Date: 30 Nov 2000 23:05:19 -0000 From: mwm@mired.org To: FreeBSD-gnats-submit@freebsd.org Subject: docs/23200: [PATCH] New FAQ entry, describing securelevel time change problem Message-ID: <20001130230519.40602.qmail@guru.mired.org>
next in thread | raw e-mail | index | archive | help
>Number: 23200
>Category: docs
>Synopsis: [PATCH] New FAQ entry, describing securelevel time change problem
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 30 15:10:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Mike Meyer
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
Meyer Consulting
>Environment:
System: FreeBSD guru.mired.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Nov 19 06:16:20 CST 2000 mwm@guru.mired.org:/usr/obj/sharetmp/src/sys/GURU i386
>Description:
Lots of people are running into not being able to change the time by
more than a second because they are have kern.securelevel > 1. This is
a clone of my previous FAQ entry about chflags and secure level,
tweaked for time changes.
>How-To-Repeat:
Hang out in -questions and watch this one go back.
>Fix:
Apply the attached patch. Note that I also fixed a dangling pronoun in the
preceeding question while I found was cloning it.
Aside: the docs people are to be congratulated on how quickly they
respond to such pr's!
--- book.sgml Sun Nov 26 15:08:44 2000
+++ /tmp/book.sgml Thu Nov 30 17:04:01 2000
@@ -6533,13 +6533,40 @@
<screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
<para>You cannot lower the security level; you have to boot
- to single mode to install the kernel, or change it in
- <filename>/etc/rc.conf</filename> then reboot. See the
- &man.init.8; man page for details on securelevel, and
+ to single mode to install the kernel, or change the
+ security in <filename>/etc/rc.conf</filename> then reboot. See
+ the &man.init.8; man page for details on securelevel, and
see <filename>/etc/defaults/rc.conf</filename> and the
&man.rc.conf.5; man page for more information on rc.conf.</para>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question id="kernel-chflag-failure">
+ <para>I can't change the time on my system by more than one second!
+ How do I get around this?</para>
+ </question>
+
+ <answer>
+ <para>Short answer: You're probably at security level
+ greater than 1. Reboot directly to single user mode to
+ change the date.</para>
+
+ <para>Long answer: FreeBSD disallows changing the time by
+ more that one second at security levels greater than 1. You
+ can check your security level with the command:</para>
+
+ <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
+
+ <para>You cannot lower the security level; you have to boot
+ to single mode to change the date, or change the security
+ level in <filename>/etc/rc.conf</filename> then reboot. See
+ the &man.init.8; man page for details on securelevel, and
+ see <filename>/etc/defaults/rc.conf</filename> and the
+ &man.rc.conf.5; man page for more information on rc.conf.</para>
+ </answer>
+ </qandaentry>
+
</qandaset>
</chapter>
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001130230519.40602.qmail>