version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=w3m/0.5.3+git20210102 author=jrmu charset=UTF-8 csum= ctime=1655651063 host=38.87.162.8 name=Ngircd.Loginconf rev=13 targets=Openbsd.Loginconf,Openbsd.Vipw,Grep.Usage,Team.Announce text=(:title ngIRCd login class:)%0a%0angIRCd is a network service that can open hundreds of network connections. As a result, it will need a special login class to accomodate its increased need for file descriptors and memory.%0a%0a!! Prerequisites%0a%0aBefore beginning, read [[Openbsd/Loginconf|the login.conf guide]] and [[https://man.openbsd.org/login.conf|man page]].%0a%0a!! Service Login Class%0a%0aFor ngIRCd, we will create a new login class called the service login class for network services that need extra file descriptors and memory. Append this block to the end of /etc/login.conf:%0a%0a[@%0aservice:\%0a :openfiles-cur=4096:\%0a :openfiles-max=8182:\%0a :openfiles=4096:\%0a :stacksize-cur=48M:\%0a :stacksize-max=48M:\%0a :maxproc-max=infinity:\%0a :maxproc-cur=4096:\%0a :tc=daemon:%0a@]%0a%0a'''WARNING''': Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.%0a%0aNow we change @@ngircd@@'s default login class to @@service@@:%0a%0a[@%0a$ doas usermod -L service _ngircd%0a@]%0a%0aThis can also be edited with a text editor using [[openbsd/vipw]].%0a%0aTo confirm that the login class has been changed, check [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%0a[@%0a$ doas grep '^_ngircd' /etc/master.passwd%0a_ngircd:*:703:703:service:0:0:ngircd account:/var/ngircd:/sbin/nologin%0a@]%0a%0a[[grep/usage|grep]] searches for the line that begins with @@ngircd@@ in [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%0aThe 5th field should have the correct login class name:%0a%0a[@%0a$ doas grep '^_ngircd' /etc/master.passwd | cut -d : -f 5%0aservice%0a@]%0a%0a'''NOTE''': If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:%0a%0aTo delete:%0a%0a[@%0a$ doas rm /etc/login.conf.db%0a@]%0a%0a!! Checking Limits%0a%0aYou should confirm the login class has been configured correctly using [[https://man.openbsd.org/ulimit|ulimit]].%0a%0aIf necessary, you may need temporarily change the login shell to ksh:%0a%0a[@%0a$ doas chsh -s /bin/ksh _ngircd%0a@]%0a%0aNext, we login with the login class znc:%0a%0a[@%0a$ doas su -c service _ngircd%0a$ ulimit -a%0atime(cpu-seconds) unlimited%0afile(blocks) unlimited%0acoredump(blocks) unlimited%0adata(kbytes) 33554432%0astack(kbytes) 32768%0alockedmem(kbytes) 329478%0amemory(kbytes) 985092%0anofiles(descriptors) 4096%0aprocesses 1310%0a@]%0a%0a@@ulimit -a@@ displays all process limits for our current user.%0a%0a'''WARNING''': If limits are not what you expect, you may have an error in your configuration!%0a%0aPress ctrl+d to signal the end of file to logout%0a%0aNow, restore the login shell to nologin:%0a%0a[@%0a$ doas chsh -s /sbin/nologin _ngircd%0a@]%0a%0a!! Restart ngircd%0a%0aIn order for changes to take effect, you must restart ngircd:%0a%0a[@%0a$ doas rcctl restart ngircd%0a@]%0a%0a'''WARNING''': Restarting ngircd will cause all users on the server to disconnect. Make sure to [[team/announce|warn users in advance]].%0a time=1662774686 title=ngIRCd login class author:1662774686=jrmu diff:1662774686:1658075035:=38c38%0a%3c $ doas grep '^_ngircd' /etc/master.passwd%0a---%0a> $ doas grep '^ngircd' /etc/master.passwd%0a47c47%0a%3c $ doas grep '^_ngircd' /etc/master.passwd | cut -d : -f 5%0a---%0a> $ doas grep '^ngircd' /etc/master.passwd | cut -d : -f 5%0a host:1662774686=38.87.162.8 author:1658075035=xfnw csum:1658075035=ngircd's username is prefixed by an underscore diff:1658075035:1655655252:=30c30%0a%3c $ doas usermod -L service _ngircd%0a---%0a> $ doas usermod -L service ngircd%0a66c66%0a%3c $ doas chsh -s /bin/ksh _ngircd%0a---%0a> $ doas chsh -s /bin/ksh ngircd%0a72c72%0a%3c $ doas su -c service _ngircd%0a---%0a> $ doas su -c service ngircd%0a94c94%0a%3c $ doas chsh -s /sbin/nologin _ngircd%0a---%0a> $ doas chsh -s /sbin/nologin ngircd%0a host:1658075035=2600:4040:2c6f:2200::212 author:1655655252=jrmu diff:1655655252:1655654238:=90,95d89%0a%3c %0a%3c Now, restore the login shell to nologin:%0a%3c %0a%3c [@%0a%3c $ doas chsh -s /sbin/nologin ngircd%0a%3c @]%0a host:1655655252=38.87.162.8 author:1655654238=jrmu diff:1655654238:1655654152:=42c42%0a%3c [[grep/usage|grep]] searches for the line that begins with @@ngircd@@ in [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a---%0a> [[grep/usage|grep]] searches for the line that begins with @@ngircd@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a host:1655654238=38.87.162.8 author:1655654152=jrmu diff:1655654152:1655653237:=35c35%0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a---%0a> To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a host:1655654152=38.87.162.8 author:1655653237=jrmu diff:1655653237:1655652707:=56a57,62%0a> @]%0a> %0a> To create the database:%0a> %0a> [@%0a> $ doas cap_mkdb /etc/login.conf%0a host:1655653237=38.87.162.8 author:1655652707=jrmu diff:1655652707:1655652094:=7c7%0a%3c Before beginning, read [[Openbsd/Loginconf|the login.conf guide]] and [[https://man.openbsd.org/login.conf|man page]].%0a---%0a> Before beginning, read [[Openbsd/Loginconf|the guide]] and [[https://man.openbsd.org/login.conf|man page on login.conf]].%0a host:1655652707=38.87.162.8 author:1655652094=jrmu diff:1655652094:1655651995:=96,105d95%0a%3c %0a%3c !! Restart ngircd%0a%3c %0a%3c In order for changes to take effect, you must restart ngircd:%0a%3c %0a%3c [@%0a%3c $ doas rcctl restart ngircd%0a%3c @]%0a%3c %0a%3c '''WARNING''': Restarting ngircd will cause all users on the server to disconnect. Make sure to [[team/announce|warn users in advance]].%0a host:1655652094=38.87.162.8 author:1655651995=jrmu diff:1655651995:1655651846:=39c39%0a%3c _ngircd:*:703:703:service:0:0:ngircd account:/var/ngircd:/sbin/nologin%0a---%0a> username:*:1001:1001:service:0:0:groupname:/home/username:/sbin/nologin%0a72c72%0a%3c $ doas chsh -s /bin/ksh ngircd%0a---%0a> $ doas chsh -s /bin/ksh username%0a78c78%0a%3c $ doas su -c service ngircd%0a---%0a> $ doas su -c service username%0a host:1655651995=38.87.162.8 author:1655651846=jrmu diff:1655651846:1655651484:=95a96,131%0a> %0a> !! Troubleshooting%0a> %0a> Suppose /etc/login.conf and /etc/login.conf.db are missing or deleted. You might see this error:%0a> %0a> [@%0a> OpenBSD/amd64 (username.example.com) (tty00)%0a> %0a> login: root%0a> login: Failure to retrieve default class%0a> @]%0a> %0a> The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]].%0a> %0a> Once you boot into [[openbsd/singleuser|single user mode]], mount / and /usr partitions in read-write mode, set the correct terminal type, then edit [[https://man.openbsd.org/login.conf|login.conf]]:%0a> %0a> [@%0a> # mount -rw /%0a> # mount /usr%0a> # export TERM=xterm%0a> # vi /etc/login.conf%0a> @]%0a> %0a> The default login.conf can be downloaded from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy and paste this into /etc/login.conf, save, then quit.%0a> %0a> If login.conf uses a database, recreate the database:%0a> %0a> [@%0a> # cap_mkdb /etc/login.conf%0a> @]%0a> %0a> Then reboot and login as usual:%0a> %0a> [@%0a> # shutdown -r now %0a> @]%0a host:1655651846=38.87.162.8 author:1655651484=jrmu diff:1655651484:1655651089:=3,131c3%0a%3c ngIRCd is a network service that can open hundreds of network connections. As a result, it will need a special login class to accomodate its increased need for file descriptors and memory.%0a%3c %0a%3c !! Prerequisites%0a%3c %0a%3c Before beginning, read [[Openbsd/Loginconf|the guide]] and [[https://man.openbsd.org/login.conf|man page on login.conf]].