From owner-freebsd-rc@FreeBSD.ORG Fri Jan 13 19:53:58 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EF661065672; Fri, 13 Jan 2012 19:53:58 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (60.wheelsystems.com [83.12.187.60]) by mx1.freebsd.org (Postfix) with ESMTP id 3291F8FC08; Fri, 13 Jan 2012 19:53:58 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id 3ED41B3A; Fri, 13 Jan 2012 20:53:56 +0100 (CET) Date: Fri, 13 Jan 2012 20:52:48 +0100 From: Pawel Jakub Dawidek To: David O'Brien Message-ID: <20120113195245.GE1694@garage.freebsd.pl> References: <20120112234424.GA41056@dragon.NUXI.org> <20120113192810.GA87287@dragon.NUXI.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZRyEpB+iJ+qUx0kp" Content-Disposition: inline In-Reply-To: <20120113192810.GA87287@dragon.NUXI.org> X-OS: FreeBSD 9.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-rc@freebsd.org Subject: Re: Problem with LOGIN and cron X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2012 19:53:58 -0000 --ZRyEpB+iJ+qUx0kp Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 13, 2012 at 11:28:10AM -0800, David O'Brien wrote: > On Fri, Jan 13, 2012 at 07:11:01AM +0000, Chris Rees wrote: > > On 12 January 2012 23:44, David O'Brien wrote: > > > 'LOGIN' states: > > > =A0 =A0 =A0 =A0This is a dummy dependency to ensure user services suc= h as xdm, > > > =A0 =A0 =A0 =A0inetd, cron and kerberos are started after everything = else, in > > > =A0 =A0 =A0 =A0case the administrator has increased the system securi= ty level > > > =A0 =A0 =A0 =A0and wants to delay user logins until the system is (al= most) fully > > > =A0 =A0 =A0 =A0operational. > > > > > > So based on that, 'securelevel' should have: > > > +# REQUIRE: sysctl > > > +# BEFORE: =A0LOGIN > > > Otherwise a cronjob could act against securelevel=3D1+ for a short pe= roid > > > of time. > >=20 > > Hm, but what if I have an @reboot line in crontab, that relies on > > securelevel <1? >=20 > Can you give an example? >=20 > $ man cron | grep @reboot > {empty} > $ man crontab | grep @reboot > {empty} $ man 5 crontab | grep @reboot @reboot Run once, at startup. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://yomoli.com --ZRyEpB+iJ+qUx0kp Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk8Qi40ACgkQForvXbEpPzROgQCfX7E9VS2mXdTMZ4pMpqbsvdGc pG4AoN6PsF2Gb/zJBhlVouyQTCNrozd0 =xzL4 -----END PGP SIGNATURE----- --ZRyEpB+iJ+qUx0kp--