Blame

Date:
Message:
Daily backup
Actions:
History | Blob | Raw File
 1 aa513bf8 2023-01-22 jrmu version=pmwiki-2.2.130 ordered=1 urlencoded=1

 2 aa513bf8 2023-01-22 jrmu agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0

 3 aa513bf8 2023-01-22 jrmu author=zen

 4 aa513bf8 2023-01-22 jrmu charset=UTF-8

 5 aa513bf8 2023-01-22 jrmu csum=OpenBSD FAQ link refenrece

 6 aa513bf8 2023-01-22 jrmu ctime=1610210326

 7 aa513bf8 2023-01-22 jrmu host=78.35.163.217

 8 aa513bf8 2023-01-22 jrmu name=Openbsd.Loginconf

 9 aa513bf8 2023-01-22 jrmu rev=17

10 aa513bf8 2023-01-22 jrmu targets=Openbsd.Vipw,Grep.Usage,Openbsd.Singleuser

11 aa513bf8 2023-01-22 jrmu text=(:title login.conf:)%0a%0a!!! Login Class%0a%0aLogin classes allow you to control how many resources are allocated for each user. The limits can be edited in [[https://man.openbsd.org/login.conf|/etc/login.conf]]. For example, here is a login class created for network services:%0a%0a[@%0aservice:\%0a	:openfiles-cur=4096:\%0a	:openfiles-max=8182:\%0a	:openfiles=4096:\%0a	:stacksize-cur=48M:\%0a	:stacksize-max=48M:\%0a	:maxproc-max=infinity:\%0a	:maxproc-cur=4096:\%0a	:tc=daemon:%0a@]%0a%0a'''WARNING''': Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.%0a%0aEach time a network service creates a new connection for a user, it requires at least one file descriptor. So, if your file descriptor limit is set too low, the service will be unable to make new connections to networks. openfiles sets the maximum number of open file descriptors per process. -cur specifies the current limit and -max specifies the maximum limit.%0a%0aThe current and maximum stack size controls how much stack memory a user can use. We set it at 48M to give each service plenty of room.%0a%0a@@maxproc@@ limits how many processes a user in this class can create. We set the maximum to infinity and the current amount to 4096. @@tc=daemon@@ means that the default values will come from the @@daemon@@ login class.%0a%0aNow we will change @@username@@'s default login class to @@service@@:%0a%0a[@%0a$ doas usermod -L service username%0a@]%0a%0aThis can also be edited with a text editor using [[openbsd/vipw]].%0a%0aTo confirm that the login class has been changed, check [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%0a[@%0a$ doas grep '^username' /etc/master.passwd%0ausername:*:1001:1001:service:0:0:groupname:/home/username:/sbin/nologin%0a@]%0a%0a[[grep/usage|grep]] searches for the line that begins with @@username@@ in [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%0aThe 5th field should have the correct login class name:%0a%0a[@%0a$ doas grep '^username' /etc/master.passwd | cut -d : -f 5%0aservice%0a@]%0a%0a'''NOTE''': If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:%0a%0aTo delete:%0a%0a[@%0a$ doas rm /etc/login.conf.db%0a@]%0a%0aTo create the database:%0a%0a[@%0a$ doas cap_mkdb /etc/login.conf%0a@]%0a%0a!! Checking Limits%0a%0aYou should confirm the login class has been configured correctly using [[https://man.openbsd.org/ulimit|ulimit]].%0a%0aIf necessary, you may need temporarily change the login shell to ksh:%0a%0a[@%0a$ doas chsh -s /bin/ksh username%0a@]%0a%0aNext, we login with the login class username:%0a%0a[@%0a$ doas su -c service username%0a$ ulimit -a%0atime(cpu-seconds)    unlimited%0afile(blocks)         unlimited%0acoredump(blocks)     unlimited%0adata(kbytes)         33554432%0astack(kbytes)        32768%0alockedmem(kbytes)    329478%0amemory(kbytes)       985092%0anofiles(descriptors) 4096%0aprocesses            1310%0a@]%0a%0a@@ulimit -a@@ displays all process limits for our current user.%0a%0a'''WARNING''': If limits are not what you expect, you may have an error in your configuration!%0a%0aPress ctrl+d to signal the end of file to logout%0a%0aOnce done, you may need to restore the login shell:%0a%0a[@%0a$ doas chsh -s /path/to/original/shell ngircd%0a@]%0a%0aReplace @@/path/to/original/shell@@ with the original shell (it may be @@/sbin/nologin@@).%0a%0a!! Troubleshooting%0a%0aSuppose /etc/login.conf and /etc/login.conf.db are missing or deleted. You might see this error:%0a%0a[@%0aOpenBSD/amd64 (username.example.com) (tty00)%0a%0alogin: root%0alogin: Failure to retrieve default class%0a@]%0a%0aThe way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq10.html#LostPW|OpenBSD FAQ]].%0a%0aOnce you boot into [[openbsd/singleuser|single user mode]], mount / and /usr partitions in read-write mode, set the correct terminal type, then edit [[https://man.openbsd.org/login.conf|login.conf]]:%0a%0a[@%0a# mount -rw /%0a# mount /usr%0a# export TERM=xterm%0a# vi /etc/login.conf%0a@]%0a%0aThe default login.conf can be downloaded from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy and paste this into /etc/login.conf, save, then quit.%0a%0aIf login.conf uses a database, recreate the database:%0a%0a[@%0a# cap_mkdb /etc/login.conf%0a@]%0a%0aThen reboot and login as usual:%0a%0a[@%0a# shutdown -r now  %0a@]%0a

