From FBSD_tips

Frequently answered questions

Contents 1 I can not su to root 2 How do I turn off the console beep? 2.1 How do I change the MAC address? 2.2 Do I need to run a web server as root? 3 Jails 3.1 "Host name lookup failure" from inside the jail 3.2 I can't ping from inside the jail 4 file systems 4.1 Allowong a user to mount a filesystem 5 System Administrivia 5.1 Limit sessions per user 6 Environment 6.1 Shell 6.2 Turning off the 'bell' 7 Devfs restart

[edit] I can not su to root

Any user that wants to su to root need to be put into the wheel group. The command to do this is pw, man pw for details. The simple case should be (for a user named 'test') :

pw usermod -G wheel -n test

NOTE : -G is the whole list of groups, the user will be dropped from any groups they are currently in that aren't included in the (comma separated) group list.

[edit] How do I turn off the console beep?

Turn off the console beep via the kbdcontrol command like so :

kbdcontrol -b off

=Network

[edit] How do I change the MAC address?

Change the MAC address (to 00:00:00:00:00:00) like this :

ifconfig [INTERFACE] link 00:00:00:00:00:00

[edit] Do I need to run a web server as root?

Most software in general does not need to be root. However, because of how old-style unix worked, a lot of daemons start as root and then drop privileges. This is due to ports below 1024 being privileged.

This behaviour can be changed with the net.inet.ip.portrange.reservedlow and net.inet.ip.portrange.reservedhigh being set to 0, however, this also means that if for example, the webserver goes offline, any user can run a webserver on that port in the meantime.

To prevent this, you need to enable the mac_portacl module.

Add options MAC to your kernel config, build a kernel, and then run:

kldload mac_portacl

Now you can restrict ports to users, by setting the security.mac.portacl.rules sysctl. For example:

sysctl security.mac.portacl.rules=uid:80:tcp:80,uid:193:tcp:193

This sets it so that only a process running under the user 'www' can bind to port 80, and that only the user 'cups' can bind to port 193 (ipp)

[edit] Jails

[edit] "Host name lookup failure" from inside the jail

Put a valid /etc/resolv.conf in the jail

[edit] I can't ping from inside the jail

This is actually buy design as ping requires raw sockets, which could be use for nefarious purposes. To (temporarily!!!) enable ping in a jail, you have to set a sysctl.

sysctl security.jail.allow_raw_sockets=1

DO remember to turn it off once you have confirmed your network is working as you expect.

[edit] file systems

[edit] Allowong a user to mount a filesystem

Set the syste3m oid, vfs.usermount via sysctl

sysctl vfs.usermount=1

You must still own the mount point

[edit] System Administrivia

[edit] Limit sessions per user

In login.conf, set sessionlimit

[edit] Environment

[edit] Shell

Default shell :

• For root : csh
• For users : sh

[edit] Turning off the 'bell'

echo 'hw.syscons.bell=0' >> /etc/sysctl.conf for disabling beep sound

(thanks Klavier!)

[edit] Devfs restart

/etc/rc.d/devd restart and /etc/rc.d/devfs restart