my FreeBSD diary
January 27, 2002 (as amended - updated to cover FreeBSD 8.x)

with respect and in deference to The FreeBSD Diary

The aim of this project is to produce a unix server which provides SSH, FTP, SMTP, POP, IMAP, NTP, HTTP (Apache, PERL and PHP), SQL (MySQL), SMB file and print sharing (Samba and CUPS), and email filtering (SpamAssassin) service. An all-in-one drop-in replacement for Windows and Netware servers, basically, with some extra features. I know that unix is more reliable and secure, and is more powerful, than any version of Windows, and I wish to pass these benefits onto my customers.

Note, this server will be on a NATted LAN inside the corporate firewall, which is a separate device, and doubles as a router, DNS server, and ADSL uplink. DHCP is not used.

  1. research

  2. download

  3. install

    1. partitioning
    2. options
    3. SSH
    4. freebsd-update
    5. portaudit
    6. portsnap

  4. building the services

    1. NTP
    2. FTP
    3. SMTP (sendmail)
    4. HTTP (Apache)
    5. PHP
    6. SMB (Samba)
    7. CUPS
    8. POP/IMAP (Dovecot)
    9. SQL (MySQL)

  5. notes

    1. user management
    2. the packages collection
    3. the ports collection
    4. scripting
    5. DOS refugees
    6. dual-booting
    7. other

research

Looking for a unix desktop instead of a server platform? Check out PC-BSD - This is FreeBSD + KDE (a popular GUI), with a sexy installer, some smart scripts and a bunch of services preinstalled and preconfigured. It doesn't try to be a server - this is a system designed to do the same job as Windows XP. It's very slick indeed.

The first step is to settle upon which unix to use. I poked around on the net, and I read some of the documentation. Factors influencing my decision included popularity, lineage, and hardware support. In the end, FreeBSD was the clear winner; not only modern and well-supported, but also with a distinguished history, and reference sites including yahoo.com, apache.org, cdrom.com and even (once upon a time) hotmail.com. Sold... Linux? Oh yes - that's the unix that uses BSD components, GNU components, Linus components.. I've heard of it.

I then needed to select a distribution - there's NetBSD, OpenBSD and FreeBSD. NetBSD is optimised for portability... I don't need that. OpenBSD's main advantage seems to be security - I didn't feel the need to encrypt my swapspace... so I opted for the high-performance FreeBSD instead. See also a comparison of BSD operating systems and/or Distrowatch for more information.

Hardware-wise, BSD runs on pretty well anything, including the 333MHz AMD K6 in the test server, with 128Mb of RAM and 4Gb of disk (note that I currently recommend a minimum of 10Gb for a FreeBSD 8.x install). BSD can run with less resources than these - but it's not recommended. A BIOS with support for ACPI and bootable CD-ROMs is also suggested. While BSD can run on ancient hardware, the limitations this imposes on the flexibility of the system may be excessive. Certainly, for production servers I hope to use the latest and fastest hardware. Note that BSD, being a community-supported OS, does not immediately support new devices; nor do manufacturers usually ship BSD drivers. Ensure that drivers are available, working and stable before committing to a specific device.

Software-wise, aside from the operating system I also had to decide which servers and applications to deploy. I stuck with the tools I knew.

Note: once you've settled on a distribution, you might like to stick with the particular version of the distribution you download, at least for a while. This will allow you to compare and contrast between your builds (you will no doubt do several). If you always use the latest version of the distribution, you will be introducing inconsistencies between your builds, this will be confusing if you are still learning how the system works. So, select your download very carefully. As always, avoid ".0" releases, you want a version number x.1 or higher.

download

Next, I had to get the FreeBSD CDs. I downloaded the full distribution as an ISO from a mirror; after verifying the MD5 hash for each ISO, I then burned the ISOs onto CDs. If you're not sure how to burn an ISO from a mirror onto a CD, or verify the hashes, this is your cue to open a new browser window and zoom over to your favourite search engine. I did try using BitTorrent to get the ISOs, but it was going to take twice as long, plus saturate my outbound, so I aborted BitTorrent and went for good old FTP.

install

  1. Assemble the hardware. Try and use known-good hardware if possible. Ensure the drive you are installing FreeBSD on is connected to the Primary IDE channel, and is configured as Master. This is not strictly necessary, and certainly for SCSI setups is not applicable, however unless you know what you're doing, keep it simple. You may need to use a boot manager if you do not install to a drive configured as master on the primary IDE channel. Ensure the machine can see the hard disk and CD-ROM before continuing.