12 aa513bf8 2023-01-22 jrmu time=1674082085

13 aa513bf8 2023-01-22 jrmu title=login.conf

14 aa513bf8 2023-01-22 jrmu author:1674082085=zen

15 aa513bf8 2023-01-22 jrmu csum:1674082085=OpenBSD FAQ link refenrece

16 aa513bf8 2023-01-22 jrmu diff:1674082085:1655655427:minor=116c116%0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq10.html#LostPW|OpenBSD FAQ]].%0a---%0a> The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]].%0a

17 aa513bf8 2023-01-22 jrmu host:1674082085=78.35.163.217

18 aa513bf8 2023-01-22 jrmu author:1655655427=jrmu

19 aa513bf8 2023-01-22 jrmu diff:1655655427:1655654164:=96,103d95%0a%3c %0a%3c Once done, you may need to restore the login shell:%0a%3c %0a%3c [@%0a%3c $ doas chsh -s /path/to/original/shell ngircd%0a%3c @]%0a%3c %0a%3c Replace @@/path/to/original/shell@@ with the original shell (it may be @@/sbin/nologin@@).%0a

20 aa513bf8 2023-01-22 jrmu host:1655655427=38.87.162.8

21 aa513bf8 2023-01-22 jrmu author:1655654164=jrmu

22 aa513bf8 2023-01-22 jrmu diff:1655654164:1655651528:=35,36c35,36%0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a%3c %0a---%0a> To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a> %0a42c42%0a%3c [[grep/usage|grep]] searches for the line that begins with @@username@@ in [[https://man.openbsd.org/man5/passwd.5|/etc/master.passwd]].%0a---%0a> [[grep/usage|grep]] searches for the line that begins with @@username@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a

23 aa513bf8 2023-01-22 jrmu host:1655654164=38.87.162.8

24 aa513bf8 2023-01-22 jrmu author:1655651528=jrmu

25 aa513bf8 2023-01-22 jrmu diff:1655651528:1655167360:=42,43c42,43%0a%3c [[grep/usage|grep]] searches for the line that begins with @@username@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a%3c %0a---%0a> [[grep/usage|grep]] searches for the line that begins with @@znc@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a> %0a75c75%0a%3c Next, we login with the login class username:%0a---%0a> Next, we login with the login class znc:%0a

26 aa513bf8 2023-01-22 jrmu host:1655651528=38.87.162.8

27 aa513bf8 2023-01-22 jrmu author:1655167360=jrmu

28 aa513bf8 2023-01-22 jrmu diff:1655167360:1655166253:=35c35%0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a---%0a> To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/passwd]].%0a

29 aa513bf8 2023-01-22 jrmu host:1655167360=38.87.162.154

30 aa513bf8 2023-01-22 jrmu author:1655166253=jrmu

31 aa513bf8 2023-01-22 jrmu diff:1655166253:1655165922:=99,100c99,100%0a%3c Suppose /etc/login.conf and /etc/login.conf.db are missing or deleted. You might see this error:%0a%3c %0a---%0a> Suppose /etc/login.conf and /etc/login.conf.db are missing or were deleted. You might see this error:%0a> %0a102,103c102,103%0a%3c OpenBSD/amd64 (username.example.com) (tty00)%0a%3c %0a---%0a> OpenBSD/amd64 (example.ircnow.org) (tty00)%0a> %0a108,111c108,109%0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]].%0a%3c %0a%3c Once you boot into [[openbsd/singleuser|single user mode]], mount / and /usr partitions in read-write mode, set the correct terminal type, then edit [[https://man.openbsd.org/login.conf|login.conf]]:%0a%3c %0a---%0a> The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]]:%0a> %0a113,116c111,114%0a%3c # mount -rw /%0a%3c # mount /usr%0a%3c # export TERM=xterm%0a%3c # vi /etc/login.conf%0a---%0a> $ vmctl stop username%0a> stopping vm user: requested to shutdown vm 11%0a> $ vmctl start username%0a> vmctl: started vm 11 successfully, tty /dev/ttypa%0a119,122c117,118%0a%3c The default login.conf can be downloaded from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy and paste this into /etc/login.conf, save, then quit.%0a%3c %0a%3c If login.conf uses a database, recreate the database:%0a%3c %0a---%0a> You then have to quickly load the console before the system boots:%0a> %0a124c120,130%0a%3c # cap_mkdb /etc/login.conf%0a---%0a> coconut$ vmctl console username%0a> Connected to /dev/ttypa (speed 115200)%0a> Using drive 0, partition 3.%0a> Loading......%0a> probing: pc0 com0 mem[638K 510M a20=on]%0a> disk: hd0+%0a> >> OpenBSD/amd64 BOOT 3.52%0a> /%0a> com0: 115200 baud%0a> switching console to com0%0a> >> OpenBSD/amd64 BOOT 3.52%0a127,128c133,136%0a%3c Then reboot and login as usual:%0a%3c %0a---%0a> (Hint: You may want to press some alphanumeric letters on your keyboard to prevent automatic bootup, then delete them)%0a> %0a> Type @@boot -s@@ to boot into single user mode:%0a> %0a130c138,146%0a%3c # shutdown -r now  %0a---%0a> boot> boot -s%0a> ...%0a> com0: console%0a> vscsi0 at root%0a> scsibus3 at vscsi0: 256 targets%0a> softraid0 at root%0a> scsibus4 at softraid0: 256 targets%0a> root on sd0a (6dd62d70bdd3bab6.a) swap on sd0b dump on sd0b%0a> Enter pathname of shell or RETURN for sh:%0a131a148,167%0a> %0a> Press enter to continue:%0a> %0a> [@%0a> # mount -rw /%0a> # mount /usr%0a> # export TERM=xterm%0a> # vi /etc/login.conf%0a> @]%0a> %0a> Here we are mounting the root partition as read-write (previously it was read-only). Then, we mount /usr in order to have access to basic system utilities. Then, we set the terminal type, then edit /etc/login.conf.%0a> %0a> You can grab the default login.conf from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy paste this into /etc/login.conf, save, then quit.%0a> %0a> [@%0a> # cap_mkdb /etc/login.conf%0a> # shutdown -r now  %0a> @]%0a> %0a> Now, log in as usual.%0a

