From owner-freebsd-stable@FreeBSD.ORG Fri May 11 11:17:33 2007 Return-Path: X-Original-To: freebsd-stable@FreeBSD.ORG Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A540B16A403 for ; Fri, 11 May 2007 11:17:33 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.freebsd.org (Postfix) with ESMTP id 1919913C468 for ; Fri, 11 May 2007 11:17:32 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (cdsdyb@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id l4BBHOsc064798; Fri, 11 May 2007 13:17:30 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id l4BBHOwV064797; Fri, 11 May 2007 13:17:24 +0200 (CEST) (envelope-from olli) Date: Fri, 11 May 2007 13:17:24 +0200 (CEST) Message-Id: <200705111117.l4BBHOwV064797@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG, andrej@antiszoc.hu In-Reply-To: <54364.195.70.43.76.1178880987.squirrel@duloc.webmedia.hu> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Fri, 11 May 2007 13:17:30 +0200 (CEST) Cc: Subject: Re: freebsd and securelevel question X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG, andrej@antiszoc.hu List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2007 11:17:33 -0000 Gót András wrote: > So. The simple question is: Why FreeBSD has securelevel 0 if init sets it > to 1, if it sees at boot that the level is 0? :) It's OK that it's in the > manual, but there are two default ways to set securelevel at boot time > also. I don't really get the point of this forced 0 to 1 changing. The reason is so that /etc/rc and all of the related startup scripts can run at level 0, which might be necessary for various reasons, and afterwards the level is autmatically increased to 1. If you don't want that, you should leave the level at the default of -1. > We'd like to use our machines with securelevel 0 by default, so I had > comment out the relevant two lines from init.c. Uhm, could you please explain why you want to do that? It doesn't make sense. Note that level -1 behaves exactly the same as level 0 (i.e. no restrictions at all), the only difference is that -1 prevents the automatic increase to level 1 when the system goes multi-user. So, if you want to run permanently without restrictions, then you should leave the secure level at the default value of -1. It's all explained in the init(8) manual page. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Documentation is like sex; when it's good, it's very, very good, and when it's bad, it's better than nothing." -- Dick Brandon