Mix between a rant and a quetion, about FreeBSD...

[Sunner]

Well, Im gonna be setting up a webserver for some light development home use, so I figured I'd throw FreeBSD on there, since I don't deal much with it at work(where it's mostly Solaris, Linux, and some OpenBSD).
Just to make sure I don't forget how it works.

Seems I'd already forgotten a few things.

Why, oh why, does FreeBSD have to be so friggin different compared to just about any other *NIX out there?
I try useradd, command doesn't exist, yeah right, I forgot FreeBSD uses it's own little hackjob called "adduser", which IMO sucks, they could have at least left "useradd" there for those of us who don't feel the need to change our habits for no good reason.
So, anyway, I proceed to login to the box from the box where I have a few things I need to move to the to-be webserver, and upon doing "pwd" just to make sure Im not uploading the stuff to the wrong place, I see "usr/home/sunner", again I get confused, until I remember FreeBSD links /home to /usr/home, and again I don't understand why?

It seems like the more I use it, the more small things I find, and the more annoyed I get, which is a shame, for it is indeed a very good system, I just don't understand why they have to do things their own way, sounds like something MS would do...

Oh and my "i dont understand why" type questions are real questions, if someone can give me some insight for example on why they link home to /usr/home I'd appreciate it.

 

[n0cmonkey]

man hier | grep home | more

Id do it myself, but I dont have a FreeBSD box. If it solves the question, post it, Im curious too.

 

[Bremen]

I thought it had to do with historical reasons...

 

[Hector13]

Originally posted by: n0cmonkey
man hier | grep home | more

Id do it myself, but I dont have a FreeBSD box. If it solves the question, post it, Im curious too.

I don't think hier will tell you much (but what do I know, I use linux/solaris mostly), but in the end I don't think it matters where you put "home". If you don't like /usr/home, just make it /home.

My guess is that "back-in-the-day" /usr was on a separate partition already and people didn't want yet another partition for /home (and, obviously, didn't want it on the root partition), so they figured it was easier (and simpler) to just throw it in /usr.

 

[Mucman]

I am not sure if this is the answe, but I think it goes back to traditional partitioning strategies. I normally have the following partitions :

/ 128M
/var 256M
/tmp 256M
/usr the rest

That's a very general paritioning strategy of course. If I was to use that strategy and I didn't want to use /usr/home, and just have /home (not
a symlink), that would mean that /home would be on the / partition and be limited to a 128M. On most servers I would make / read-only so that
would make /home completely useless. So the easiest solution is to make /home a symlink to /usr/home, or make a seperate partition for /home

Use `pw` to add users... it's more flexible. adding users it not something I do often so it never bothered me, and I use `pw` to add users
with my own perl script.

Also, you will notice that all the BSD's do it roughly the same way. That is why I like the BSD's. Each Linux distro has their own hier and it makes
it very hard for someone with a BSD background to find stuff (except for slackware).

 

[Bremen]

interesting / can be made read-only on BSD? On linux that is impractical since /etc needs to be writeable. Learn something new every day :0)

 

[Mucman]

Originally posted by: Bremen
interesting / can be made read-only on BSD? On linux that is impractical since /etc needs to be writeable. Learn something new every day :0)

That's the whole point of FreeBSD's hierarchy. Nothing that needs frequently written to is contained in /etc. Have /etc read-only is a great way to make a
box a bit more secure. That way someone can't use some sort of root exploit to put a command in the crontab, or rc.conf for example.

 

[n0cmonkey]

Originally posted by: Mucman
I am not sure if this is the answe, but I think it goes back to traditional partitioning strategies. I normally have the following partitions :

/ 128M
/var 256M
/tmp 256M
/usr the rest

That's a very general paritioning strategy of course. If I was to use that strategy and I didn't want to use /usr/home, and just have /home (not
a symlink), that would mean that /home would be on the / partition and be limited to a 128M. On most servers I would make / read-only so that
would make /home completely useless. So the easiest solution is to make /home a symlink to /usr/home, or make a seperate partition for /home

Use `pw` to add users... it's more flexible. adding users it not something I do often so it never bothered me, and I use `pw` to add users
with my own perl script.

Also, you will notice that all the BSD's do it roughly the same way. That is why I like the BSD's. Each Linux distro has their own hier and it makes
it very hard for someone with a BSD background to find stuff (except for slackware).

OpenBSD uses /home, not /usr/home.

 

[Bremen]

Thanks Mucman! But what if I want /usr read-only like in linux? :0)

 

[Mucman]

nocmonkey, I guess I should point out that I was just talking about FreeBSD. I see that NetBSD uses /home as well.

Bremen, What stopping you from mounting /usr as read only? As long as you have /home on a seperate partition you should be fine.

 

[n0cmonkey]

Originally posted by: Bremen
interesting / can be made read-only on BSD? On linux that is impractical since /etc needs to be writeable. Learn something new every day :0)

/usr should probably be ro, /usr/local should probably be nosuid (unless you replace sendmail or other suid necessary program, which systrace could fix).