  2. Configure the BIOS. Usually, there's nothing to change, but the system date should be set correctly. Also, the CD-ROM needs to be a bootable device, higher in the boot order than the primary hard disk (just during installation - once the install is complete, it's good security to set the hard disk as the first bootable device, unless otherwise needed). Finally, ACPI should be enabled. If your BIOS does not support booting from CD, or ACPI, my advice is to find a computer that does, and use that, since these features will make your life as admin simpler and faster. Check the BIOS settings, especially the clock, before installing the software.

  3. Put in the CD (use disk 1 for FreeBSD 7.x and below) and boot off it. From the welcome screen that appears, select 1. Boot FreeBSD [default] (if you have problems with crashes during startup or install, try the other options on this first screen, especially ACPI). The next two screens allow country and keymap selection (in FreeBSD 4.11, these options are selected later). I suggest UK, then from the next screen, UK CP850. The sysinstall Main Menu is then displayed; select standard install.

  4. If you have multiple drives in your system, you will now be prompted to select which drive to install to. Select this VERY carefully. If you select the incorrect drive, you are likely to lose all the data on that drive during the install. If you have multiple drives, but you are not prompted to select a drive, that means that FreeBSD has not detected your other drive(s). Check your hardware setup in this case.

  5. FDISK the partition editor will now appear. Check that you are installing to the correct drive - the top-left corner of the FDISK screen shows the Disk Name, which should be ad0 if you are installing to the master drive on your primary IDE channel. If the disk name is correct, press A (to use the entire disk), press down-arrow (to select the new FreeBSD partition), press S (to make the new FreeBSD partition bootable), and finally press Q to quit FDISK. [Note to fellow DOS refugees: FreeBSD calls partitions 'slices'. FreeBSD has partitions too but they are different to DOS-style partitions - in fact they are sub-partitions, and are called labels.]

  6. The installer then prompts to install a boot manager. Select install a standard MBR. If you are doing multiboot, I still recommend you select standard MBR here, I had problems with the FreeBSD boot manager (admittedly, a few years back). You'll need to install a Boot Manager separately in this case (see my multiboot notes for more on this).

  7. Next, the disklabel editor appears; press A to create the default scheme. Customise label sizes as needed, then press Q to quit the label editor. The disklabel editor can be tricky to use, especially if customising the label sizes - fortunately the defaults are often acceptable. For reference, the following FreeBSD-style partitions are required:

    /250Mb minimum
    swap500Mb minimum
    /tmp500Mb minimum
    /usr5Gb minimum
    /var2Gb minimum

    Smaller values may work, but will probably not be useful (especially over time). /usr should be as big as possible. Think carefully before proceeding - ensure the scheme you define will suit the machine's intended usage (a mailserver, which by default puts spools in /var, will probably need an extra-large /var, for example). You may need to juggle the sizes of the various labels, particularly if you are installing on a disk 4Gb or less in size. Once the label sizes are defined, it's difficult to change them without reinstalling the system from scratch. Unfortunately, FreeBSD is not yet blessed with tools like Ghost and Partition Magic (although you could try PING if you were brave).

  8. With label sizes defined, the installer then prompts for an installation type - select Developer, unless you have a preference otherwise.

  9. In FreeBSD 8.x, the next screen to appear asks whether to install documentation. Selecting the correct documentation for your language is recommended.

  10. The installer then asks whether to install the ports collection. If the ports collection is not installed, this can cause difficulty in some circumstances, so electing to install the ports here is recommended.

