From owner-freebsd-questions@FreeBSD.ORG  Fri Dec  5 09:34:59 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 425C516A4CE
	for <questions@freebsd.org>; Fri,  5 Dec 2003 09:34:59 -0800 (PST)
Received: from tomts36-srv.bellnexxia.net (tomts36.bellnexxia.net
	[209.226.175.93])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4901743FD7
	for <questions@freebsd.org>; Fri,  5 Dec 2003 09:34:57 -0800 (PST)
	(envelope-from dlavigne6@sympatico.ca)
Received: from [192.168.2.95] ([64.230.30.226])
	by tomts36-srv.bellnexxia.netESMTP
	<20031205173456.VUCR22549.tomts36-srv.bellnexxia.net@[192.168.2.95]>;
	Fri, 5 Dec 2003 12:34:56 -0500
Date: Fri, 5 Dec 2003 12:36:22 -0500 (EST)
From: Dru <dlavigne6@sympatico.ca>
X-X-Sender: dlavigne6@genisis
To: Nathan Kinkade <nkinkade@ub.edu.bz>
In-Reply-To: <20031204220312.GC15894@npkfbsd>
Message-ID: <20031205123457.D624@genisis>
References: <20031204141547.T598@genisis> <20031204220312.GC15894@npkfbsd>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: questions@freebsd.org
Subject: Re: protecting loader
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Dec 2003 17:34:59 -0000



On Thu, 4 Dec 2003, Nathan Kinkade wrote:

> On Thu, Dec 04, 2003 at 02:20:07PM -0500, Dru wrote:
> >
> > Is there a way to prevent a user from bypassing loader and
> > loading/unloading stuff at the OK prompt? (other than physical security
> > measures)
> >
> > I tried placing "/boot/loader -n" in "/boot.config", but it didn't make a
> > difference.
> >
> > Dru
>
> If I understand your question, you could put the following line in your
> /boot/loader.conf file:
>
> autoboot_delay="0"
>
> I think this will effectively prevent users from interrupting the loader
> to make changes.  Just make sure that you have some other way to boot
> the system, such as a floppy, in case you later run into problems.
>
> Nathan
> --
> gpg --keyserver pgp.mit.edu --recv-keys D8527E49


Actually, I discovered that "password=somevalue" in /boot/loader.conf
filled the bill quite nicely :-)

Dru