From owner-freebsd-questions Sun Mar 25 19: 0:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mh-2.MX.saturated.NET (asylum.lojik.NET [208.51.149.8]) by hub.freebsd.org (Postfix) with ESMTP id 8BE3E37B71D for ; Sun, 25 Mar 2001 19:00:20 -0800 (PST) (envelope-from jim@mahood.com) Received: from localhost (jim@localhost) by mh-2.MX.saturated.NET (8.9.3/8.9.3/zuGzuG) with ESMTP id WAA51490; Sun, 25 Mar 2001 22:00:15 -0500 (EST) (envelope-from jim@mahood.com) Date: Sun, 25 Mar 2001 22:00:15 -0500 (EST) From: Jim Mahood X-Sender: jim@fizgig.srvc.saturated.net To: cjclark@alum.mit.edu Cc: Dima Dorfman , Kris Kennaway , freebsd-questions@FreeBSD.ORG Subject: Re: can't unlink kernel In-Reply-To: <20010325184337.F5425@rfx-216-196-73-168.users.reflex> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 25 Mar 2001, Crist J. Clark wrote: +On Sun, Mar 25, 2001 at 08:54:29PM -0500, Jim Mahood wrote: +> On Sun, 25 Mar 2001, Dima Dorfman wrote: +> + +> +Go to the URL above and click on the link, then read the explanation +> +of securelevel. You can't unset it without rebooting. If you can, +> +it's a bug. +> + +> +> I have, and I understand that I can't unset it -- that would defeat its +> purpose. I'm supposed to be able to boot into single-user mode, and it's +> supposed to not be set, but I'm not seeing that behavior. + +What exactly is not working? Are you saying you are dropping back to +single-user mode from multi-user? That does not work with +FreeBSD. init(8) says, + + Since the level can not be reduced, it will be at + least 1 for subsequent operation, even on return to single-user. + +Note however, this behavior does vary between *BSDs. By default, when +you bring OpenBSD to single-user from multi-user, the securelevel +drops. + +> I was able to +> change the values set in /etc/rc.conf, and reboot, but would prefer to +> know why the single-user method wouldn't work for me. I think I see what +> I have to do -- boot -s at the boot prompt, huh? + +Right. How else were you trying to boot to single-user mode? Were you +dropping from multi-user? Yes, that's what I was doing, so your quote from init's manual explains my problem 100%. Dima -- it's not a question of "unsetting" the security level. The security level gets set when it is read from rc.conf, which init does when entering multi-user mode. It doesn't do this in single-user mode. It's right there in the init manual -- it's a feature, not a bug. :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message