SOLVED Where to put pre-init script? (or attempts to make FreeNAS safe; ipfw)

[Chris Moore]

As for the building of safe systems - for sure! I tell you more: in some day this team will come to a conclusion that it is much much more reliable to have freenas-boot on RAIDZ (or even just on mirror) together with storage's volume than on those sticks that are not intended for such applications at all! When they'll do what I did with my setup and will open this to community come here for a thanks ;). You will be lucky if they realize this soon, otherwise I'm really sorry for those of you who spend extra SSD and still without raid protection (!) or worst - USB flash! The worst scenario for community if they already realized this, but keep this door for sales. It's OK, because they are commercial organization afterall and opnesource you get is just because of the licence that won't allow the opposite way. Otherwise they would probably like to build another closed system too.

I hope also that in some day they will understand that at least some minimum firewall configuration should be there for users like you. Let it be pf, if they can't afford ipfw. :) Finally, I hope they will understand that root password via web GUI it's a criminal! I'm ripped apart from the inside entering root password to the web GUI. It ruins all canons of safety.

I do understand background of this. Many programmers do not care about security at all and they don't understand the issue. I have met plenty of talented programmers (FreeNAS's guys can be on that list too... probably... not enough time to judge)... who just don't know how to make systems they programming safe. And if there is no leader in the team who takes it seriously, then we have what I see now...

I could continue the list, but I signed off since I found how to overcome most of above reliability/safety flaws, include the one I started with.

I'll keep in mind that sales is a new measurement of smartness the next time I recall the beginning of this century with its Bitrix boom and their chmod 777.

I did not aim to show off, I just wanted to find out what they meant in the documentation. But you enticed me for a small tease. It was a fun. Thanks!

You might be able to help, since it is open source, you can join the development team. The source code is on GitHub, even for TrueNAS.

Sent from my SAMSUNG-SGH-I537 using Tapatalk

 

[silverback]

I hope also that in some day they will understand that at least some minimum firewall configuration should be there for users like you. Let it be pf, if they can't afford ipfw. :) Finally, I hope they will understand that root password via web GUI it's a criminal! I'm ripped apart from the inside entering root password to the web GUI. It ruins all canons of safety.

Please elaborate. I can see this being fatal if your web GUI was exposed to the open internet, something that is strongly discouraged.

 

[Janus Ng]

I have a similar need for the using the pre-init/post-init task to mount a smb share persistently.

The smb share is used in Jail/Storage; hence, it needs to run before the jail starts.

I am still very confused after following this thread.

My questions are:

1. where to put the script in? The WebUI does not allow running a script from /root. The rest of the mount points are not created yet though.
2. It appeared to me that the post-init tasks are called after jail started. On the other hand, it looks like the mount_smbfs is not available while pre-init.

Thanks in advance!

 

[Chris Moore]

I did not aim to show off, I just wanted to find out what they meant in the documentation. But you enticed me for a small tease. It was a fun. Thanks!

You didn't show off because you didn't share your solution. You claimed to figure it out, but didn't contribute back to the community. Empty words.

 

[sretalla]

I want in no way to extend the running of this thread, but I wanted to add that I've seen another thread discussing the problem that mounts are already done when a pre-init script runs (which would mean you can put the script in a pool despite what that means about the advice in the manual). It's more to get things to run before jails are started as far as I can tell.