Chapter 10. System Administration

10.1. Where are the system start-up configuration files?
10.2. How do I add a user easily?
10.3. Why do I keep getting messages like root: not found after editing /etc/crontab?
10.4. Why do I get the error, you are not in the correct group to su root when I try to su to root?
10.5. I made a mistake in rc.conf, or another startup file, and now I cannot edit it because the file system is read-only. What should I do?
10.6. Why am I having trouble setting up my printer?
10.7. How can I correct the keyboard mappings for my system?
10.8. Why can I not get user quotas to work properly?
10.9. Does FreeBSD support System V IPC primitives?
10.10. What other mail-server software can I use instead of Sendmail?
10.11. I have forgotten the root password! What do I do?
10.12. How do I keep Control+Alt+Delete from rebooting the system?
10.13. How do I reformat DOS text files to UNIX® ones?
10.14. How do I re-read /etc/rc.conf and re-start /etc/rc without a reboot?
10.15. I tried to update my system to the latest -STABLE, but got -BETAx, -RC or -PRERELEASE! What is going on?
10.16. I tried to install a new kernel, and the chflags(1) failed. How do I get around this?
10.17. I cannot change the time on my system by more than one second! How do I get around this?
10.18. Why is rpc.statd using 256 MB of memory?
10.19. Why can I not unset the schg file flag?
10.20. What is vnlru?
10.21. What do the various memory states displayed by top mean?
10.22. How much free memory is available?
10.23. What is /var/empty?
10.24. I just changed /etc/newsyslog.conf. How can I check if it does what I expect?
10.25. My time is wrong, how can I change the timezone?

10.1.

Where are the system start-up configuration files?

The primary configuration file is /etc/defaults/rc.conf which is described in rc.conf(5). System startup scripts such as /etc/rc and /etc/rc.d, which are described in rc(8), include this file. Do not edit this file! Instead, to edit an entry in /etc/defaults/rc.conf, copy the line into /etc/rc.conf and change it there.

For example, if to start named(8), the included DNS server:

# echo 'named_enable="YES"' >> /etc/rc.conf

To start up local services, place shell scripts in the /usr/local/etc/rc.d directory. These shell scripts should be set executable, the default file mode is 555.

10.2.

How do I add a user easily?

Use the adduser(8) command, or the pw(8) command for more complicated situations.

To remove the user, use the rmuser(8) command or, if necessary, pw(8).

10.3.

Why do I keep getting messages like root: not found after editing /etc/crontab?

This is normally caused by editing the system crontab. This is not the correct way to do things as the system crontab has a different format to the per-user crontabs. The system crontab has an extra field, specifying which user to run the command as. cron(8) assumes this user is the first word of the command to execute. Since no such command exists, this error message is displayed.

To delete the extra, incorrect crontab:

# crontab -r

10.4.

Why do I get the error, you are not in the correct group to su root when I try to su to root?

This is a security feature. In order to su to root, or any other account with superuser privileges, the user account must be a member of the wheel group. If this feature were not there, anybody with an account on a system who also found out root's password would be able to gain superuser level access to the system.

To allow someone to su to root, put them in the wheel group using pw:

# pw groupmod wheel -m lisa

The above example will add user lisa to the group wheel.

10.5.

I made a mistake in rc.conf, or another startup file, and now I cannot edit it because the file system is read-only. What should I do?

Restart the system using boot -s at the loader prompt to enter single-user mode. When prompted for a shell pathname, press Enter and run mount -urw / to re-mount the root file system in read/write mode. You may also need to run mount -a -t ufs to mount the file system where your favorite editor is defined. If that editor is on a network file system, either configure the network manually before mounting the network file systems, or use an editor which resides on a local file system, such as ed(1).

In order to use a full screen editor such as vi(1) or emacs(1), run export TERM=xterm on FreeBSD 9.0+, or export TERM=cons25 on FreeBSD 8.X so that these editors can load the correct data from the termcap(5) database.

After performing these steps, edit /etc/rc.conf to fix the syntax error. The error message displayed immediately after the kernel boot messages should indicate the number of the line in the file which is at fault.

10.6.

Why am I having trouble setting up my printer?

See the Handbook entry on printing for troubleshooting tips.

10.7.

How can I correct the keyboard mappings for my system?

Refer to the Handbook section on using localization, specifically the section on console setup.

10.8.

Why can I not get user quotas to work properly?

  1. It is possible that the kernel is not configured to use quotas. In this case, add the following line to the kernel configuration file and recompile the kernel:

    options QUOTA

    Refer to the Handbook entry on quotas for full details.