  11. The installer then returns to the "choose distribution" screen - your previous selection should now be marked with an X. If this is the case, press the Tab key to move the cursor to the OK button, then press the Space bar to press OK.

  12. Select your installation media.

  13. Read the next screen carefully - if you're happy that you're about to erase your hard disk, press Enter to continue! The hard disk will then be partitioned and formatted, and system files will be copied to the disk (this process takes some time). When the install is completed, a congratulations message will appear.

  14. The installer then proceeds to the "final configuration questions". These vary depending on previous choices and the distribution being installed (docs: handbook).

  15. Press the X key to exit the installer and reboot, not forgetting to eject the CD.

  16. FreeBSD 7.x and below only: to complete the install, enter some "random entropy" for SSH key generation - this is done on first boot, follow the onscreen instructions (this step won't appear if you did not elect to enable SSH during install).

This done, you should be able to login as root, and immediately ping yahoo.com!

Note: if installing FreeBSD in a dual- or multi-boot system, a boot manager should be installed at this point. You may also wish to remove the ability to boot from CD from the BIOS.

You should now continue to the next section.

SSH: (docs: handbook; manpage - daemon; manpage - config file)

During install, you may have selected "Yes, enable SSH login" - while this generates keys and configures the SSH daemon to start on boot, it crucially does not automatically allow anyone to login remotely (including root). To permit a user to login, first login to the console as root, then:

  1. edit the daemon's configuration file: vi /etc/ssh/sshd_config
  2. uncomment the line Protocol 2, then set it to Protocol 2 (this ensures SSH1 is NOT supported)
  3. uncomment (or create) the PermitRootLogin line and set it to no
  4. uncomment (or create) the MaxStartups line and set it to 5
  5. uncomment (or create) the X11Forwarding line and set it to no
  6. uncomment (or create) the Banner line and set it to none
  7. go to the end of the file, add these new lines:
    # denied users
    DenyUsers Administrator Guest Root
    # permitted users
    AllowUsers username@IP.address.you.use
    
  8. save the changes to the config file and quit the editor
  9. restart the SSH daemon: /etc/rc.d/sshd restart

username is usually the username associated with the sysadmin's personal account (created above, member of group 'wheel'). Do not permit root to login remotely. A more secure configuration is to permit a user who can 'su' to root instead. The configuration above denies root login, and permits access only by the system administrator's personal account (who can 'su' as needed, as the account is a member of the wheel group).

IP.address.you.use is the IP address of the computer you use to connect to the server. Failing to add the AllowUsers line permits users to login from anywhere. Failing to add the IP address permits the user specified to login from anywhere.

Remember to restart the daemon after you save your changes to its configuration file. It only reads the file when it starts up.

Note: this configuration permits use of password-based authentication, which is vulnerable to brute-forcing. Key-based authentication is more secure. However, in the configuration above an IP address is specified on the AllowUsers line, which means that a brute-force attack can only be successful if it is made from that IP address. denyhosts can be used to ban problem IPs. Nonetheless, key-based authentication is much better, and is recommended.

The rest of the build can be completed remotely (via SSH), if desired. If you wish to connect remotely via SSH, and a firewall is in between, forward the SSH port 22/TCP to the server now. Also, check that port 22/TCP is open on the firewall. It's good security to use an alternate port, if possible (forward, for example, firewall/external port 6666 to server/internal port 22 - you then specify port 6666 in your SSH client and the firewall maps the traffic to port 22 on the server).

SSH issues? Have a look in /var/log/auth.log

You should now continue to the next section.

freebsd-update: (docs: handbook; manpage)

To update a new install OR an existing system, which is currently FreeBSD 6.3 or higher, use the freebsd-update utility as follows:

  1. login as root
  2. freebsd-update fetch
  3. freebsd-update install

This step should NOT be skipped if you're doing a new install. The installation media is likely to contain code that has since been updated.

Note that as freebsd-update is included in the base install, there's no need to install it from ports.

