S/Key authentication for ftpd was not working due to ftp implementation and
/etc/pam.conf missmatch.
So add ftpd entries into /etc/pam.conf.
Reported by: "Jose M. Alcaide" <jose@we.lc.ehu.es>
Approved by: jkh
Reviewed by: markm
interface on the dhclient command line. Not doing so screws up vmware's
network interface by attempting to configure it for DHCP (which will
never work, of course). It also would impact any other interface that
may be present that, again, would likely be manually configured for
some other purpose.
Approved by: jkh
strictly a security hole, but neither is it a very good idea. Replace
it with a symlink to /dev/null to happify programs that expect it.
It is suggested that users of the jail environment modify the jail's
syslog.conf to not send stuff to /dev/console, but instead syslog
it somewhere else. Such as a loghost, potentially even to the host
environment's syslog.
Approved by: jkh
/etc/Makefile so that if it is defined, MAKEDEV all is not called
during a make distribution. This helps clean up the messy userland
in jail(), by reducing the number of devices exposed in jail.
Modifications to jail(2) to follow.
Approved by: jkh-arius
an all.log for logging all messages, and one to demonstrate use of loghosts.
Also, a matching entry in newsyslog.conf for all.log.
Per request of Garrett Wollman, also modified the maillog entry to use the
@T newsyslog time specification mechanism. Because newsyslog doesn't
support the mod date specification machanism, couldn't change other
entries that required more than one execution a month, but less than once
a day.
Approved by: jkh
Reviewed by: freebsd-security
Reviewed by: joerg
The isdnd is able to listen on a socket for isdnmonitor to connect to
it to remotely control it (similar to ppp and pppctl). When this is
enabled in the isdnd config file, it will fail currently because isdnd
is started before the network interfaces are configured.
It is necessary to move the isdnd start after the ifconfig of the network
interfaces, then this problem will not occur.
happen with a keyboard and monitor the console change was not as needed
in the i386 case as the Alpha case. IMO >50% of Alpha installs are using
a serial console, the change matching rev 1.7 should not be backed out.
devices because accessible by group wheel instead of group operator.
Didn't fix fishy group for rsa*.ctl. This device should have group operator
if that is safe, or mode 600 and group wheel.
Removed ssc and uk*.
Removed bogus (redundant) chmod's to 600.
# Apollo PCMCIA Ethernet Adapter
# Olicom OC2220
# National Semiconductor InfoMover NE4100
I forgot who submitted the first two, but the third one was submitted
by Jim Bloom.
draft-manning-dsua-01.txt.
Stop using public addresses as samples and use the recommended
192.0.2.0/24 netblock that has specifically been set aside for
documentation purposes.
Reviewed by: readers of freebsd-security did not respond to a request
for review
o Fix entry for Megahertz XJ4336-CC4336. Old config (sio1) seems
conflict with IrDA port or COM port on some laptop and sometimes
totally hang up after insertion.
o Add 'NTT DoCoMo Mobile D Card 96P1' which is used by many
people in Japan.
Reviewed by: imp
that it does not reset the printer when opened. This fixes the problem
of printing a document almost till the end and then resetting the
printer when the next print job is started.
Submitted by: Christopher Masto <chris@netmonger.net>
Also, remove all but the ums0 device from the fixit target 'to save
precious i-nodes on the fixit floppy'.
o Make sure every entry has a logger event on insert/delete
o Make sure that the order of loggers is consistant
o Add D-Link DEF-650
o use /sbin/ifconfig consistantly
o Add Elecom Laneed LD-CDE, NTT DoCoMo Paldio 321S and 341S
(from shige@FreeBSD.org)
We were supposed to get these in far earlier and didn't, hence
the commit after feature freeze. A promise is a promise. :)
Submitted by: Sascha Schumann <sascha@schumann.cx>
Changes are:
- rpc.umntall is called at the right places now in /etc/rc*
- rpc.umntall timeout has been lowered from two days (too high) to one
- verbose messages in rpc.umntall have been clarified
- kill double entries in /var/db/mounttab when rpc.umntall is invoked
- ${early_nfs_mounts} has been removed from /etc/rc
- patched mount(8) -p to print different pass/dump values for ufs filesystems.
(last patch recieved from dan <bugg@bugg.strangled.net>)
Submitted by: Martin Blapp <mbr@imp.ch>, dan <bugg@bugg.strangled.net>
NICs. (Finally!) The PCMCIA, ISA and PCI varieties are all supported,
though only the ISA and PCI ones will work on the alpha for now.
PCCARD, ISA and PCI attachments are all provided. Also provided an
ancontrol(8) utility for configuring the NIC, man pages, and updated
pccard.conf.sample. ISA cards are supported in both ISA PnP and hard-wired
mode, although you must configure the kernel explicitly to support the
hardwired mode since you have to know the I/O address and port ahead
of time.
Special thanks to Doug Ambrisko for doing the initial newbus hackery
and getting it to work in infrastructure mode.
PC Card (PCMPC100). the entry was one character
short...the final ")" was missing.
Pointed out by: Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
of the SOA 'minimum' field. Now it's necessary to define $TTL seperately
to shut it up. Bind does reasonable things by default but it's annoying
still.
PR: 15834
Submitted by: Daniel Lewart <d-lewart@uiuc.edu>
in the 3.x branch. Also remove the dependency on /usr to find the
boot address/interface.
Mostly-submitted-abd-tested-by: MIHIRA Sanpei Yoshiro <sanpei@sanpei.org>
Improve the internal mknod() to understand being passed an (optional)
user:group specification.
