From owner-freebsd-stable Fri Jan 14 19:38:15 2000 Delivered-To: freebsd-stable@freebsd.org Received: from fever.semiotek.com (H253.C225.tor.velocet.net [216.126.82.253]) by hub.freebsd.org (Postfix) with ESMTP id C978214E1D for ; Fri, 14 Jan 2000 19:38:10 -0800 (PST) (envelope-from jread@fever.semiotek.com) Received: (from jread@localhost) by fever.semiotek.com (8.9.3/8.9.3) id WAA57605 for freebsd-stable@freebsd.org; Fri, 14 Jan 2000 22:37:18 -0500 (EST) (envelope-from jread) Date: Fri, 14 Jan 2000 22:37:18 -0500 From: Justin Wells To: freebsd-stable@freebsd.org Subject: cannot buildworld with securelevel turned on Message-ID: <20000114223717.A57576@semiotek.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is what happens when I try to do a buildworld: install -C -c -o root -g wheel -m 444 -fschg libdescrypt.so.2 /usr/obj/usr/src/tmp/usr/lib install: /usr/obj/usr/src/tmp/usr/lib/libdescrypt.so.2: chown/chgrp: Operation not permitted *** Error code 71 The problem is that I am running with securelevel turned on. My plan was to do the "buildworld" with the server up, then drop to single user mode, run the "installworld", and hopefully bring it back up again without being down for too long. Now I will require an extra reboot just to clear the securelevel flag. Is it really necessary to mark the stuff in /usr/obj with schg? I guess someone could modify the stuff in there, and then wait for me to upgrade my system or something. But they could equally well modify the source files in /usr/src, so I'm not sure how much security this adds. I think the schg flag should not be set here. Justin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message