Commit Graph

1595 Commits

Author SHA1 Message Date
John Birrell
ad06d8fc41 Add a test for hw.machine == i386 before trying to run ldconfig for
legacy aout support.
1998-12-10 08:06:59 +00:00
John Birrell
e151cd1901 Add logic to check if any of the BIN1 files do not already exist in
${DESTDIR}/etc and an install target to install the missing ones. This
allows new files like pam.conf to be installed by the first installworld
after the file is added, but avoid clobbering files that might be
customized. This should save some support questions.
1998-12-10 05:34:11 +00:00
Matthew Dillon
cc6fef08db Since we do not pre-create /etc/namedb/s, add additional documentation
to the comments in named.conf to describe to the user how to create it.
    (named.conf does not use /etc/namedb/s by default anyway so us not
    pre-created it in the mtree does not hurt us terribly).
1998-12-02 19:59:24 +00:00
Matthew Dillon
cc0130a2a3 Remove mtree creation of /etc/namedb/s until we find a good way
to handle new user id's in buildworld/installworld.
1998-12-02 19:57:20 +00:00
Andrey A. Chernov
559fcf9493 Use /sbin/nologin as shell for operator
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk
1998-12-02 15:17:10 +00:00
Matthew Dillon
822ef72a9d comsat sandbox prevents biff/comsat from being able to print partial
mailbox contents.  comsat instead simply prints that new mail is
    available.  Add appropriate comment to inetd.conf but leave comsat in
    sandbox.
1998-12-01 22:01:59 +00:00
Matthew Dillon
128272b8c5 Reviewed by: freebsd-current, freebsd-security
Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s
    subdirectory (user bind, group bind) to hold secondaries, adjust
    comments in named.conf to reflect new secondary scheme.  (Note that
    core read-only zone files are left owned by root, increasing security even
    more).
1998-12-01 21:36:33 +00:00
Matthew Dillon
ac48aa416a Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
    the (commented out) ident from the kmem sandbox.

    Note that it is necessary to give each group access it's own uid to
    prevent programs running under a single uid from being able to gdb
    or otherwise mess with other programs (with different group perms) running
    under the same uid.
1998-12-01 21:19:49 +00:00
Joseph Koshy
8dbc5051b3 Direct std{err,out} to /dev/null when invoking sysctl(8) for setting
`nfs_access_cache_timeout'.

Submitted by:	Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
1998-11-27 07:06:11 +00:00
Mike Smith
22d30a8a1b Don't suggest that NO is allowed here; you use "0" or "" to turn the cache
off.
Submitted by:	jdp
1998-11-25 21:16:43 +00:00
John Polstra
d08484e099 Add a sample "/etc/pam.conf" file that configures the authentication
methods used by login.  Changes to "/usr/bin/login" to use it will
be committed later today.  The format of the file is described in
pam(8).

This sample file makes login behave in the traditional way.  To
wit, it enables authentication via S/Key and passwd/NIS lookups.
KerberosIV authentication is present in the sample file but commented
out.

As a safety net and a transition aid, login will fall back on
built-in passwd/NIS authentication if this configuration file is
missing or if some other fatal PAM error occurs.

This file will eventually replace "/etc/auth.conf", but not until
I've finished converting the other utilities, such as passwd and su.
1998-11-20 23:20:01 +00:00
David E. O'Brien
4e6fcaf46f Bad default value of ${fs} for type:=host in /etc/amd.map.
PR:		conf/7054
Submitted by:	Amakawa Shuhei <amakawa@sf.t.u-tokyo.ac.jp>
1998-11-20 07:36:29 +00:00
John Polstra
ae5fd90c74 Add the directory "/usr/include/security", which is where the PAM
header files go.  I am not too happy about the name.  But if we are
to have any hope of being able to use 3rd party PAM modules, we'll
have to live with it.
1998-11-18 01:51:25 +00:00
Jordan K. Hubbard
ff6301aaf3 put hosts before bind. 1998-11-16 02:02:30 +00:00
Mike Smith
cda43ef612 Implement the nfs_access_cache variable, allowing us to set the timeout for
the NFS client's ACCESS cache.
1998-11-15 20:30:04 +00:00
Nicolas Souchu
d551f05381 Arrg, ppi*) corrected 1998-11-12 22:48:16 +00:00
Nicolas Souchu
5f3f114afa Add ppi*) iic*) and smb*) 1998-11-12 22:45:24 +00:00
Peter Wemm
29ddf71810 kldload the screen savers 1998-11-11 05:25:32 +00:00
Peter Wemm
2bfb2faded kldload ipfw, it's installed always and works on both kernel formats 1998-11-11 05:23:44 +00:00
Brian Somers
d7264d6e3a Suggest using ``iface clear'' under certain circumstances
in ppp.linkdown.
1998-11-05 23:14:19 +00:00
Poul-Henning Kamp
83713d0b04 Add example for the internal "ident server". 1998-11-04 19:42:35 +00:00
Poul-Henning Kamp
5707e03c5f Move the "root" entry up so people can see it. 1998-11-03 08:14:38 +00:00
Wolfram Schneider
de4f843d24 Write temp files with a uniq name into /var/run
instead the public writable directory /tmp
PR:	 conf/8330
1998-11-01 13:04:15 +00:00
David E. O'Brien
255e0e14be Backout rev 1.175. 1998-10-31 05:27:02 +00:00
David E. O'Brien
5b3ac95f28 ``MAKEDEV ccd3'' is now consistant with many of the other devices in that
*ccd{0,1,2}* will be created.
1998-10-30 06:02:48 +00:00
David E. O'Brien
ff51c4f27c ``MAKEDEV bpf3'' is now consistant with many of the other devices in that
bpf{0,1,2} will be created.
1998-10-29 22:16:29 +00:00
Peter Wemm
0bf607e3dd Some directories would like to install things into /modules 1998-10-17 01:21:35 +00:00
Peter Wemm
537aa6857b Commented out example of changing the default kernel format with warning. 1998-10-16 03:26:54 +00:00
Nate Williams
58645a5596 - Add a couple comment lines to note that spaces are not allowed as
field separators.

