summaryrefslogtreecommitdiffstats
path: root/etc/mtree/BSD.var.dist
Commit message (Collapse)AuthorAgeFilesLines
* Disable SSL renegotiation in order to protect against a seriouscperciva2009-12-031-1/+1
| | | | | | | | | | | | | | | protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate
* Add FreeBSD Update 2.0 client code. The build code is in the projectscperciva2006-08-311-0/+2
| | | | | | repository. Sponsored by: FreeBSD security development fundraiser
* Change group for /var/audit to audit, so that audit review can berwatson2006-02-051-0/+2
| | | | | | delegated to non-administrators. Obtained from: TrustedBSD Project
* Add /var/audit, mode 750, which will hold audit trail files.rwatson2006-02-021-0/+2
| | | | Obtained from: TrustedBSD Project
* Add portsnap to the base system. This is a secure, easy to use,cperciva2005-08-081-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | fast, lightweight, and generally good way for users to keep their ports trees up to date. This is version 0.9.4 from the ports tree (sysutils/portsnap) with the following changes: 1. The experimental pipelined http code is enabled. No seatbelts in -CURRENT. (^_^) 2. The working directory has moved from /usr/local/portsnap to /var/db/portsnap (as discussed on -arch two days ago). 3. Portsnap now fetches a list of mirrors (distributed as DNS SRV records) and selects one randomly. This should help to avoid the uneven loading which plagues the cvsup mirror network. 4. The license is now 2-clause BSD instead of 3-clause BSD. 5. Various incidental changes to make portsnap fit into the base system's build mechanics. X-MFC-After: 6.0-RELEASE X-MFC-Before: 5.5-RELEASE X-MFC-To: RELENG_6, RELENG_5, ports discussed on: -arch and several other places "yes please" from: simon, remko, flz, Diane Bruce thinks this is a great idea: bsdimp Hopes he didn't forget any files: cperciva
* Remove a redundant "uname=root".ru2004-10-151-1/+1
| | | | Forgotten by: dougb
* Create a named chroot directory structure in /var/named, and use itdougb2004-09-281-0/+2
| | | | | | | | | | | | | | | | by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
* Add /var/db/ports/ (support directory necessary foreivind2004-01-201-0/+2
| | | | ports that use the new OPTIONS infrastructure)
* Scheduled sweep using the README guidelines.ru2003-11-291-4/+2
| | | | Approved by: re (rwatson)
* Restore /var/games; lots of ports' games use it.markm2002-11-041-0/+3
|
* Do not build the majority of the games. Remaining are themarkm2002-10-201-11/+0
| | | | "utility-like" games and everyone's favourite, fortune(6).
* Revert previous delta, setting the system immutable flag on /var/emptysheldonh2002-06-261-1/+1
| | | | | instead of the user immutable flag, now that mergemaster handles schg directories in its /var/tmp/temproot.
* Tone down the previous delta: don't set the system immutable flag onsheldonh2002-06-261-1/+1
| | | | | /var/empty, because it makes it difficult for mergemaster(8) to remove /var/tmp/temproot/var.
* The previous delta introduced /var/empty, for use by openssh-portable,sheldonh2002-06-241-1/+1
| | | | | | | | | | which needs an empty directory into which to chroot(2). Hint to the operator that this directory really _should_ be empty by creating it with mode 0555 and the system immutable flag (schg) set. Reviewed by: des
* Add /var/empty for the OpenSSH privsep code.des2002-06-231-0/+2
|
* In my continuing crusade to make life better for non-sendmail users, avoidgshapiro2002-04-201-2/+0
| | | | | | | | the creation of /var/spool/clientmqueue and therefore the need for the smmsp user and group if NO_SENDMAIL is defined. This required breaking out the creation of the directory into a new BSD.sendmail.dist mtree file. MFC after: 1 week
* Add /var/spool/clientmqueue for 8.12's non-set-user-ID root mail submissiongshapiro2002-02-171-0/+2
|
* Apply README style guidelines (this time checked).ru2001-11-191-10/+10
|
* Change mode for var/db/ipf to 0700guido2001-11-171-1/+1
|
* Fix a bug I introduced yesterday. People who built world since thecjc2001-11-021-0/+1
| | | | previous commit yesterday may wish to check /var/run for junk.
