Feature Request: /usr/local/etc/rc.conf support
secabeen at pobox.com
Tue Feb 17 13:33:25 PST 2004
Thomas-Martin Seck <tmseck-lists at netcologne.de> writes:
> * Ted Cabeen (secabeen at pobox.com):
>> tmseck-lists at netcologne.de (Thomas-Martin Seck) writes:
>> > * Ted Cabeen <secabeen at pobox.com> [gmane.os.freebsd.devel.ports]:
>> >> With the ever-increasing number of ports that use rc.conf variables to
>> >> regulate their startup, would it be possible to add support for a
>> >> /usr/local/etc/rc.conf file in FreeBSD? The constant changes to the
>> >> rc.conf file have been playing havoc with my centralized management
>> >> systems, and it makes it harder and harder to keep the /etc/rc.conf
>> >> file set immutable (which I like to do on critical servers, to prevent
>> >> the securelevel from changing).
>> > You can use /etc/rc.conf.local.
>> Yeah, but that's supposedly deprecated.
> Maybe, but 5.x still uses it "for historical reasons". Neither rc(8) nor
> rc.conf(5) say "deprecated". Do you mean rc.local?
Okay. I read "for historical reasons" as "we might get rid of this
someday, so don't use it".
>> > See the declaration of rc_conf_files in /etc/defaults/rc.conf.
>> Also, that doesn't solve the problem of securelevels. rc.conf.local
>> is still parsed by the boot scripts and could be used to over-ride the
>> system's securelevel.
> I cannot follow you here. What does the securelevel value have to do
> with all this?
The system securelevel is set in the /etc/rc.conf file. To prevent an
attacker from changing the securelevel defined there and then
rebooting the machine, I set the /etc/rc.conf file to be immutable.
However, I'd like to be able to install new ports and have them start
automatically without having to boot to single-user to modify rc.conf
(or any other configuration file equivalent to rc.conf).
Ted Cabeen http://www.pobox.com/~secabeen ted at impulse.net
Check Website or Keyserver for PGP/GPG Key BA0349D2 secabeen at pobox.com
"I have taken all knowledge to be my province." -F. Bacon secabeen at cabeen.org
"Human kind cannot bear very much reality."-T.S.Eliot cabeen at netcom.com
More information about the freebsd-ports