32 aa513bf8 2023-01-22 jrmu host:1655166253=38.87.162.154

33 aa513bf8 2023-01-22 jrmu author:1655165922=jrmu

34 aa513bf8 2023-01-22 jrmu diff:1655165922:1654997073:=51,54c51,52%0a%3c '''NOTE''': If /etc/login.conf.db exists, make sure to delete it (or recreate the database), otherwise login.conf changes won't apply:%0a%3c %0a%3c To delete:%0a%3c %0a---%0a> '''NOTE''': If /etc/login.conf.db exists, make sure to delete it, otherwise login.conf changes won't apply:%0a> %0a57,62d54%0a%3c @]%0a%3c %0a%3c To create the database:%0a%3c %0a%3c [@%0a%3c $ doas cap_mkdb /etc/login.conf%0a

35 aa513bf8 2023-01-22 jrmu host:1655165922=38.87.162.154

36 aa513bf8 2023-01-22 jrmu author:1654997073=jrmu

37 aa513bf8 2023-01-22 jrmu diff:1654997073:1654997043:=87a88,185%0a> %0a> !! Troubleshooting%0a> %0a> If a network service is frequently disconnecting, these are the most likely causes:%0a> %0a> # mismatch of ports or SSL (using plaintext on 6697 or SSL on 6667)%0a> # SSL is not supported%0a> # user has a server password where none belongs (most likely he confused server password with nickserv password)%0a> # ident is not working%0a> # ircd bans a certain username or ident for no good reason (the ircd mistakenly assumes your connection is a bot and glines it)%0a> # typo of server name or IP address%0a> # dns lookup error%0a> %0a> You may be need to install icu4c-68.2v0.%0a> %0a> !!! IPv4/IPv6 mismatch%0a> %0a> If a znc user has a bindhost that is IPv6 only but the network is IPv4 only, or vice versa, it will not connect.%0a> %0a> To prevent this, you '''must''' use a symbolic hostname (such as username.example.com) for the bindhost. Each hostname needs a single [[dns/records|A record]] and a single [[dns/records|AAAA record]] in the [[nsd/zone|DNS zone]]. If any part is misconfigured, users will be unable to connect.%0a> %0a> To check if any bindhosts are incorrectly using fixed IPv6 or IPv4 addresses, run:%0a> %0a> [@%0a> # sed -nE '/.*(\%3cBindHost|\%3cDCCBindHost) = (.*:.*|[0-9.]+)/s//\2/p' /home/znc/home/znc/.znc/configs/znc.conf%0a> @]%0a> %0a> If you see IP addresses like the following, then your bindhosts are incorrectly set to use IPv4 or IPv6 addreses directly instead of symbolic hostnames:%0a> %0a> [@%0a> 192.168.1.1%0a> 2001:db8::%0a> @]%0a> %0a> !!! Bindhost Errors%0a> %0a> A quick way to check if there are DNS errors is to run%0a> the following two commands:%0a> %0a> [@%0a> # sed -nE '/.*(\%3cBindHost|\%3cDCCBindHost) = (.*)/s//\2/p' /home/znc/home/znc/.znc/configs/znc.conf | xargs -n 1 -t host%0a> @]%0a> %0a> Every hostname should have both an IPv4 and IPv6 address. The IPv4 address should match your [[openbsd/ddos|DDoS-filtered]] public address. Each IPv6 address should be unique.%0a> %0a> If you see duplicate entries (the same hostname returns multiple IPv6 addresses), you must delete the duplicate [[dns/vhost|DNS entries]].%0a> %0a> Here are error messages that indicate there are DNS problems with the bindhost:%0a> %0a> [@%0a> host username.example.com%0a> ;; connection timed out; no servers could be reached%0a> @]%0a> %0a> There is an error because means that the DNS server could not be reached.%0a> %0a> [@%0a> host username.example.com%0a> Host username.example.com not found: 3(NXDOMAIN)%0a> @]%0a> %0a> This indicates there are no DNS records for the bindhost.%0a> %0a> [@%0a> $ doas grep -i host /home/znc/home/znc/.znc/configs/znc.conf | grep -v > ~/bindhost%0a> $ vi ~/bindhost%0a> @]%0a> %0a> Then with vi:%0a> %0a> [@%0a> :%25s_.* = _host _g%0a> @]%0a> %0a> Then:%0a> %0a> [@%0a> $ sh ~/bindhost%0a> @]%0a> %0a> If you see any records there with only a single IPv4 address but no IPv6, or a single IPv6 but no IPv4, or any NXDOMAIN responses, you need to fix your DNS records. There should be exactly one shared IPv4 and one unique IPv6 for each hostname, and zero NXDOMAIN responses.%0a> %0a> !!! Missing libraries%0a> %0a> If you are get errors such as:%0a> %0a> [@%0a> ld.so: znc: can't load library 'libc++abi.so.5.0'%0a> @]%0a> %0a> Then you may be on the wrong OpenBSD version (6.9 or earlier); or you did not apply [[openbsd/syspatch|syspatch]]; or you did not upgrade all dependencies:%0a> %0a> [@%0a> $ doas syspatch%0a> $ doas pkg_add -Uu%0a> @]%0a> %0a> Delete the build folder and compile again.%0a

