Date: Fri, 11 May 2007 13:17:24 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG, andrej@antiszoc.hu Subject: Re: freebsd and securelevel question Message-ID: <200705111117.l4BBHOwV064797@lurza.secnetix.de> In-Reply-To: <54364.195.70.43.76.1178880987.squirrel@duloc.webmedia.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Gót András <andrej@antiszoc.hu> wrote: > So. The simple question is: Why FreeBSD has securelevel 0 if init sets it > to 1, if it sees at boot that the level is 0? :) It's OK that it's in the > manual, but there are two default ways to set securelevel at boot time > also. I don't really get the point of this forced 0 to 1 changing. The reason is so that /etc/rc and all of the related startup scripts can run at level 0, which might be necessary for various reasons, and afterwards the level is autmatically increased to 1. If you don't want that, you should leave the level at the default of -1. > We'd like to use our machines with securelevel 0 by default, so I had > comment out the relevant two lines from init.c. Uhm, could you please explain why you want to do that? It doesn't make sense. Note that level -1 behaves exactly the same as level 0 (i.e. no restrictions at all), the only difference is that -1 prevents the automatic increase to level 1 when the system goes multi-user. So, if you want to run permanently without restrictions, then you should leave the secure level at the default value of -1. It's all explained in the init(8) manual page. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Documentation is like sex; when it's good, it's very, very good, and when it's bad, it's better than nothing." -- Dick Brandon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705111117.l4BBHOwV064797>