Date: Wed, 18 Feb 2004 00:44:56 +0100 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Ted Cabeen <secabeen@pobox.com> Cc: freebsd-ports@freebsd.org Subject: Re: Feature Request: /usr/local/etc/rc.conf support Message-ID: <20040217234454.GB771@arthur.nitro.dk> In-Reply-To: <87r7wt49ok.fsf@gray.impulse.net> References: <20040217193127.5655.qmail@laurel.tmseck.homedns.org> <87vfm5777l.fsf@gray.impulse.net> <20040217212137.GD719@laurel.tmseck.homedns.org> <87znbh4cii.fsf@gray.impulse.net> <20040217222807.GA771@arthur.nitro.dk> <87r7wt49ok.fsf@gray.impulse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--hHWLQfXTYDoKhP50 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004.02.17 14:34:35 -0800, Ted Cabeen wrote: > "Simon L. Nielsen" <simon@FreeBSD.org> writes: > > On 2004.02.17 13:33:25 -0800, Ted Cabeen wrote: > >> The system securelevel is set in the /etc/rc.conf file. To prevent an > >> attacker from changing the securelevel defined there and then > >> rebooting the machine, I set the /etc/rc.conf file to be immutable. > >> However, I'd like to be able to install new ports and have them start > >> automatically without having to boot to single-user to modify rc.conf > >> (or any other configuration file equivalent to rc.conf). > > > > There is also the option of using the (yet) undocumented in FreeBSD [1] > > /etc/rc.conf.d/service files. E.g. to enable rsyncd you would have > > /etc/rc.conf.d/rsyncd with the variable rsyncd_enable=3D"YES" (Note: I > > haven't tested this, but I'm rather sure I'm reading the source and > > NetBSD manual page corrrectly). >=20 > Would that file only be parsed when starting a service with that name, > or would it be parsed at the beginning of the rc run? It will only be parsed for the single script, e.g. rsyncd in the example above. So, if you add secure_level=3D"0" to /etc/rc.conf.d/rsyncd it should not (I'm almost certain it won't, but I haven't tested it) be used for any other start up script than rsync - which will of course ignore that variable. I actually have a slight feeling (by looking at the code) that there might be a leak for variables for system services (with startup scripts in /etc/rc.d/*) but I might be wrong. The scripts in /usr/local/etc/rc.d are started differently, so the potential problem won't affect them. --=20 Simon L. Nielsen FreeBSD Documentation Team --hHWLQfXTYDoKhP50 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFAMqd2h9pcDSc1mlERAgvkAJ9qf0L04T99dLBuoqinjfQMBUuusQCfe22K 5+huf8FZn1eDWon72a/6c8A= =wZnB -----END PGP SIGNATURE----- --hHWLQfXTYDoKhP50--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040217234454.GB771>