summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Add support for `make -nn' dry runs to this makefile. Basically,yar2007-10-291-16/+16
| | | | | | | it's just a matter of adding a `${_+_}' prefix before each submake invokation. This allows a dry run to proceed down to, but not including, leaf commands. (See <sys.mk> for how ${_+_} is set depending on the number of -n flags.)
* Nuke rc.d/nfslocking which has been superceeded by rc.d/{lockd,statd}mtm2007-10-252-64/+1
|
* Remove unnecessary whitespacemtm2007-10-251-1/+1
|
* 1. Determine the location of the rndc* binaries relative to $commanddougb2007-10-221-14/+22
| | | | | | | | | | | | | | | | | | | | so that when using named from the ports (or elsewhere) the proper rndc* commands will be run. 2. Rework the stop routine using ideas from brooks and delphij. Specifically I am duplicating a lot of code from rc.subr's stop routine so that this one will behave more like the one in rc.subr, but use rndc to kill the daemon (or regular kill if that fails). This also avoids the problems related to using killall if rndc fails, which is bad if you're running more than one named on the same box. 3. Take a concept from gshapiro and allow the rndc.key file to be owned by root OR the named_uid user. Although I used different solutions, this commit handles issues raised in: PR: conf/73929 PR: conf/103976 PR: conf/109409
* The amd_map_program knob can potentially contain a command whose outputmtm2007-10-191-2/+3
| | | | | | | | | | | | | | | | is then used as an argument to the amd program. This outpu may contain newlines, but the script did not take care to strip those newlines before apending it to rc_flags. Revision 1.72 of rc.subr(8) introduced changes that exposed this problem (specifically putting the final eval'ed command in quotes).[1] Also, for correctness' sake, shell directives appended to the command-line by the script should go into command_args, and not appended directly to rc_flags. Reported by: John E Hein <jhein@timing.com> [1] Tested by: John E Hein <jhein@timing.com> MFC after: 1 week
* Partial backout of rev. 1.6, but instead of putting kerberos5_server_flagsmtm2007-10-191-0/+1
| | | | back in command_args, put it where rc.subr(8) expects it: kerberos5_flags.
* Teach /etc/rc.d/ppp how to start/stop individual instancesemax2007-10-181-3/+36
| | | | | | | | of ppp. This is an extension of previous commit. Submitted by: Yuri Kurenkov < y dot kurenkov at init dot ru > Reviewed by: mtm MFC after: 3 days
* Removing obsolete etc/cached.conf.bushman2007-10-181-12/+0
| | | | Approved by: brooks (mentor)
* Forced commit to note cached.conf -> nscd.conf repocopy. etc/Makefilebushman2007-10-181-1/+1
| | | | | | changed accordingly. Approved by: brooks (mentor)
* Backout sensors framework.netchild2007-10-155-71/+2
| | | | | Requested by: phk Discussed on: cvs-all
* Import OpenBSD's sysctl hardware sensors framework.netchild2007-10-145-2/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit includes the following core components: * sample configuration file for sensorsd * rc(8) script and glue code for sensorsd(8) * sysctl(3) doc fixes for CTL_HW tree * sysctl(3) documentation for hardware sensors * sysctl(8) documentation for hardware sensors * support for the sensor structure for sysctl(8) * rc.conf(5) documentation for starting sensorsd(8) * sensor_attach(9) et al documentation * /sys/kern/kern_sensors.c o sensor_attach(9) API for drivers to register ksensors o sensor_task_register(9) API for the update task o sysctl(3) glue code o hw.sensors shadow tree for sysctl(8) internal magic * <sys/sensors.h> * HW_SENSORS definition for <sys/sysctl.h> * sensors display for systat(1), including documentation * sensorsd(8) and all applicable documentation The userland part of the framework is entirely source-code compatible with OpenBSD 4.1, 4.2 and -current as of today. All sensor readings can be viewed with `sysctl hw.sensors`, monitored in semi-realtime with `systat -sensors` and also logged with `sensorsd`. Submitted by: Constantine A. Murenin <cnst@FreeBSD.org> Sponsored by: Google Summer of Code 2007 (GSoC2007/cnst-sensors) Mentored by: syrinx Tested by: many OKed by: kensmith Obtained from: OpenBSD (parts)
* Teach /etc/rc.d/ppp to start multiple instances of ppp.emax2007-10-122-9/+49
| | | | | | | | | | | ppp_profile variable can now contain multiple profiles. Overrides for ppp mode and nat can go into ppp_$profile_mode and ppp_$profile_nat variables respectively. If those are not specified, defaults from ppp_mode and ppp_nat are used. Submitted by: Yuri Kurenkov < y dot kurenkov at init dot ru > Reviewed by: mtm MFC after: 1 week
* Add pts/pty to the un-hidden devices for logins. This un-breakscsjp2007-10-121-0/+2
