Blame
Date:
Sun Jan 29 05:00:28 2023 UTC
Message:
Daily backup
01
2023-01-22
jrmu
version=pmwiki-2.2.130 ordered=1 urlencoded=1
02
2023-01-22
jrmu
agent=w3m/0.5.3+git20210102
03
2023-01-22
jrmu
author=jrmu
04
2023-01-22
jrmu
charset=UTF-8
05
2023-01-22
jrmu
csum=
06
2023-01-22
jrmu
ctime=1655651063
07
2023-01-22
jrmu
host=38.87.162.8
08
2023-01-22
jrmu
name=Ngircd.Loginconf
09
2023-01-22
jrmu
rev=13
10
2023-01-22
jrmu
targets=Openbsd.Loginconf,Openbsd.Vipw,Grep.Usage,Team.Announce
11
2023-01-22
jrmu
text=(:title ngIRCd login class:)%0a%0angIRCd is a network service that can open hundreds of network connections. As a result, it will need a special login class to accomodate its increased need for file descriptors and memory.%0a%0a!! Prerequisites%0a%0aBefore beginning, read [[Openbsd/Loginconf|the login.conf guide]] and [[https://man.openbsd.org/login.conf|man page]].%0a%0a!! Service Login Class%0a%0aFor ngIRCd, we will create a new login class called the service login class for network services that need extra file descriptors and memory. Append this block to the end of /etc/login.conf:%0a%0a[@%0aservice:\%0a :openfiles-cur=4096:\%0a :openfiles-max=8182:\%0a :openfiles=4096:\%0a :stacksize-cur=48M:\%0a :stacksize-max=48M:\%0a :maxproc-max=infinity:\%0a :maxproc-cur=4096:\%0a :tc=daemon:%0a@]%0a%0a'''WARNING''': Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.%0a%0aNow we change @@ngircd@@'s default login class to @@service@@:%0a%0a[@%0a$ doas usermod -L service _ngircd%0a@]%0a%0aThis can also be edited with a text editor using [[openbsd/vipw]].%0a%0aTo confirm that the login class has been changed, check [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%0a[@%0a$ doas grep '^_ngircd' /etc/master.passwd%0a_ngircd:*:703:703:service:0:0:ngircd account:/var/ngircd:/sbin/nologin%0a@]%0a%0a[[grep/usage|grep]] searches for the line that begins with @@ngircd@@ in [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%0aThe 5th field should have the correct login class name:%0a%0a[@%0a$ doas grep '^_ngircd' /etc/master.passwd | cut -d : -f 5%0aservice%0a@]%0a%0a'''NOTE''': If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:%0a%0aTo delete:%0a%0a[@%0a$ doas rm /etc/login.conf.db%0a@]%0a%0a!! Checking Limits%0a%0aYou should confirm the login class has been configured correctly using [[https://man.openbsd.org/ulimit|ulimit]].%0a%0aIf necessary, you may need temporarily change the login shell to ksh:%0a%0a[@%0a$ doas chsh -s /bin/ksh _ngircd%0a@]%0a%0aNext, we login with the login class znc:%0a%0a[@%0a$ doas su -c service _ngircd%0a$ ulimit -a%0atime(cpu-seconds) unlimited%0afile(blocks) unlimited%0acoredump(blocks) unlimited%0adata(kbytes) 33554432%0astack(kbytes) 32768%0alockedmem(kbytes) 329478%0amemory(kbytes) 985092%0anofiles(descriptors) 4096%0aprocesses 1310%0a@]%0a%0a@@ulimit -a@@ displays all process limits for our current user.%0a%0a'''WARNING''': If limits are not what you expect, you may have an error in your configuration!%0a%0aPress ctrl+d to signal the end of file to logout%0a%0aNow, restore the login shell to nologin:%0a%0a[@%0a$ doas chsh -s /sbin/nologin _ngircd%0a@]%0a%0a!! Restart ngircd%0a%0aIn order for changes to take effect, you must restart ngircd:%0a%0a[@%0a$ doas rcctl restart ngircd%0a@]%0a%0a'''WARNING''': Restarting ngircd will cause all users on the server to disconnect. Make sure to [[team/announce|warn users in advance]].%0a
