Commit Graph

1620 Commits

Author SHA1 Message Date
Chris Timmons
240d6d79b1 Don't set a MANPATH by default for users who aren't in a login class.
man(1) will utilize manpath(1) if MANPATH is unset in the environment,
and with our existing manpath.config it is enough to find the X11
pages among others.

	PR: 8587
	Submitted by: Marc Slemko <marcs@znep.com>
1998-12-27 23:55:01 +00:00
Jordan K. Hubbard
96d5e20872 Update comment for saver variable now that its changed its function
(and list of available values) somewhat.
1998-12-27 23:00:18 +00:00
Dag-Erling Smørgrav
64bec931fc List the warp screensaver along with the others. 1998-12-27 22:04:12 +00:00
Poul-Henning Kamp
1767866e4d follow up to:
Pre 3.0 branch cleanup casualty #4: pcvt
1998-12-27 16:44:24 +00:00
Matthew Dillon
35fb56f97e Add (commented out) directive and note regarding dumpfile location
when running in a sandbox.

Submitted by:	Ben Smithurst <ben@scientia.demon.co.uk>
1998-12-23 06:06:13 +00:00
Jordan K. Hubbard
c9f66c3bfe Add /usr/share/examples/bootforth so that world builds don't start falling
over.

Forgotten by:	abial :-)
1998-12-22 12:33:32 +00:00
Matthew Dillon
eb127873d5 Take bind out of sandbox and run it as root again, but leave support
mechanisms ('bind' user and group) in place so the feature can be easily
    turned on.  There were too many complaints.  The security(1) man
    page will be created/updated to include the appropriate info.
1998-12-19 07:25:56 +00:00
Satoshi Asami
3a5dbbd324 Add share/emacs/site-lisp. Too many things break without it.
Reviewed by:	ports list (a long time ago)
1998-12-18 08:06:34 +00:00
Guy Helmer
dc1ab7da41 Document securelevel 3.
PR:		docs/8674
1998-12-16 17:14:16 +00:00
Peter Wemm
c399ed564c Old nit lying around in a source tree: Slightly optimize the number of
uname/gname overrides and /sets.
1998-12-16 05:50:25 +00:00
Peter Wemm
0ee4ff6f20 Old nit lying around: Don't override the gname when it's the same as the
previous /set.
1998-12-16 05:47:53 +00:00
Peter Wemm
c32e8ac670 Old stuff laying around: Don't override /tmp to the same uid/gid as the
previous /set defaults
1998-12-16 05:45:58 +00:00
Matthew Dillon
dbd50bbc53 Added /usr/share/examples/portal to mtree 1998-12-16 05:01:44 +00:00
Mike Smith
a66325ee96 Add another modem (Psion Dacom)
Submitted by:	"Gary Palmer" <gpalmer@FreeBSD.ORG>
1998-12-15 02:57:30 +00:00
Matthew Dillon
0c2383102b More locale directory structure updates for DIS_8859-15 1998-12-14 08:06:57 +00:00
Matthew Dillon
b76ad1a32a Fix installworld, forgot directories for locale DIS_8859-15 1998-12-14 07:44:47 +00:00
Matthew Dillon
d749f6f64f Remove rc.local (now deleted from CVS tree) from Makefile. 1998-12-14 02:01:22 +00:00
Matthew Dillon
86fba2f5a6 Grrr. removed. backed out. sorry. 1998-12-13 04:38:28 +00:00
Matthew Dillon
0c7b9cbdb0 This needs to be commited now to fix usbd for make world 1998-12-13 04:31:15 +00:00
Matthew Dillon
416db1f243 Reviewed by: cvs-current
Delete rc.local from CVS tree, its remaining functionality has been
    moved to /etc/rc.  /etc/rc still supports an rc.local but it is now
    a 100% user-controlled file.
1998-12-12 23:05:22 +00:00
Matthew Dillon
d27356d803 Reviewed by: cvs-current
Commit changes to rc and rc.local, removing the remaining minimal
    functionality of rc.local into rc and commenting it out of rc.local
    prior to the deletion of rc.local from the CVS tree.
1998-12-12 23:04:21 +00:00
John Birrell
73c84e252e Back out revs 1.181 and 1.182 which upset a few people. I hope those
(3?) people will make an effort to help those who would have benefitted from
this change. And just telling them that they should read and understand
the significance of each message posted to -current is not really good
enough IMHO.
1998-12-12 22:00:49 +00:00
Doug Rabson
2d58f2447f Add directories for KLD examples. 1998-12-11 10:45:29 +00:00
John Birrell
62bf5779e7 Should be sysctl -n. Yesterday wasn't one of my better days. Doh.
Reported by: Ben Smithurst & Makoto Matsushita
1998-12-11 08:25:12 +00:00
John Birrell
1e8cf44a58 Change to the current directory before doing the install. I !love make. 1998-12-11 00:09:39 +00:00
John Birrell
ad06d8fc41 Add a test for hw.machine == i386 before trying to run ldconfig for
legacy aout support.
1998-12-10 08:06:59 +00:00
John Birrell
e151cd1901 Add logic to check if any of the BIN1 files do not already exist in
${DESTDIR}/etc and an install target to install the missing ones. This
allows new files like pam.conf to be installed by the first installworld
after the file is added, but avoid clobbering files that might be
customized. This should save some support questions.
1998-12-10 05:34:11 +00:00
Matthew Dillon
cc6fef08db Since we do not pre-create /etc/namedb/s, add additional documentation
to the comments in named.conf to describe to the user how to create it.
    (named.conf does not use /etc/namedb/s by default anyway so us not
    pre-created it in the mtree does not hurt us terribly).
1998-12-02 19:59:24 +00:00
Matthew Dillon
cc0130a2a3 Remove mtree creation of /etc/namedb/s until we find a good way
to handle new user id's in buildworld/installworld.
1998-12-02 19:57:20 +00:00
Andrey A. Chernov
559fcf9493 Use /sbin/nologin as shell for operator
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk
1998-12-02 15:17:10 +00:00
Matthew Dillon
822ef72a9d comsat sandbox prevents biff/comsat from being able to print partial
mailbox contents.  comsat instead simply prints that new mail is
    available.  Add appropriate comment to inetd.conf but leave comsat in
    sandbox.
1998-12-01 22:01:59 +00:00
Matthew Dillon
128272b8c5 Reviewed by: freebsd-current, freebsd-security
Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s
    subdirectory (user bind, group bind) to hold secondaries, adjust
    comments in named.conf to reflect new secondary scheme.  (Note that
    core read-only zone files are left owned by root, increasing security even
    more).
1998-12-01 21:36:33 +00:00
Matthew Dillon
ac48aa416a Added group bind(53), added sandbox users tty(4), kmem(5), and bind(53),
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
    the (commented out) ident from the kmem sandbox.