Warning: freebsd-update creates creates a work directory in /var/db/freebsd-update. This can get large (approx 800Mb as of December 2014). Ensure to have at least 1Gb of free space on /var before using freebsd-update. If this is not feasible, it's possible to change the location of the work directory, as follows:

  1. login as root
  2. vi /etc/freebsd-update.conf
  3. Uncomment the workdir line, then change the location as desired
  4. save the changes to the config file and quit the editor
  5. cd /var/db
  6. mv freebsd-update /location/you/specified

If freebsd-update consistently fails on the same file (unexpected end of file? incorrect hash?), try this:

  1. login as root
  2. rm -rf /var/db/freebsd-update
  3. mkdir /var/db/freebsd-update
  4. chmod 700 /var/db/freebsd-update
  5. reboot (may not be necessary - untested) and try again

You should now continue to the next section.

portaudit: (docs: manpage)

portaudit is a useful tool that prevents the installation of ports containing known vulnerabilities. It also checks existing ports for known vulnerabilities.

How to install:

  1. cd /usr/ports/ports-mgmt/portaudit
  2. make install clean

At any time, you can now check all ports for vulnerabilities with the command:

/usr/local/sbin/portaudit -Fda

Notes:

You should now continue to the next section.

portsnap: (docs: handbook)

portsnap is used to update the ports collection. portsnap is installed with the base system, for FreeBSD 6 and up (earlier versions require it to be installed from the ports collection).

To initialise portsnap, and update to the latest ports tree, login as root, and do this:

portsnap fetch extract

This command is only required when portsnap is first run. To update the ports tree at a later time (eg. once portsnap has been initialised, as above):

portsnap fetch update

Notes:

...And that's it! The installation of FreeBSD is complete. It's now possible to install the services, as described in the following sections.

building the services

NTP: (docs: handbook; manpage)

An NTP daemon is installed by default; use this procedure to configure and start it:

  1. edit startup file: vi /etc/rc.conf
  2. add these lines to the end of the file:
    
    ntpdate_flags="time.server.to.use"
    ntpdate_enable="YES"
    ntpd_enable="YES"
    ntpd_sync_on_start="YES"
    
  3. save the file and close the editor
  4. open config file: vi /etc/ntp.conf
  5. (not needed in FreeBSD 8.x) add a line: server time.server.to.use
  6. (not needed in FreeBSD 8.x) add a line: driftfile /var/db/ntp.drift
  7. add these lines to the end of the file:
    
    # activity log
    logfile /var/log/ntpd.log
    
    # security fix - see http://www.kb.cert.org/vuls/id/348126
    restrict default kod nomodify notrap nopeer noquery
    restrict -6 default kod nomodify notrap nopeer noquery
    
  8. save the file and close the editor
  9. start the server: ntpd

Notes:

FTP: (docs: handbook - ftp; handbook - inetd; manpage - inetd)

An FTP server is installed by default; use this procedure to configure and start it:

  1. run sysinstall
  2. select Configure, then Networking
  3. go down to inetd and press Enter
  4. accept the warning
  5. open the editor
  6. uncomment the "ftp" line (tcp6 is apparently for IPv6 - I left this commented out)
  7. save the changes and exit the editor, then quit sysinstall (press Esc to exit)
  8. if needed, add usernames to the banned user file: vi /etc/ftpusers
  9. if needed, add usernames to the restricted user file: vi /etc/ftpchroot
  10. if needed, edit welcome and motd files: vi /etc/ftpwelcome ... vi /etc/ftpmotd
  11. start inetd: /etc/rc.d/inetd start
  12. edit startup file: vi /etc/rc.conf
  13. ensure the inetd_enable line is set to "YES"
  14. if present, ensure TCP_extensions is set to "NO"
  15. save any changes and exit the editor

Notes:

SMTP (sendmail):

Sendmail is installed and enabled by default. Use this procedure to configure it:

The instructions once given here, which were for configuring sendmail in outbound-only mode, are no longer recommended for use, and instead, ssmtp is suggested (I hope to add instructions for this soon).

