From owner-freebsd-doc Thu Nov 30 15:10: 8 2000 Delivered-To: freebsd-doc@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 4995F37B402 for ; Thu, 30 Nov 2000 15:10:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eAUNA1K16101; Thu, 30 Nov 2000 15:10:01 -0800 (PST) (envelope-from gnats) Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 9A43B37B400 for ; Thu, 30 Nov 2000 15:05:19 -0800 (PST) Received: (qmail 40603 invoked by uid 100); 30 Nov 2000 23:05:19 -0000 Message-Id: <20001130230519.40602.qmail@guru.mired.org> Date: 30 Nov 2000 23:05:19 -0000 From: mwm@mired.org Reply-To: mwm@mired.org To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: docs/23200: [PATCH] New FAQ entry, describing securelevel time change problem Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 23200 >Category: docs >Synopsis: [PATCH] New FAQ entry, describing securelevel time change problem >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Nov 30 15:10:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Mike Meyer >Release: FreeBSD 5.0-CURRENT i386 >Organization: Meyer Consulting >Environment: System: FreeBSD guru.mired.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Nov 19 06:16:20 CST 2000 mwm@guru.mired.org:/usr/obj/sharetmp/src/sys/GURU i386 >Description: Lots of people are running into not being able to change the time by more than a second because they are have kern.securelevel > 1. This is a clone of my previous FAQ entry about chflags and secure level, tweaked for time changes. >How-To-Repeat: Hang out in -questions and watch this one go back. >Fix: Apply the attached patch. Note that I also fixed a dangling pronoun in the preceeding question while I found was cloning it. Aside: the docs people are to be congratulated on how quickly they respond to such pr's! --- book.sgml Sun Nov 26 15:08:44 2000 +++ /tmp/book.sgml Thu Nov 30 17:04:01 2000 @@ -6533,13 +6533,40 @@ &prompt.root; sysctl kern.securelevel You cannot lower the security level; you have to boot - to single mode to install the kernel, or change it in - /etc/rc.conf then reboot. See the - &man.init.8; man page for details on securelevel, and + to single mode to install the kernel, or change the + security in /etc/rc.conf then reboot. See + the &man.init.8; man page for details on securelevel, and see /etc/defaults/rc.conf and the &man.rc.conf.5; man page for more information on rc.conf. + + + + I can't change the time on my system by more than one second! + How do I get around this? + + + + Short answer: You're probably at security level + greater than 1. Reboot directly to single user mode to + change the date. + + Long answer: FreeBSD disallows changing the time by + more that one second at security levels greater than 1. You + can check your security level with the command: + + &prompt.root; sysctl kern.securelevel + + You cannot lower the security level; you have to boot + to single mode to change the date, or change the security + level in /etc/rc.conf then reboot. See + the &man.init.8; man page for details on securelevel, and + see /etc/defaults/rc.conf and the + &man.rc.conf.5; man page for more information on rc.conf. + + + >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message