Feature Request: /usr/local/etc/rc.conf support

Simon L. Nielsen simon at FreeBSD.org
Tue Feb 17 15:44:58 PST 2004


On 2004.02.17 14:34:35 -0800, Ted Cabeen wrote:
> "Simon L. Nielsen" <simon at FreeBSD.org> writes:
> > On 2004.02.17 13:33:25 -0800, Ted Cabeen wrote:
> >> The system securelevel is set in the /etc/rc.conf file.  To prevent an
> >> attacker from changing the securelevel defined there and then
> >> rebooting the machine, I set the /etc/rc.conf file to be immutable.
> >> However, I'd like to be able to install new ports and have them start
> >> automatically without having to boot to single-user to modify rc.conf
> >> (or any other configuration file equivalent to rc.conf).
> >
> > There is also the option of using the (yet) undocumented in FreeBSD [1]
> > /etc/rc.conf.d/service files.  E.g. to enable rsyncd you would have
> > /etc/rc.conf.d/rsyncd with the variable rsyncd_enable="YES" (Note: I
> > haven't tested this, but I'm rather sure I'm reading the source and
> > NetBSD manual page corrrectly).
> 
> Would that file only be parsed when starting a service with that name,
> or would it be parsed at the beginning of the rc run?

It will only be parsed for the single script, e.g. rsyncd in the example
above.  So, if you add secure_level="0" to /etc/rc.conf.d/rsyncd it
should not (I'm almost certain it won't, but I haven't tested it) be
used for any other start up script than rsync - which will of course
ignore that variable.

I actually have a slight feeling (by looking at the code) that there
might be a leak for variables for system services (with startup scripts
in /etc/rc.d/*) but I might be wrong.  The scripts in
/usr/local/etc/rc.d are started differently, so the potential problem
won't affect them.

-- 
Simon L. Nielsen
FreeBSD Documentation Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20040218/3161297e/attachment.bin


More information about the freebsd-ports mailing list