From owner-freebsd-questions@FreeBSD.ORG Thu Sep 17 17:55:38 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 310911065670 for ; Thu, 17 Sep 2009 17:55:38 +0000 (UTC) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (tunnel490.ipv6.xs4all.nl [IPv6:2001:888:10:1ea::2]) by mx1.freebsd.org (Postfix) with ESMTP id 93B0D8FC08 for ; Thu, 17 Sep 2009 17:55:37 +0000 (UTC) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.14.2/8.14.2) with ESMTP id n8HHtY8i034889; Thu, 17 Sep 2009 19:55:34 +0200 (CEST) (envelope-from mail25@bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.14.2/8.14.2/Submit) id n8HHtXcw034888; Thu, 17 Sep 2009 19:55:33 +0200 (CEST) (envelope-from mail25@bzerk.org) Date: Thu, 17 Sep 2009 19:55:33 +0200 From: Ruben de Groot To: Mel Flynn Message-ID: <20090917175533.GD34712@ei.bzerk.org> Mail-Followup-To: Ruben de Groot , Mel Flynn , freebsd-questions@freebsd.org, Tom Worster References: <200909171914.29389.mel.flynn+fbsd.questions@mailing.thruhere.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200909171914.29389.mel.flynn+fbsd.questions@mailing.thruhere.net> User-Agent: Mutt/1.4.2.3i X-Spam-Status: No, score=-4.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, J_CHICKENPOX_21 autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ei.bzerk.org X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1 (ei.bzerk.org [127.0.0.1]); Thu, 17 Sep 2009 19:55:36 +0200 (CEST) Cc: freebsd-questions@freebsd.org, Tom Worster Subject: Re: passing options thru '/etc/rc.d/foo start' X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Sep 2009 17:55:38 -0000 On Thu, Sep 17, 2009 at 07:14:29PM +0200, Mel Flynn typed: > On Wednesday 16 September 2009 21:18:03 Tom Worster wrote: > > On 9/16/09 2:37 PM, "Mel Flynn" > > > > wrote: > > > On Wednesday 16 September 2009 20:21:40 Chris Cowart wrote: > > >> Tom Worster wrote: > > >>> thanks, Mel, that's good to know. > > >>> > > >>> i think your suggestion of modifying rc.conf will turn out to be a tidy > > >>> solution for me. > > >> > > >> You could also just put: > > >> > > >> sshd_flags="-o X11Forwarding=no" > > >> > > >> into your /etc/rc.conf file. > > > > > > What he wants is passing arguments without touching config files, which I > > > find myself needing sometimes as well, on machines where static > > > partitions are mounted read-only + kern.secure_level. > > > > that's right. > > > > when i read in 11.7 of the handbook: "Since the rc.d system is primarily > > intended to start/stop services at system startup/shutdown time, ..." i > > thought: maybe i'm making things hard by trying to use rc.d scripts when i > > could just execute the daemon's binary. > > One downside I forgot to mention: > You do open yourself up now to SSHD_FLAGS="-o AllowRoot=yes", so you may need > to complicate the logic a bit more, by sanitizing SSHD_FLAGS. Please explain how this can be exploited by a non-root user? Ruben