FreeBSD UNIX for Linux sysadmins

+
Reading Time: 14 mins
Section: Blog Posts
Categories: blog
Tags: sysadmin UNIX Linux

Run BSD

If you’ve ever installed and explored another Linux distro (what Linux sysadmin hasn’t?!?), then exploring FreeBSD is going be somewhat similar with a few key differences. While there is no graphical installation, the installation process is straightforward and similar to installing a server-based Linux distro. Just make sure you choose the local_unbound package when prompted if you want to cache DNS lookups locally, as FreeBSD doesn’t have a built-in local DNS resolver that does this.

Following installation, the directory structure is almost identical to Linux. Of course, you’ll notice some small differences here and there (e.g. regular user home directories are located under /usr/home instead of /home). Moreover, Standard UNIX commands such as ls, chmod, find, which, ps, nice, ifconfig, netstat, sockstat (the ss command in Linux) are exactly as you’d expect, but with some different options here and there that you’ll see in the man pages. And yes, reboot and poweroff are there too.

Why FreeBSD?

The main benefit FreeBSD has over Linux is speed. You thought Linux was fast? Try FreeBSD. It has the fastest IP stack of any operating system by a long shot. Since it’s UNIX and you can provide the same services (e.g. Samba, Apache, NFS, Nginx), this means you can provide them faster and leaner.

FreeBSD has also kept to its KISS (Keep It Simple Stupid) UNIX roots without compromising features, while Linux configuration gets more and more complex as time goes on. Want to start a service at boot time? You just add a line that says servicename=”YES” to a small text file (described later). And this small text file stores 90% of your system configuration, including your IP settings. In short, configuring a FreeBSD system is both fun and addictive.

While configuring FreeBSD is easy, it’s also incredibly powerful. There are granular security features and system configuration/recovery features in FreeBSD that you won’t find in other operating systems. For those who want to go down that rabbit hole, it’s well worth your time! And, of course, native support for ZFS (the most advanced filesystem on the planet) is a big plus.

In the following sections, I’ll describe some key differences and features of FreeBSD that you’ll want to know coming from a Linux sysadmin background. Of course, I’m assuming that you already know the associated topics in Linux before reading these sections! Key filenames and components are in red, while commands and configuration parameters are in code font.

1. System configuration

/etc/rc.conf contains nearly all system configuration, including IP configuration, hostname, default GW, services (daemons) that should start at boot time, and so on. Lines within this file have parameter=value syntax and are easy to edit using a text editor, such as vi. You can also use the sysrc -a command to show all of the configured values in /etc/rc.conf, or the sysrc parameter=value command to modify or add configuration.

FreeBSD stores the default parameters for configuration files in a defaults subdirectory. For example, /etc/defaults/rc.conf stores a large number of system-configured defaults that are overridden by /etc/rc.conf. Never change the entries in /etc/defaults/rc.conf - instead, just override them by adding the same lines to /etc/rc.conf with the values you want. There’s also a /etc/rc.conf.d/ directory that software packages can add files to that set system parameters (it’s empty on a default installation of FreeBSD).

2. Boot loader and kernel configuration

Boot loader configuration is stored in /boot/loader.conf (and /boot/defaults/loader.conf), and uses the same syntax as /etc/rc.conf.

To view modules inserted into the kernel, you can use kldstat. You can also load and unload modules manually. For example:

  • kldload linprocfs.ko (loads the Linux procfs filesystem module)
  • kldunload linprocfs.ko (unloads the same module)

To make sure this module gets loaded automatically each time you boot, you could add the following line to the /boot/loader.conf file:

    [cmd=]kldload /boot/kernel/linprocfs.ko[/cmd]

The FreeBSD kernel also has many properties and parameters that you can view and configure. You can use the kenv command to view the currently-configured parameters on your system, or the sysctl -o -a command to view all available parameters and their default values. The sysctl command can also be used to view specific parameters. For example:

  • sysctl kern (shows all parameters starting with kern)
  • sysctl kern.securelevel (shows current value of the kernel security level)
  • sysctl hw.model (shows your CPU model)

To set a kernel parameter at boot time, add the appropriate line to the /etc/sysctl.conf file.