| | | | | | | | logins to jailed environments when the system is using PTS style ptys (kern.pts.enable=1). Discussed with: rwatson MFc after: 1 week
* Deprecate use of the early.sh script as advertised when the support fordougb2007-10-091-0/+3
| | | | | | | | | | | | | | local rc.d scripts in the overall boot order was added. Proper rc.d scripts are run by rc.subr in a subshell, whereas scripts that end in .sh are sourced into rc's shell. The latter has potential to create serious boot problems, and there is no reason that the same functionality cannot be added by the user in the form of a proper rc.d script (as opposed to being added by the user in the form of /etc/rc.early). This script will be removed prior to the 8.0 branch. Approved by: re (kensmith)
* Remove pre-rc.d compatibility shims that were added before the 5.0 branchdougb2007-10-091-16/+0
| | | | | | | | | | for pre-5.0 variable names. Remove two dhcp compatibility variables added after the 5.1-RELEASE. Remove the now-unused support for these shims. Approved by: re (kensmith)
* Sort as per README.ru2007-10-033-28/+28
| | | | Approved by: re (kensmith)
* Removed "tail +5" from the command used to sanity check changes toru2007-10-031-1/+1
| | | | | | | mtree files -- the 5-line header is no longer printed when mtree(8) is run with -n (as of mtree/create.c,v 1.34). Approved by: re (kensmith)
* Removing obsolete cached files after cached->nscd renaming.bushman2007-10-021-32/+0
| | | | Approved by: re (kensmith), brooks (mentor)
* Finishing renaming of cached into nscd. etc/rc.d and usr.sbin/Makefilebushman2007-09-283-6/+26
| | | | | | updated. Note added to UPDATING. Approved by: re (kensmith, bmah), brooks (mentor)
* Bring in the GEOM Virtualisation class, which allows to create huge GEOMpjd2007-09-231-0/+2
| | | | | | | | | providers with limited physical storage and add physical storage as needed. Submitted by: Ivan Voras Sponsored by: Google Summer of Code 2006 Approved by: re (kensmith)
* Use the udp protocol in favor of the nonexistant upd protocol in thebrooks2007-09-211-1/+1
| | | | | | | | sge_execd entry. Reported by: emaste Pointy hat to: brooks Approved by: re (kensmith)
* Add IANA assigned iscsi-target port as its the default portmr2007-09-081-0/+2
| | | | | | according RFC 3720. Approved by: re (bmah)
* Add the startup script for ftp-proxy(8) to the Makefile as well.mlaier2007-09-071-1/+1
| | | | | Approved by: re (bmah - implicit) Reminded by: mtm
* Add a startup script for ftp-proxy(8) now that it is no longer started asmlaier2007-09-062-0/+19
| | | | | | | | part of inetd(8). Approved by: re (bmah) Reviewed by: freebsd-rc (a while back) Reminded by: kevlo
* Add service entries for Sun Grid Engine's qmaster and execution servicebrooks2007-09-061-0/+4
| | | | | | | as per IANA assignments to simplify the installation of the sysutils/sge port. Approved by: re (bmah)
* Start lockd after statd.mtm2007-09-031-1/+1
| | | | | Approved by: re (bmah) Noticed by: Ted Faber <faber@ISI.EDU>
* sleep 2 seconds after having loaded g_uzip.ko. We need this becausematteo2007-08-251-0/+2
| | | | | | | | otherwise the /dev/mdX.uzip won't be created immediately, which is needed because we issue a mount right afterwards. Approved by: re@ (bmah@) MFC after: 2 days
* My forced commit to note the repo-copy (naturally) changed the $FreeBSD$ ↵mtm2007-08-182-10/+22
| | | | | | | | | | keyword line, so that when I applied the patch to my check-in tree the top half of my patch failed to apply. Off course I saw what I *expected* to see (the bottom half succeeded) and didn't notice that it had failed to apply cleanly. Approved by: re (bmah)
* The rc.d/nfslocking file controls two servers: rpc.statd and rpc.lockd. It ↵mtm2007-08-174-57/+7
| | | | | | | | | | | | | | | | | worked well in most cases, except one. The 'restart' case was not working as expected. Specifically, it would stop both lockd and statd, but it would restart only statd (which appears first in the script). This is because rc.subr(8) contains code to guard against infinite recursion in the 'restart' casae. To fix this use the traditional approach of controlling only one server from one script by breaking out rc.d/nfslocking into its contituent parts: rc.d/lockd and rc.d/statd. Keep rc.d/nfslocking around but don't include it in the boot rcorder(8)ing. PR: conf/107316 Approved by: re (bmah) MFC after: 2 weeks
