Date: Tue, 17 Feb 2004 15:11:33 -0800 From: Ted Cabeen <ted@impulse.net> To: "Scot W. Hetzel" <hetzelsw@westbend.net> Cc: Thomas-Martin Seck <tmseck-lists@netcologne.de> Subject: Re: Feature Request: /usr/local/etc/rc.conf support Message-ID: <877jyl47yy.fsf@gray.impulse.net> In-Reply-To: <020901c3f5aa$10ca1370$cebe7726@westbend.net> (Scot W. Hetzel's message of "Tue, 17 Feb 2004 16:31:11 -0600") References: <20040217193127.5655.qmail@laurel.tmseck.homedns.org> <87vfm5777l.fsf@gray.impulse.net> <20040217212137.GD719@laurel.tmseck.homedns.org> <87znbh4cii.fsf@gray.impulse.net> <020901c3f5aa$10ca1370$cebe7726@westbend.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Scot W. Hetzel" <hetzelsw@westbend.net> writes: > From: "Ted Cabeen" <secabeen@pobox.com> >> The system securelevel is set in the /etc/rc.conf file. To prevent an >> attacker from changing the securelevel defined there and then >> rebooting the machine, I set the /etc/rc.conf file to be immutable. >> However, I'd like to be able to install new ports and have them start >> automatically without having to boot to single-user to modify rc.conf >> (or any other configuration file equivalent to rc.conf). >> > We don't need a /usr/local/etc/rc.conf file to be used by ports only. > Instead rc.subr has the ability to load a file for each script from > /etc/rc.conf.d. You will need to create the /etc/rc.conf.d directory, and > then create individual files for the script that that you want to change the > settings for. > > These files are named after the $name variable in each script. This looks like it might work for my needs, but I have a few questions. When would these files be loaded in the boot process, right before the service they're named after, or all at once at the beginning? Would they be run in the same process space as the rest of the rc system? If so, how do we unset the environment variables set in each script after the script has been run through? My main concern is having a configuration file that can be used to define environment variables that are used for ports only and which don't leak into the boot sequence environment. -- Ted Cabeen http://www.pobox.com/~secabeen ted@impulse.net Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen@pobox.com "I have taken all knowledge to be my province." -F. Bacon secabeen@cabeen.org "Human kind cannot bear very much reality."-T.S.Eliot cabeen@netcom.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?877jyl47yy.fsf>