HTTP (Apache): (docs: handbook; homepage: Apache)

Note: newer versions of FreeBSD install Apache, if it is not installed when PHP is installed. If you've already installed PHP, skip to step 3 of the instructions below. If you get a blank page at step 3, you need to start at step 1.

  1. install from the Ports collection: cd /usr/ports/www/apache13-modperl
  2. make install clean (this requires a live internet connection, and takes a while)
  3. open the Apache config file: vi /usr/local/etc/apache/httpd.conf
  4. change the ServerAdmin line
  5. change the DocumentRoot line to /usr/local/www/public_html
  6. change the second <Directory> line to /usr/local/www/public_html

    Note, ensure to change the second instance of the <Directory> line - it's underneath the text "This should be changed to whatever you set DocumentRoot to."

  7. in the same section (just a few lines below), you may wish to change the AllowOverride line to enable various features; example: AllowOverride FileInfo Limit Options
  8. locate the DirectoryIndex section, then comment out everything (eg. everything between <IfModule mod_dir.c> and the matching </IfModule>), then add a new line as follows:
    DirectoryIndex index.php index.html index.htm
    
  9. change the ServerSignature line to Off
  10. add a new line underneath the ServerSignature line: ServerTokens Prod
  11. locate the Aliases section, then comment out the /manual/ alias
  12. locate the Document Types section, then add the following to the end of the section (just before the </IfModule>):
    ## BEGIN extra PHP filetypes ##
       AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml .html .htm
       AddType application/x-httpd-php-source .phps
    ## END extra PHP filetypes ##
    
  13. save the changes and exit the editor
  14. mkdir /usr/local/www/public_html
  15. chmod 775 /usr/local/www/public_html
  16. mkdir /usr/local/www/logs
  17. echo apache_enable=\"YES\" >> /etc/rc.conf
  18. /usr/local/sbin/apachectl start

Notes:

PHP: (docs: PHP)

Warning: newer versions of FreeBSD install Apache, if it is not installed when PHP is installed. If you planned on, for example, installing an exotic build of Apache, ensure to install it before installing PHP.

To install PHP:

  1. cd /usr/ports/lang/php5
  2. make install clean (this requires a live internet connection, and takes a while)
  3. PHP options: select CLI, CGI, Apache, Suhosin, FastCGI and pathinfo
  4. cp /usr/local/etc/php.ini-development /usr/local/etc/php.ini

    Note: if this is a production server, use /usr/local/etc/php.ini-production instead. The production INI is more secure, but less flexible.

    Note: older versions of PHP come with differently-named sample INIs, try /usr/local/etc/php.ini-recommended in this case. List /usr/local/etc/ and look for files starting with php, if you have problems.

  5. open the PHP config file: vi /usr/local/etc/php.ini
  6. change the display_errors and error_reporting lines if appropriate
  7. change the date.timezone line as needed (eg. Europe/London) [docs]
  8. cd /usr/ports/lang/php5-extensions
  9. make install clean

    There are too many options to cover here, but recommended options, in addition to the defaults, include CURL, GD, MCRYPT, MYSQL, MYSQLI, and OPENSSL

Notes:

SMB (Samba): (docs: handbook; manpages; HOW-TO collection)

There are many ways to use Samba. Below are five different methods:

Samba has a web-based administration tool called SWAT. Note that SWAT will rewrite smb.conf, removing all comments and unnecessary settings. Do not open SWAT if you want to keep your smb.conf 'as is'. To install it:

  1. vi /etc/inetd.conf
  2. uncomment the line starting with swat stream tcp nowait/400
  3. save the changes and exit the editor
  4. restart inetd: /etc/rc.d/inetd reload

    SWAT will then be accessible at http://localhost:901/ (the root username and password are required)

    Note also that SWAT uses inetd. Enable it if necessary with the following:

    1. vi /etc/rc.conf
    2. add line to end (if not already present): inetd_enable="YES"

    To start inetd manually: /etc/rc.d/inetd start

Notes:

CUPS (and printserving with Samba): (docs: samba CUPS)

CUPS is not installed by default. Note that Samba should be installed before CUPS. Install CUPS as follows:

  1. cd /usr/ports/print/cups
  2. make install clean (this requires a live internet connection, and takes a while)
  3. from the Ghostscript installer that appears, deselect every printer, then continue (we're using raw mode)
  4. vi /usr/local/etc/cups/mime.types
  5. uncomment line near end starting with application/octet-stream (in FreeBSD 6.1 this is uncommented by default)
  6. save the file and quit the editor
  7. vi /usr/local/etc/cups/mime.convs
  8. uncomment line near end starting with application/octet-stream
  9. save the file and quit the editor
  10. vi /usr/local/etc/cups/cupsd.conf
  11. comment out the line Listen localhost:631
  12. add a line below: Port 631
  13. change the Allow line in the <location /> section to suit the LAN, eg. Allow 192.168.0.*
  14. change the Allow line in the <location /admin> section to suit your system, eg. IP.address.you.use
  15. save the file and quit the editor

IP.address.you.use is the IP address of the computer you use to connect to the server.

The Samba/CUPS interface must then be configured:

  1. vi /usr/local/etc/smb.conf
  2. in the [global] section, uncomment printing=cups
  3. in the [global] section, add a line immediately underneath the one previously edited: printcap name=cups
  4. in the [printers] section, add public=yes
  5. in the [printers] section, add use client driver=yes
  6. in the [printers] section, add printer admin=root
  7. in the [printers] section, set guest ok = yes
  8. in the [printers] section, ensure browseable = yes
  9. in the [printers] section, ensure writeable = yes
  10. save the file and quit the editor

enable and run CUPS:

  1. vi /etc/rc.conf
  2. add a new line to the end: cupsd_enable="YES"
  3. save the file and quit the editor
  4. start the server: /usr/local/etc/rc.d/cupsd start

Then configure a printer:

  1. access the web interface: https://yourserver:631/admin/ (does not require Apache installed)
  2. click Administration
  3. login (as either root some other user)
  4. click Add Printer
  5. enter a printer name (descriptive only - appears as sharename when browsing for a printer)
  6. click Continue
  7. select Parallel Port #1 (interrupt driven)
  8. click Continue
  9. enter the device name: parallel:/dev/lpt0
  10. select raw
  11. click Continue
  12. select raw queue
  13. click Continue

This done, Windows users will be able to browse for the printer and add it as usual to their systems. They will be prompted for drivers which they must install locally.

Note: the above notes assume the printer is connected directly to the server's parallel port. If the printer is connected via a printserver, substitute the protocol and device path above as appropriate, examples: lpd://192.168.0.90/p1 or lpd://yourprintserver/p2

Note: it may take a few minutes for the printer you have shared ("published") to become visible to client computers.

Note: if the server is being configured remotely with SSH, it's possible to create a tunnel to port 631, and then use a local web browser to connect, through the tunnel, to the CUPS control panel, using an address such as http://localhost:3000/ (where 3000 is the local port where the SSH tunnel terminates).

Note: the CUPS logfile, very useful for troubleshooting, can be found in /var/log/cups/

Note: the CUPS admin panel may autodetect network printers, if so it provides a wizard to add them to the CUPS configuration. However this wizard creates sharenames that are incompatible with/invisible to Windows 9x clients. Ensure to use short sharenames (11 characters or less) if Windows 9x clients are in use. The printer will need to be added manually in order to define a sharename.

Note: printing under unix is not straight-forward, and I'm not an expert. While this section works, in that Windows clients can print to the unix printer, this section leaves out certain things (ie. the ability to print from the server to the printer, and loading Windows drivers onto the server).