38 aa513bf8 2023-01-22 jrmu host:1654997073=38.87.162.154

39 aa513bf8 2023-01-22 jrmu author:1654997043=jrmu

40 aa513bf8 2023-01-22 jrmu diff:1654997043:1654996979:=91c91%0a%3c If a network service is frequently disconnecting, these are the most likely causes:%0a---%0a> If your user is getting disconnected, these are the most likely causes:%0a

41 aa513bf8 2023-01-22 jrmu host:1654997043=38.87.162.154

42 aa513bf8 2023-01-22 jrmu author:1654996979=jrmu

43 aa513bf8 2023-01-22 jrmu diff:1654996979:1654996887:=85c85%0a%3c '''WARNING''': If limits are not what you expect, you may have an error in your configuration!%0a---%0a> '''WARNING''': If nofiles(descriptors) is not 4096, you may have an error in your configuration!%0a

44 aa513bf8 2023-01-22 jrmu host:1654996979=38.87.162.154

45 aa513bf8 2023-01-22 jrmu author:1654996887=jrmu

46 aa513bf8 2023-01-22 jrmu diff:1654996887:1654996432:=38c38%0a%3c $ doas grep '^username' /etc/master.passwd%0a---%0a> $ doas grep '^service' /etc/master.passwd%0a44,45c44,45%0a%3c The 5th field should have the correct login class name:%0a%3c %0a---%0a> The 5th field should have the correct login class name.%0a> %0a57,59c57%0a%3c !! Checking Limits%0a%3c %0a%3c You should confirm the login class has been configured correctly using [[https://man.openbsd.org/ulimit|ulimit]].%0a---%0a> !! Testing the login class%0a

47 aa513bf8 2023-01-22 jrmu host:1654996887=38.87.162.154

48 aa513bf8 2023-01-22 jrmu author:1654996432=jrmu

49 aa513bf8 2023-01-22 jrmu diff:1654996432:1654995885:=42,45c42,45%0a%3c [[grep/usage|grep]] searches for the line that begins with @@znc@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/master.passwd]].%0a%3c %0a%3c The 5th field should have the correct login class name.%0a%3c %0a---%0a> [[grep/usage|grep]] searches for the line that begins with @@znc@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/passwd]].%0a> %0a> The 5th field needs to say znc:%0a> %0a47,48c47,48%0a%3c $ doas grep '^username' /etc/master.passwd | cut -d : -f 5%0a%3c service%0a---%0a> $ doas grep '^znc' /etc/passwd | cut -d : -f 5%0a> znc%0a57,60c57,58%0a%3c !! Testing the login class%0a%3c %0a%3c If necessary, you may need temporarily change the login shell to ksh:%0a%3c %0a---%0a> Next, we temporarily change znc's shell to ksh:%0a> %0a62c60%0a%3c $ doas chsh -s /bin/ksh username%0a---%0a> $ doas chsh -s /bin/ksh znc%0a65,66c63,64%0a%3c Next, we login with the login class znc:%0a%3c %0a---%0a> Next, we login with the username znc, with the login class znc:%0a> %0a68c66%0a%3c $ doas su -c service username%0a---%0a> $ doas su -c znc znc%0a

