From owner-freebsd-questions Sat Jan 8 12:30:58 2000 Delivered-To: freebsd-questions@freebsd.org Received: from news-ma.rhein-neckar.de (news-ma.rhein-neckar.de [193.197.90.3]) by hub.freebsd.org (Postfix) with ESMTP id 5C18A15410 for ; Sat, 8 Jan 2000 12:30:47 -0800 (PST) (envelope-from daemon@bigeye.rhein-neckar.de) Received: from bigeye.rhein-neckar.de (uucp@localhost) by news-ma.rhein-neckar.de (8.8.8/8.8.8) with bsmtp id VAA17436 for freebsd-questions@freebsd.org; Sat, 8 Jan 2000 21:30:36 +0100 (CET) (envelope-from daemon@bigeye.rhein-neckar.de) Received: (from daemon@localhost) by bigeye.rhein-neckar.de (8.9.3/8.9.3) id UAA12815 for freebsd-questions@freebsd.org; Sat, 8 Jan 2000 20:59:58 +0100 (CET) (envelope-from daemon) From: naddy@mips.rhein-neckar.de (Christian Weisgerber) Subject: Re: securelevel? Date: 8 Jan 2000 20:59:57 +0100 Message-ID: <8584vt$cg6$1@bigeye.rhein-neckar.de> References: <857uoh$8c4$1@bigeye.rhein-neckar.de> <4.2.0.58.20000107141157.00999100@mail.enterit.com> To: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jim Conner wrote: > /etc/rc.conf Not to be ungrateful, but like most people who put their reply in front of a (typically in its entirety) quoted message, you apparently haven't really read what you are purporting to respond to. "/etc/rc.conf" what? I fail to see any connection to the questions I asked. Meanwhile, I'm able to answer the first of my questions myself: > >| Any super-user process can raise the security level, but no > >| process can lower it. > > > >Which means that if you go from single-user mode in securelevel 0 > >to multi-user in level 1 and return to single-user you are still > >in level 1, right? Correct. The commit message for revision 1.36 of src/sbin/init/init.c explains: | FreeBSD kernel doesn't allow any process to decrease securelevel. So, | init(8) cannot decrease securelevel. The manual page explains this | and single_user() doesn't try to downgrade kernel to insecure mode. -- Christian "naddy" Weisgerber naddy@mips.rhein-neckar.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message