From owner-freebsd-ports@FreeBSD.ORG Tue Feb 17 13:33:25 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7897D16A4CF for ; Tue, 17 Feb 2004 13:33:25 -0800 (PST) Received: from gray.impulse.net (gray.impulse.net [207.154.64.174]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F87043D1D for ; Tue, 17 Feb 2004 13:33:25 -0800 (PST) (envelope-from ted@impulse.net) Received: by gray.impulse.net (Postfix, from userid 1000) id 342E66C8; Tue, 17 Feb 2004 13:33:25 -0800 (PST) To: Thomas-Martin Seck References: <20040217193127.5655.qmail@laurel.tmseck.homedns.org> <87vfm5777l.fsf@gray.impulse.net> <20040217212137.GD719@laurel.tmseck.homedns.org> From: Ted Cabeen Organization: Impulse Internet Services Date: Tue, 17 Feb 2004 13:33:25 -0800 In-Reply-To: <20040217212137.GD719@laurel.tmseck.homedns.org> (Thomas-Martin Seck's message of "Tue, 17 Feb 2004 22:21:37 +0100") Message-ID: <87znbh4cii.fsf@gray.impulse.net> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Reasonable Discussion, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-ports@freebsd.org Subject: Re: Feature Request: /usr/local/etc/rc.conf support X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 21:33:25 -0000 Thomas-Martin Seck writes: > * Ted Cabeen (secabeen@pobox.com): > >> tmseck-lists@netcologne.de (Thomas-Martin Seck) writes: >> >> > * Ted Cabeen [gmane.os.freebsd.devel.ports]: >> > >> >> With the ever-increasing number of ports that use rc.conf variables to >> >> regulate their startup, would it be possible to add support for a >> >> /usr/local/etc/rc.conf file in FreeBSD? The constant changes to the >> >> rc.conf file have been playing havoc with my centralized management >> >> systems, and it makes it harder and harder to keep the /etc/rc.conf >> >> file set immutable (which I like to do on critical servers, to prevent >> >> the securelevel from changing). >> > >> > You can use /etc/rc.conf.local. >> >> Yeah, but that's supposedly deprecated. > > Maybe, but 5.x still uses it "for historical reasons". Neither rc(8) nor > rc.conf(5) say "deprecated". Do you mean rc.local? Okay. I read "for historical reasons" as "we might get rid of this someday, so don't use it". >> > See the declaration of rc_conf_files in /etc/defaults/rc.conf. >> >> Also, that doesn't solve the problem of securelevels. rc.conf.local >> is still parsed by the boot scripts and could be used to over-ride the >> system's securelevel. > > I cannot follow you here. What does the securelevel value have to do > with all this? The system securelevel is set in the /etc/rc.conf file. To prevent an attacker from changing the securelevel defined there and then rebooting the machine, I set the /etc/rc.conf file to be immutable. However, I'd like to be able to install new ports and have them start automatically without having to boot to single-user to modify rc.conf (or any other configuration file equivalent to rc.conf). -- Ted Cabeen http://www.pobox.com/~secabeen ted@impulse.net Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen@pobox.com "I have taken all knowledge to be my province." -F. Bacon secabeen@cabeen.org "Human kind cannot bear very much reality."-T.S.Eliot cabeen@netcom.com