Date: 30 Nov 2000 23:05:19 -0000 From: mwm@mired.org To: FreeBSD-gnats-submit@freebsd.org Subject: docs/23200: [PATCH] New FAQ entry, describing securelevel time change problem Message-ID: <20001130230519.40602.qmail@guru.mired.org>
next in thread | raw e-mail | index | archive | help
>Number: 23200 >Category: docs >Synopsis: [PATCH] New FAQ entry, describing securelevel time change problem >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Nov 30 15:10:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Mike Meyer >Release: FreeBSD 5.0-CURRENT i386 >Organization: Meyer Consulting >Environment: System: FreeBSD guru.mired.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Nov 19 06:16:20 CST 2000 mwm@guru.mired.org:/usr/obj/sharetmp/src/sys/GURU i386 >Description: Lots of people are running into not being able to change the time by more than a second because they are have kern.securelevel > 1. This is a clone of my previous FAQ entry about chflags and secure level, tweaked for time changes. >How-To-Repeat: Hang out in -questions and watch this one go back. >Fix: Apply the attached patch. Note that I also fixed a dangling pronoun in the preceeding question while I found was cloning it. Aside: the docs people are to be congratulated on how quickly they respond to such pr's! --- book.sgml Sun Nov 26 15:08:44 2000 +++ /tmp/book.sgml Thu Nov 30 17:04:01 2000 @@ -6533,13 +6533,40 @@ <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen> <para>You cannot lower the security level; you have to boot - to single mode to install the kernel, or change it in - <filename>/etc/rc.conf</filename> then reboot. See the - &man.init.8; man page for details on securelevel, and + to single mode to install the kernel, or change the + security in <filename>/etc/rc.conf</filename> then reboot. See + the &man.init.8; man page for details on securelevel, and see <filename>/etc/defaults/rc.conf</filename> and the &man.rc.conf.5; man page for more information on rc.conf.</para> </answer> </qandaentry> + + <qandaentry> + <question id="kernel-chflag-failure"> + <para>I can't change the time on my system by more than one second! + How do I get around this?</para> + </question> + + <answer> + <para>Short answer: You're probably at security level + greater than 1. Reboot directly to single user mode to + change the date.</para> + + <para>Long answer: FreeBSD disallows changing the time by + more that one second at security levels greater than 1. You + can check your security level with the command:</para> + + <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen> + + <para>You cannot lower the security level; you have to boot + to single mode to change the date, or change the security + level in <filename>/etc/rc.conf</filename> then reboot. See + the &man.init.8; man page for details on securelevel, and + see <filename>/etc/defaults/rc.conf</filename> and the + &man.rc.conf.5; man page for more information on rc.conf.</para> + </answer> + </qandaentry> + </qandaset> </chapter> >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001130230519.40602.qmail>