50 aa513bf8 2023-01-22 jrmu host:1654996432=38.87.162.154

51 aa513bf8 2023-01-22 jrmu author:1654995885=jrmu

52 aa513bf8 2023-01-22 jrmu diff:1654995885:1654995214:=2a3%0a> %0a5,6c6,7%0a%3c Login classes allow you to control how many resources are allocated for each user. The limits can be edited in [[https://man.openbsd.org/login.conf|/etc/login.conf]]. For example, here is a login class created for network services:%0a%3c %0a---%0a> Add the following lines to the end of [[https://man.openbsd.org/login.conf|/etc/login.conf]]:%0a> %0a8c9%0a%3c service:\%0a---%0a> znc:\%0a19,24c20,27%0a%3c '''WARNING''': Use tabs and not spaces in login.conf. Spaces are not parsed correctly so that services will not get the file resources they need.%0a%3c %0a%3c Each time a network service creates a new connection for a user, it requires at least one file descriptor. So, if your file descriptor limit is set too low, the service will be unable to make new connections to networks. openfiles sets the maximum number of open file descriptors per process. -cur specifies the current limit and -max specifies the maximum limit.%0a%3c %0a%3c The current and maximum stack size controls how much stack memory a user can use. We set it at 48M to give each service plenty of room.%0a%3c %0a---%0a> '''WARNING''': Use tabs and not spaces. Spaces will fail and as a result, znc will not get the file resources it needs.%0a> %0a> The [[openbsd/loginconf|login.conf]] guide explains the attributes in more detail.%0a> %0a> Each time znc creates a new connection for a user, it requires at least one file descriptor. So, if your file descriptor limit is set too low, znc will be unable to make new connections to networks. openfiles sets the maximum number of open file descriptors per process. -cur specifies the current limit and -max specifies the maximum limit.%0a> %0a> The current and maximum stack size controls how much stack memory a user can use. We set it at 48M to give ZNC plenty of room.%0a> %0a27,28c30,31%0a%3c Now we will change @@username@@'s default login class to @@service@@:%0a%3c %0a---%0a> Now we change znc's default login class to znc:%0a> %0a30c33%0a%3c $ doas usermod -L service username%0a---%0a> $ doas usermod -L znc znc%0a38,39c41,42%0a%3c $ doas grep '^service' /etc/master.passwd%0a%3c username:*:1001:1001:service:0:0:groupname:/home/username:/sbin/nologin%0a---%0a> $ doas grep '^znc' /etc/passwd%0a> znc:*:1001:1001:znc:0:0:znc:/home/znc:/sbin/nologin%0a

