Commit Graph

60 Commits

Author SHA1 Message Date
Colin Percival
11d9aa6707 Step 1 of eliminating the "games" distribution: Move binaries to /usr/bin;
update paths; and include everything in the "base" distribution.

The "games" distribution being optional made sense when there were more
games and we had small disks; but the "games-like" games were moved into
the ports tree a dozen years ago and the remaining "utility-like" games
occupy less than 0.001% of my laptop's small hard drive.  Meanwhile every
new user is confronted by the question "do you want games installed" when
they they try to install FreeBSD.

The next steps will be:

2. Removing punch card (bcd, ppt), phase-of-moon (pom), clock (grdc), and
caesar cipher (caesar, rot13) utilities.  I intend to keep fortune, factor,
morse, number, primes, and random, since there is evidence that those are
still being used.

3. Merging src/games into src/usr.bin.

This change will not be MFCed.

Reviewed by:	jmg
Discussed at:	EuroBSDCon
Approved by:	gjb (release-affecting changes)
2015-02-12 05:35:00 +00:00
Konstantin Belousov
85a0ddfd0b Add a resource limit for the total number of kqueues available to the
user.  Kqueue now saves the ucred of the allocating thread, to
correctly decrement the counter on close.

Under some specific and not real-world use scenario for kqueue, it is
possible for the kqueues to consume memory proportional to the square
of the number of the filedescriptors available to the process.  Limit
allows administrator to prevent the abuse.

This is kernel-mode side of the change, with the user-mode enabling
commit following.

Reported and tested by:	pho
Discussed with:	jmg
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2013-10-21 16:46:12 +00:00
Neel Natu
0de8cf6314 Increase the "memorylocked" limit for the "daemon" class.
amd(8) requires more than the 64MB that is currently available to it so bump
it up to 128MB.

Reviewed by:	kib
Discussed with:	avg, kib, zont
2013-01-27 21:55:01 +00:00
Andrey Zonov
b944c830ba - Set memorylocked limit to 64Kb for default login class.
This prevents unprivileged users to lock too much memory.
- Set memorylocked limit to 64Mb for daemon login class.
  Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
  startup, they are run from init(8) which uses daemon login class.
- Set memorylocked limit to unlimited for root login class.

Suggested by:	avg
Approved by:	kib (mentor)
MFC after:	1 week
2012-12-18 07:27:50 +00:00
Dag-Erling Smørgrav
3acb6d160f Passive mode is the default, and has been for a while.
MFC after:	1 week
2012-06-19 14:47:07 +00:00
Dag-Erling Smørgrav
b4f560356a Switch the default password hash from md5 to sha512.
MFC after:	1 week
2012-06-19 14:46:18 +00:00
Brian Somers
5fa77f4fe4 Remove vestiges of 'slip'.
PR:		145648
Submitted by:	alexbestms at wwu dot de and spam at rm-rf dot kiev dot ua
MFC after:	1 week
2010-06-19 09:21:34 +00:00
Konstantin Belousov
c9253e931d Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)
2009-06-23 20:57:27 +00:00
Ed Schouten
bc093719ca Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

  The old TTY layer has a driver model that is not abstract enough to
  make it friendly to use. A good example is the output path, where the
  device drivers directly access the output buffers. This means that an
  in-kernel PPP implementation must always convert network buffers into
  TTY buffers.

  If a PPP implementation would be built on top of the new TTY layer
  (still needs a hooks layer, though), it would allow the PPP
  implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

  With the old TTY layer, it isn't entirely safe to destroy TTY's from
  the system. This implementation has a two-step destructing design,
  where the driver first abandons the TTY. After all threads have left
  the TTY, the TTY layer calls a routine in the driver, which can be
  used to free resources (unit numbers, etc).

  The pts(4) driver also implements this feature, which means
  posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

  One of the major improvements is the per-TTY mutex, which is expected
  to improve scalability when compared to the old Giant locking.
  Another change is the unbuffered copying to userspace, which is both
  used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from:		//depot/projects/mpsafetty/...
Approved by:		philip (ex-mentor)
Discussed:		on the lists, at BSDCan, at the DevSummit
Sponsored by:		Snow B.V., the Netherlands
dcons(4) fixed by:	kan
2008-08-20 08:31:58 +00:00
Doug Barton
9c933e2939 Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
Giorgos Keramidas
67f2d71f40 Add a short description of how a literal colon ':' can be inlined in the
value of capability databases, since it's not really obvious how a colon
can be escaped, and a pointer to the getcap(3) manpage for more details.

