New to OpenBSD, looking for advice Post-Installation

[therue]

The faq doesn't really have a step by step approach for this.

I did look at afterboot in the manual, but that section is extremely short so I was wondering if anyone could perhaps give me some pointers or know a link where someone might have covered the setup process more in-depth?

Thanks in advance

[scottro]

I think a lot of it depends upon what you plan to do with the machine. For example, recently, I put OpenBSD on an old powerbook G4 with a whopping 512 MB of RAM, but all I'm using it for is to run ssh sessions to some servers.

What are you planning to do with the machine? A simple workstation? Are there specific programs you need? Are you happy with its default X window manager? (I did add openbox to the powerbook, simply because I'm quite familiar with its keyboard shortcuts).

Are there things you are trying to do with it that you can't yet do? You can always ask here, people are pretty nice, and will also often add references to the man pages, so that you can more easily do it yourself after you get more experienced.

So, I would say.
1. Try to do something you want to do.
2. If it doesn't work, often google will be useful. (And sometimes the FAQ, but it can depend upon what you're trying to do and the use case)
3. See if there's a man page that might be appropriate.
4. Ask here and wait for jggimi to answer. (They aren't the only one who answers of course, but sometimes it seems as if they know everything.)

[therue]

[just setting up openbsd on laptop for personal use]

i'm booted into the system after the installation and logged in as the user i created (which already belongs to the wheel group).

I'm trying to setup a few things like changing hostname, wifi, but how exactly do i sudo and gain root privilege ?

It seems sudo is not installed by default, so there's su and doas available, but what exactly are the differences between the two and when should one use one over the other?

Also, how exactly do i use them? in archlinux i would just do sudo <.....> like sudo pacman -Syu, sudo vi /etc/hosts. I know I can just su and it'll ask me for the password, etc. but how do i su and run the command in one line? what option should i use exactly? Can someone give me an example? I'm pretty new to nix in general.

Lastly, it seems that doas requires the creation of doas.conf and some editing? Should i just su for now?

[sacerdos_daemonis]

Quote:

Originally Posted by therue

I know I can just su and it'll ask me for the password, etc. but how do i su and run the command in one line?

As far as I know it is not possible.
First log into the root account:

Code:

$su
enter passcode
#

Then enter commands.
Then:

Code:

# exit
$

I cannot offer any advice for configuring sudo or doas.

[PapaParrot]

For 'doas', there is

Code:

man doas

This is a example of mine, I set it up for only specific commands.

Code:

permit nopass garry as root cmd dhclient
permit nopass garry as root cmd shutdown
permit nopass garry as root cmd mount
permit nopass garry as root cmd /etc/rc.d/nginx 
permit nopass garry as root cmd /etc/rc.d/mysqld
permit nopass garry as root cmd /etc/rc.d/php56_fpm

Another example:

Code:

permit persist setenv { PKG_PATH PKG_CACHE ENV PS1 SSH_AUTH_SOCK } :wheel

And there is a 'sudo' package available for OpenBsd, you just need to install it,
(on a side note: If you look at some history, you will see the sudo command actually was
first developed by openbsd developer)

Code:

Enter your command: doas pkg_add sudo     
quirks-2.304 signed on 2017-04-02T15:01:33Z
Ambiguous: choose package for sudo
a       0: <None>
        1: sudo-1.8.19.2
        2: sudo-1.8.19.2-gettext
        3: sudo-1.8.19.2-gettext-ldap
Your choice: ^CFatal error: Caught SIGINT

I hit ^C because I did not really want to install it.
History lesson 1 :
https://en.wikipedia.org/wiki/Sudo

Quote:

History

Robert Coggeshall and Cliff Spencer wrote the original subsystem around 1980 at the Department of Computer Science at SUNY/Buffalo.[9] As of 2018 the current version is under active development, maintained by OpenBSD developer Todd C. Miller and distributed under a ISC-style license.[9]

I don't know about sudo much I do not use it, but with "doas", yes a command can be run in 1 line without needing to enter a password.
====== edit=====additional ====
After installing OpenBsd, what next ?
There is a thread on this right here on this forum:
http://daemonforums.org/showthread.php?t=8577
There also are a lot of other results,....