Don't apply root:wheel to nodes explicitly anywhere, it's the default.
Remove an odd looking uucp:wheel assignment, as it's inconsistent with
all the other tty?? devices.
5in HD 2 heads, 77 cylinders, 8 sectors/track, 1024 bytes/sector
5/3.5in DD 2 heads, 80 cylinders, 8 sectors/track, 512 bytes/sector
Meanings of the rogrammer-readeble fd name were explained by Brian
Fundakowski Feldman and Peter Wemm in hackers list and NOKUBI
Hirotaka.
Reviewed by: nyan
Fixed some style bugs for cam (superflous umask and missing newline).
Fixed bogons for apm. The pattern "apm*" matched too many things; apm
and apmctl were both made twice by `MAKEDEV all'. Hopefully no one
depends on `MAKEDEV apm0' making apm or on `MAKEDEV apm' making apmctl.
more comprehensive. Previously, at least colour changes were not
applied to all virtual consoles.
PR: 15066
Reported by: Andy Farkas <andyf@speednet.com.au>
Submitted by: yokota
The current offical Sendmail Inc. version uses /var/mail/ and when we upgrade
our repository to that version, we will get the change. It is best to make
the path change in 4.0-R (which may not have the latest Sendmail Inc. version,
than to change in mid-4.x stream when we may upgrade.
Ok'ed by: Peter (quite a while ago)
The current offical Sendmail Inc. version uses /var/mail/ and when we upgrade
our repository to that version, we will get the change. It is best to make
the path change in 4.0-R (which may not have the latest Sendmail Inc. version,
than to change in mid-4.x stream when we may upgrade.
Ok'ed by: Peter (quite a while ago)
MAKEDEV can now run (with /sbin/chown and /bin/chgrp, still) without
any /usr. The default PATH for MAKEDEV is now "/sbin:/bin" to prevent
against further spammage of /usr programs in MAKEDEV. In the event
of an emergency, the variable "MAKEDEVPATH" can be used to replace
PATH, but I don't know what that emergency could be.
Let me know if you have any problems. I've tested it as well as
I could, which basically means everything except for RocketPorts.
Reviewed in principle by: peter
longer really suitable as a default to create the various /dev nodes
to be contained on the fixit floppy, since all our proud new devide
nodes finally made the fixit floppy run over...
So instead create a new target titled `fixit' which creates just the
dev nodes for a single unit per each default driver; whoever needs
more of them is free to create whatever he needs, perhaps after
killing unused nodes before. There were more than 700 /dev nodes on
the floppy before that action, and it's still around 350 now. I doubt
all the various /dev/ugen* entries are really useful on such a tool,
so people, please check, and if you feel like more could be eliminated
from that floppy, kill'em.
While i was at it, removed traces of ft(8) that still survived even
though the driver has long since been dead.
That's step #1. #2 will follow...
Currently we have a problem in that `dhclient' bails when configuring the
second interface as port 68 is already in use (by the `dhclient' started
for the first interface).
PR: 14810
Submitted by: n_hibma
same names:
rover# ls -l /dev/*wd0a
crw-r----- 1 root operator 3, 0 Nov 26 20:20 /dev/rwd0a
crw-r----- 1 root operator 3, 0 Nov 26 20:20 /dev/wd0a
Notice: Over time, no earlier than FreeBSD 5.0, the "r*" names may
be discontinued. A fair number of programs and scripts need to
(un)learn some tricks before then.
This will take no effect until you either run MAKEDEV by hand or
reinstall your system.
WARNING: Kernels older than approx November 22 will not be happy
about a /dev created with MAKEDEV after this commit. Please update
your /kernel.good etc.
rundown script 'reboot' or 'single'. ISO support (which never
worked) has been removed from mount_nfs. mount_nfs and umount
now use mounttab, which allows umntall to work properly. The
rc scripts now call umntall as appropriate.
Submitted by: Martin Blapp <mb@imp.ch>
/dev/usb. The actions are specified in the file /etc/usbd.conf.
usbd.c:
- Add event queue (/dev/usb) handling.
- Add comments
- Clean up code some more
usbd.8:
- Update manpage for the new command line flags
- Remove a duplicate FreeBSD tag from it).
usbd.conf, usbd.conf.5, Makefile:
- Add the usbd.conf configuration file and the man page for it.
NOTE: MAKEDEV already creates the /dev/usb device tree node, no change
needed there anymore.
daemons started. Move log_in_vain option there. It is needed to avoid
lot of connections to port 80 logged on production WWW server prior
Apache started from /usr/local/etc/rc.d
Been in production for 3 years now. Gives Instant Frame relay to if_sr
and if_ar drivers, and PPPOE support soon. See:
ftp://ftp.whistle.com/pub/archie/netgraph/index.html
for on-line manual pages.
Reviewed by: Doug Rabson (dfr@freebsd.org)
Obtained from: Whistle CVS tree
...
recover vi
msgs/bounds
update MOTD
rc.{arch}
rc.devfs
rc.local
$local.startup
securelevel
The motive behind this is to delay rc.{arch} as long as possible,
as it loads the screensaver, which kills the splash screen.
But at the same time, it can't be done after rc.devfs, as
that might depend on arch specific actions. rc.local and local.startup
also should come after these, and securelevel must be last of all.
this is no longer the right way to start Vinum unless you are doing some
kind of maintenance, and that's not the sort of thing that would go into
rc.conf.
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.
Changes discussed on freebsd-hackers.
Submitted by: Doug Barton <Doug@gorean.org>