Triggered by:	a question by Ceri on -questions
2005-08-31 15:02:11 +00:00
Jens Schweikhardt
d8beb0fd3b Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
Matthew Dillon
ca18873e88 add default vmemoryuse (unlimited), and samples 2002-06-26 04:04:37 +00:00
Robert Watson
2d141f428e Fix typo. '|' looks a lot like 'l' in my xterm font. 2002-03-01 15:42:27 +00:00
Robert Watson
c34ccd0dea When having an expanded name for a class, use '|' instead if ':' to
seperate the short name and the long name.  This was present for most
but not all entries.  Because the parsing doesn't reject unrecognized
entries, this didn't cause failures, but it wasn't strictly correct.

Submitted by:	Martin Faxer <gmh003532@brfmasthugget.se>
MFC after:	2 weeks
2002-03-01 15:30:24 +00:00
Mike Heffner
6257f96122 ftp(1) was not the only user of FTP_PASSIVE_MODE, libfetch uses it
too, so add it back
2001-12-14 15:48:55 +00:00
Mike Heffner
f6efcf6413 ftp(1) uses passive mode by default now, therefore remove
FTP_PASSIVE_MODE=YES.

Pointed out by:	billf
2001-12-14 02:08:23 +00:00
Ruslan Ermilov
16763c30af s/password_format/passwd_format/
PR:		misc/30494
Submitted by:	"brian j. peterson" <rbw@myplace.org>
2001-09-11 07:01:47 +00:00
Mark Murray
00a350c4b8 Remove duplicate entry.
Submitted by:	Paul Herman <pherman@frenchfries.net>
2001-03-12 06:05:38 +00:00
Mark Murray
82e377fd12 Updates for Blowfish password hashing. 2001-03-11 16:37:33 +00:00
Robert Watson
d6719cfbe1 o Back out 1.39, it was a bad idea. There was, and should be, a
distinction between the OS copyright message and the message displayed
  gratuitously to each user at login.  Because, well, they may be
  different, among other things, and boy can a copyright message each
  login consume some screen space.  If people really want to do this,
  they can copy /COPYRIGHT to /etc/COPYRIGHT.

Submitted by:	Anders Andersson <anders@codefactory.se>
2000-12-19 14:12:46 +00:00
Robert Watson
85744dbb39 o /etc/COPYRIGHT -> /COPYRIGHT, since that's where it's installed.
Submitted by:	Anders Andersson <anders@sanyusan.se>
2000-12-17 18:55:14 +00:00
David E. O'Brien
34e76f1b46 Add `password_format=md5' to the default settings. I've had this locally
for a while, but a recent email to -stable suggests it should be spelled
out as the documentation of "password_format" is sparse.

Also add a `des_users' entry.
Submitted by:	Sean O'Connell <sean@stat.Duke.EDU>
2000-11-21 23:25:39 +00:00
Alfred Perlstein
e8dca93127 document sbsize limit. 2000-06-02 20:51:05 +00:00
Robert Watson
ed51d1b77e o Improve the comment concerning rebuilding the database using cap_mkdb --
it's not a speed thing, it's a correctness thing :-)
o Reorder the path slightly to be more consistent

Reviewed by:	jhb
2000-03-26 05:41:10 +00:00
Robert Watson
b4d9e631db Synchronize login.conf default path with skel/dot.cshrc and root/dot.cshrc 2000-03-25 20:33:21 +00:00
Peter Wemm
9b7a44a60e $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
Sheldon Hearn
7312edcec3 Axe LOGIN_CAP_AUTH.
PR:	10115
Reported by:	Gene Skonicki <gene@cif.rochester.edu>
Requested by:	jdp
1999-08-13 16:51:40 +00:00
Nik Clayton
d7dcd048aa Be a little clearer about login_getpwclass(3), and its penchant for
looking up a record called "root".

