Date: Sat, 23 Sep 2000 03:41:23 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Vivek Khera <khera@kciLink.com> Cc: freebsd-current@FreeBSD.ORG Subject: Re: call for testers: init securelevel patch Message-ID: <20000923034123.C6957@rohrbach.de> In-Reply-To: <14776.61431.463710.288320@onceler.kciLink.com>; from khera@kciLink.com on Fri, Sep 08, 2000 at 09:56:07AM -0400 References: <20000907152923.A57609@murkwood.znh.org> <Pine.BSF.4.21.0009080855361.30227-100000@besplex.bde.org> <14776.61431.463710.288320@onceler.kciLink.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Vivek Khera(khera@kciLink.com)@Fri, Sep 08, 2000 at 09:56:07AM -0400: [...] > That last sentence makes me think that the person who decided this > does not use a network to update that machine, ie NFS mounting > /usr/src. It is a royal PITA to get networking up and going after a > single-user reboot to get out of secure level. [...] read my lips: con sole ser ver ;-) on a dedicated internal administration network is this the stuff that saves you time. ah, ... and, yes, we use a network also to update the machines ;> but not with nfs mounting /usr/src. best choice is you write a little setup-automagic script for single user mode and place it under /root decrementing securelevel is evil. doing things in userland which can turn off security features is evil. securelevel is your friend. /k -- > Booze is the answer. I don't remember the question. KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000923034123.C6957>