* Add a directory in /var/run to store ppp(8) command sockets.cjc2001-11-011-0/+1
| | | | | | PR: bin/29966 Approved by: brian MFC after: 4
* Remove /var/spool/uucp subtree, not needed for 'cu'ache2001-10-261-14/+0
|
* The same unbreakage (0755 -> 0775) for /var/games and subdirsache2001-10-251-3/+3
|
* Fix /var/mail, /var/rwho and /var/spool/lock back to 0775ache2001-10-251-3/+3
| | | | Not sure about other dirs with the same damage (0755) by recent commit.
* Style these once again.ru2001-10-251-9/+8
|
* Create /var/db/ipfdarrenr2001-10-201-0/+2
| | | | PR: 27070
* Put back /var/spool/uucp so it can be used for serial port locking.kris2001-10-011-0/+14
|
* UUCP removal phase II. These directories are now created by thekris2001-10-011-16/+0
| | | | freebsd-uucp port.
* Invoke named with privilege of bind:bind.kuriyama2001-08-231-0/+2
| | | | Change pidfile location to /var/run/named/pid.
* Build standard directory for kerberos 5 (Heimdal) database.markm2001-07-281-1/+4
|
* Mention the path to the README file in the header comment.nik2001-06-261-1/+1
| | | | Submitted by: Rich Morin <rdm@cfcl.com>
* Apparently, people do not listen for a plea to look into theru2001-02-151-27/+27
| | | | README file before making changes here. Fix them once again.
* Move the process of storing entropy from /dev/random and reseeding withdougb2001-01-141-0/+4
| | | | | | | | | | | | | | | | it at boot time closer to the way we want it to be in the final version. * Move the default directory to /var/db/entropy * Run the entropy saving cron job every 11 minutes. This seems to be a better default, although still bikeshed material. * Feed /dev/random some cheesy "entropy" from various commands and files before the disks are mounted. This gives /dev/random a better chance of running without blocking early. * Move the reseeding with previously stored entropy to the point immediately after the disks are mounted. * Make the harvesting script a little safer in regards to the possibility of accidentally overwriting something other than a regular file.
* $Id$ -> $FreeBSD$peter1999-08-271-1/+1
|
* This cleans up all the white space errors so that the nextrgrimes1999-08-241-8/+8
| | | | commit is easier to understand.
* Fix script in README to actually work, empty lines produce asrgrimes1999-08-231-1/+3
| | | | | | much a diff as lines with the wrong stuff on it. Add references in mtree data files to the README.
* Explicitly specify mode 755 for /var/db/pkg -- it will be mode 700 otherwise.asami1999-03-311-2/+2
|
* Add /var/db/pkg.asami1999-03-311-1/+3
| | | | Submitted by: John Hay <jhay@mikom.csir.co.za>
* Old nit lying around in a source tree: Slightly optimize the number ofpeter1998-12-161-13/+15
| | | | uname/gname overrides and /sets.
* Simplify these now that default owner is root.wheel.obrien1998-09-191-5/+5
| | | | Partially reviewed by: bde
* Change file ownership from bin.bin to root.wheel.obrien1998-09-141-12/+12
|
* /etc/opielocks -> /var/spool/opielocksache1997-10-011-1/+3
|
* Disallow o+rwx for /var/games/hackdir hierarchy, it helps to make hackache1997-09-241-3/+3
| | | | non-setuid back
* Create missing /var/games/hackdir/saveache1997-09-241-1/+3
|
* Change games from setuid games to setgid games.eivind1997-09-011-6/+6
| | | | | Reviewed by: maybe@yes.no Obtained from: OpenBSD (mostly deraadt@openbsd.org)
* Change /var/run owner to root - sendmail can't write sendmail.pidache1997-07-291-2/+2
| | | | otherwise due to safeopen
* Change group ownership of /var/mail to mail and permissionjkh1997-05-031-2/+2
| | | | | | | | | | | | | to 0775. This does *not* instantly make any program which "ensures" mail spool consistency by creating lock files safe in any way since other tools, like mail.local, will be using flock() semantics and any such lock file will simply be ignored. It does, however, allow a lot of things which are currently suid root in order to create such bogus lockfiles to, at least, be bogus at a much lower level of privilege (and this is good). Ultimately, of course, everybody should just use flock.
* Larn needs /var/games/larn to exist so that it can create its scorefile.mpp1997-02-261-1/+3
| | | | Closes PR# 1944.
* Revert $FreeBSD$ to $Id$peter1997-02-231-1/+1
|
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
OpenPOWER on IntegriCloud