3. System initialization

Just like the GRUB2 boot loader on Linux, FreeBSD has an interactive boot loader called boot0 that is much more user friendly. It displays a menu for 10 seconds by default that allows you to enter rescue mode or modify kernel values manually, among other things. If you are repairing a system, a copy of useful binary programs is stored under the /rescue/ directory and made available to boot0.

Once the kernel is loaded by boot0, the init daemon parses the large /etc/rc script to start the other daemons that you specified within /etc/rc.conf by executing the appropriate daemon scripts under the /etc/rc.d/ directory. There also are other scripts executed by init at boot time. For example, /etc/netstart configures the network according to the parameters you specified in /etc/rc.conf.

After your system has booted, you can view the /var/run/dmesg.boot file to see the hardware detected and modules loaded by your kernel, or view the /var/log/messages file to view the daemons and components that were started by init (including any errors).

4. Storage configuration

FreeBSD uses different device files for storage as well as different methods for partitioning and creating filesystems. To see a list of the physical storage devices you have, you can use the following two commands:

  • camcontrol devlist
  • geom disk list

Some sample device files for these storage devices include:

  • /dev/cd0 (first CD/DVD)
  • /dev/da0 (first SCSI/SAS disk or USB drive, which emulates SCSI)
  • /dev/ada0 (first IDE/SATA disk)
  • /dev/nvme0 (first NVMe SSD)
  • /dev/nvme0ns1 (first namespace on the first NVMe SSD)

Say, for example, you have one SATA SSD in your system that has a GPT partition table. FreeBSD will likely create three partitions on it during the installation:

  • /dev/ada0p1 (usually a 512KB FreeBSD boot partition or UEFI boot partition)
  • /dev/ada0p2 (usually a swap partition)
  • /dev/ada0p3 (rest of disk - usually given to ZFS, or mounted to / if you use UFS)

If you have older storage devices that use an MBR partition table, each primary partition is called a slice in FreeBSD, and further subdivided into up to 7 device nodes using a special BSD disk label. For example, the first slice on /dev/ada0 could be subdivided into 4 device nodes, with each one assigned a letter:

  • /dev/ada0s1a (first device node in the first slice on ada0)
  • /dev/ada0s1b (second device node in the first slice on ada0)
  • /dev/ada0s1c (third device node in the first slice on ada0)
  • /dev/ada0s1d (fourth device node in the first slice on ada0)

You can view your disk configuration using the gpart command (which can also create/manage partitions too):

  • gpart show -p ada0 (shows partitions on ada0)
  • gpart show -l ada0 (shows labels on ada0, which match files under /dev/gpt/)

If you just want to se the partition labels for disks on the system, you could instead run the glabel list command.

5. Filesystem configuration

The only two filesystems that are commonly used on FreeBSD for storage are UFS (which is ancient and should only be used if you have serious mental health issues), and ZFS (which is amazing, and commonly configured on production Linux servers).

After creating partitions on a GPT disk (or slices and device nodes on an MBR disk), you can use the following commands create and work with UFS filesystems:

  • newfs (creates a UFS filesystem)
  • growfs (extends the size of a UFS filesystem)
  • tunefs (tunes UFS filesystem parameters)
  • mksnap_ffs (creates a UFS filesystem snapshot)
  • fsck (checks a UFS filesystem for errors)

Normally, you’d use ZFS instead of UFS on a FreeBSD system as it has superior enterprise features, including corruption protection and device fault tolerance. The same zpool and zfs commands you used on Linux to configure ZFS can also be used on FreeBSD. For example, to create a RAID-Z1 dataset called lala from the space on 3 different SCSI disks and put a ZFS filesystem on it, you could use the following command:

    zpool create lala raidz /dev/da1p1 /dev/da2p1 /dev/da3p1

Some other sample zpool and zfs commands include:

  • zpool status lala (view status of the lala dataset)
  • zpool list (lists all ZFS datasets)
  • zpool get free (displays free space information from all ZFS datasets)
  • zfs create lala/stuff (creates another ZFS dataset under the lala dataset)
  • zfs list (displays all ZFS datasets and where they are mounted)
  • zfs get compression (displays compression setting for all ZFS datasets)
  • zfs set compression=lz4 lala/stuff (enables compression for lala/stuff)

When you run the zfs list command on a newly-installed system, you’ll see that there is one ZFS dataset called zroot that is created by the FreeBSD installer. This dataset contains many other datasets underneath it for different system directories:

  • zroot/ROOT/default is mounted to /
  • zroot/usr is mounted to /usr
  • zroot/usr/home is mounted to /usr/home
  • zroot/var is mounted to /var

and so on.