12
2023-01-22
jrmu
time=1662774686
13
2023-01-22
jrmu
title=ngIRCd login class
14
2023-01-22
jrmu
author:1662774686=jrmu
15
2023-01-22
jrmu
diff:1662774686:1658075035:=38c38%0a%3c $ doas grep '^_ngircd' /etc/master.passwd%0a---%0a> $ doas grep '^ngircd' /etc/master.passwd%0a47c47%0a%3c $ doas grep '^_ngircd' /etc/master.passwd | cut -d : -f 5%0a---%0a> $ doas grep '^ngircd' /etc/master.passwd | cut -d : -f 5%0a
16
2023-01-22
jrmu
host:1662774686=38.87.162.8
17
2023-01-22
jrmu
author:1658075035=xfnw
18
2023-01-22
jrmu
csum:1658075035=ngircd's username is prefixed by an underscore
19
2023-01-22
jrmu
diff:1658075035:1655655252:=30c30%0a%3c $ doas usermod -L service _ngircd%0a---%0a> $ doas usermod -L service ngircd%0a66c66%0a%3c $ doas chsh -s /bin/ksh _ngircd%0a---%0a> $ doas chsh -s /bin/ksh ngircd%0a72c72%0a%3c $ doas su -c service _ngircd%0a---%0a> $ doas su -c service ngircd%0a94c94%0a%3c $ doas chsh -s /sbin/nologin _ngircd%0a---%0a> $ doas chsh -s /sbin/nologin ngircd%0a
20
2023-01-22
jrmu
host:1658075035=2600:4040:2c6f:2200::212
21
2023-01-22
jrmu
author:1655655252=jrmu
22
2023-01-22
jrmu
diff:1655655252:1655654238:=90,95d89%0a%3c %0a%3c Now, restore the login shell to nologin:%0a%3c %0a%3c [@%0a%3c $ doas chsh -s /sbin/nologin ngircd%0a%3c @]%0a
23
2023-01-22
jrmu
host:1655655252=38.87.162.8
24
2023-01-22
jrmu
author:1655654238=jrmu
25
2023-01-22
jrmu
diff:1655654238:1655654152:=42c42%0a%3c [[grep/usage|grep]] searches for the line that begins with @@ngircd@@ in [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a---%0a> [[grep/usage|grep]] searches for the line that begins with @@ngircd@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a
26
2023-01-22
jrmu
host:1655654238=38.87.162.8
27
2023-01-22
jrmu
author:1655654152=jrmu
28
2023-01-22
jrmu
diff:1655654152:1655653237:=35c35%0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a---%0a> To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a
29
2023-01-22
jrmu
host:1655654152=38.87.162.8
30
2023-01-22
jrmu
author:1655653237=jrmu
31
2023-01-22
jrmu
diff:1655653237:1655652707:=56a57,62%0a> @]%0a> %0a> To create the database:%0a> %0a> [@%0a> $ doas cap_mkdb /etc/login.conf%0a
32
2023-01-22
jrmu
host:1655653237=38.87.162.8
33
2023-01-22
jrmu
author:1655652707=jrmu
34
2023-01-22
jrmu
diff:1655652707:1655652094:=7c7%0a%3c Before beginning, read [[Openbsd/Loginconf|the login.conf guide]] and [[https://man.openbsd.org/login.conf|man page]].%0a---%0a> Before beginning, read [[Openbsd/Loginconf|the guide]] and [[https://man.openbsd.org/login.conf|man page on login.conf]].%0a
35
2023-01-22
jrmu
host:1655652707=38.87.162.8
36
2023-01-22
jrmu
author:1655652094=jrmu
37
2023-01-22
jrmu
diff:1655652094:1655651995:=96,105d95%0a%3c %0a%3c !! Restart ngircd%0a%3c %0a%3c In order for changes to take effect, you must restart ngircd:%0a%3c %0a%3c [@%0a%3c $ doas rcctl restart ngircd%0a%3c @]%0a%3c %0a%3c '''WARNING''': Restarting ngircd will cause all users on the server to disconnect. Make sure to [[team/announce|warn users in advance]].%0a
