|
|
| Author |
Message |
| 25 new of 467 responses total. |
blaise
|
|
response 75 of 467:
| 
Aug 6 16:39 UTC 2004 |
Another option for handling mail quotas is to have the individual users'
mailboxes in their home directories. (Exim can handle that quite easily
using either Maildir or mbox format.)
|
remmers
|
|
response 76 of 467:
|
Aug 6 17:27 UTC 2004 |
Re #73: Very nice. Thanks for the update and for all your work on this.
Re #75: That's a possibility. Downside: It opens up a new avenue for
abuse -- a malicious person could cause someone else's disk quota to be
exceeded by bombarding them with mail.
|
jp2
|
|
response 77 of 467:
|
Aug 6 18:33 UTC 2004 |
This response has been erased.
|
gelinas
|
|
response 78 of 467:
|
Aug 6 22:16 UTC 2004 |
Yes, it is. We KNOW that there are people who would quite happily blow many
of their acquaintances over quota, given the opportunity. I'm sure you can
think of a name or two, if you put your mind to it.
|
mfp
|
|
response 79 of 467:
|
Aug 7 00:48 UTC 2004 |
:(
|
jp2
|
|
response 80 of 467:
|
Aug 7 16:10 UTC 2004 |
This response has been erased.
|
janc
|
|
response 81 of 467:
|
Aug 9 17:20 UTC 2004 |
I don't think it would be a huge problem either, but getting a mail
program that handles quotas set up is not rocket science. I'm sure it
would work better than just having the write to the mailbox fail.
|
janc
|
|
response 82 of 467:
|
Aug 9 17:26 UTC 2004 |
I'm currently working on porting robocop. This is the least portable
program we have - it pretty much requires a full rewrite and will
require more work later to tune it to the new system. It is a process
monitor, and the process table is one of the least standardized parts of
Unix. It also depends on many other very system-dependent things, like
the mapping between device names and major and minor device numbers.
I'll likely have to spend a couple days on this.
Part of the problem is that because it depends on very system dependent
parts of OpenBSD, I'm largely dependent on documentation written by the
OpenBSD folks, who generally write sucky documentation.
|
janc
|
|
response 83 of 467:
|
Aug 12 03:21 UTC 2004 |
OK, I have a near approximation to a working robocop. It compiles. It
runs. It doesn't kill me.
Can't really tune robocop until we have some real users to test it on.
It takes some tuning to get it working 100% right. When NextGrex comes
up, it'll be running in a diagnostic mode. It'll probably be a few days
before it is tuned well enough to turn fully on.
Once kip does something about the mail, robocop will need to be adjusted
for that.
I'm going to go on to a few other admin tools.
|
janc
|
|
response 84 of 467:
|
Aug 27 15:48 UTC 2004 |
Since much of the source code that needs to be ported to nextGrex is no old
Grex, I wasn't able to do all that much while Next Grex was down.
I did port two admin tools: zapuser and killu. One deletes user accounts
and it part of our reap process and the other kills user processes, like fork
bombs.
I'm currently working on porting Mic's menu shell. I'm not sure if the old
menu shell is still being used on old Grex, but I'm not going to port it to
new Grex. One menu shell is enough. This is not particularly hard to port.
Mainly I'm just going to be reviewing and cleaning it up. Like there appears
to be an option to display the latest version of Horst Mann's BBS list for the
313 area code. Horst Mann's BBS list was last updated in 1994 and the 313
area code was split years ago. I'm not convinced this is still useful data.
The biggest task that must be done is to install a Mail Transport Agent that
does quotas. Kip is planning to install exim. Here'a a page that talks about
a scheme for doing mailbox quotas right with Exim:
http://www.timj.co.uk/linux/rcpt-time-quota-maildir.php
This is based on maildirs, I think, which we don't want to use, I think,
but that actually makes things easier, not harder, I think. The basic
idea is actually pretty close to Marcus' sendmail mods, and some ideas
from Marcus's version could be rolled into it to make it better.
Less vital, but still important, is building spam filtering into the
MTA. I strongly doubt that we could run SpamAssassin - it's too slow.
But we should investigate other off-the-shelf spam filters that could
be used on Grex. It wouldn't have to be awfully good to be better than
what we had in the past.
The other modification to standard mail on old Grex is the hierarchical
mail directories. This would be desirable on new Grex, but I think we
could come up without it and put it on the list of things to possibly
look at in the future. An alternate solution to look at might be to put
the mail partition on some sort of file system that handles large
directories better. Dunno if that is available for OpenBSD.
|
cross
|
|
response 85 of 467:
|
Aug 28 03:15 UTC 2004 |
....Or just put mail in home directories, which has been suggested before.
