wheel to trash logfiles is not exactly good security policy. There have
been several gid wheel holes in ports. Various other files were changed
as well (eg: the locate database were set to more restrictive modes (444)
by their generation scripts) so this should be safe for them. utmp and
wtmp are mode 644 already on all the systems we checked.
Submitted by: jkb
Reviewed by: kris
The only change in the default functionality should be that
the output reports are slightly more verbose WRT files deleted.
Not objected to by: freebsd-arch
for pccardd.
Please install /etc/defaults/pccard.conf and update /etc/defaults/rc.conf
as well.
Note that old pccard.conf.sample still remains for while but
no longer to be maintained.
Reviewed by: imp, -mobile ML and nomads ML in Japan.
new sample database files, so that they will be installed with make
distribution. NOSPAM probably ought to be renamed to MAIL.
Reviewed by: peter
Approved by: jkh
/etc/Makefile so that if it is defined, MAKEDEV all is not called
during a make distribution. This helps clean up the messy userland
in jail(), by reducing the number of devices exposed in jail.
Modifications to jail(2) to follow.
Approved by: jkh-arius
should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.
Reviewed by: rgrimes, imp, chris
Originally submitted by: Wayne Self <wself@cdrom.com>
Allow a ppp startup option in rc.conf.
Adjust sysinstall so that it appends to the end of ppp.conf
and uses the generated profile to start ppp in auto mode on
boot.
Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>
he moved rc.conf. Then he deleted rc.diskless when it ( of course ) didn't
work. Now I'm putting the originally accidently removed rc.diskless{1,2}
back in.
(3?) people will make an effort to help those who would have benefitted from
this change. And just telling them that they should read and understand
the significance of each message posted to -current is not really good
enough IMHO.
${DESTDIR}/etc and an install target to install the missing ones. This
allows new files like pam.conf to be installed by the first installworld
after the file is added, but avoid clobbering files that might be
customized. This should save some support questions.
methods used by login. Changes to "/usr/bin/login" to use it will
be committed later today. The format of the file is described in
pam(8).
This sample file makes login behave in the traditional way. To
wit, it enables authentication via S/Key and passwd/NIS lookups.
KerberosIV authentication is present in the sample file but commented
out.
As a safety net and a transition aid, login will fall back on
built-in passwd/NIS authentication if this configuration file is
missing or if some other fatal PAM error occurs.
This file will eventually replace "/etc/auth.conf", but not until
I've finished converting the other utilities, such as passwd and su.