Quote:

I did look at afterboot in the manual, but that section is extremely short so I was wondering if anyone could perhaps give me some pointers or know a link where someone might have covered the setup process more in-depth?

There really is not much to do after the initial install, it has all the essential utilities, commands, etc to do what ever you want. So you setup your system like you want, my setup might not be what you like, or need, every one has different needs, and tastes.
One thing that would be helpfull to you, not really "setup", but forget about "This is what I did on Linux, " OpenBsd is a whole different system, all though there are many of the same commands that are used on Unix like systems, including linux, it ends there.
I would suggest first , look at the Package Management FAQ
There is a list of what is available here: http://ftp.openbsd.org/pub/OpenBSD/6.3/packages/amd64/
Most of what I call "setup" is preferences, not essential, one example, I prefer the OpenBox windows manager, so I install that, I do not like "vi" at all, so I install a editor that I prefer, etc,
(actually on the editor, I have a couple) One works better for some things, but the other is better for other things,...
On the wifi, it is a non issue, my computer does not have a wifi card. So, in a nut shell , there is no specific "setup" that needs to be done, there is a infinite range of setups that can be done, all depending on you preferences.
====edited again===

Quote:

like changing hostname

Code:

 man hostname

https://man.openbsd.org/hostname.if.5

[Head_on_a_Stick]

Quote:

Originally Posted by therue

how do i su and run the command in one line?

Code:

su -c '$command_string'

Note though that only members of the wheel group can su to root in OpenBSD.

For configuring doas, see doas.conf(5).

[therue]

Quote:

Originally Posted by GarryR

For 'doas', there is

Code:

man doas

This is a example of mine, I set it up for only specific commands.

Code:

permit nopass garry as root cmd dhclient
permit nopass garry as root cmd shutdown
permit nopass garry as root cmd mount
permit nopass garry as root cmd /etc/rc.d/nginx 
permit nopass garry as root cmd /etc/rc.d/mysqld
permit nopass garry as root cmd /etc/rc.d/php56_fpm

Another example:

Code:

permit persist setenv { PKG_PATH PKG_CACHE ENV PS1 SSH_AUTH_SOCK } :wheel

And there is a 'sudo' package available for OpenBsd, you just need to install it,
(on a side note: If you look at some history, you will see the sudo command actually was
first developed by openbsd developer)

Code:

Enter your command: doas pkg_add sudo     
quirks-2.304 signed on 2017-04-02T15:01:33Z
Ambiguous: choose package for sudo
a       0: <None>
        1: sudo-1.8.19.2
        2: sudo-1.8.19.2-gettext
        3: sudo-1.8.19.2-gettext-ldap
Your choice: ^CFatal error: Caught SIGINT

I hit ^C because I did not really want to install it.
History lesson 1 :
https://en.wikipedia.org/wiki/Sudo


I don't know about sudo much I do not use it, but with "doas", yes a command can be run in 1 line without needing to enter a password.

i read somewhere that on openbsd doas is the replacement for sudo, and since it's not isntalled by default i think i'll avoid using it in the future.

from your post, doas requiring a doas.conf file seems like a more restricted, controlled version of sudo since users are only given the commands that you allow them to use individually, so different users can have a different set of commands available. like allowing this user to shutdown the system, allow that user to install packages.

i can see that as a good way to allocate authority for say other users on the machine, but what if this is just for personal use? doesn't that seem limited? since a lot of times you won't know what you need to run as root until it's time, like if i need to write to a system file, or etc. ?

So as an admin (only user) on the machine do you just use su then?

[therue]

Quote:

Originally Posted by Head_on_a_Stick

Code:

su -c '$command_string'

Note though that only members of the wheel group can su to root in OpenBSD.

For configuring doas, see doas.conf(5).

there's no need to specify a certain login class? the user i created during the installation seems to have class: staff

-c login-class
specify a login class. you may only override the default class if you're already root.

also that didn't seem to work either i don't think, when i did su -c vi /etc/examples/doas.conf
it said: su: only the superuser may specify a login class.

