From owner-freebsd-ports@FreeBSD.ORG Tue Feb 17 15:44:58 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C36316A4CE for ; Tue, 17 Feb 2004 15:44:58 -0800 (PST) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 388D543D1F for ; Tue, 17 Feb 2004 15:44:58 -0800 (PST) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 3000) id D3C1E1183E; Wed, 18 Feb 2004 00:44:56 +0100 (CET) Date: Wed, 18 Feb 2004 00:44:56 +0100 From: "Simon L. Nielsen" To: Ted Cabeen Message-ID: <20040217234454.GB771@arthur.nitro.dk> References: <20040217193127.5655.qmail@laurel.tmseck.homedns.org> <87vfm5777l.fsf@gray.impulse.net> <20040217212137.GD719@laurel.tmseck.homedns.org> <87znbh4cii.fsf@gray.impulse.net> <20040217222807.GA771@arthur.nitro.dk> <87r7wt49ok.fsf@gray.impulse.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hHWLQfXTYDoKhP50" Content-Disposition: inline In-Reply-To: <87r7wt49ok.fsf@gray.impulse.net> User-Agent: Mutt/1.5.5.1i cc: Thomas-Martin Seck cc: freebsd-ports@freebsd.org Subject: Re: Feature Request: /usr/local/etc/rc.conf support X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 23:44:58 -0000 --hHWLQfXTYDoKhP50 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004.02.17 14:34:35 -0800, Ted Cabeen wrote: > "Simon L. Nielsen" writes: > > On 2004.02.17 13:33:25 -0800, Ted Cabeen wrote: > >> The system securelevel is set in the /etc/rc.conf file. To prevent an > >> attacker from changing the securelevel defined there and then > >> rebooting the machine, I set the /etc/rc.conf file to be immutable. > >> However, I'd like to be able to install new ports and have them start > >> automatically without having to boot to single-user to modify rc.conf > >> (or any other configuration file equivalent to rc.conf). > > > > There is also the option of using the (yet) undocumented in FreeBSD [1] > > /etc/rc.conf.d/service files. E.g. to enable rsyncd you would have > > /etc/rc.conf.d/rsyncd with the variable rsyncd_enable=3D"YES" (Note: I > > haven't tested this, but I'm rather sure I'm reading the source and > > NetBSD manual page corrrectly). >=20 > Would that file only be parsed when starting a service with that name, > or would it be parsed at the beginning of the rc run? It will only be parsed for the single script, e.g. rsyncd in the example above. So, if you add secure_level=3D"0" to /etc/rc.conf.d/rsyncd it should not (I'm almost certain it won't, but I haven't tested it) be used for any other start up script than rsync - which will of course ignore that variable. I actually have a slight feeling (by looking at the code) that there might be a leak for variables for system services (with startup scripts in /etc/rc.d/*) but I might be wrong. The scripts in /usr/local/etc/rc.d are started differently, so the potential problem won't affect them. --=20 Simon L. Nielsen FreeBSD Documentation Team --hHWLQfXTYDoKhP50 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFAMqd2h9pcDSc1mlERAgvkAJ9qf0L04T99dLBuoqinjfQMBUuusQCfe22K 5+huf8FZn1eDWon72a/6c8A= =wZnB -----END PGP SIGNATURE----- --hHWLQfXTYDoKhP50--