Category: bsd

Posted on

FreeBSD and pam_listfile

I’ve discovered unknown terrors while researching and writing PAM Mastery. Well, terrors previously unknown to me, at least. I’m certain that the OpenPAM and Linux-PAM developers are very much aware of them. (I’m also certain that they’re part of the reason DES keeps his hair cut so short, so that he can’t yank it out of his head in bloody chunks.)

Part of the writing process was building a giant spreadsheet listing operating systems, PAM versions, and which modules appear in each OS. Strictly speaking, OpenPAM proper contains very few modules. Most “OpenPAM” modules actually originate from FreeBSD. But people are free to use them, so they generally get lumped into the “OpenPAM module” bucket.

One module that’s conspicuous by its absence in pam_listfile. Pam_listfile.so lets you accept or reject access based on the username’s presence in a file. It’s much like the traditional BSD /etc/ftpusers functionality.

It’s a reasonable enough module. And I’m told that pam_listfile.so can be compiled to work on FreeBSD, but nobody’s bothered to submit a port. How to make it work is a perennial question on the FreeBSD mailing lists.

The good news is, you can easily emulate pam_listfile.so on FreeBSD using pam_exec. Pam_exec runs a command as part of the PAM chain. If the command returns 0, the module says to grant access. If the command returns 1, the module says to deny access. (Whether PAM obeys this instruction or not depends on the type of statement.)

Here I implement basic pam_listfile.so functionality in a shell script, pam_listfile.sh.

Enable pam_listfile.sh as an auth rule.

auth required pam_exec /usr/local/scripts/pam_listfile.sh

Now all you need is a script. This version of the script permits access if the username appears in /etc/validusers.

#!/bin/sh
/usr/bin/grep ^$PAM_USER$ /etc/validusers
return $?

And here’s a version that rejects access if the username appears in /etc/validusers, exactly like /etc/ftpusers. It’s a huge change, adding an entire exclamation point.

#!/bin/sh
! /usr/bin/grep ^$PAM_USER$ /etc/validusers
return $?

You could add more functions as you need. The important thing is to return either 0 or not-zero.

PAM Mastery is over half finished. I’ve completed the parts on “this is how PAM works” and have moved on to “here are some cool PAM modules that you might want to use.”

And my marketing department says I need to mention that I’m taking sponsors on the print and ebook versions of PAM Mastery.

Posted on

“FreeBSD Mastery: Advanced ZFS” in tech review

FreeBSD Mastery: Advanced ZFS went to the FreeBSD developer community and a few select folks for technical review last night.

If you bought a sponsorship, either print or ebook, the manuscript is now in your account.

FM:AZ will not be on a discount pre-order. I figure the sponsors deserve the right to satisfy their morbid curiosity over the defective, untested, uncorrected manuscript. Plus, they get a little bit of joy over their privileged status. Not to mention bragging rights.

If you’re a sponsor, I’m going to ask you to download the manuscript, go to the last page, and check the spelling of your name. While I did my best to verify them, non-English character sets might be my undoing here. Plus, I’m an idiot, which doesn’t help.

Posted on

February 2016 status and sponsorship questions

I’m thrilled and grateful with the results of the FreeBSD Mastery: Advanced ZFS sponsorship. Eighteen ebook sponsors and eight print sponsors have made my life easier. I’ll list them at the end of this blog post.

Allan and I are very close to having a completed first draft of the book–as in, we need a couple thousand more words from Allan and we’re ready to for final pre-tech-review touch up. As we’re working chapter-by-chapter in Google Docs, I’ll then have the job of pulling all the docs into a single Word doc, applying formatting, and making sure it all hangs together as a book.

Once it’s in a single doc, I’ll upload it to the Tilted Windmill Press site so ebook and print sponsors can see an early copy if they desire.

This is a complicated book. It includes, like, actual math and stuff. There’s a limited pool of people who can do the tech review, and they’re all very busy.

With any luck, though, we will have print copies in time for BSDCan 2016.

In the meantime, I’m turning my attention to PAM Mastery. I did lots of research and analysis for this beforehand, so in theory I can just spew the book out and get it out for review.

If I’m very quick, and if absolutely everything works out correctly, I could actually have print copies of the PAM book for Penguicon.

Which leads me to another question, one I’m going to rely on you lot to answer.

