From 6ebaa024dfafe75350e7fa061dec56f085aaf840 Mon Sep 17 00:00:00 2001 From: Joseph Koshy Date: Fri, 19 Jun 1998 08:34:52 +0000 Subject: [PATCH] Fixes per PR 2850: (a) Note that the default securelevel value is -1, in -current and -stable. (b) Mention kernel sysctl variable that controls securelevel. (c) Add warning the `fsck' will fail if securelevel >= 2. (d) Suggest end of /etc/rc as the right place to raise securelevel. and one spelling fix. PR: 2850 --- sbin/init/init.8 | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/sbin/init/init.8 b/sbin/init/init.8 index 1b5bf5f7c7b2..a4ba56f45883 100644 --- a/sbin/init/init.8 +++ b/sbin/init/init.8 @@ -33,7 +33,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)init.8 8.3 (Berkeley) 4/18/94 -.\" $Id: init.8,v 1.9 1997/04/01 20:41:04 mpp Exp $ +.\" $Id: init.8,v 1.10 1997/08/02 00:22:48 davidn Exp $ .\" .Dd April 18, 1994 .Dt INIT 8 @@ -92,6 +92,7 @@ The security levels are: .Bl -tag -width flag .It Ic -1 Permanently insecure mode \- always run the system in level 0 mode. +This is the default initial value. .It Ic 0 Insecure mode \- immutable and append-only flags may be turned off. All devices may be read or written subject to their permissions. @@ -125,7 +126,10 @@ If level 2 mode is desired while running multiuser, it can be set while single user, e.g., in the startup script .Pa /etc/rc , using -.Xr sysctl 8 . +.Xr sysctl 8 +to set the +.Dq kern.securelevel +variable to the required security level. .Pp In multi-user operation, .Nm init @@ -241,7 +245,7 @@ signal, i.e. This is useful for shutting the machine down cleanly from inside the kernel or from X when the machine appears to be hung. .Pp -When shuting down the machine, +When shutting down the machine, .Nm init will try to run the .Pa /etc/rc.shutdown @@ -302,13 +306,22 @@ System shutdown commands. .Xr halt 8 , .Xr rc 8 , .Xr reboot 8 , -.Xr shutdown 8 +.Xr shutdown 8 , +.Xr sysctl 8 .Sh HISTORY A .Nm command appeared in .At v6 . -.Sh BUGS +.Sh CAVEATS Systems without .Xr sysctl behave as though they have security level \-1. +.Pp +Setting the security level to 2 too early in the boot sequence can +prevent +.Xr fsck 8 +from repairing inconsistent filesystems. The +preferred location to set the security level is at the end of +.Pa /etc/rc +after all multi-user startup actions are complete.