* 1. Remove root name servers from the list of possible masters in thedougb2007-08-171-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | commented out example who have either not responded, or specifically asked not to participate because they do not view AXFR as "a production service." 2. Add f.root-servers.net to the example after confirmation from Paul Vixie. 3. Add a warning to the commented out "root zone slave" example to the effect that it requires more attention than a hints file, and provides more benefit to larger sites than individual hosts. 4. Correct a typo copied from RFC 2544 which was corrected in a later errata, and confirmed in RFC 3330. Update the comment to reflect that RFC 3330 got it right and to avoid confusion down the road. 3330 also contains a reference back to 2544 for anyone interested in pursuing the history. [1] PR: conf/115573 [1] Submitted by: Oliver Fromme <olli@secnetix.de> [1] Approved by: re (kensmith)
* Use ttyu instead of ttyd for arm, since we will probably never use sio(4).cognet2007-08-121-4/+3
| | | | Approved by: re (blanket)
* - Renaming repocopied cached to nscdbushman2007-08-091-8/+8
| | | | Approved by: re (kensmith), brooks (mentor)
* 1. Move the disable-empty-zone stuff down below the first 25 lines sodougb2007-08-021-13/+13
| | | | | | | | | | | | | | | | | | that the listen-on stuff floats up to the first "page" of text. This makes it very obvious what's going on so that someone trying to enable a server for use on a network can easily see how to do that. 2. Change the default behavior back to using a hint zone for the root. 3. Leave the root slave zone config as a commented out example. 4. Remove the B and F root servers from the example at the request of their operators. Requested by: he-who-must-not-be-named [1] Requested by: many [2] Approved by: re (rwatson)
* Require 'cleanvar' so that files and sockets created in /var/run byjhb2007-07-251-1/+1
| | | | | | | | | wpa_supplicant and other programs started by 'netif' don't get erased by a subsequent 'cleanvar'. Approved by: re (bmah) Reviewed by: dougb MFC after: 1 week
* Fix a whitespace mistake from the last commit.scottl2007-07-251-2/+2
| | | | | Submitted by: far too many to list Approved by: re
* Introduce Danny Braniss' iSCSI initiator, version 2.0.99. Please read thescottl2007-07-241-0/+2
| | | | | | | | included man pages on how to use it. This code is still somewhat experimental but has been successfully tested on a number of targets. Many thanks to Danny for contributing this. Approved by: re
* Disconnect netatm from the build as it is not MPSAFE and relies onrwatson2007-07-142-12/+14
| | | | | | | | | | | | | | | | | | | | NET_NEEDS_GIANT, which will shortly be removed. This is done in a away that it may be easily reattached to the build before 7.1 if appropriate locking is added. Specifics: - Don't install netatm include files - Disconnect netatm command line management tools - Don't build libatm - Don't include ATM parts in rescue or sysinstall - Don't install sample configuration files and documents - Don't build kernel support as a module or in NOTES - Don't build netgraph wrapper nodes for netatm This removes the last remaining consumer of NET_NEEDS_GIANT. Reviewed by: harti Discussed with: bz, bms Approved by: re (kensmith)
* Arm doesn't have GENERIC.hints, so don't install it if it doesn't exist.imp2007-07-131-0/+2
| | | | Approved by: re (kensmith)
* I4B header files were repo-copied from sys/i386/include tobz2007-07-061-0/+2
| | | | | | | | | | | | sys/i4b/include/ so they will be available to all architectures once I4B compiles on those. I4B header files are now installed in include/i4b/ and no longer in include/machine/. For now we still install the headers for i386 only. Approved by: re (kensmith)
* Remove reference to the old ftp-proxy implementation,delphij2007-07-051-6/+0
| | | | | | which was replaced during the pf 4.1 import. Approved by: re (mux)
* Commit IPv6 support for FAST_IPSEC to the tree.gnn2007-07-011-2/+0
| | | | | | | | This commit includes all remaining changes for the time being including user space updates. Submitted by: bz Approved by: re
* - Remove UMAP filesystem. It was disconnected from build three years ago,rafan2007-06-251-2/+0
| | | | | | | and it is seriously broken. Discussed on: freebsd-arch@ Approved by: re (mux)
* Update the suspend/resume user API while maintaining backwards compat.njl2007-06-213-9/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improvements: * /etc/rc.suspend,rc.resume are always run, no matter the source of the suspend request (user or kernel, apm or acpi) * suspend now requires positive user acknowledgement. If a user program wants to cancel the suspend, they can. If one of the user programs hangs or doesn't respond within 10 seconds, the system suspends anyway. * /dev/apm is clonable, allowing multiple listeners for suspend events. In the future, xorg-server can use this to be informed about suspend even if there are other listeners (i.e. apmd). Changes: * Two new ACPI ioctls: REQSLPSTATE and ACKSLPSTATE. Request