Problem with LOGIN and cron
David O'Brien
obrien at freebsd.org
Thu Jan 12 23:58:25 UTC 2012
'LOGIN' states:
This is a dummy dependency to ensure user services such as xdm,
inetd, cron and kerberos are started after everything else, in
case the administrator has increased the system security level
and wants to delay user logins until the system is (almost) fully
operational.
So based on that, 'securelevel' should have:
+# REQUIRE: sysctl
+# BEFORE: LOGIN
Otherwise a cronjob could act against securelevel=1+ for a short peroid
of time.
But after adding that one gets
rcorder: Circular dependency on provision `LOGIN' in file `cron'.
rcorder: Circular dependency on provision `LOGIN' in file `jail'.
As 'cron' has "BEFORE: securelevel". Why should that be the case?
This comes from r114735 (Move securelevel further back in the boot order)
but failed to state any serneios.
Thoughts?
'jail' has "REQUIRE: LOGIN" (r113568) and "BEFORE: securelevel". I see
the need for "BEFORE: securelevel", but why the need for "REQUIRE:
LOGIN"?
--
-- David (obrien at FreeBSD.org)
P.S. Does this change in ordering look OK?
--- /tmp/1 2012-01-12 15:40:27.000000000 -0800
+++ /tmp/2 2012-01-12 15:40:33.000000000 -0800
@@ -126,14 +126,13 @@ sdpd
rfcomm_pppd_server
rtadvd
rwho
+jail
+localpkg
+securelevel
LOGIN
syscons
sshd
sendmail
-cron
-jail
-localpkg
-securelevel
power_profile
othermta
nfscbd
@@ -148,6 +147,7 @@ geli2
ftpd
ftp-proxy
dhclient
+cron
bsnmpd
bluetooth
bgfsck
More information about the freebsd-rc
mailing list