0a> %0a57c58,61%0a%3c $ doas rm /etc/login.conf.db%0a---%0a> # mount -rw /%0a> # mount /usr%0a> # export TERM=xterm%0a> # vi /etc/login.conf%0a60,61c64,67%0a%3c Next, we temporarily change znc's shell to ksh:%0a%3c %0a---%0a> Here we are mounting the root partition as read-write (previously it was read-only). Then, we mount /usr in order to have access to basic system utilities. Then, we set the terminal type, then edit /etc/login.conf.%0a> %0a> You can grab the default login.conf from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy paste this into /etc/login.conf, save, then quit.%0a> %0a63c69,70%0a%3c $ doas chsh -s /bin/ksh znc%0a---%0a> # cap_mkdb /etc/login.conf%0a> # shutdown -r now %0a66,256c73%0a%3c Next, we login with the username znc, with the login class znc:%0a%3c %0a%3c [@%0a%3c $ doas su -c znc znc%0a%3c $ ulimit -a%0a%3c time(cpu-seconds) unlimited%0a%3c file(blocks) unlimited%0a%3c coredump(blocks) unlimited%0a%3c data(kbytes) 33554432%0a%3c stack(kbytes) 32768%0a%3c lockedmem(kbytes) 329478%0a%3c memory(kbytes) 985092%0a%3c nofiles(descriptors) 4096%0a%3c processes 1310%0a%3c @]%0a%3c %0a%3c @@ulimit -a@@ displays all process limits for our current user.%0a%3c %0a%3c '''WARNING''': If nofiles(descriptors) is not 4096, you may have an error in your configuration!%0a%3c %0a%3c Press ctrl+d to signal the end of file to logout%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c If your user is getting disconnected, these are the most likely causes:%0a%3c %0a%3c # mismatch of ports or SSL (using plaintext on 6697 or SSL on 6667)%0a%3c # SSL is not supported%0a%3c # user has a server password where none belongs (most likely he confused server password with nickserv password)%0a%3c # ident is not working%0a%3c # ircd bans a certain username or ident for no good reason (the ircd mistakenly assumes your connection is a bot and glines it)%0a%3c # typo of server name or IP address%0a%3c # dns lookup error%0a%3c %0a%3c You may be need to install icu4c-68.2v0.%0a%3c %0a%3c !!! IPv4/IPv6 mismatch%0a%3c %0a%3c If a znc user has a bindhost that is IPv6 only but the network is IPv4 only, or vice versa, it will not connect.%0a%3c %0a%3c To prevent this, you '''must''' use a symbolic hostname (such as username.example.com) for the bindhost. Each hostname needs a single [[dns/records|A record]] and a single [[dns/records|AAAA record]] in the [[nsd/zone|DNS zone]]. If any part is misconfigured, users will be unable to connect.%0a%3c %0a%3c To check if any bindhosts are incorrectly using fixed IPv6 or IPv4 addresses, run:%0a%3c %0a%3c [@%0a%3c # sed -nE '/.*(\%3cBindHost|\%3cDCCBindHost) = (.*:.*|[0-9.]+)/s//\2/p' /home/znc/home/znc/.znc/configs/znc.conf%0a%3c @]%0a%3c %0a%3c If you see IP addresses like the following, then your bindhosts are incorrectly set to use IPv4 or IPv6 addreses directly instead of symbolic hostnames:%0a%3c %0a%3c [@%0a%3c 192.168.1.1%0a%3c 2001:db8::%0a%3c @]%0a%3c %0a%3c !!! Bindhost Errors%0a%3c %0a%3c A quick way to check if there are DNS errors is to run%0a%3c the following two commands:%0a%3c %0a%3c [@%0a%3c # sed -nE '/.*(\%3cBindHost|\%3cDCCBindHost) = (.*)/s//\2/p' /home/znc/home/znc/.znc/configs/znc.conf | xargs -n 1 -t host%0a%3c @]%0a%3c %0a%3c Every hostname should have both an IPv4 and IPv6 address. The IPv4 address should match your [[openbsd/ddos|DDoS-filtered]] public address. Each IPv6 address should be unique.%0a%3c %0a%3c If you see duplicate entries (the same hostname returns multiple IPv6 addresses), you must delete the duplicate [[dns/vhost|DNS entries]].%0a%3c %0a%3c Here are error messages that indicate there are DNS problems with the bindhost:%0a%3c %0a%3c [@%0a%3c host username.example.com%0a%3c ;; connection timed out; no servers could be reached%0a%3c @]%0a%3c %0a%3c There is an error because means that the DNS server could not be reached.