I'm against using Exim; it's not one of the Big Three: Postfix, Qmail,
and Sendmail.
Spamassassin can be run in a `daemon' mode that makes it much faster.
This is what the OpenBSD people champion doing.
|
gelinas
|
|
response 86 of 467:
|
Aug 28 03:27 UTC 2004 |
We'd still kind of like to block the spam _before_ it's crossed our
WAN link. I really don't know how well that will work.
Paying only cursory attention, I've sort of gotten the impression that
heirarchical mail directories are becoming standard.
I'm opposed to putting mail in home directories. It's one thing to
maliciously deny a user access to more mail; it's another to maliciously
deny a user access at all. But we've had this argument before. :)
|
spooked
|
|
response 87 of 467:
|
Aug 28 13:47 UTC 2004 |
Thanks Jan - great work on porting everything!
Like you say, the menu shell (driver program) is readily portable -
one or more of the menu template (hence scripts), like you say, will need
pointing to the right places on the new system. Thus, the intended design
of the new menu system has been met well (i.e. flexibility to change,
especially for non-programmer types). Just happens, in this instance,
that a very good programmer is updating the links :) I concur with
you that there is no good reason to also include the old menu system on
Next Grex.
|
cross
|
|
response 88 of 467:
|
Aug 28 15:12 UTC 2004 |
Regarding #86; We have had it before, it's true. But please explain to
me how mail in home directories can deny a user access to grex at all?
Is your reasoning that someone can mailbomb a user, forcing them to go
over quota? I'd say they can just login and clear out their mailbox.
Regardless, I'll be surprised if there aren't plugin options to deliver
mail to hierarchical directories for any given MTA we'd be likely to pick.
|
janc
|
|
response 89 of 467:
|
Aug 28 20:29 UTC 2004 |
I have no opinion what mailer is the right one to use. However, Kip has
substantial experience with exim, and he's willing to do the configuration.
I've done some basic research on exim, and it appears to be quite possible
to do everything we need to do with exim. So going forward with exim appears
to be a workable plan with a person ready to execute it. I'm not going to
oppose that plan unless there is another option that has a higher probability
of happening sometime soon.
Actually, I did "need" to make a few more changes to the menu shell
interpretor. There were bits of code that worked just fine, but tended to
make me wince. For example I changed the "getHomeDirectory" function from
this:
char homeDir[30] = "";
void getHomeDirectory(void)
{
int notSpace = TRUE;
char c = ' ';
int i = 0;
FILE *crapPtr;
system("finger `whoami` | head -2 | tail -1 > /tmp/newmenu.`whoami`");
system("chmod 777 /tmp/newmenu.`whoami`");
if ((crapPtr = fopen("/tmp/newmenu.`whoami`", "r")) == NULL)
{
/* ignore this case */
}
else
{
while (i < 11)
{
fscanf(crapPtr, "%c", &c);
i++;
}
i = 0;
while (notSpace)
{
fscanf(crapPtr, "%c", &c);
if (c == ' ')
notSpace = FALSE;
else
homeDir[i] = c;
i++;
}
fclose(crapPtr);
system("rm -f /tmp/newmenu.`whoami`");
}
}
to this:
char *homeDir;
void getHomeDirectory(void)
{
struct passwd *pw;
if ((homeDir= getenv("HOME")) == NULL)
{
if ((pw= getpwuid(getuid())) == NULL)
{
fprintf(stderr,"Whoops, who are you?\n");
exit(99);
}
homeDir= strdup(pw->pw_dir);
}
}
The new version is actually overkill. The "HOME" environment variable is
actually always going to be defined, so the failback method is never going
to be used. I could really have done it as:
char *homeDir;
void getHomeDirectory(void)
{
if ((homeDir= getenv("HOME")) == NULL)
{
fprintf(stderr,"Whoops, who are you?\n");
exit(99);
}
}
The old version worked when I tested it, but if you do an "ls /tmp" on Grex,
you'll see numerous newuser.username files there, so it appears that it
fairly often leaves detrious behind. I'm sure that today Mic would never
write code like that - it's clearly a relic of his callow youth, best erased
and forgotten. Pretend you didn't read this item.