[Head_on_a_Stick]

Quote:

Originally Posted by therue

there's no need to specify a certain login class?

Not as far as I know, /etc/login.conf controls memory access and suchlike rather than permissions per se.

Quote:

Code:

-c login-class
specify a login class. you may only override the default class if you're already root.

Ooops, I'm sorry, I was getting confused with the Linux options, how embarrassing

Looks like sacerdos_daemonis is right about that.

[therue]

if i want to change the host name from the default that was created from installation so it doesn't contain .my.domain:

i need to modify /etc/myname
>from
therue.my.domain

>to
therue

and also modify /etc/hosts
>from
127.0.0.1 localhost
::1 localhost

>to
127.0.0.1 localhost therue
::1 localhost therue

is this correct? putting the hostname i want in the alias section of the entries?

FROM myname(5) man page:

Quote:

"/etc/myname contains the symbolic name of the host machine. The file should contain a single line specifying the fully qualified domain name (FQDN) of the system (e.g. host.example.com). The name must be resolvable, either by matching a hostname specified in /etc/hosts (see hosts(5)) or through DNS (see resolv.conf(5)). "

[ibara]

Quote:

Originally Posted by therue

i read somewhere that on openbsd doas is the replacement for sudo, and since it's not isntalled by default i think i'll avoid using it in the future.

Depends on your use case. There are plenty of uses for sudo. But it is larger than doas by orders of magnitude. doas is designed to be a small sudo replacement, OpenBSD-specific, that does 95% of what 95% of all users ever need. Most people will never need sudo but if you do, that's ok.

Quote:

Originally Posted by therue

from your post, doas requiring a doas.conf file seems like a more restricted, controlled version of sudo since users are only given the commands that you allow them to use individually, so different users can have a different set of commands available. like allowing this user to shutdown the system, allow that user to install packages.

i can see that as a good way to allocate authority for say other users on the machine, but what if this is just for personal use? doesn't that seem limited? since a lot of times you won't know what you need to run as root until it's time, like if i need to write to a system file, or etc. ?

Code:

permit nopass therue

Now you can run $ doas <command> to you heart's content. Any command, no password needed!

Code:

permit therue

Is perhaps preferred if you would like to enter your password in before executing commands with doas.

Quote:

Originally Posted by therue

So as an admin (only user) on the machine do you just use su then?

You should use doas.

[scottro]

www.tedunangst.com/flak/post/doas-mastery has a nice tutorial on simple doas setup, thought ibara's mini tutorial above is even quicker.

As for wifi, it will depend upon the card and whether it's seen or not. Often, you want to run
doas fw_update which will install drivers for a few wireless cards. Does the system see the card?

If, say, it's an Intel card, you can try man iwm or man iwn to see about its setup. If you only use it on your home network, you can set up an /etc/hostname/hostname.iwm0 as an example. It contains the lines, if your wireless network is called mynetwork and the password is mypass

nwid mynetwork
wpakey mypass
dhcp

See the faq at https://www.openbsd.org/faq/faq6.html#Wireless which has an incomplete section configuring your wireless adapter.

You can test from command line, again assuming your card is iwm0 and the network name and pass are the ones I used.

ifconfig iwm0 nwid mynetwork wpakey mypass and see if it works.


Running just ifconfig will show you if your wireless card has been seen.

[scottro]

The latest I see is the 2nd edition, which is still pretty old by now. That being said, anything Michael Lucas writes is worth reading, he seems, (in my opinion) to strike the perfect balance between technical and understandable.

[bsd-keith]

Michael Lucas books are well worth the cost, saves hours of hunting around for info, if you don't understand straight off what the OpenBSD man pages & FAQ are saying.
(I bought both editions).

P.S. I usually just add fluxbox, firefox, mc, mpg123, xpat2, & mpv - then I'll go & grab PySolFC2.0, & set it all up in the fluxbox menu.