53 aa513bf8 2023-01-22 jrmu host:1654995885=38.87.162.154

54 aa513bf8 2023-01-22 jrmu author:1654995214=jrmu

55 aa513bf8 2023-01-22 jrmu diff:1654995214:1610212591:=3,7c3,6%0a%3c %0a%3c !!! Login Class%0a%3c %0a%3c Add the following lines to the end of [[https://man.openbsd.org/login.conf|/etc/login.conf]]:%0a%3c %0a---%0a> !! Troubleshooting%0a> %0a> Suppose /etc/login.conf and /etc/login.conf.db are missing or were deleted. You might see this error:%0a> %0a9,17c8,11%0a%3c znc:\%0a%3c 	:openfiles-cur=4096:\%0a%3c 	:openfiles-max=8182:\%0a%3c 	:openfiles=4096:\%0a%3c 	:stacksize-cur=48M:\%0a%3c 	:stacksize-max=48M:\%0a%3c 	:maxproc-max=infinity:\%0a%3c 	:maxproc-cur=4096:\%0a%3c 	:tc=daemon:%0a---%0a> OpenBSD/amd64 (example.ircnow.org) (tty00)%0a> %0a> login: root%0a> login: Failure to retrieve default class%0a20,31c14,15%0a%3c '''WARNING''': Use tabs and not spaces. Spaces will fail and as a result, znc will not get the file resources it needs.%0a%3c %0a%3c The [[openbsd/loginconf|login.conf]] guide explains the attributes in more detail.%0a%3c %0a%3c Each time znc creates a new connection for a user, it requires at least one file descriptor. So, if your file descriptor limit is set too low, znc will be unable to make new connections to networks. openfiles sets the maximum number of open file descriptors per process. -cur specifies the current limit and -max specifies the maximum limit.%0a%3c %0a%3c The current and maximum stack size controls how much stack memory a user can use. We set it at 48M to give ZNC plenty of room.%0a%3c %0a%3c @@maxproc@@ limits how many processes a user in this class can create. We set the maximum to infinity and the current amount to 4096. @@tc=daemon@@ means that the default values will come from the @@daemon@@ login class.%0a%3c %0a%3c Now we change znc's default login class to znc:%0a%3c %0a---%0a> The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]]:%0a> %0a33c17,20%0a%3c $ doas usermod -L znc znc%0a---%0a> $ vmctl stop username%0a> stopping vm user: requested to shutdown vm 11%0a> $ vmctl start username%0a> vmctl: started vm 11 successfully, tty /dev/ttypa%0a36,39c23,24%0a%3c This can also be edited with a text editor using [[openbsd/vipw]].%0a%3c %0a%3c To confirm that the login class has been changed, check [[https://man.openbsd.org/./man5/passwd.5|/etc/passwd]].%0a%3c %0a---%0a> You then have to quickly load the console before the system boots:%0a> %0a41,42c26,36%0a%3c $ doas grep '^znc' /etc/passwd%0a%3c znc:*:1001:1001:znc:0:0:znc:/home/znc:/sbin/nologin%0a---%0a> coconut$ vmctl console username%0a> Connected to /dev/ttypa (speed 115200)%0a> Using drive 0, partition 3.%0a> Loading......%0a> probing: pc0 com0 mem[638K 510M a20=on]%0a> disk: hd0+%0a> >> OpenBSD/amd64 BOOT 3.52%0a> /%0a> com0: 115200 baud%0a> switching console to com0%0a> >> OpenBSD/amd64 BOOT 3.52%0a45,48c39,42%0a%3c [[grep/usage|grep]] searches for the line that begins with @@znc@@ in [[https://man.openbsd.org/./man5/passwd.5|/etc/passwd]].%0a%3c %0a%3c The 5th field needs to say znc:%0a%3c %0a---%0a> (Hint: You may want to press some alphanumeric letters on your keyboard to prevent automatic bootup, then delete them)%0a> %0a> Type @@boot -s@@ to boot into single user mode:%0a> %0a50,51c44,52%0a%3c $ doas grep '^znc' /etc/passwd | cut -d : -f 5%0a%3c znc%0a---%0a> boot> boot -s%0a> ...%0a> com0: console%0a> vscsi0 at root%0a> scsibus3 at vscsi0: 256 targets%0a> softraid0 at root%0a> scsibus4 at softraid0: 256 targets%0a> root on sd0a (6dd62d70bdd3bab6.a) swap on sd0b dump on sd0b%0a> Enter pathname of shell or RETURN for sh:%0a54,55c55,56%0a%3c '''NOTE''': If /etc/login.conf.db exists, make sure to delete it, otherwise login.conf changes won't apply:%0a%3c %0a---%0a> Press enter to continue:%0a> %0a57c58,61%0a%3c $ doas rm /etc/login.conf.db%0a---%0a> # mount -rw /%0a> # mount /usr%0a> # export TERM=xterm%0a> # vi /etc/login.conf%0a60,61c64,67%0a%3c Next, we temporarily change znc's shell to ksh:%0a%3c %0a---%0a> Here we are mounting the root partition as read-write (previously it was read-only). Then, we mount /usr in order to have access to basic system utilities. Then, we set the terminal type, then edit /etc/login.conf.%0a> %0a> You can grab the default login.conf from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy paste this into /etc/login.conf, save, then quit.%0a> %0a63c69,70%0a%3c $ doas chsh -s /bin/ksh znc%0a---%0a> # cap_mkdb /etc/login.conf%0a> # shutdown -r now  %0a66,256c73%0a%3c Next, we login with the username znc, with the login class znc:%0a%3c %0a%3c [@%0a%3c $ doas su -c znc znc%0a%3c $ ulimit -a%0a%3c time(cpu-seconds)    unlimited%0a%3c file(blocks)         unlimited%0a%3c coredump(blocks)     unlimited%0a%3c data(kbytes)         33554432%0a%3c stack(kbytes)        32768%0a%3c lockedmem(kbytes)    329478%0a%3c memory(kbytes)       985092%0a%3c nofiles(descriptors) 4096%0a%3c processes            1310%0a%3c @]%0a%3c %0a%3c @@ulimit -a@@ displays all process limits for our current user.%0a%3c %0a%3c '''WARNING''': If nofiles(descriptors) is not 4096, you may have an error in your configuration!%0a%3c %0a%3c Press ctrl+d to signal the end of file to logout%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c If your user is getting disconnected, these are the most likely causes:%0a%3c %0a%3c # mismatch of ports or SSL (using plaintext on 6697 or SSL on 6667)%0a%3c # SSL is not supported%0a%3c # user has a server password where none belongs (most likely he confused server password with nickserv password)%0a%3c # ident is not working%0a%3c # ircd bans a certain username or ident for no good reason (the ircd mistakenly assumes your connection is a bot and glines it)%0a%3c # typo of server name or IP address%0a%3c # dns lookup error%0a%3c %0a%3c You may be need to install icu4c-68.2v0.