Should I solicit sponsors for “PAM Mastery”?

My gut reaction to holding out my hand and asking for money is “no, don’t do it. You are not only a commercial enterprise, you are a commercial exploiter of the BSD community. Provide a worthwhile product and people will buy it.” It took me about a decade to open a tip jar, and I’m still shocked when people put something in it. Seems I caught that stupid Puritan work ethic or something.

The Advanced ZFS sponsors have not received their books yet. (Although I must say, warm showers make me a much more productive writer.) I feel a certain imbalance here–while that book is solidly under way, I’m responsible for delivering good work to my sponsors. FM:AZ is rapidly approaching the “hurry up and wait” stage.

And I don’t want to be constantly putting up a sign saying “Give me money in exchange for electrons arranged in the shape of your name.”

On the other side, people… apparently want to give me money for electrons arranged in the shape of their name.

So, what do you think? Too soon? Do it? Give it all up and become a llama smuggler?

Lastly, on the fiction front: I’ve gotten the proofreading back on my crime thriller Butterfly Stomp Waltz. Proofreader is now on to Immortal Clay 2, Kipuka Blues, and that’s due back by 20 March. I should have print copies of each to take to my writing workshop in April, and you should be able to buy both before April. Shlepping BSW into production would be a couple days work, but I’m heads-down on getting PAM Mastery done, so it’ll have to wait.

And I have a couple short stories to release, I just have to snatch the time from somewhere and get them out.

EDIT: I said I’d list the FMAZ sponsors, and forgot before hitting “publish.” Typical, Lucas. Absolutely typical.

Ebook:

1. Bruce Buskill (first sponsor ever)
2. Julien Vallée
3. Wim Wauters
4. Ollivier Robert
5. Henning Kessler
6. Geoffrey Garside
7. Theodore Durst
8. Georgiy Bulygin
9. Timur Anthony
10. Earl Percival
11. Grzegorz Mrzyglod
12. Jason Plows
13. Dominique Poulain
14. Trond Endrestøl
15. Kenneth Moyer
16. David Stiévenard
17. Mark Voltz
18. Graham Hunter

Print:
1. Dan Langille
2. TransIP B.V./Johan Schuijt
3. Thomas Scott
4. Dirk Tol
5. Justin Holcomb, in memory of Mary Lou Malott
6. Adam McDougall
7. Miguel Moll
8. Dominik B. Kowal

Posted on

next talk: “FreeBSD Filesystem Fun” at March semibug

I’m slated to present at the next SemiBUG meeting.

By unpopular demand, I’ll offer “FreeBSD Filesystem Fun,” also known as “odd stuff I learned as I’ve written the FreeBSD storage books.” You’ll get content on UFS, ZFS, unionfs, various memory filesystems, and some of the really odd corners I discovered while writing the book. Warning: will contain actual math and ZFS tuning know-how.

15 March. 7 PM. Altair Engineering!

To be followed by dining at Leo’s Coney Island right next door. (We’re flexible on dinner, but somehow it always turns out to be Leo’s.)

Future meetings of note include two special guests:

On 19 April, Tom Lawrence is coming to talk about pfSense.

And on 17 May, Isaac Levy is flying in from New York City to talk about FreeBSD jails. I’d really like to fill our space for this one, as Ike is both a great speaker and making a special flight exclusively for us. Knowing Ike, I suspect that the dinner afterwards will involve beer.

June will be a BSDCan trip report, and July, Josh Grosse on porting software to OpenBSD.

Posted on

Sponsorships for “FreeBSD Mastery: Advanced ZFS”

I recently put up a post musing offering sponsorships for tech books. The reaction I got, both in blog comments and private email, was overwhelmingly positive.

And people are eagerly awaiting FreeBSD Mastery: Advanced ZFS, by Allan Jude and yours truly.

So, I’ve decided to try selling sponsorships for FM:AZ.

Ebook sponsors ($20) get their name in the ebook. Print sponsors ($100) get their name in both the print and electronic versions. Other books will have other pricing levels.

Some of the emails I got after that first post let me know that some people will happily pay a few dollars to get a link to their dodgy web site in a reputable location. For that reason, I won’t be linking to sponsors in the ebook. (As usual, it’s a handful of jackasses that ruin things for the rest of us.)