 

[Mucman]

Originally posted by: n0cmonkey

Originally posted by: Bremen
interesting / can be made read-only on BSD? On linux that is impractical since /etc needs to be writeable. Learn something new every day :0)

/usr should probably be ro, /usr/local should probably be nosuid (unless you replace sendmail or other suid necessary program, which systrace could fix).

Good idea! Maybe you should design your own BSD and call it TightBSD . Doesn't sudo need setuid?

 

[Bremen]

how about calling it OpenBSD ;0)

 

[Mucman]

Originally posted by: Bremen
how about calling it OpenBSD ;0)

OpenBSD isn't as secure as you can get... at least they finally ditched rpc from the default install though! Isn't it sort of ironic that
the most secure of the BSD's is called OpenBSD

 

[n0cmonkey]

Originally posted by: Mucman

Originally posted by: n0cmonkey

Originally posted by: Bremen
interesting / can be made read-only on BSD? On linux that is impractical since /etc needs to be writeable. Learn something new every day :0)

/usr should probably be ro, /usr/local should probably be nosuid (unless you replace sendmail or other suid necessary program, which systrace could fix).

Good idea! Maybe you should design your own BSD and call it TightBSD . Doesn't sudo need setuid?

Some of these suggestions are soon to be default behavior in OpenBSD I believe. sudo does need setuid I think, but systrace may be able to solve that problem.

 

[Bremen]

I said that because I believe the settings n0c is talking about are the default in OpenBSD... I admit I may be wrong though...

 

[n0cmonkey]

Originally posted by: Mucman

Originally posted by: Bremen
how about calling it OpenBSD ;0)

OpenBSD isn't as secure as you can get... at least they finally ditched rpc from the default install though! Isn't it sort of ironic that
the most secure of the BSD's is called OpenBSD

I believe the Open more refers to the freedom of the source. They are quite possibly the free-est OS out there.

 

[Mucman]

I think I need to read about this systrace program you keep on mentioning

Do you think sudo will ever become part of the default installation?

 

[n0cmonkey]

Originally posted by: Bremen
I said that because I believe the settings n0c is talking about are the default in OpenBSD... I admit I may be wrong though...

-current IIRC, but I havent downloaded a snapshot yet.

 

[n0cmonkey]

Originally posted by: Mucman
I think I need to read about this systrace program you keep on mentioning

Do you think sudo will ever become part of the default installation?

sudo is a part of the default installation on OpenBSD. An OpenBSD developer wrote it, or atleast took it over or something.

 

[Bremen]

Originally posted by: n0cmonkey

Originally posted by: Mucman

Originally posted by: Bremen
how about calling it OpenBSD ;0)

OpenBSD isn't as secure as you can get... at least they finally ditched rpc from the default install though! Isn't it sort of ironic that
the most secure of the BSD's is called OpenBSD

I believe the Open more refers to the freedom of the source. They are quite possibly the free-est OS out there.

Well they're certainly one of the few that aren't willing to compromise on their idea of 'free'.

 

[Mucman]

Originally posted by: n0cmonkey

Originally posted by: Mucman
I think I need to read about this systrace program you keep on mentioning

Do you think sudo will ever become part of the default installation?

sudo is a part of the default installation on OpenBSD. An OpenBSD developer wrote it, or atleast took it over or something.

Running 3 BSDs at home is doing something to my brain

systrace looks amazing! Definitely going to require admins to be more knowledgable about kernel operations and how
system calls work from a programming API point of view.

 

[n0cmonkey]

Originally posted by: Mucman

Originally posted by: n0cmonkey

Originally posted by: Mucman
I think I need to read about this systrace program you keep on mentioning

Do you think sudo will ever become part of the default installation?

sudo is a part of the default installation on OpenBSD. An OpenBSD developer wrote it, or atleast took it over or something.

Running 3 BSDs at home is doing something to my brain

systrace looks amazing! Definitely going to require admins to be more knowledgable about kernel operations and how
system calls work from a programming API point of view.

Do a search on deadly.org for the hairy eyeball, it has some example systrace policies that are definitely helping me learn a bit.

 

[Sunner]

Originally posted by: n0cmonkey
man hier | grep home | more

Id do it myself, but I dont have a FreeBSD box. If it solves the question, post it, Im curious too.

There's actually no mention of neither /home nor /usr/home in the hier manpage.

These things aren't really any big issues, I just don't understand why.

 

[Barnaby W. Füi]

Originally posted by: n0cmonkey

Originally posted by: Mucman

Originally posted by: n0cmonkey

Originally posted by: Mucman
I think I need to read about this systrace program you keep on mentioning

Do you think sudo will ever become part of the default installation?

sudo is a part of the default installation on OpenBSD. An OpenBSD developer wrote it, or atleast took it over or something.

Running 3 BSDs at home is doing something to my brain

systrace looks amazing! Definitely going to require admins to be more knowledgable about kernel operations and how
system calls work from a programming API point of view.

Do a search on deadly.org for the hairy eyeball, it has some example systrace policies that are definitely helping me learn a bit.

cool, systrace is on my mental list of things to look at, i'll probably get to it after my bout with sendmail