- 07 Mar, 2022 10 commits
-
-
themylogin authored
(cherry picked from commit 5b3bcaf0)
-
themylogin authored
If TrueNAS is installed on a USB stick, Debian changes boot pool vdev to something like `/dev/disk/by-id/usb-JetFlash_Transcend_16GB_XXXXXXXXXXXXX-0:0-part3`. This was not being mapped properly. (cherry picked from commit 95099a0f)
-
themylogin authored
(cherry picked from commit 6ff40656)
-
themylogin authored
(cherry picked from commit 0c851fa8)
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
This commit fixes an issue where we had a race condition between retrieving routing tables and the defined rules.
-
themylogin authored
Sometimes disks are not mapped with their vdev guids. This happens randomly and rarely (usually users are able to resolve this issue just by rebooting the system). I failed to repeat this. Let's have better debugging for the future reports of this issue. I decided to drop those awk scripts that provide "normalized" data, raw zpool output is perfectly readable and it's much reliable to have unprocessed data in the debug.
-
themylogin authored
-
- 04 Mar, 2022 6 commits
-
-
Andrew authored
Apart from having shared context (which is probably of negligable benefit here). This also makes several changes to how webdav config files are generated. We now always ensure that password hashes are owned by webdav user and permissions are 0o600 and use secrets.choice() rather than random.choice() for generating hashes. A subprocess call to change owner has also been replaced with shutil.chown(). Futher investigation may be required in order to determine whether this chown call is actually needed.
-
Andrew authored
Remove support for TLSv1, TLSv1.1 and add support for TLSv1.3 Add webdav.cert_choices method
-
M. Rehan authored
-
Andrew authored
Convert to using the default mpm for webdav. mpm_prefork was crashing on a NULL dereference and is most likely not a great choice for our purposes.. Since this change means that apache server is no longer setuid, ensure that apache is running as webdav rather than www-data so that users don't lose access to files written by webdav.
-
themylogin authored
-
themylogin authored
-
- 03 Mar, 2022 23 commits
-
-
Andrew authored
-
Andrew authored
The "-N 2" option was copied over from the nfs-kernel-server mako file where it disabled the NFSv2 protocol. In this case, '-N' option actually prevents rpc.statd from starting.
-
Andrew authored
Where possible we should avoid using pwd and grp modules to look up users / groups. Users can't change ids of builtins and so we don't need to look this up every time we generate an etc file. This is to prevent a significantly misbehaving directory service (which can cause NSS lookups to hang longer than middleware timeout) from adversely affecting etc file generation. Hence we do the following here: * allow "owner" and "group" in etc group config to be an int representing uid or gid * ensure that we're running all permissions-related items in a separate thread by shifting this logic to a separate function
-
M. Rehan authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
(cherry picked from commit c7553974)
-
Waqar Ahmed authored
(cherry picked from commit a732e330)
-
Waqar Ahmed authored
(cherry picked from commit c108d2bc)
-
Waqar Ahmed authored
(cherry picked from commit e1bc6d58)
-
Andrew authored
This also removes a large amount of FreeBSD-related PAM files.
-
Andrew authored
This also adds more rigid control over permissions of config and key files. We will also begin deleting unexpected contents from /etc/ssh if they are detected.
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Caleb St. John authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
- 02 Mar, 2022 1 commit
-
-
Andrew authored
* Optimize reloads of user service Consolidate all the mako files associated with a user service reload into a single python file. This minimizes the amount of times that user.query and group.query must be called. On test server with high user count, this changeset halves the amount of time it takes to add or delete a new user. * Enhance user API test Improve existing user tests by validating the following: - pw_dir reflects the homedir specified when creating a user - pw_gecos reflects the specified user - group list is properly updated Verify that /etc/passwd, /etc/shadow, /etc/group, /etc/sudoers are properly written in a way that reflects account modifications.
-