%0a%3c %0a%3c [@%0a%3c host username.example.com%0a%3c Host username.example.com not found: 3(NXDOMAIN)%0a%3c @]%0a%3c %0a%3c This indicates there are no DNS records for the bindhost.%0a%3c %0a%3c [@%0a%3c $ doas grep -i host /home/znc/home/znc/.znc/configs/znc.conf | grep -v > ~/bindhost%0a%3c $ vi ~/bindhost%0a%3c @]%0a%3c %0a%3c Then with vi:%0a%3c %0a%3c [@%0a%3c :%25s_.* = _host _g%0a%3c @]%0a%3c %0a%3c Then:%0a%3c %0a%3c [@%0a%3c $ sh ~/bindhost%0a%3c @]%0a%3c %0a%3c If you see any records there with only a single IPv4 address but no IPv6, or a single IPv6 but no IPv4, or any NXDOMAIN responses, you need to fix your DNS records. There should be exactly one shared IPv4 and one unique IPv6 for each hostname, and zero NXDOMAIN responses.%0a%3c %0a%3c !!! Missing libraries%0a%3c %0a%3c If you are get errors such as:%0a%3c %0a%3c [@%0a%3c ld.so: znc: can't load library 'libc++abi.so.5.0'%0a%3c @]%0a%3c %0a%3c Then you may be on the wrong OpenBSD version (6.9 or earlier); or you did not apply [[openbsd/syspatch|syspatch]]; or you did not upgrade all dependencies:%0a%3c %0a%3c [@%0a%3c $ doas syspatch%0a%3c $ doas pkg_add -Uu%0a%3c @]%0a%3c %0a%3c Delete the build folder and compile again.%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c Suppose /etc/login.conf and /etc/login.conf.db are missing or were deleted. You might see this error:%0a%3c %0a%3c [@%0a%3c OpenBSD/amd64 (example.ircnow.org) (tty00)%0a%3c %0a%3c login: root%0a%3c login: Failure to retrieve default class%0a%3c @]%0a%3c %0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]]:%0a%3c %0a%3c [@%0a%3c $ vmctl stop username%0a%3c stopping vm user: requested to shutdown vm 11%0a%3c $ vmctl start username%0a%3c vmctl: started vm 11 successfully, tty /dev/ttypa%0a%3c @]%0a%3c %0a%3c You then have to quickly load the console before the system boots:%0a%3c %0a%3c [@%0a%3c coconut$ vmctl console username%0a%3c Connected to /dev/ttypa (speed 115200)%0a%3c Using drive 0, partition 3.%0a%3c Loading......%0a%3c probing: pc0 com0 mem[638K 510M a20=on]%0a%3c disk: hd0+%0a%3c >> OpenBSD/amd64 BOOT 3.52%0a%3c /%0a%3c com0: 115200 baud%0a%3c switching console to com0%0a%3c >> OpenBSD/amd64 BOOT 3.52%0a%3c @]%0a%3c %0a%3c (Hint: You may want to press some alphanumeric letters on your keyboard to prevent automatic bootup, then delete them)%0a%3c %0a%3c Type @@boot -s@@ to boot into single user mode:%0a%3c %0a%3c [@%0a%3c boot> boot -s%0a%3c ...%0a%3c com0: console%0a%3c vscsi0 at root%0a%3c scsibus3 at vscsi0: 256 targets%0a%3c softraid0 at root%0a%3c scsibus4 at softraid0: 256 targets%0a%3c root on sd0a (6dd62d70bdd3bab6.a) swap on sd0b dump on sd0b%0a%3c Enter pathname of shell or RETURN for sh:%0a%3c @]%0a%3c %0a%3c Press enter to continue:%0a%3c %0a%3c [@%0a%3c # mount -rw /%0a%3c # mount /usr%0a%3c # export TERM=xterm%0a%3c # vi /etc/login.conf%0a%3c @]%0a%3c %0a%3c Here we are mounting the root partition as read-write (previously it was read-only). Then, we mount /usr in order to have access to basic system utilities. Then, we set the terminal type, then edit /etc/login.conf.%0a%3c %0a%3c You can grab the default login.conf from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy paste this into /etc/login.conf, save, then quit.%0a%3c %0a%3c [@%0a%3c # cap_mkdb /etc/login.conf%0a%3c # shutdown -r now %0a%3c @]%0a%3c %0a%3c Now, log in as usual.%0a---%0a> Now, log in as usual.%0a\ No newline at end of file%0a
56
2023-01-22
jrmu
host:1654995214=38.87.162.154
57
2023-01-22
jrmu
author:1610212591=jrmu
58
2023-01-22
jrmu
