Date: Mon, 26 Feb 2001 17:28:18 +0100 From: Olivier Cortes <olivier.cortes@free.fr> To: richard childers <fscked@pacbell.net> Cc: questions@freebsd.org Subject: Re: SuperProbe: KDENABIO failed Message-ID: <20010226172818.C20117@sylgen.alize-sfl.com> In-Reply-To: <3A9A7CA4.7AB4FEF3@pacbell.net>; from fscked@pacbell.net on Mon, Feb 26, 2001 at 07:56:20AM -0800 References: <3A99FAAA.48167FB6@pacbell.net> <20010226103219.C18545@sylgen.alize-sfl.com> <3A9A7CA4.7AB4FEF3@pacbell.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry if I hurted you, i didn't meant to do that. it's just that this problem has been resolved 3 or 4 times, and all that we could have written was already. i didn't want to be rude... Olivier PS: you didn't mention it, but the man page for securelevel ( or init(8) ) tells you what you can do or not for each securelevel. n Mon, Feb 26, 2001 at 07:56:20AM -0800, richard childers wrote: > "... and PLEASE SEARCH IN THE ARCHIVES, it has already be discussed." > > I am chagrined to find that, indeed, it seems to be quite a popular topic. > (-; > > I've received a few different pointers from a few different people ... some > said sysctl.conf, some said rc.conf. I've been finding /etc/rc.conf a nice > place to centralize things, I will agree. > > A search for sysctl.conf revealed only one such file, > /usr/src/etc/sysctl.conf; this contained only comments, no explicit settings. > The comments referred me to the manual pages for sysctl(8) and > sysctl.conf(5). The man pages alleged to the existence of an > /etc/sysctl.conf, which, I infer, must be created by the administrator, > since it did not exist after installation; or it has been silently merged > into /etc/rc.conf, a fact which the (manual) documentation does not yet > reflect. > > `sysctl -a` revealed a bunch of fascinating properties which I am grateful to > have found, insofar as I am something of a bean-counter where inventorying > system configurations are concerned, finding /proc a rich source of > information under other Unices, but finding FreeBSD's /proc was slim > pickin's. `sysctl -a | grep kern.securelevel` answers the question, best, I > think. > > But I'm a little unclear as to where this is being set, in the kernel; it's > obviously not in /usr/src/etc/sysctl.conf or /etc/sysctl.conf. Possibly in > /etc/defaults/rc.conf ...? Yup. That's the answer, if anyone else is > interested. > > > I'll admit that I have been kind of avoiding dealing with sysctl behavioral > variables ... I usually use other operating systems in production roles > (usually because of specific software, as well as managerial fiat), and it's > never been part of the installation sequence, until now; at least, it wasn't > in FreeBSD 4.0. > > Possibly it would be appropriate to put a small note up alerting installers > that if they change their kernel security level above N, that the following > will not work, and that perhaps if they do not understand the consequences of > this action they should skip it for the moment and read the following manual > pages before running the following command to return to this menu; doesn't > matter whether that command is /stand/sysinstall, or /sbin/sysctl, IMHO. > > I encourage everyone reading this to do a `systcl -a | more`, if you are not > already acquainted with this facet of FreeBSD administration, and check out > quote-unquote MIB style values (nice convergence, there). > > (Note that when you keep track of these sorts of system attributes, it > becomes easy to build tables showing, on a per-system basis, what each > critical variable is set to, and to eliminate problems that accumulate as a > result of small but critical differences between systems that have been > installed, incrementally, over months or years by different people or even > different generations of employees.) > > > Thanks to everyone for helping make this such an educational experience. > > > -- richard > > > Olivier Cortes wrote: > > > yeah, i think Kent is right. > > downgrade your security level. > > you've probably choosen seclevel > 0 so you're stuck without X. > > > > check /etc/rc.conf : > > > > kern_securelevel_enable="YES" > > kern_securelevel="-1" > > > > will work. > > > > and PLEASE SEARCH IN THE ARCHIVES, it has already be discussed. > > > > Olivier. > > > > -- > Richard A. Childers > Senor UNIX Administrator > fscked@pacbell.net (email) > 203.556.8471 (voice/msgs) > > # Providing administrative expertise (not 'damage control') since 1986. > # PGP fingerprint: 7EFF 164A E878 7B04 8E9F 32B6 72C2 D8A2 582C 4AFA > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010226172818.C20117>