%0a%3c %0a%3c !!! IPv4/IPv6 mismatch%0a%3c %0a%3c If a znc user has a bindhost that is IPv6 only but the network is IPv4 only, or vice versa, it will not connect.%0a%3c %0a%3c To prevent this, you '''must''' use a symbolic hostname (such as username.example.com) for the bindhost. Each hostname needs a single [[dns/records|A record]] and a single [[dns/records|AAAA record]] in the [[nsd/zone|DNS zone]]. If any part is misconfigured, users will be unable to connect.%0a%3c %0a%3c To check if any bindhosts are incorrectly using fixed IPv6 or IPv4 addresses, run:%0a%3c %0a%3c [@%0a%3c # sed -nE '/.*(\%3cBindHost|\%3cDCCBindHost) = (.*:.*|[0-9.]+)/s//\2/p' /home/znc/home/znc/.znc/configs/znc.conf%0a%3c @]%0a%3c %0a%3c If you see IP addresses like the following, then your bindhosts are incorrectly set to use IPv4 or IPv6 addreses directly instead of symbolic hostnames:%0a%3c %0a%3c [@%0a%3c 192.168.1.1%0a%3c 2001:db8::%0a%3c @]%0a%3c %0a%3c !!! Bindhost Errors%0a%3c %0a%3c A quick way to check if there are DNS errors is to run%0a%3c the following two commands:%0a%3c %0a%3c [@%0a%3c # sed -nE '/.*(\%3cBindHost|\%3cDCCBindHost) = (.*)/s//\2/p' /home/znc/home/znc/.znc/configs/znc.conf | xargs -n 1 -t host%0a%3c @]%0a%3c %0a%3c Every hostname should have both an IPv4 and IPv6 address. The IPv4 address should match your [[openbsd/ddos|DDoS-filtered]] public address. Each IPv6 address should be unique.%0a%3c %0a%3c If you see duplicate entries (the same hostname returns multiple IPv6 addresses), you must delete the duplicate [[dns/vhost|DNS entries]].%0a%3c %0a%3c Here are error messages that indicate there are DNS problems with the bindhost:%0a%3c %0a%3c [@%0a%3c host username.example.com%0a%3c ;; connection timed out; no servers could be reached%0a%3c @]%0a%3c %0a%3c There is an error because means that the DNS server could not be reached.%0a%3c %0a%3c [@%0a%3c host username.example.com%0a%3c Host username.example.com not found: 3(NXDOMAIN)%0a%3c @]%0a%3c %0a%3c This indicates there are no DNS records for the bindhost.%0a%3c %0a%3c [@%0a%3c $ doas grep -i host /home/znc/home/znc/.znc/configs/znc.conf | grep -v > ~/bindhost%0a%3c $ vi ~/bindhost%0a%3c @]%0a%3c %0a%3c Then with vi:%0a%3c %0a%3c [@%0a%3c :%25s_.* = _host _g%0a%3c @]%0a%3c %0a%3c Then:%0a%3c %0a%3c [@%0a%3c $ sh ~/bindhost%0a%3c @]%0a%3c %0a%3c If you see any records there with only a single IPv4 address but no IPv6, or a single IPv6 but no IPv4, or any NXDOMAIN responses, you need to fix your DNS records. There should be exactly one shared IPv4 and one unique IPv6 for each hostname, and zero NXDOMAIN responses.%0a%3c %0a%3c !!! Missing libraries%0a%3c %0a%3c If you are get errors such as:%0a%3c %0a%3c [@%0a%3c ld.so: znc: can't load library 'libc++abi.so.5.0'%0a%3c @]%0a%3c %0a%3c Then you may be on the wrong OpenBSD version (6.9 or earlier); or you did not apply [[openbsd/syspatch|syspatch]]; or you did not upgrade all dependencies:%0a%3c %0a%3c [@%0a%3c $ doas syspatch%0a%3c $ doas pkg_add -Uu%0a%3c @]%0a%3c %0a%3c Delete the build folder and compile again.%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c Suppose /etc/login.conf and /etc/login.conf.db are missing or were deleted. You might see this error:%0a%3c %0a%3c [@%0a%3c OpenBSD/amd64 (example.ircnow.org) (tty00)%0a%3c %0a%3c login: root%0a%3c login: Failure to retrieve default class%0a%3c @]%0a%3c %0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]]:%0a%3c %0a%3c [@%0a%3c $ vmctl stop username%0a%3c stopping vm user: requested to shutdown vm 11%0a%3c $ vmctl start username%0a%3c vmctl: started vm 11 successfully, tty /dev/ttypa%0a%3c @]%0a%3c %0a%3c You then have to quickly load the console before the system boots:%0a%3c %0a%3c [@%0a%3c coconut$ vmctl console username%0a%3c Connected to /dev/ttypa (speed 115200)%0a%3c Using drive 0, partition 3.%0a%3c Loading......%0a%3c probing: pc0 com0 mem[638K 510M a20=on]%0a%3c disk: hd0+%0a%3c >> OpenBSD/amd64 BOOT 3.52%0a%3c /%0a%3c com0: 115200 baud%0a%3c switching console to com0%0a%3c >> OpenBSD/amd64 BOOT 3.52%0a%3c @]%0a%3c %0a%3c (Hint: You may want to press some alphanumeric letters on your keyboard to prevent automatic bootup, then delete them)%0a%3c %0a%3c Type @@boot -s@@ to boot into single user mode:%0a%3c %0a%3c [@%0a%3c boot> boot -s%0a%3c ...%0a%3c com0: console%0a%3c vscsi0 at root%0a%3c scsibus3 at vscsi0: 256 targets%0a%3c softraid0 at root%0a%3c scsibus4 at softraid0: 256 targets%0a%3c root on sd0a (6dd62d70bdd3bab6.a) swap on sd0b dump on sd0b%0a%3c Enter pathname of shell or RETURN for sh:%0a%3c @]%0a%3c %0a%3c Press enter to continue:%0a%3c %0a%3c [@%0a%3c # mount -rw /%0a%3c # mount /usr%0a%3c # export TERM=xterm%0a%3c # vi /etc/login.conf%0a%3c @]%0a%3c %0a%3c Here we are mounting the root partition as read-write (previously it was read-only). Then, we mount /usr in order to have access to basic system utilities. Then, we set the terminal type, then edit /etc/login.conf.%0a%3c %0a%3c You can grab the default login.conf from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy paste this into /etc/login.conf, save, then quit.%0a%3c %0a%3c [@%0a%3c # cap_mkdb /etc/login.conf%0a%3c # shutdown -r now  %0a%3c @]%0a%3c %0a%3c Now, log in as usual.%0a---%0a> Now, log in as usual.%0a\ No newline at end of file%0a