begins the process of suspending by notifying all listeners. acpi is monitored by devd(8) and /dev/apm listener(s) are also counted. Users register their approval or disapproval via Ack. If anyone disapproves, suspend is vetoed. * Old user programs or kernel modules that used SETSLPSTATE continue to work. A message is printed once that this interface is deprecated. * acpiconf gains the -k flag to ack the suspend request. This flag is undocumented on purpose since it's only used by /etc/rc.suspend. It is not intended to be a permanent change and will be removed once a better power API is implemented. * S5 (power off) is no longer supported via acpiconf -s 5 or apm -z/-Z. This restores previous behavior of halt/shutdown -p being the interface. * Miscellaneous improvements to error reporting Approved by: re
* Drop the default zones that are now covered by the new zones thatdougb2007-06-181-0/+4
| | | | were added in the last revision.
* Bring our default named configuration more in line with currentdougb2007-06-187-119/+215
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | best practices: 1. The old way of generating the localhost zones was not optimal both because they did not exist by default, and because they were not really aligned with BCP. There is no need to have the dynamic data that the make-localhost script generated, and good reasons to do this more "by the book." 2. In named.conf a. Clean up white space b. Add/clarify a few comments c. Slave zones from the root servers instead of using a hints file. This has several advantages, as described in the comments. d. Significantly revamp the default zones, including the forward localhost zone, and the reverse zones for IPv4 and IPv6 loopback addresses. There are extensive comments describing what is included and why. Interested readers should take the time to review the RFCs mentioned in the comments. There is also relevant information about the motivations for hosting these zones in the "work in progress" Internet-Draft, http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt or its successor. It's also worth noting that a significant number of these empty zones are already included by default in the named binary without any user configuration. e. Because we're including a lot of examples of both local forward zones and slave zones in the default configuration, eliminate some of those examples. 3. Add new localhost-{forward|reverse} zone files, and an "empty" zone to support the changes in 2.d. above. The empty zone file isn't really empty in order to avoid a warning from BIND about a zone file that doesn't contain any A or AAAA records.
* Add a namedb/master directory for the zone files I'm about to add,dougb2007-06-183-19/+24
| | | | | and switch to the more "normal" way of installing files for the namedb directory so that we can pick up the new subdir.
* Add PAM support to cron(8). Now cron(8) will skip commands scheduledyar2007-06-172-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | by unavailable accounts, e.g., those locked, expired, not allowed in at the moment by nologin(5), or whatever, depending on cron's pam.conf(5). This applies to personal crontabs only, /etc/crontab is unaffected. In other words, now the account management policy will apply to commands scheduled by users via crontab(1) so that a user can no longer use cron(8) to set up a delayed backdoor and run commands during periods when the admin doesn't want him to. The PAM check is done just before running a command, not when loading a crontab, because accounts can get locked, expired, and re-enabled any time with no changes to their crontabs. E.g., imagine that you provide a system with payed access, or better a cluster of such systems with centralized account management via PAM. When a user pays for some days of access, you set his expire field respectively. If the account expires before its owner pays more, its crontab commands won't run until the next payment is made. Then it'll be enough to set the expire field in future for the commands to run again. And so on. Document this change in the cron(8) manpage, which includes adding a FILES section and touching the document date. X-Security: should benefit as users have access to cron(8) by default
* Add PAM support to atrun(8).yar2007-06-152-0/+11
|
* Locked out and expired accounts shouldn't be accessible via remoteyar2007-06-152-0/+2
| | | | | mailbox protocols. Add pam_unix to the `account' function class, too, for imap and pop3 to actually implement this policy.
* Split the FILES list across multiple lines as in rc.d/Makefileyar2007-06-151-2/+14
| | | | | so that the change history stays easily readable as the number of PAM-aware services grows.
OpenPOWER on IntegriCloud