%0a%3c %0a%3c !! Service Login Class%0a%3c %0a%3c For ngIRCd, we will create a new login class called the service login class for network services that need extra file descriptors and memory. Append this block to the end of /etc/login.conf:%0a%3c %0a%3c [@%0a%3c service:\%0a%3c :openfiles-cur=4096:\%0a%3c :openfiles-max=8182:\%0a%3c :openfiles=4096:\%0a%3c :stacksize-cur=48M:\%0a%3c :stacksize-max=48M:\%0a%3c :maxproc-max=infinity:\%0a%3c :maxproc-cur=4096:\%0a%3c :tc=daemon:%0a%3c @]%0a%3c %0a%3c '''WARNING''': Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.%0a%3c %0a%3c Now we change @@ngircd@@'s default login class to @@service@@:%0a%3c %0a%3c [@%0a%3c $ doas usermod -L service ngircd%0a%3c @]%0a%3c %0a%3c This can also be edited with a text editor using [[openbsd/vipw]].%0a%3c %0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a%3c %0a%3c [@%0a%3c $ doas grep '^ngircd' /etc/master.passwd%0a%3c username:*:1001:1001:service:0:0:groupname:/home/username:/sbin/nologin%0a%3c @]%0a%3c %0a%3c [[grep/usage|grep]] searches for the line that begins with @@ngircd@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a%3c %0a%3c The 5th field should have the correct login class name:%0a%3c %0a%3c [@%0a%3c $ doas grep '^ngircd' /etc/master.passwd | cut -d : -f 5%0a%3c service%0a%3c @]%0a%3c %0a%3c '''NOTE''': If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:%0a%3c %0a%3c To delete:%0a%3c %0a%3c [@%0a%3c $ doas rm /etc/login.conf.db%0a%3c @]%0a%3c %0a%3c To create the database:%0a%3c %0a%3c [@%0a%3c $ doas cap_mkdb /etc/login.conf%0a%3c @]%0a%3c %0a%3c !! Checking Limits%0a%3c %0a%3c You should confirm the login class has been configured correctly using [[https://man.openbsd.org/ulimit|ulimit]].%0a%3c %0a%3c If necessary, you may need temporarily change the login shell to ksh:%0a%3c %0a%3c [@%0a%3c $ doas chsh -s /bin/ksh username%0a%3c @]%0a%3c %0a%3c Next, we login with the login class znc:%0a%3c %0a%3c [@%0a%3c $ doas su -c service username%0a%3c $ ulimit -a%0a%3c time(cpu-seconds) unlimited%0a%3c file(blocks) unlimited%0a%3c coredump(blocks) unlimited%0a%3c data(kbytes) 33554432%0a%3c stack(kbytes) 32768%0a%3c lockedmem(kbytes) 329478%0a%3c memory(kbytes) 985092%0a%3c nofiles(descriptors) 4096%0a%3c processes 1310%0a%3c @]%0a%3c %0a%3c @@ulimit -a@@ displays all process limits for our current user.%0a%3c %0a%3c '''WARNING''': If limits are not what you expect, you may have an error in your configuration!%0a%3c %0a%3c Press ctrl+d to signal the end of file to logout%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c Suppose /etc/login.conf and /etc/login.conf.db are missing or deleted. You might see this error:%0a%3c %0a%3c [@%0a%3c OpenBSD/amd64 (username.example.com) (tty00)%0a%3c %0a%3c login: root%0a%3c login: Failure to retrieve default class%0a%3c @]%0a%3c %0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]].%0a%3c %0a%3c Once you boot into [[openbsd/singleuser|single user mode]], mount / and /usr partitions in read-write mode, set the correct terminal type, then edit [[https://man.openbsd.org/login.conf|login.conf]]:%0a%3c %0a%3c [@%0a%3c # mount -rw /%0a%3c # mount /usr%0a%3c # export TERM=xterm%0a%3c # vi /etc/login.conf%0a%3c @]%0a%3c %0a%3c The default login.conf can be downloaded from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy and paste this into /etc/login.conf, save, then quit.%0a%3c %0a%3c If login.conf uses a database, recreate the database:%0a%3c %0a%3c [@%0a%3c # cap_mkdb /etc/login.conf%0a%3c @]%0a%3c %0a%3c Then reboot and login as usual:%0a%3c %0a%3c [@%0a%3c # shutdown -r now %0a%3c @]%0a---%0a> Before beginning, read the guide on [[Openbsd/Loginconf|login.conf]]%0a host:1655651484=38.87.162.8 author:1655651089=jrmu diff:1655651089:1655651063:=1,3c1%0a%3c (:title ngIRCd login class:)%0a%3c %0a%3c Before beginning, read the guide on [[Openbsd/Loginconf|login.conf]]%0a---%0a> Before beginning, read the guide on [[Openbsd.Loginconf/login.conf]]%0a host:1655651089=38.87.162.8 author:1655651063=jrmu diff:1655651063:1655651063:=1d0%0a%3c Before beginning, read the guide on [[Openbsd.Loginconf/login.conf]]%0a host:1655651063=38.87.162.8