From owner-freebsd-questions  Mon Dec  3 12:21:52 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from guru.mired.org (okc-65-31-203-60.mmcable.com [65.31.203.60])
	by hub.freebsd.org (Postfix) with SMTP id DE34037B416
	for <questions@freebsd.org>; Mon,  3 Dec 2001 12:21:48 -0800 (PST)
Received: (qmail 7753 invoked by uid 100); 3 Dec 2001 20:21:48 -0000
From: Mike Meyer <mwm@mired.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15371.57052.159510.178034@guru.mired.org>
Date: Mon, 3 Dec 2001 14:21:48 -0600
To: Jamie Pemantell <techbot2@yahoo.com>
Cc: questions@freebsd.org
Subject: Re: kern.securelevel not working like it's supposed to
In-Reply-To: <15314400@toto.iv>
X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG%
 *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Jamie Pemantell <techbot2@yahoo.com> types:
> I've tried:
> 1. Issuing the sysctl -w command as root to change the
> kern.securelevel variable value to 0. (Gives
> "Operation not permitted" message.)

Won't work, as you've found out.

> 2. Commenting out lines in rc.conf that refer to
> kern.securelevel. In theory, this should use the
> default values from /etc/defaults/rc.conf (level -1).

This should work after you reboot the system.

> 3. Commenting out the last lines of /etc/rc that refer
> to changing securelevel.

This should also work, but is bad practice.

> According to material on the web, one or all of these
> should stop the securelevel from being changed when
> the system goes into multiuser mode. However, INIT
> still changes the secure level from 0 to 1 every time
> the boot completes. 

Something is clearly wrong, as the system starts at -1, not 0.  You
probably have to trace through the rc script - and any other scripts
it runs - to find what's changing things, and then fix that.

> Am I missing something? I thought that the config info
> for INIT was stored in rc.conf, but that doesn't seem
> to be the case. Any help would be appreciated, and I'd
> be grateful if you'd copy me on the reply. 

That's SOP on this list.

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message