38
2023-01-22
jrmu
host:1655652094=38.87.162.8
39
2023-01-22
jrmu
author:1655651995=jrmu
40
2023-01-22
jrmu
diff:1655651995:1655651846:=39c39%0a%3c _ngircd:*:703:703:service:0:0:ngircd account:/var/ngircd:/sbin/nologin%0a---%0a> username:*:1001:1001:service:0:0:groupname:/home/username:/sbin/nologin%0a72c72%0a%3c $ doas chsh -s /bin/ksh ngircd%0a---%0a> $ doas chsh -s /bin/ksh username%0a78c78%0a%3c $ doas su -c service ngircd%0a---%0a> $ doas su -c service username%0a
41
2023-01-22
jrmu
host:1655651995=38.87.162.8
42
2023-01-22
jrmu
author:1655651846=jrmu
43
2023-01-22
jrmu
diff:1655651846:1655651484:=95a96,131%0a> %0a> !! Troubleshooting%0a> %0a> Suppose /etc/login.conf and /etc/login.conf.db are missing or deleted. You might see this error:%0a> %0a> [@%0a> OpenBSD/amd64 (username.example.com) (tty00)%0a> %0a> login: root%0a> login: Failure to retrieve default class%0a> @]%0a> %0a> The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]].%0a> %0a> Once you boot into [[openbsd/singleuser|single user mode]], mount / and /usr partitions in read-write mode, set the correct terminal type, then edit [[https://man.openbsd.org/login.conf|login.conf]]:%0a> %0a> [@%0a> # mount -rw /%0a> # mount /usr%0a> # export TERM=xterm%0a> # vi /etc/login.conf%0a> @]%0a> %0a> The default login.conf can be downloaded from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy and paste this into /etc/login.conf, save, then quit.%0a> %0a> If login.conf uses a database, recreate the database:%0a> %0a> [@%0a> # cap_mkdb /etc/login.conf%0a> @]%0a> %0a> Then reboot and login as usual:%0a> %0a> [@%0a> # shutdown -r now %0a> @]%0a
44
2023-01-22
jrmu
host:1655651846=38.87.162.8
45
2023-01-22
jrmu
author:1655651484=jrmu
46
2023-01-22
jrmu
diff:1655651484:1655651089:=3,131c3%0a%3c ngIRCd is a network service that can open hundreds of network connections. As a result, it will need a special login class to accomodate its increased need for file descriptors and memory.%0a%3c %0a%3c !! Prerequisites%0a%3c %0a%3c Before beginning, read [[Openbsd/Loginconf|the guide]] and [[https://man.openbsd.org/login.conf|man page on login.conf]].%0a%3c %0a%3c !! Service Login Class%0a%3c %0a%3c For ngIRCd, we will create a new login class called the service login class for network services that need extra file descriptors and memory. Append this block to the end of /etc/login.conf:%0a%3c %0a%3c [@%0a%3c service:\%0a%3c :openfiles-cur=4096:\%0a%3c :openfiles-max=8182:\%0a%3c :openfiles=4096:\%0a%3c :stacksize-cur=48M:\%0a%3c :stacksize-max=48M:\%0a%3c :maxproc-max=infinity:\%0a%3c :maxproc-cur=4096:\%0a%3c :tc=daemon:%0a%3c @]%0a%3c %0a%3c '''WARNING''': Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.%0a%3c %0a%3c Now we change @@ngircd@@'s default login class to @@service@@:%0a%3c %0a%3c [@%0a%3c $ doas usermod -L service ngircd%0a%3c @]%0a%3c %0a%3c This can also be edited with a text editor using [[openbsd/vipw]].