  2. Do not turn on quotas on /.

  3. Put the quota file on the file system that the quotas are to be enforced on:

    File SystemQuota file
    /usr/usr/admin/quotas
    /home/home/admin/quotas

10.9.

Does FreeBSD support System V IPC primitives?

Yes, FreeBSD supports System V-style IPC, including shared memory, messages and semaphores, in the GENERIC kernel. With a custom kernel, support may be loaded with the sysvshm.ko, sysvsem.ko and sysvmsg.ko kernel modules, or enabled in the custom kernel by adding the following lines to the kernel configuration file:

options    SYSVSHM          # enable shared memory
options    SYSVSEM          # enable for semaphores
options    SYSVMSG          # enable for messaging

Recompile and install the kernel.

10.10.

What other mail-server software can I use instead of Sendmail?

The Sendmail server is the default mail-server software for FreeBSD, but it can be replaced with another MTA installed from the Ports Collection. Available ports include mail/exim, mail/postfix, and mail/qmail. Search the mailing lists for discussions regarding the advantages and disadvantages of the available MTAs.

10.11.

I have forgotten the root password! What do I do?

Do not panic! Restart the system, type boot -s at the Boot: prompt to enter single-user mode. At the question about the shell to use, hit Enter which will display a # prompt. Enter mount -urw / to remount the root file system read/write, then run mount -a to remount all the file systems. Run passwd root to change the root password then run exit(1) to continue booting.

Note:

If you are still prompted to give the root password when entering the single-user mode, it means that the console has been marked as insecure in /etc/ttys. In this case, it will be required to boot from a FreeBSD installation disk, choose the Live CD or Shell at the beginning of the install process and issue the commands mentioned above. Mount the specific partition in this case and then chroot to it. For example, replace mount -urw / with mount /dev/ada0p1 /mnt; chroot /mnt for a system on ada0p1.

Note:

If the root partition cannot be mounted from single-user mode, it is possible that the partitions are encrypted and it is impossible to mount them without the access keys. For more information see the section about encrypted disks in the FreeBSD Handbook.

10.12.

How do I keep Control+Alt+Delete from rebooting the system?

When using syscons(4), the default console driver, build and install a new kernel with this line in the configuration file:

options SC_DISABLE_REBOOT

This can also be done by setting the following sysctl(8) which does not require a reboot or kernel recompile:

# sysctl hw.syscons.kbd_reboot=0

Note:

The above two methods are exclusive: The sysctl(8) does not exist if the kernel is compiled with SC_DISABLE_REBOOT.

10.13.

How do I reformat DOS text files to UNIX® ones?

Use this perl(1) command:

% perl -i.bak -npe 's/\r\n/\n/g' file(s)

where file(s) is one or more files to process. The modification is done in-place, with the original file stored with a .bak extension.

Alternatively, use tr(1):

% tr -d '\r' < dos-text-file > unix-file

dos-text-file is the file containing DOS text while unix-file will contain the converted output. This can be quite a bit faster than using perl.

Yet another way to reformat DOS text files is to use the converters/dosunix port from the Ports Collection. Consult its documentation about the details.

10.14.

How do I re-read /etc/rc.conf and re-start /etc/rc without a reboot?

Go into single-user mode and then back to multi-user mode:

# shutdown now
# return
# exit

10.15.

I tried to update my system to the latest -STABLE, but got -BETAx, -RC or -PRERELEASE! What is going on?

Short answer: it is just a name. RC stands for Release Candidate. It signifies that a release is imminent. In FreeBSD, -PRERELEASE is typically synonymous with the code freeze before a release. (For some releases, the -BETA label was used in the same way as -PRERELEASE.)

Long answer: FreeBSD derives its releases from one of two places. Major, dot-zero, releases, such as 9.0-RELEASE are branched from the head of the development stream, commonly referred to as -CURRENT. Minor releases, such as 6.3-RELEASE or 5.2-RELEASE, have been snapshots of the active -STABLE branch. Starting with 4.3-RELEASE, each release also now has its own branch which can be tracked by people requiring an extremely conservative rate of development (typically only security advisories).

When a release is about to be made, the branch from which it will be derived from has to undergo a certain process. Part of this process is a code freeze. When a code freeze is initiated, the name of the branch is changed to reflect that it is about to become a release. For example, if the branch used to be called 6.2-STABLE, its name will be changed to 6.3-PRERELEASE to signify the code freeze and signify that extra pre-release testing should be happening. Bug fixes can still be committed to be part of the release. When the source code is in shape for the release the name will be changed to 6.3-RC to signify that a release is about to be made from it. Once in the RC stage, only the most critical bugs found can be fixed. Once the release (6.3-RELEASE in this example) and release branch have been made, the branch will be renamed to 6.3-STABLE.