There's a hunk of code that captures "!cd" commands. That wasn't working on
the OpenBSD system. I started debugging it, but was struck by a more modest
wince reflex, and decided to rewrite it before debugging it. There was quite
a lot of spurious copying of data from array to array in the original, and
I thought it was easier to clean it up than to figure it all out. There were
some subtle bugs in the original too. Looked like the command "!cdrom" would
be interpreted as a cd to the "rom" directory.
|
gelinas
|
|
response 90 of 467:
|
Aug 29 01:31 UTC 2004 |
To a naive user, the error messages and other effects of being overquota are,
in and of themselves, a denial of service, Dan. You've been too long away
from that naivete. :(
|
janc
|
|
response 91 of 467:
|
Aug 29 02:28 UTC 2004 |
Finally figured out how to get robocop checked into the CVS archive. There
were some weirdnesses that were preventing a checkin.
Completed port of the menu shell, and testing of everything it displays.
|
janc
|
|
response 92 of 467:
|
Aug 29 02:29 UTC 2004 |
Menu shell is in CVS archive.
|
janc
|
|
response 93 of 467:
|
Aug 29 02:39 UTC 2004 |
Installed figlet from the ports tree, and added the install script for it to
the CVS archive.
|
janc
|
|
response 94 of 467:
|
Aug 29 03:30 UTC 2004 |
Installed on NextGrex (and in the CVS archive) the extract, forget, partname,
and findconf comands. These are useful but little known commands to do some
simple bbs operations from the shell some are used in some scripts. See man
page for extract/forget.
These are derived from the ancient bbsread source. I should replace them with
new version derived from Backtalk source (which is distantly related to
bbsread source) or based on Fronttalk, but I'm not going to take time to do
that right now.
|
cross
|
|
response 95 of 467:
|
Aug 29 06:00 UTC 2004 |
Regarding #90; Perhaps you're right, Joe, but isn't that an issue we're
going to have to deal with anyway?
|
spooked
|
|
response 96 of 467:
|
Aug 29 09:56 UTC 2004 |
Oh, yes, it wasn't the best C code - sorry. Thanks for the improvements.
|
janc
|
|
response 97 of 467:
|
Aug 29 19:14 UTC 2004 |
Months (years?) ago I'd set up some cron scripts which were supposed to
periodically back up everything to the IDE drive using rsync. These weren't
working. Repaired them.
|
gelinas
|
|
response 98 of 467:
|
Aug 30 03:29 UTC 2004 |
Yes, Dan, but there is a difference between going over quota by your own
action and being forced over quota by something beyond, not even under, your
control.
|
janc
|
|
response 99 of 467:
|
Aug 30 15:24 UTC 2004 |
Currently when we lock a user account, we modify the password field, so it
is no longer possible to log in. This is a non-standard practice that would
require writing custom tools to preserve. I believe that we should instead
shift over to locking accounts by expiring them.
One problem with this is that the authenticator Backtalk uses does not
understand account expiration, and will let people log into expired accounts.
But this is a feature that should be added into that program anyway, together
with the ability to recognize the /etc/nologin file. So the next task I'm
going to take up is making account locking work. This will include:
(1) update the "lockuser" administrative script to use the OpenBSD tool
(I think it's "usermod" to lock accounts instead of Marcus's old
pwadm program).
(2) update the Backtalk authenticator, pwauth, to understand expiration
and such.
I think it is possible that to thoroughly lock an OpenBSD account I might
need to change the shell to some kind of "noshell" thing as well as expire
the account. I'd prefer not to do this if I can get away with it though,
because this makes it much harder to unlock the account - you have to remember
what their original shell was. If anyone has input on this, I'd appreciate
it.
A lower priority related change would be to modify backtalk to do something
better with expired accounts, expired passwords, and /etc/nologin. Currently
backtalk on Grex uses "basic authentication" - that little pop-up login
window. The problem with this is that there is now way to tell a user
why their login failed. Non-existant login ID, wrong password, expired
password, locked account, /etc/nologin turned on - whatever it was you just
get a new login box and no clue what is wrong. Only when you try to telnet
or ssh in will you (I hope) get some kind of sensible message.
I could do better with backtalk if I used the already existing option for
doing form-based authentication. In this configuration instead of the
authentication being worked out between your browser and the Apache http
server, backtalk itself does the authentication, and can thus generate
sensible error messages. The problem is that in this configuration backtalk
uses session IDs to identify logged in users. These session ID's are kept
in a cookie, and cookies are passed by Apache to backtalk in an environment
variable. Any user logged into Grex can do a "ps -e" to see the environment
variables on any process. (Some Unix's prevent this - OpenBSD does not.)
This anyone could grab any other logged-in Backtalk user's session ID and
impersonate them in the conferences. Not a good thing, and not very fixable
on Grex.
Probably I'll look into Apache to see if I can make it redirect to an error
page if logins are expired or prevented by a nologin, as opposed to just
asking the user to try logging in again. I think this should be possible,
but it's going to take some time to figure out. I may let this slide till
after NextGrex comes on line.
|