What you may find odd is that zroot/ROOT/default is mounted to the root of the system. This is because FreeBSD supports different boot environments if you take ZFS snapshots of the / filesystem. Before performing a risky configuration, you could take a snapshot of your system called zroot/ROOT/May2 and then revert to it if your risky configuration fails! You can even choose your a previous boot environment at the FreeBSD boot loader menu when you boot the system. Here are some useful boot environment commands:

  • pkg install beadm (installs the boot environment package - pkg is discussed later)
  • beadm create May2 (create snapshot of system called May2)
  • zfs list (you should see zroot/ROOT/default and zroot/ROOT/May2)
  • beadm activate May2 && reboot (reverts system to May2 snapshot)

There is also a /etc/fstab file that mounts non-ZFS filesystems at boot just as you’d expect on a Linux system. If you use ZFS exclusively, /etc/fstab just activates the swap partition only. And just as Linux has udev rules for restricting access to storage devices, you can add lines to /etc/devfs.conf or /etc/devfs.rules to do this on FreeBSD.

The only other glaring difference between Linux and FreeBSD when it comes to the filesystem is the use of filesystem attributes. On Linux systems, you could set filesystem attributes using the chattr command, and list them with the lsattr command. However, FreeBSD uses a different set of attributes called filesystem flags that can be set at the system or user level:

  • chflags sunlink file (sets the system unlink flag on a file, to prevent file deletion)
  • chkflags nosunlink file (unsets the system unlink flag on a file)
  • ls -lo file (displays flags on a file)

6. Users and groups

As on Linux systems, FreeBSD stores user configuration in /etc/passwd (readable by everyone), but converts it to a /etc/pwd.db database for fast system access. However, instead of using the /etc/shadow file like Linux does, FreeBSD stores all user and password configuration in /etc/master.passwd (readable by root only) and converts it to /etc/spwd.db for fast system access. Groups are stored in /etc/group as you’d expect, but there is there is no sudo functionality - instead, you must be part of the wheel (big wheel) group to use the su command to run commands as root or obtain a root shell.

Default home directory files for new users are copied from /usr/share/skel/. You can also create rules to allow or prevent user access in the /etc/login.access file, as well as define user classes for accessing system resources in the /etc/login.conf file.

Common commands to create and manage users include:

  • adduser (creates a user - defaults values are taken from /etc/adduser.conf)
  • adduser -C (creates the /etc/adduser.conf file with values you specify)
  • rmuser (removes a user)
  • pw useradd/userdel/usermod/lock/unlock (creates & manages users)
  • chpass (modifies settings for a user using the vi editor)
  • vipw (edits /etc/master.passwd using vi, and then rebuilds /etc/spwd.db)

7. Packages, services and monitoring

Installing and managing packages on FreeBSD is just as easy as using the Red Hat or Debian package managers on a Linux system. Instead of dnf or apt, you use the pkg command:

  • pkg update (updates package list from online repository)
  • pkg search bash (searches online repository for bash packages)
  • pkg install bash (installs bash package from online repository)
  • pkg upgrade bash (upgrades bash to latest version)
  • pkg info bash (displays package details)
  • pkg info -l bash (displays package file contents)
  • pkg check bash (checks bash package content for missing/corrupted files)
  • pkg lock bash (prevents modification or removal of package)
  • pkg remove bash (removes bash package)
  • pkg clean (cleans up files in the package repository, /var/cache/pkg/)
  • pkg autoremove (auto removes unneeded dependency packages)
  • pkg which /usr/local/bin/bash (displays package the bash file belongs to)
  • freebsd-update fetch (downloads latest version of FreeBSD)
  • freebsd-update install (installs latest version of FreeBSD - reboot after)

After installing a daemon package, you must also configure it to start at boot time by adding a line to the /etc/rc.conf file. For example, after installing the apache24 package (for the Apache Web server daemon), you could start it at boot time by adding the apache24_enable=”YES” line to /etc/rc.conf (yes, it’s that easy).