PR:             docs/12377
Submitted by:   Adrian Filipi-Martin <adrian@ubergeeks.com>
1999-07-14 22:36:10 +00:00
Jordan K. Hubbard
221f8eaa8d Set FTP_PASSIVE_MODE=YES by default in the default login class. 1999-05-28 11:07:16 +00:00
Tim Vanderhoek
61f74535f6 Change references from "passwordperiod" to "passwordtime", since
"passwordtime" is what passwd(1) has actually been using.  I suspect
passwordperiod was the original intent.  I can't figure-out which,
if either, BSDi uses.  If anyone knows...
1999-04-30 18:19:46 +00:00
Jordan K. Hubbard
7690722762 Add /usr/X11R6/bin to default path also. 1999-04-28 20:12:53 +00:00
Andrey A. Chernov
81d770cf87 remove 'russian' duplicated in comment 1999-04-08 12:41:02 +00:00
David Greenman
7ba9347985 Ripped out EDITOR=ee with extreme prejudice. 1999-01-26 07:28:31 +00:00
Satoshi Asami
0e510aed5b Oops, I missed a few more /etc/nologin references yesterday. It appears
my check of the tree was incomplete.  Sorry guys.

Reported by:	Ben Smithurst <ben@scientia.demon.co.uk>
1999-01-12 14:09:23 +00:00
Satoshi Asami
16ceea1b93 Move nologin from /etc to /var/run. This means one less file that has
to be written to /etc.

The only essential change is in paths.h, so any third-party software
written correctly will pick it up in the next rebuild.

Reviewed by:	the committers list (actually an old version)
1999-01-11 09:07:42 +00:00
Tim Vanderhoek
87f8ef1e23 Slightly clarify wording of "Example". 1998-12-29 22:17:31 +00:00
Chris Timmons
240d6d79b1 Don't set a MANPATH by default for users who aren't in a login class.
man(1) will utilize manpath(1) if MANPATH is unset in the environment,
and with our existing manpath.config it is enough to find the X11
pages among others.

	PR: 8587
	Submitted by: Marc Slemko <marcs@znep.com>
1998-12-27 23:55:01 +00:00
Dmitrij Tejblum
0aba3bf3d2 Fix typo: s/;/:/
PR:		conf/7964
PR:		conf/7966
Submitted by:	Zach Heilig <zach@gaffaneys.com>
Submitted by:	Jos Backus <Jos.Backus@nl.origin-it.com>
1998-09-17 17:02:39 +00:00
Mike Smith
a4b3203d07 Effectively disable resource limit setting by default, leaving the
original contents of the file preserved as examples for administrators
that need to enable them.

Also add a comment to the examples pointing out that the authentication
functionality is largely unused and requires rebuilding libutil.

Reviewed by:	jkh
1998-09-16 19:18:36 +00:00
Steve Price
0f95e128c2 Remove extraneous trailing \'s.
PR:		5949
Submitted by:	Studded@dal.net
1998-03-09 03:01:47 +00:00
Andrey A. Chernov
a587a35bbd Expand default datasize to 22M, perl5 & pine are usual memory eaters 1997-12-03 01:12:48 +00:00
David E. O'Brien
d297e64f8c Revisions 1.14 and 1.9.2.3 fixed PR conf/5127. 1997-12-01 21:18:39 +00:00
Steve Price
50452e08a0 datasize-curr -> datasize-cur, typo fix.
PR:		5152
Submitted by:	owaki@st.rim.or.jp
1997-11-27 17:52:52 +00:00
Andrey A. Chernov
e938d5b7f0 daemon: bump maxproc from 256 to 512
256 means f.e. that only 256 users at once can be served by your HTTPD
1997-09-26 00:19:53 +00:00
Peter Wemm
b3c369b3c6 Further tweak to 'daemon' so that the hard limit for coredumpsize
is not set to zero, only the soft limit.  This means that non-root
processes started from /etc/rc* can explicitly raise the coredump limit
if they wish.
1997-09-23 14:14:10 +00:00
Peter Wemm
e97173f788 Raise some of the 'daemon' class limits as used by things started
from /etc/rc, including inetd and it's children, stuff from
/usr/local/etc/rc.d (eg: squid, apache).  The default limits are causing
a lot of problems including things like fsck failing on large disks.
I hope I've understood the quirks of the override mechanism properly.
1997-09-23 03:09:51 +00:00
Guido van Rooij
3afd214946 Fix typo 1997-07-11 22:11:13 +00:00
Andrey A. Chernov
b8c01a853d Fix "daemon" class, Apache not works from /etc/rc otherwise.
Among bumping several limits, most interesting thing is that
Apache requires than "filesize=64M" restriction must be removed.
I think it is due to mmap() usage in apache, but I am not shure.
1997-05-23 12:46:52 +00:00
Paul Traina
4b2fab7504 Restore backwards compatible default behavior for requirehome 1997-05-23 00:14:27 +00:00