56 aa513bf8 2023-01-22 jrmu host:1654995214=38.87.162.154

57 aa513bf8 2023-01-22 jrmu author:1610212591=jrmu

58 aa513bf8 2023-01-22 jrmu diff:1610212591:1610210381:=1,6d0%0a%3c (:title login.conf:)%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c Suppose /etc/login.conf and /etc/login.conf.db are missing or were deleted. You might see this error:%0a%3c %0a8,9c2,3%0a%3c OpenBSD/amd64 (example.ircnow.org) (tty00)%0a%3c %0a---%0a> OpenBSD/amd64 (siva.us5.ircnow.org) (tty00)%0a> %0a12,19c6,13%0a%3c @]%0a%3c %0a%3c The way to fix this is to reboot the system into [[openbsd/singleuser|single user mode]] as described in the [[https://www.openbsd.org/faq/faq8.html#LostPW|OpenBSD FAQ]]:%0a%3c %0a%3c [@%0a%3c $ vmctl stop username%0a%3c stopping vm user: requested to shutdown vm 11%0a%3c $ vmctl start username%0a---%0a> %0a> The way to fix this is to reboot the system into single user mode:%0a> %0a> https://www.openbsd.org/faq/faq8.html#LostPW%0a> %0a> coconut$ vmctl stop siva%0a> stopping vm siva: requested to shutdown vm 11%0a> coconut$ vmctl start siva %0a21,22c15%0a%3c @]%0a%3c %0a---%0a> %0a25,26c18%0a%3c [@%0a%3c coconut$ vmctl console username%0a---%0a> coconut$ vmctl console siva%0a37,43d28%0a%3c @]%0a%3c %0a%3c (Hint: You may want to press some alphanumeric letters on your keyboard to prevent automatic bootup, then delete them)%0a%3c %0a%3c Type @@boot -s@@ to boot into single user mode:%0a%3c %0a%3c [@%0a44a30%0a> %0a45a32%0a> %0a53,57c40,42%0a%3c @]%0a%3c %0a%3c Press enter to continue:%0a%3c %0a%3c [@%0a---%0a> %0a> Press enter to continue%0a> %0a62,68c47,59%0a%3c @]%0a%3c %0a%3c Here we are mounting the root partition as read-write (previously it was read-only). Then, we mount /usr in order to have access to basic system utilities. Then, we set the terminal type, then edit /etc/login.conf.%0a%3c %0a%3c You can grab the default login.conf from [[https://cvsweb.openbsd.org/|CVSWeb]], following the src -> etc -> etc.amd64 -> login.conf -> [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.18&content-type=text/plain|Revision 1.18 download link]]. Copy paste this into /etc/login.conf, save, then quit.%0a%3c %0a%3c [@%0a---%0a> I noticed this file is completely missing!%0a> %0a> So, I go to  %0a> %0a> https://cvsweb.openbsd.org/%0a> %0a> src -> etc -> etc.amd64 -> login.conf -> Revision 1.18 download%0a> %0a> https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.%0a> 18&content-type=text/plain%0a> %0a> Copy paste that into /etc/login.conf, save, then quit.%0a> %0a71,73c62%0a%3c @]%0a%3c %0a%3c Now, log in as usual.%0a\ No newline at end of file%0a---%0a> @]%0a\ No newline at end of file%0a

59 aa513bf8 2023-01-22 jrmu host:1610212591=125.224.19.86

60 aa513bf8 2023-01-22 jrmu author:1610210381=jrmu

61 aa513bf8 2023-01-22 jrmu diff:1610210381:1610210326:=1d0%0a%3c [@%0a62d60%0a%3c @]%0a\ No newline at end of file%0a

62 aa513bf8 2023-01-22 jrmu host:1610210381=125.224.19.86

63 aa513bf8 2023-01-22 jrmu author:1610210326=jrmu

64 aa513bf8 2023-01-22 jrmu diff:1610210326:1610210326:=1,60d0%0a%3c OpenBSD/amd64 (siva.us5.ircnow.org) (tty00)%0a%3c %0a%3c login: root%0a%3c login: Failure to retrieve default class%0a%3c %0a%3c The way to fix this is to reboot the system into single user mode:%0a%3c %0a%3c https://www.openbsd.org/faq/faq8.html#LostPW%0a%3c %0a%3c coconut$ vmctl stop siva%0a%3c stopping vm siva: requested to shutdown vm 11%0a%3c coconut$ vmctl start siva %0a%3c vmctl: started vm 11 successfully, tty /dev/ttypa%0a%3c %0a%3c You then have to quickly load the console before the system boots:%0a%3c %0a%3c coconut$ vmctl console siva%0a%3c Connected to /dev/ttypa (speed 115200)%0a%3c Using drive 0, partition 3.%0a%3c Loading......%0a%3c probing: pc0 com0 mem[638K 510M a20=on]%0a%3c disk: hd0+%0a%3c >> OpenBSD/amd64 BOOT 3.52%0a%3c /%0a%3c com0: 115200 baud%0a%3c switching console to com0%0a%3c >> OpenBSD/amd64 BOOT 3.52%0a%3c boot> boot -s%0a%3c %0a%3c ...%0a%3c %0a%3c com0: console%0a%3c vscsi0 at root%0a%3c scsibus3 at vscsi0: 256 targets%0a%3c softraid0 at root%0a%3c scsibus4 at softraid0: 256 targets%0a%3c root on sd0a (6dd62d70bdd3bab6.a) swap on sd0b dump on sd0b%0a%3c Enter pathname of shell or RETURN for sh:%0a%3c %0a%3c Press enter to continue%0a%3c %0a%3c # mount -rw /%0a%3c # mount /usr%0a%3c # export TERM=xterm%0a%3c # vi /etc/login.conf%0a%3c I noticed this file is completely missing!%0a%3c %0a%3c So, I go to  %0a%3c %0a%3c https://cvsweb.openbsd.org/%0a%3c %0a%3c src -> etc -> etc.amd64 -> login.conf -> Revision 1.18 download%0a%3c %0a%3c https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/etc.amd64/login.conf?rev=1.%0a%3c 18&content-type=text/plain%0a%3c %0a%3c Copy paste that into /etc/login.conf, save, then quit.%0a%3c %0a%3c # cap_mkdb /etc/login.conf%0a%3c # shutdown -r now  %0a

65 aa513bf8 2023-01-22 jrmu host:1610210326=125.224.19.86