[therue]

set up the hostname and got wireless working now
another question though.

when i installed openbsd i used installXX.fs (file sets included) so during the installation it did not create /etc/installurl since it did not use the internet to retrieve the sets. i'm trying to setup the mirrors for pkg, is it better to create /etc/installurl or by exporting PKG_PATH? is there advantages to one vs another?

also when it comes to export PKG_PATH environment variable i see several ways of exporting the link. is there a way that's better and more future proof?

https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/amd64
https://ftp.openbsd.org/%m
https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/%a
https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/%a/all
https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/$(uname -m)

is there a difference between the one using %m vs %a,
the one with all after %a, is all even necessary?
is it better to use $(uname -m) to let it automatically figure out the right architecture of my system? %a will detect the right architecture as well right?
also, what happens if i need to upgrade to 6.4 in the future, I will need to change the PKG_PATH as well i'm sure, but if i use %m, will this make it more future proof by any chance?

lastly, i've seen in some youtube videos where people also:
echo export PKG_PATH=blahblahblah >> .profile to add the PKG_PATH environment variable in the root .profile. is this necessary?

[bsd-keith]

I find it easiest to export it from my root .profile, when I upgrade I just change the version number, after using the upgrade option, then I upgrade all my installed packages.

[ibara]

Code:

$ cat /etc/installurl
https://cdn.openbsd.org/pub/OpenBSD

That seems the most future proof of them all.

[therue]

Quick question,

I've just ran syspatch and it applied the fixes to all 11 of those packages fine.
However, when I ran "uname -a" to get my system's info, how come it says:

OpenBSD atelier 6.3 GENERIC.MP#4 amd64 ?
shouldn't it say STABLE instead of GENERIC.MP#4? (after syspatch)

actually before i applied the patches, instead of showing RELEASE (pre syspatch), it was showing GENERIC.MP#107


when i ran "sysctl kern.version" it said:
kern.version=OpenBSD 6.3 (Generic.MP) #4
root@syspatch-63-amd64.openbsd.org: /usr/src/sys/arch/amd64/compile/GENERIC.MP

[jggimi]

You are running -release + errata patches, which may be equivalent to -stable, but is not exactly the same.

• A -stable system may sometimes be identical to -release plus errata patches, and may sometimes include additional committed patches which are not broadly applicable or severe enough to be published as errata patches.
• If -stable is desired or needed, the -stable system must be built by the local admin from the -stable branch of a CVS repository mirror, as articulated in the release(8) man page.

It can be confusing.

• The OpenBSD Project publishes errata patches in source code form, and for some architectures also publishes these patches in binary form to be applied via the syspatch(8) tool. An admin can build and apply the patch from source, or, on some architectures, use the binary patch.
• The Project does not distribute binary -stable systems, only -stable patches via developer commits to the OpenBSD source code CVS repository, which is then distributed to repository mirrors.
• Some of those patches may be published as errata. Some may not.
• For additional info, see www.openbsd.org/stable.html

[therue]

Quote:

Originally Posted by jggimi

You are running -release + errata patches, which may be equivalent to -stable, but is not exactly the same.

• A -stable system may sometimes be identical to -release plus errata patches, and may sometimes include additional committed patches which are not broadly applicable or severe enough to be published as errata patches.
• If -stable is desired or needed, the -stable system must be built by the local admin from the -stable branch of a CVS repository mirror, as articulated in the release(8) man page.

It can be confusing.

• The OpenBSD Project publishes errata patches in source code form, and for some architectures also publishes these patches in binary form to be applied via the syspatch(8) tool. An admin can build and apply the patch from source, or, on some architectures, use the binary patch.
• The Project does not distribute binary -stable systems, only -stable patches via developer commits to the OpenBSD source code CVS repository, which is then distributed to repository mirrors.
• Some of those patches may be published as errata. Some may not.
• For additional info, see www.openbsd.org/stable.html

ah ok, but how come my fresh install didn't say RELEASE either? i thought the IMAGE from the official site for creating the USB disk is supposed to be RELEASE?
for me, it still said GENERIC.MP#107 <--- just a different number than after i applied the patches with syspatch