diff:1610212591:1610210381:=1,6d0%0a%3c (:title login.conf:)%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c Suppose /etc/login.conf and /etc/login.conf.db are missing or were deleted. You might see this error:%0a%3c %0a8,9c2,3%0a%3c OpenBSD/amd64 (example.ircnow.org) (tty00)%0a%3c %0a---%0a> OpenBSD/amd64 (siva.us5.ircnow.org) (tty00)%0a> %0a12,19c6,13%0a%3c @]%0a%3c %0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]]:%0a%3c %0a%3c [@%0a%3c $ vmctl stop username%0a%3c stopping vm user: requested to shutdown vm 11%0a%3c $ vmctl start username%0a---%0a> %0a> The way to fix this is to reboot the system into single user mode:%0a> %0a> https://www.openbsd.org/faq/faq8.html#LostPW%0a> %0a> coconut$ vmctl stop siva%0a> stopping vm siva: requested to shutdown vm 11%0a> coconut$ vmctl start siva %0a21,22c15%0a%3c @]%0a%3c %0a---%0a> %0a25,26c18%0a%3c [@%0a%3c coconut$ vmctl console username%0a---%0a> coconut$ vmctl console siva%0a37,43d28%0a%3c @]%0a%3c %0a%3c (Hint: You may want to press some alphanumeric letters on your keyboard to prevent automatic bootup, then delete them)%0a%3c %0a%3c Type @@boot -s@@ to boot into single user mode:%0a%3c %0a%3c [@%0a44a30%0a> %0a45a32%0a> %0a53,57c40,42%0a%3c @]%0a%3c %0a%3c Press enter to continue:%0a%3c %0a%3c [@%0a---%0a> %0a> Press enter to continue%0a> %0a62,68c47,59%0a%3c @]%0a%3c %0a%3c Here we are mounting the root partition as read-write (previously it was read-only). Then, we mount /usr in order to have access to basic system utilities. Then, we set the terminal type, then edit /etc/login.conf.%0a%3c %0a%3c You can grab the default login.conf from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy paste this into /etc/login.conf, save, then quit.%0a%3c %0a%3c [@%0a---%0a> I noticed this file is completely missing!%0a> %0a> So, I go to %0a> %0a> https://cvsweb.openbsd.org/%0a> %0a> src -> etc -> etc.amd64 -> login.conf -> Revision 1.18 download%0a> %0a> https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.%0a> 18&content-type=text/plain%0a> %0a> Copy paste that into /etc/login.conf, save, then quit.%0a> %0a71,73c62%0a%3c @]%0a%3c %0a%3c Now, log in as usual.%0a\ No newline at end of file%0a---%0a> @]%0a\ No newline at end of file%0a
59
2023-01-22
jrmu
host:1610212591=125.224.19.86
60
2023-01-22
jrmu
author:1610210381=jrmu
61
2023-01-22
jrmu
diff:1610210381:1610210326:=1d0%0a%3c [@%0a62d60%0a%3c @]%0a\ No newline at end of file%0a
62
2023-01-22
jrmu
host:1610210381=125.224.19.86
63
2023-01-22
jrmu
author:1610210326=jrmu
64
2023-01-22
jrmu
diff:1610210326:1610210326:=1,60d0%0a%3c OpenBSD/amd64 (siva.us5.ircnow.org) (tty00)%0a%3c %0a%3c login: root%0a%3c login: Failure to retrieve default class%0a%3c %0a%3c The way to fix this is to reboot the system into single user mode:%0a%3c %0a%3c https://www.openbsd.org/faq/faq8.html#LostPW%0a%3c %0a%3c coconut$ vmctl stop siva%0a%3c stopping vm siva: requested to shutdown vm 11%0a%3c coconut$ vmctl start siva %0a%3c vmctl: started vm 11 successfully, tty /dev/ttypa%0a%3c %0a%3c You then have to quickly load the console before the system boots:%0a%3c %0a%3c coconut$ vmctl console siva%0a%3c Connected to /dev/ttypa (speed 115200)%0a%3c Using drive 0, partition 3.%0a%3c Loading......%0a%3c probing: pc0 com0 mem[638K 510M a20=on]%0a%3c disk: hd0+%0a%3c >> OpenBSD/amd64 BOOT 3.52%0a%3c /%0a%3c com0: 115200 baud%0a%3c switching console to com0%0a%3c >> OpenBSD/amd64 BOOT 3.52%0a%3c boot> boot -s%0a%3c %0a%3c ...%0a%3c %0a%3c com0: console%0a%3c vscsi0 at root%0a%3c scsibus3 at vscsi0: 256 targets%0a%3c softraid0 at root%0a%3c scsibus4 at softraid0: 256 targets%0a%3c root on sd0a (6dd62d70bdd3bab6.a) swap on sd0b dump on sd0b%0a%3c Enter pathname of shell or RETURN for sh:%0a%3c %0a%3c Press enter to continue%0a%3c %0a%3c # mount -rw /%0a%3c # mount /usr%0a%3c # export TERM=xterm%0a%3c # vi /etc/login.conf%0a%3c I noticed this file is completely missing!%0a%3c %0a%3c So, I go to %0a%3c %0a%3c https://cvsweb.openbsd.org/%0a%3c %0a%3c src -> etc -> etc.amd64 -> login.conf -> Revision 1.18 download%0a%3c %0a%3c https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.%0a%3c 18&content-type=text/plain%0a%3c %0a%3c Copy paste that into /etc/login.conf, save, then quit.%0a%3c %0a%3c # cap_mkdb /etc/login.conf%0a%3c # shutdown -r now %0a
65
2023-01-22
jrmu
host:1610210326=125.224.19.86
IRCNow