Getting started with OpenBSD

10 Oct 2018

What is OpenBSD?

OpenBSD is a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Unlike GNU\Linux which is most likely a joining of 2 projects - Linux the kernel and the GNU utilities, the BSD's are usually one whole i.e the whole OS, including the kernel + utitlies are built in-house.

However if you do plan to try it out, keep in mind that the project mainly focuses on security and code correctness. You might not be able to run most of the software you're used to, as it might not be in the software repos or you might simply cannot build them.

Why OpenBSD?

• The base install is tiny and it even comes with an Xserver.
• It focuses on security. All package configurations have security options turned on by default.
• There is almost nothing to configure. Everything just works!
• The documentation is second to none. This also holds true for the man pages.
• There is no over-complication. Everything in OpenBSD and BSDs in general follow the KISS principle.

When not to choose OpenBSD?

• If the tools or most of the apps you use, have not yet landed in the ports tree or the repos.
• If you have very recent hardware, the “everything just works” scenario might not play well.
• If you depend on Google more than the man pages. I had a lot of issues finding things on Google about OpenBSD related trouble-shooting. Almost everything is in the manpages. If they are not, it cannot be done on OpenBSD.
• If you don’t have enough time to dig in and research if you run into problems. Getting acquainted with OpenBSD takes time and patience.

Install media

• Go to the downloads page and get the installXX.fs file, if you plan to make a bootable USB installer. Make sure you choose your apt CPU architecture.
• Plug in your USB key and $ sudo dd if=install*.fs of=/dev/sdb bs=1m
• After dd finishes its thing, boot into your USB key.

The installation

I’ll be explaining the process of installing OpenBSD 6.3 on to a laptop. Read the installation guide. It’s very much straight forward. As for what I chose,

System hostname? = lappy
Which network interface do you wish to configure? = em0
DNS domain name? = anythinghere.com
Password for root account? = ****
Do you want the X Window System to be started by xenodm(1)? = yes
Setup a user? = akts
Full name for user akts? = akts
Password for user akts? = ****
What timezone are you in? [Asia/Calcutta] = <Enter>
Which disk is the root disk? = sd1
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? = w
Location of sets? = disk
Is the disk partition already mounted? = no
Which disk contains the install media? = sd2
Directory does not contain SHA256.sig. Continue without verification? = yes

Reboot into your new installation.

First boot

Login as your user. It helps, if you jack into your router with a cable - we’ll need internet, if your wifi doesn’t work.

Oh! before we go any further, $ man afterboot. What you see, after you log in, is the fvwm window manager in all its glory. Open a terminal and go root

$ su -l
Password:

To get internet, try

$ ifconfig # is your interface there?
# ifconfig em0 up
# dhclient em0

Install any non-free firmware with # fw_update

Pull out the cable, and lets get our wifi going.

# ifconfig iwn0 up
# ifconfig iwn0 scan
# ifconfig iwn0 nwid mywifihotspot wpakey P4$$w0rd wpaprotos wpa1,wpa2
# dhclient iwn0

Refer eth and wifi for more.

Installing packages

We need a repo url in /etc/installurl. This is where pkg_add, OpenBSD’s package manager looks for getting packages.

# echo "https://www.mirrorservice.org/pub/OpenBSD" >> /etc/installurl
# pkg_add i3 # installs i3
# pkg_info -Q i3 # searches for i3

Consult the faq for more.

Upgrading

# syspatch

Power management

# rcctl enable apmd
# rcctl set apmd flags -A
# rcctl start apmd

This will update a file called rc.conf.local in /etc. Never update the rc.conf file directly. Use rcctl instead. If you have not guessed it by now rc.conf is used to handle system startup scripts/programs.

Privilleged user

Add your username to /etc/doas.conf

# echo 'permit akts' > /etc/doas.conf

Warning: This will allow akts to run any command.

Memory limits

OpenBSD restricts the amount of RAM a program can eat to 1.5GB at max. If you have more than 4GB of RAM,

# cp /etc/login.conf /etc/login.conf.bak
# sed -i 's/datasize-cur=768M/datasize-cur=4096M/' /etc/login.conf
# sed -i 's/datasize-max=768M/datasize-max=4096M/' /etc/login.conf

Mounting disks

We allowed akts to execute any command. However if we want akts to execute specific commands as a privilleged user,

permit nopass akts as root cmd mount
permit nopass akts as root cmd umount

where mount and umount are the command names.

To mount and unmount disks

$ doas mount /dev/sd2i /home/akts/mounts
$ doas umount /dev/sd2i

Disk life

Even when you read a file, the filesystem keeps a record. The noatime in /etc/fstab prevents OpenBSD from doing this.

# cp /etc/fstab /etc/fstab.bak
# sed -i 's/rw/rw,noatime/' /etc/fstab

Refer fstab and disk setup for more.

References and better writings

• Keith Burnett’s laptop install guide.
• Roman Zolotarev’s openbsd writeups.
• BSD vs Linux - an old, but relevant writeup.
• jcs’s writeups.
• Derek Siver’s OpenBSD page.
• cfenollosa’s comparison of Linux and BSD.
• OpenBSD Workstation

Resources

• OpenBSD FAQ’s
• Daemonforums
• Awesome OpenBSD
• Undeadly
• bsdly’s blog
• bchs - Webstack
• User docs

Happy Hacking!