Issues? See troubleshooting printing with CUPS

POP/IMAP (Dovecot): (docs: Dovecot)

A POP server is not installed by default. I installed Dovecot from the ports collection (it supports IMAP as well):

  1. cd /usr/ports/mail/dovecot
  2. make install clean (this requires a live internet connection, and takes a while)
  3. select any required options from the installation screen, then press OK (the defaults are acceptable for the configuration below)
  4. cd /usr/local/etc
  5. cp dovecot-example.conf dovecot.conf (in recent installs of Dovecot, this step is not necessary)
  6. chmod 644 dovecot.conf (in recent installs of Dovecot, this step is not necessary)
  7. vi dovecot.conf
  8. remove unneeded protocols from the protocols line
  9. check that disable_plaintext_auth is set to no
  10. uncomment the log_path line and set it to /var/log/dovecot.log
  11. if SSL is not in use, uncomment the ssl line and set it to no
  12. check that mail_location is set to mbox:~/mail:INBOX=/var/mail/%u
  13. save the changes and exit the editor
  14. echo dovecot_enable=\"YES\" >> /etc/rc.conf
  15. reboot and test

Notes:

SQL (MySQL): (docs: MySQL)

MySQL is not installed by default. How to install and configure it from the ports collection:

  1. install MySQL (this requires a live internet connection, and takes a while):
    cd /usr/ports/databases/mysql50-server
    make install clean
    
  2. configure the data directory:
    mkdir /data
    mkdir /data/db
    mkdir /data/db/mysql
    chown -R mysql /data/db/mysql/
    chgrp -R mysql /data/db/mysql/
    

    Note: the default directory MySQL uses is /var/db/mysql/ however it has been changed to /data/db/mysql/ in this example.
    Note: a MySQL user and group are required, however these are created automatically by the installer.

  3. initialise the database server:
    /usr/local/bin/mysql_install_db -u mysql --datadir=/data/db
    

    Note: If a bunch of 'cannot find file' messages appear here, check the permissions on the data directory.

  4. Enable MySQL to start on boot:
    echo mysql_enable=\"YES\" >> /etc/rc.conf
    echo mysql_dbdir=\"/data/db/mysql\" >> /etc/rc.conf
    
  5. reboot and test:

    If there are problems, check the file server.err in the MySQL data directory for error messages (the actual name of the file will not be server.err, "server" is substituted for your machine's hostname). Don't skip the reboot - it can fix at least one transient post-install issue.

  6. set root password:
    mysqladmin -u root password 'ROOT_PASSWORD'
    
  7. grant administrative permissions:
    mysql -uroot -pROOT_PASSWORD -e"GRANT ALL PRIVILEGES ON *.* TO 'root'@'IP.address.you.use' IDENTIFIED BY 'ROOT_PASSWORD'"
    mysql -uroot -pROOT_PASSWORD -e"GRANT SHUTDOWN ON *.* TO 'root'@'IP.address.you.use' IDENTIFIED BY 'ROOT_PASSWORD'"
    

    IP.address.you.use is the IP address of the computer you use to connect to the server.

Notes:

User management

The packages collection

Installing software from the packages collection is done as follows:

  1. go into sysinstall
  2. select 'Configure' from the main menu
  3. select Packages
  4. insert disc 1 of the FreeBSD distribution set
  5. select CD/DVD (or use FTP, if a CD is inconvenient, but an internet connection is available)
  6. browse the collection
  7. select the desired package(s)
  8. choose Install
  9. exit sysinstall

The ports collection (docs: handbook)

scripting

DOS refugees

dual-booting

I've only played with this a bit so nothing in-depth here, however I did try installing FreeBSD on an empty second hard disk in a machine running Windows 2000 Server. During FreeBSD's install I elected to install the Boot Manager, as suggested by the installer, so I could select which operating system to boot.

However the Boot Manager seemed to corrupt my MBR. I got a nasty message from W2KS when I tried to log in - "your paging file is too small", a known fault but after running the fix and rebooting I got an even nastier message from W2KS asking me to reboot in Directory Services Restore Mode. At this point I broke out my Ghost image and restored my W2KS installation from a backup.

I found a third-party boot manager called GAG which did the trick. I reinstalled FreeBSD, this time telling it to leave the MBR alone, then installed GAG. Sorted.

other notes