%0a%3c %0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a%3c %0a%3c [@%0a%3c $ doas grep '^ngircd' /etc/master.passwd%0a%3c username:*:1001:1001:service:0:0:groupname:/home/username:/sbin/nologin%0a%3c @]%0a%3c %0a%3c [[grep/usage|grep]] searches for the line that begins with @@ngircd@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a%3c %0a%3c The 5th field should have the correct login class name:%0a%3c %0a%3c [@%0a%3c $ doas grep '^ngircd' /etc/master.passwd | cut -d : -f 5%0a%3c service%0a%3c @]%0a%3c %0a%3c '''NOTE''': If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:%0a%3c %0a%3c To delete:%0a%3c %0a%3c [@%0a%3c $ doas rm /etc/login.conf.db%0a%3c @]%0a%3c %0a%3c To create the database:%0a%3c %0a%3c [@%0a%3c $ doas cap_mkdb /etc/login.conf%0a%3c @]%0a%3c %0a%3c !! Checking Limits%0a%3c %0a%3c You should confirm the login class has been configured correctly using [[https://man.openbsd.org/ulimit|ulimit]].%0a%3c %0a%3c If necessary, you may need temporarily change the login shell to ksh:%0a%3c %0a%3c [@%0a%3c $ doas chsh -s /bin/ksh username%0a%3c @]%0a%3c %0a%3c Next, we login with the login class znc:%0a%3c %0a%3c [@%0a%3c $ doas su -c service username%0a%3c $ ulimit -a%0a%3c time(cpu-seconds) unlimited%0a%3c file(blocks) unlimited%0a%3c coredump(blocks) unlimited%0a%3c data(kbytes) 33554432%0a%3c stack(kbytes) 32768%0a%3c lockedmem(kbytes) 329478%0a%3c memory(kbytes) 985092%0a%3c nofiles(descriptors) 4096%0a%3c processes 1310%0a%3c @]%0a%3c %0a%3c @@ulimit -a@@ displays all process limits for our current user.%0a%3c %0a%3c '''WARNING''': If limits are not what you expect, you may have an error in your configuration!%0a%3c %0a%3c Press ctrl+d to signal the end of file to logout%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c Suppose /etc/login.conf and /etc/login.conf.db are missing or deleted. You might see this error:%0a%3c %0a%3c [@%0a%3c OpenBSD/amd64 (username.example.com) (tty00)%0a%3c %0a%3c login: root%0a%3c login: Failure to retrieve default class%0a%3c @]%0a%3c %0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]].%0a%3c %0a%3c Once you boot into [[openbsd/singleuser|single user mode]], mount / and /usr partitions in read-write mode, set the correct terminal type, then edit [[https://man.openbsd.org/login.conf|login.conf]]:%0a%3c %0a%3c [@%0a%3c # mount -rw /%0a%3c # mount /usr%0a%3c # export TERM=xterm%0a%3c # vi /etc/login.conf%0a%3c @]%0a%3c %0a%3c The default login.conf can be downloaded from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy and paste this into /etc/login.conf, save, then quit.%0a%3c %0a%3c If login.conf uses a database, recreate the database:%0a%3c %0a%3c [@%0a%3c # cap_mkdb /etc/login.conf%0a%3c @]%0a%3c %0a%3c Then reboot and login as usual:%0a%3c %0a%3c [@%0a%3c # shutdown -r now %0a%3c @]%0a---%0a> Before beginning, read the guide on [[Openbsd/Loginconf|login.conf]]%0a
47
2023-01-22
jrmu
host:1655651484=38.87.162.8
48
2023-01-22
jrmu
author:1655651089=jrmu
49
2023-01-22
jrmu
diff:1655651089:1655651063:=1,3c1%0a%3c (:title ngIRCd login class:)%0a%3c %0a%3c Before beginning, read the guide on [[Openbsd/Loginconf|login.conf]]%0a---%0a> Before beginning, read the guide on [[Openbsd.Loginconf/login.conf]]%0a
50
2023-01-22
jrmu
host:1655651089=38.87.162.8
51
2023-01-22
jrmu
author:1655651063=jrmu
52
2023-01-22
jrmu
diff:1655651063:1655651063:=1d0%0a%3c Before beginning, read the guide on [[Openbsd.Loginconf/login.conf]]%0a
53
2023-01-22
jrmu
host:1655651063=38.87.162.8
IRCNow