You should know that the money from the sponsorships goes entirely to me. Allan both a) has a steady paycheck, and b) is too generous for his own good. (It’s, like, blatantly obvious he’s Canadian.) I intend to buy his beer at BSDCan.

Posted on

The Penguicon Lucas Tech Track

I submitted several tech events to Penguicon, our local tech/SF/maker/assorted random WTF convention.

They accepted six: five talks and one panel.

So if you’re in Detroit on the weekend of 29 April-1 May, come by and see me bloviate about:

  • PAM: You’re Doing It Wrong
  • the ZFS File System
  • Networking for Systems Administrators
  • Encrypted Backups with Tarsnap
  • BSD Operating Systems in 2016
  • Senior Sysadmin Panel

    The last one, the Senior Sysadmin Panel, should be a lot of fun. I’m looking for 3-4 more people to sit on that panel. I was a pro sysadmin for 20 years at a variety of organizations. Ideally, while I’m moderating the panel, I’d like to be the junior sysadmin on it. Let me know if you’ll be at Penguicon and interested.

    I’ve also expressed strong interest in being on the self-publishing panel, but I haven’t heard back on that yet. That’ll be on the lit track.

    • Posted on

    randi vs xmj

    I’ve gotten a bunch of emails asking me for my opinion on the Randi – xmj FreeBSD issue.

    Short short answer: I am withholding comment until we hear some kind of response from FreeBSD’s core team. Or until we don’t.

    Short answer: This looks really bad for FreeBSD’s leaders and the Foundation.

    If a volunteer project has a volunteer who is honestly so dysfunctional that he doesn’t understand why he is offensive, the project does not need him. And the volunteer needs to get help until he’s capable of behaving in a civilized manner.

    edit: your hate mail may be posted. Provided I find it worthy of such treatment, at my sole discretion.

    edit2: Moderating all comments on this post. Because I’m not interested in rehashing the arguments. Gamergaters are notoriously resistant to human decency.

    Posted on

    “FreeBSD Mastery: Specialty Filesystems” disclaimer

    I’m going through the tech edits on FreeBSD Mastery: Specialty Filesystems, integrating them into the manuscript so that it can go to copyedit.

    As this book is available for early access purchase, without technical review, the manuscript starts with a disclaimer. The first step in prepping this manuscript is removing the disclaimer.

    In my opinion, the disclaimers are often the most useful part of my tech books. I’m preserving this one for posterity.

    FIRST DRAFT. NOT FOR PUBLIC DISTRIBUTION. FOR TECHNICAL REVIEW ONLY. NOT FACT-CHECKED. PROBABLY COMPLETELY CHECKED OUT. SOME INFORMATION HEREIN NOT ONLY INCORRECT BUT ACTIVELY MALICIOUS, NO IDEA WHICH IS WHICH. CHEMICALLY UNSTABLE. NON-ORGANIC. CONTAINS NASTY LEECHY PLASTICS. BEWARE OF DROP BEARS, GAMERGATERS, AND SEA WEASELS. BRIDGE OUT. ONE WAY NO RETURN. MANUSCRIPT IS MORALLY BANKRUPT AND ENGAGED IN KARMIC PANHANDLING.

    PLEASE SEND ANY CORRECTIONS TO THE AUTHOR. INCLUDE PAGE NUMBERS AND ENOUGH SURROUNDING CONTEXT SO HE KNOWS WHAT YOU’RE TALKING ABOUT. LUCAS IS ALREADY CONFUSED, PLEASE DON’T MAKE IT ANY WORSE.

    You can still get the early access version of FM:SF at my bookstore, at a 10% discount. When the book is finished, you’ll get access to the final version.

    Posted on

    “FreeBSD Mastery: Specialty Filesystems” early draft available!

    You can now get the in-progress but complete first draft of “FreeBSD Mastery: Specialty Filesystems” at Tilted Windmill Press.

    Buy it now, get 10% off. You get access to the early version as a PDF. When the final book is released, you’ll get the final EPUB, mobi, and print PDF versions.

    This draft contains all the content I intend for this book, but it has not been tech reviewed. Tech reviewers have received the manuscript, and are busily marking all the ways that I am wrong, wrong, wrong.

    The final print book will have a wraparound cover that looks much like below, with minor changes to accommodate the actual spine width. In my unbiased opinion, this is the most fantastic cover I’ve done.

    fmspf cover
    fmspf cover