PR:		conf/8162
Submitted by:	Sheldon Hearn <sheldonh@axl.training.iafrica.com>
1998-10-14 21:59:55 +00:00
Jordan K. Hubbard
4216dc7f84 Shut this thing up; most people don't even have this enabled. 1998-10-13 08:25:09 +00:00
Mark Murray
137d6f5705 Add extra directories required by Perl5. The one in local-land
is contoversial and may be removed later.
1998-10-11 17:31:35 +00:00
Dag-Erling Smørgrav
353803b997 Hand me the pointy hat, and make it big. 1998-10-09 17:11:14 +00:00
Dag-Erling Smørgrav
b354705227 Remove all references to tickadj(8) from rc, rc.conf and rc.conf.5.
Disable building tickadj(8) by removing util from SUBDIR in the xntpd
Makefile. Note that the sources are still there and tickadj can still
be built and installed by doing:

# cd /usr/src/usr.sbin/xntpd/util
# make all install

There are enough references to tickadj in e.g. the xntpd documentation
(not to mention the sysctl variables it uses etc.) that I don't feel
up to implementing the final solution right now.

Kinda-approved-by:	phk
1998-10-08 18:47:30 +00:00
Poul-Henning Kamp
0e8380df1f Avoid using dmesg to find devices, the buffer may not be big enough.
Reviewed by:	phk
Submitted by:	Mike Spengler <mks@networkcs.com>
1998-10-08 08:56:01 +00:00
Mark Murray
c67d21dd73 Add auth.conf. JKH Added the code to understand this to libutil, and
I will be following up with commits to use it in KerberosIV userland.
1998-10-08 06:12:04 +00:00
Jordan K. Hubbard
e19c816a01 Add spanish doc dirs.
Submitted by:	Motoyuki Konno <motoyuki@snipe.rim.or.jp>
1998-10-07 02:55:59 +00:00
Poul-Henning Kamp
7d5c779c86 Here are some scripts and man pages for configuring HARP ATM
interfaces.

Reviewed by:	phk
Submitted by:	Mike Spengler <mks@networkcs.com>
1998-10-06 19:24:31 +00:00
Doug Rabson
f92f33e090 Doh! Change the correct version of disktab and backout the change to
the i386 disktab.
1998-10-06 12:42:55 +00:00
Doug Rabson
c51b835505 Add a 2880k disk prototype for building MFS install images. 1998-10-06 12:06:43 +00:00
Joerg Wunsch
3dc4ead535 Avoid the ``ruptime: no hosts in /var/rwho.'' message by not calling
rwho iff /var/rwho is empty.  Call `uptime' instead.  This doesn't
belong under `network' right away, but at least reports the same
informaton about the local system.  rwhod is not turned on by default
(for good reason), and i've already seen too many of the above
messages...
1998-10-06 09:46:46 +00:00
Brian Somers
8842b72734 Show how to create a secure (ssh) VPN 1998-10-03 13:12:14 +00:00
David E. O'Brien
2795f965bb Re-enable creating sd*s* devices.
Add note, that one should use da*s* however.
1998-10-02 22:33:52 +00:00
Jordan K. Hubbard
2100232adf Add /boot, while I happen to be thinking about it. 1998-09-30 22:27:27 +00:00
Wolfram Schneider
b78e5d76ba Limit the fingerd daemon to:
runs only 3 simultaneous fingerd processes and
        limit the connections-per-ip-per-minute to 10.
1998-09-30 16:12:40 +00:00
Martin Cracauer
043076cc06 Put guard shells around stuff started from $local_startup. If you type
SIGINT (C-c), you'll get control passed to the next script even if
the current one blocks signals. The child is not killed, though.
1998-09-30 14:44:57 +00:00
David E. O'Brien
0fb365abae We don't support SUID `games' games anymore. 1998-09-27 03:39:55 +00:00
Jordan K. Hubbard
7afd3aa98c Make a /usr/lib/compat/aout directory. Folks should remember to
re-run mtree over this if they want to populate the compat dirs
during a build or that step will fall over.
1998-09-26 11:56:35 +00:00
Brian Somers
04c6e85b06 Add an entry for the HAYES OPTIMA 28.8k 1998-09-25 22:08:53 +00:00
Dima Ruban
033b33635c Backout my previous commit. Oops. 1998-09-25 08:21:15 +00:00
Dima Ruban
577d442f10 ${DISTDIR}/bin/etc/objformat -> ${DISTDIR}/etc/objformat 1998-09-25 07:42:29 +00:00