diff options
| author | jkoshy <jkoshy@FreeBSD.org> | 1998-06-19 08:34:52 +0000 |
|---|---|---|
| committer | jkoshy <jkoshy@FreeBSD.org> | 1998-06-19 08:34:52 +0000 |
| commit | 20df804cb40473d53d25636ead10cc0777542868 (patch) | |
| tree | a3d91ff3908442e23d340f92597854f26ba54586 | |
| parent | 04eef5d8c3a9c8d763925aa732628a88a41b3d53 (diff) | |
| download | FreeBSD-src-20df804cb40473d53d25636ead10cc0777542868.zip FreeBSD-src-20df804cb40473d53d25636ead10cc0777542868.tar.gz | |
Fixes per PR 2850:
(a) Note that the default securelevel value is -1, in -current and -stable.
(b) Mention kernel sysctl variable that controls securelevel.
(c) Add warning the `fsck' will fail if securelevel >= 2.
(d) Suggest end of /etc/rc as the right place to raise securelevel.
and one spelling fix.
PR: 2850
| -rw-r--r-- | sbin/init/init.8 | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/sbin/init/init.8 b/sbin/init/init.8 index 1b5bf5f..a4ba56f 100644 --- a/sbin/init/init.8 +++ b/sbin/init/init.8 @@ -33,7 +33,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)init.8 8.3 (Berkeley) 4/18/94 -.\" $Id: init.8,v 1.9 1997/04/01 20:41:04 mpp Exp $ +.\" $Id: init.8,v 1.10 1997/08/02 00:22:48 davidn Exp $ .\" .Dd April 18, 1994 .Dt INIT 8 @@ -92,6 +92,7 @@ The security levels are: .Bl -tag -width flag .It Ic -1 Permanently insecure mode \- always run the system in level 0 mode. +This is the default initial value. .It Ic 0 Insecure mode \- immutable and append-only flags may be turned off. All devices may be read or written subject to their permissions. @@ -125,7 +126,10 @@ If level 2 mode is desired while running multiuser, it can be set while single user, e.g., in the startup script .Pa /etc/rc , using -.Xr sysctl 8 . +.Xr sysctl 8 +to set the +.Dq kern.securelevel +variable to the required security level. .Pp In multi-user operation, .Nm init @@ -241,7 +245,7 @@ signal, i.e. This is useful for shutting the machine down cleanly from inside the kernel or from X when the machine appears to be hung. .Pp -When shuting down the machine, +When shutting down the machine, .Nm init will try to run the .Pa /etc/rc.shutdown @@ -302,13 +306,22 @@ System shutdown commands. .Xr halt 8 , .Xr rc 8 , .Xr reboot 8 , -.Xr shutdown 8 +.Xr shutdown 8 , +.Xr sysctl 8 .Sh HISTORY A .Nm command appeared in .At v6 . -.Sh BUGS +.Sh CAVEATS Systems without .Xr sysctl behave as though they have security level \-1. +.Pp +Setting the security level to 2 too early in the boot sequence can +prevent +.Xr fsck 8 +from repairing inconsistent filesystems. The +preferred location to set the security level is at the end of +.Pa /etc/rc +after all multi-user startup actions are complete. |
