From owner-svn-doc-head@FreeBSD.ORG Sun Jan 13 06:21:55 2013 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D5610C86; Sun, 13 Jan 2013 06:21:55 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id B91A88F4; Sun, 13 Jan 2013 06:21:55 +0000 (UTC) Received: from svn.freebsd.org (svn.FreeBSD.org [8.8.178.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0D6Ltj6034886; Sun, 13 Jan 2013 06:21:55 GMT (envelope-from eadler@svn.freebsd.org) Received: (from eadler@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0D6LtA5034885; Sun, 13 Jan 2013 06:21:55 GMT (envelope-from eadler@svn.freebsd.org) Message-Id: <201301130621.r0D6LtA5034885@svn.freebsd.org> From: Eitan Adler Date: Sun, 13 Jan 2013 06:21:55 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40606 - head/en_US.ISO8859-1/books/faq X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jan 2013 06:21:55 -0000 Author: eadler Date: Sun Jan 13 06:21:55 2013 New Revision: 40606 URL: http://svnweb.freebsd.org/changeset/doc/40606 Log: Update and clarify the securelevel question. Approved by: bcr (mentor) Modified: head/en_US.ISO8859-1/books/faq/book.xml Modified: head/en_US.ISO8859-1/books/faq/book.xml ============================================================================== --- head/en_US.ISO8859-1/books/faq/book.xml Sun Jan 13 06:19:54 2013 (r40605) +++ head/en_US.ISO8859-1/books/faq/book.xml Sun Jan 13 06:21:55 2013 (r40606) @@ -6538,13 +6538,12 @@ Key F15 A A Menu Wo - The securelevel is a security mechanism implemented in - the kernel. Basically, when the securelevel is positive, the + securelevel is a security + mechanism implemented in the kernel. When the securelevel + is positive, the kernel restricts certain tasks; not even the superuser - (i.e., root) is allowed to do them. At - the time of this writing, the securelevel mechanism is - capable of, among other things, limiting the ability - to: + (i.e., root) is allowed to do them. + The securelevel mechanism limits the ability to: @@ -6571,17 +6570,15 @@ Key F15 A A Menu Wo To check the status of the securelevel on a running system, simply execute the following command: - &prompt.root; sysctl kern.securelevel + &prompt.root; sysctl -n kern.securelevel - The output will contain the name of the &man.sysctl.8; - variable (in this case, kern.securelevel) - and a number. The latter is the current value of the + The output contains the current value of the securelevel. If it is positive (i.e., greater than 0), at least some of the securelevel's protections are enabled. - You cannot lower the securelevel of a running system; - being able to do that would defeat its purpose. If you need + The securelevel of a running system can not be + lowered as this would defeat its purpose. If you need to do a task that requires that the securelevel be non-positive (e.g., an installworld or changing the date), you will have to change the @@ -6618,12 +6615,8 @@ Key F15 A A Menu Wo mailing lists, particularly the &a.security;. Please search the archives here for an - extensive discussion. Some people are hopeful that - securelevel will soon go away in favor of a more - fine-grained mechanism, but things are still hazy in this - respect. - - Consider yourself warned. + extensive discussion. A more fine-grained mechanism + is preffered.