For more information on version numbers and the various Subversion branches, refer to the Release Engineering article.

10.16.

I tried to install a new kernel, and the chflags(1) failed. How do I get around this?

Short answer: the security level is greater than 0. Reboot directly to single-user mode to install the kernel.

Long answer: FreeBSD disallows changing system flags at security levels greater than 0. To check the current security level:

# sysctl kern.securelevel

The security level cannot be lowered in multi-user mode, so boot to single-user mode to install the kernel, or change the security level in /etc/rc.conf then reboot. See the init(8) manual page for details on securelevel, and see /etc/defaults/rc.conf and the rc.conf(5) manual page for more information on rc.conf.

10.17.

I cannot change the time on my system by more than one second! How do I get around this?

Short answer: the system is at a security level greater than 1. Reboot directly to single-user mode to change the date.

Long answer: FreeBSD disallows changing the time by more that one second at security levels greater than 1. To check the security level:

# sysctl kern.securelevel

The security level cannot be lowered in multi-user mode. Either boot to single-user mode to change the date or change the security level in /etc/rc.conf and reboot. See the init(8) manual page for details on securelevel, and see /etc/defaults/rc.conf and the rc.conf(5) manual page for more information on rc.conf.

10.18.

Why is rpc.statd using 256 MB of memory?

No, there is no memory leak, and it is not using 256 MB of memory. For convenience, rpc.statd maps an obscene amount of memory into its address space. There is nothing terribly wrong with this from a technical standpoint; it just throws off things like top(1) and ps(1).

rpc.statd(8) maps its status file (resident on /var) into its address space; to save worrying about remapping it later when it needs to grow, it maps it with a generous size. This is very evident from the source code, where one can see that the length argument to mmap(2) is 0x10000000, or one sixteenth of the address space on an IA32, or exactly 256 MB.

10.19.

Why can I not unset the schg file flag?

The system is running a securelevel greater than 0. Lower the securelevel and try again. For more information, see the FAQ entry on securelevel and the init(8) manual page.

10.20.

What is vnlru?

vnlru flushes and frees vnodes when the system hits the kern.maxvnodes limit. This kernel thread sits mostly idle, and only activates when there is a huge amount of RAM and users are accessing tens of thousands of tiny files.

10.21.

What do the various memory states displayed by top mean?

  • Active: pages recently statistically used.

  • Inactive: pages recently statistically unused.

  • Cache: (most often) pages that have percolated from inactive to a status where they maintain their data, but can often be immediately reused (either with their old association, or reused with a new association). There can be certain immediate transitions from active to cache state if the page is known to be clean (unmodified), but that transition is a matter of policy, depending upon the algorithm choice of the VM system maintainer.

  • Free: pages without data content, and can be immediately used in certain circumstances where cache pages might be ineligible. Free pages can be reused at interrupt or process state.

  • Wired: pages that are fixed into memory, usually for kernel purposes, but also sometimes for special use in processes.

Pages are most often written to disk (sort of a VM sync) when they are in the inactive state, but active pages can also be synced. This depends upon the CPU tracking of the modified bit being available, and in certain situations there can be an advantage for a block of VM pages to be synced, whether they are active or inactive. In most common cases, it is best to think of the inactive queue to be a queue of relatively unused pages that might or might not be in the process of being written to disk. Cached pages are already synced, not mapped, but available for immediate process use with their old association or with a new association. Free pages are available at interrupt level, but cached or free pages can be used at process state for reuse. Cache pages are not adequately locked to be available at interrupt level.

There are some other flags (e.g., busy flag or busy count) that might modify some of the described rules.

10.22.

How much free memory is available?

There are a couple of kinds of free memory. One kind is the amount of memory immediately available without paging anything else out. That is approximately the size of cache queue + size of free queue (with a derating factor, depending upon system tuning). Another kind of free memory is the total amount of VM space. That can be complex, but is dependent upon the amount of swap space and memory. Other kinds of free memory descriptions are also possible, but it is relatively useless to define these, but rather it is important to make sure that the paging rate is kept low, and to avoid running out of swap space.

10.23.

What is /var/empty?

/var/empty is a directory that the sshd(8) program uses when performing privilege separation. The /var/empty directory is empty, owned by root and has the schg flag set. This directory should not be deleted.

10.24.

I just changed /etc/newsyslog.conf. How can I check if it does what I expect?

To see what newsyslog(8) will do, use the following:

% newsyslog -nrvv

10.25.

My time is wrong, how can I change the timezone?

Use tzsetup(8).

All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/

Questions that are not answered by the documentation may be sent to <[email protected]>.
Send questions about this document to <[email protected]>.