The configuration files for any daemons that you install are under /etc or /usr/local/etc. For example, you’ll find the httpd.conf configuration file for Apache in the /usr/local/etc/apache24/ directory on FreeBSD.

You can also manage daemons using the same service command used in Linux systems prior to Systemd:

  • service -e (displays daemons that are enabled and order they are started at boot)
  • service sshd stop/start/restart (stops/starts/restarts the sshd daemon)
  • service sshd onestart (starts the sshd daemon if it is not listed in /etc/rc.conf)
  • service sshd extracommands (displays additional options for working with sshd)

Of course, loading additional daemons will impact the performance of your system, especially as the number of clients connecting to them increases. You can monitor the performance of your FreeBSD system using the same vmstat and top commands you’re used to in Linux (the FreeBSD top command also lists ZFS performance statistics), as well as monitor disk performance using the gstat command.

Similarly, you can use a plethora of different network commands in FreeBSD to monitor network statistics. Here are some of my favourites:

  • netstat -w 1 -d (displays packet stats every 1 second)
  • netstat -na -f inet (displays active IPv4 connections)
  • netstat -na -f inet6 (displays active IPv6 connections)
  • netstat -m (displays tunable memory buffer information for IP stack)
  • sockstat -4 (displays IPv4 sockets)
  • sockstat -6 (displays IPv6 sockets)

8. Other stuff

The previous 7 sections outlined the main areas of FreeBSD that most Linux admins will want to know. In this final section, I’ll list some extra stuff (in no particular order).

Compiling software from source is very easy in FreeBSD. You can run the portsnap auto command to download the source code for the ready-to-compile ports tree from the FreeBSD repository to the /usr/ports/ directory and then use the appropriate make commands to compile and install it on your system.

If you want to configure a firewall, there are three firewall systems to choose from (if you view the FreeBSD handbook), but the most common one is PF from OpenBSD. You place your rules in /etc/pf.conf and use the pfctl command to control the firewall. You can also use blacklistd to block undesired connections (or too many connections). You can use blacklistctl to control blacklistd, as well as list connection rules in /etc/blacklistd.conf.

FreeBSD jails are one of the earliest examples of OS virtualization/containerization. To create a FreeBSD jail, you download a userland (filesystem) tarball from the FreeBSD repository and extract it to a directory of your choice (e.g. /jails/container1). Next, you add a paragraph to the /etc/jail.conf file that configures the jail parameters (e.g. IP address, etc.). Finally, you can start and manage your jail using a wide variety of different commands, including:

  • service jail start container1 (starts the container1 jail)
  • service jail stop container1 (stops the container1 jail)
  • jls (views all jails running on the system)
  • jexec container1 command (executes a command in the container1 jail)
  • pkg -j container1 install apache24 (installs Apache in the container1 jail)

If you start the NFSv4 file sharing daemons (installed by default) by adding the appropriate entries to /etc/rc.conf, you can add lines to /etc/exports to share out directories on your system. However, you can instead use ZFS to share datasets using NFSv4. These datasets are listed in /etc/zfs/exports. For example, to share out the /usr/home directory using NFS, you could use the following command: zfs set sharenfs=on zroot/usr/home

If you’ve been a Linux or UNIX administrator for a long time, you’ll likely run into things on FreeBSD that remind you of days gone by. For example, you can still start daemons on demand using inetd and entries within /etc/inetd.conf, or use the old LPD printing system by adding printer entries to /etc/printcap (please install and use CUPS instead….seriously). FreeBSD also uses the old syslogd to log system events using the entries in /etc/syslog.conf (it works well so why change it, right?). However, instead of logrotate, FreeBSD uses newsyslog to rotate log files according to rules in /etc/newsyslog.conf.

And yes, if you want to use FreeBSD as a workstation, you can install X.org and GNOME. But given that Linux is leading the charge in that area, it’d be wiser to use Linux as your workstation, and leverage FreeBSD as a wicked fast server.