From owner-freebsd-rc@FreeBSD.ORG Sat Jan 14 01:19:02 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 172CB106566B; Sat, 14 Jan 2012 01:19:02 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from 172-17-198-245.globalsuite.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id E3F7C1548BB; Sat, 14 Jan 2012 01:19:00 +0000 (UTC) Message-ID: <4F10D803.5060706@FreeBSD.org> Date: Fri, 13 Jan 2012 17:18:59 -0800 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20111222 Thunderbird/9.0 MIME-Version: 1.0 To: obrien@FreeBSD.org References: <20120112234424.GA41056@dragon.NUXI.org> <4F1004DB.2030102@FreeBSD.org> <20120113193246.GB87287@dragon.NUXI.org> In-Reply-To: <20120113193246.GB87287@dragon.NUXI.org> X-Enigmail-Version: undefined OpenPGP: id=1A1ABC84 Content-Type: multipart/mixed; boundary="------------090603040807070704090303" Cc: freebsd-rc@FreeBSD.org Subject: Re: Problem with LOGIN and cron X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jan 2012 01:19:02 -0000 This is a multi-part message in MIME format. --------------090603040807070704090303 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 01/13/2012 11:32, David O'Brien wrote: > On Fri, Jan 13, 2012 at 02:18:03AM -0800, Doug Barton wrote: >> I haven't fully processed the implications to your proposed change to >> rcorder, but a quick meta-note. We should not introduce any new >> examples of BEFORE in base rc.d scripts. That knob is useful for >> ports/local stuff, but it makes debugging harder. > > Doug, > Thanks for the info. I need to digest the BEFORE vs. LOGIN REQUIRE it a > little bit more with my local patch. > > >> It moves cron and jail from right before LOGIN, to fairly late after it. >> There are no other changes. On my system specifically: > > With my change, jail was pushed earlier, not later. I'm pretty sure > jail should run before changes the secure level -- especially if one > wants securelevel=3. Fair enough, attached patch doesn't change jail but moves cron late like my last patch. Doug -- You can observe a lot just by watching. -- Yogi Berra Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ --------------090603040807070704090303 Content-Type: text/plain; name="rc.d-securelevel.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="rc.d-securelevel.diff" diff -ur /usr/src/etc/rc.d/LOGIN ./LOGIN --- /usr/src/etc/rc.d/LOGIN 2012-01-08 14:34:00.000000000 -0800 +++ ./LOGIN 2012-01-13 02:06:23.000000000 -0800 @@ -4,7 +4,7 @@ # # PROVIDE: LOGIN -# REQUIRE: DAEMON +# REQUIRE: DAEMON securelevel # This is a dummy dependency to ensure user services such as xdm, # inetd, cron and kerberos are started after everything else, in case Only in /usr/src/etc/rc.d: Makefile diff -ur /usr/src/etc/rc.d/cron ./cron --- /usr/src/etc/rc.d/cron 2012-01-08 14:34:01.000000000 -0800 +++ ./cron 2012-01-13 02:08:04.000000000 -0800 @@ -5,7 +5,6 @@ # PROVIDE: cron # REQUIRE: LOGIN cleanvar -# BEFORE: securelevel # KEYWORD: shutdown . /etc/rc.subr diff -ur /usr/src/etc/rc.d/jail ./jail --- /usr/src/etc/rc.d/jail 2012-01-08 14:34:01.000000000 -0800 +++ ./jail 2012-01-13 17:09:44.000000000 -0800 @@ -4,8 +4,7 @@ # # PROVIDE: jail -# REQUIRE: LOGIN cleanvar -# BEFORE: securelevel +# REQUIRE: DAEMON cleanvar # KEYWORD: nojail shutdown # WARNING: This script deals with untrusted data (the data and diff -ur /usr/src/etc/rc.d/securelevel ./securelevel --- /usr/src/etc/rc.d/securelevel 2012-01-08 14:34:01.000000000 -0800 +++ ./securelevel 2012-01-13 17:14:55.000000000 -0800 @@ -4,6 +4,7 @@ # # PROVIDE: securelevel +# REQUIRE: DAEMON jail . /etc/rc.subr --------------090603040807070704090303--