Date: Mon, 26 Feb 2001 07:56:20 -0800 From: richard childers <fscked@pacbell.net> To: Olivier Cortes <receiver@deep-ocean.net>, questions@freebsd.org Subject: Re: SuperProbe: KDENABIO failed Message-ID: <3A9A7CA4.7AB4FEF3@pacbell.net> References: <3A99FAAA.48167FB6@pacbell.net> <20010226103219.C18545@sylgen.alize-sfl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"... and PLEASE SEARCH IN THE ARCHIVES, it has already be discussed." I am chagrined to find that, indeed, it seems to be quite a popular topic. (-; I've received a few different pointers from a few different people ... some said sysctl.conf, some said rc.conf. I've been finding /etc/rc.conf a nice place to centralize things, I will agree. A search for sysctl.conf revealed only one such file, /usr/src/etc/sysctl.conf; this contained only comments, no explicit settings. The comments referred me to the manual pages for sysctl(8) and sysctl.conf(5). The man pages alleged to the existence of an /etc/sysctl.conf, which, I infer, must be created by the administrator, since it did not exist after installation; or it has been silently merged into /etc/rc.conf, a fact which the (manual) documentation does not yet reflect. `sysctl -a` revealed a bunch of fascinating properties which I am grateful to have found, insofar as I am something of a bean-counter where inventorying system configurations are concerned, finding /proc a rich source of information under other Unices, but finding FreeBSD's /proc was slim pickin's. `sysctl -a | grep kern.securelevel` answers the question, best, I think. But I'm a little unclear as to where this is being set, in the kernel; it's obviously not in /usr/src/etc/sysctl.conf or /etc/sysctl.conf. Possibly in /etc/defaults/rc.conf ...? Yup. That's the answer, if anyone else is interested. I'll admit that I have been kind of avoiding dealing with sysctl behavioral variables ... I usually use other operating systems in production roles (usually because of specific software, as well as managerial fiat), and it's never been part of the installation sequence, until now; at least, it wasn't in FreeBSD 4.0. Possibly it would be appropriate to put a small note up alerting installers that if they change their kernel security level above N, that the following will not work, and that perhaps if they do not understand the consequences of this action they should skip it for the moment and read the following manual pages before running the following command to return to this menu; doesn't matter whether that command is /stand/sysinstall, or /sbin/sysctl, IMHO. I encourage everyone reading this to do a `systcl -a | more`, if you are not already acquainted with this facet of FreeBSD administration, and check out quote-unquote MIB style values (nice convergence, there). (Note that when you keep track of these sorts of system attributes, it becomes easy to build tables showing, on a per-system basis, what each critical variable is set to, and to eliminate problems that accumulate as a result of small but critical differences between systems that have been installed, incrementally, over months or years by different people or even different generations of employees.) Thanks to everyone for helping make this such an educational experience. -- richard Olivier Cortes wrote: > yeah, i think Kent is right. > downgrade your security level. > you've probably choosen seclevel > 0 so you're stuck without X. > > check /etc/rc.conf : > > kern_securelevel_enable="YES" > kern_securelevel="-1" > > will work. > > and PLEASE SEARCH IN THE ARCHIVES, it has already be discussed. > > Olivier. > -- Richard A. Childers Senor UNIX Administrator fscked@pacbell.net (email) 203.556.8471 (voice/msgs) # Providing administrative expertise (not 'damage control') since 1986. # PGP fingerprint: 7EFF 164A E878 7B04 8E9F 32B6 72C2 D8A2 582C 4AFA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A9A7CA4.7AB4FEF3>