    Note that it is necessary to give each group access it's own uid to
    prevent programs running under a single uid from being able to gdb
    or otherwise mess with other programs (with different group perms) running
    under the same uid.
1998-12-01 21:19:49 +00:00
Joseph Koshy
8dbc5051b3 Direct std{err,out} to /dev/null when invoking sysctl(8) for setting
`nfs_access_cache_timeout'.

Submitted by:	Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
1998-11-27 07:06:11 +00:00
Mike Smith
22d30a8a1b Don't suggest that NO is allowed here; you use "0" or "" to turn the cache
off.
Submitted by:	jdp
1998-11-25 21:16:43 +00:00
John Polstra
d08484e099 Add a sample "/etc/pam.conf" file that configures the authentication
methods used by login.  Changes to "/usr/bin/login" to use it will
be committed later today.  The format of the file is described in
pam(8).

This sample file makes login behave in the traditional way.  To
wit, it enables authentication via S/Key and passwd/NIS lookups.
KerberosIV authentication is present in the sample file but commented
out.

As a safety net and a transition aid, login will fall back on
built-in passwd/NIS authentication if this configuration file is
missing or if some other fatal PAM error occurs.

This file will eventually replace "/etc/auth.conf", but not until
I've finished converting the other utilities, such as passwd and su.
1998-11-20 23:20:01 +00:00
David E. O'Brien
4e6fcaf46f Bad default value of ${fs} for type:=host in /etc/amd.map.
PR:		conf/7054
Submitted by:	Amakawa Shuhei <amakawa@sf.t.u-tokyo.ac.jp>
1998-11-20 07:36:29 +00:00
John Polstra
ae5fd90c74 Add the directory "/usr/include/security", which is where the PAM
header files go.  I am not too happy about the name.  But if we are
to have any hope of being able to use 3rd party PAM modules, we'll
have to live with it.
1998-11-18 01:51:25 +00:00
Jordan K. Hubbard
ff6301aaf3 put hosts before bind. 1998-11-16 02:02:30 +00:00
Mike Smith
cda43ef612 Implement the nfs_access_cache variable, allowing us to set the timeout for
the NFS client's ACCESS cache.
1998-11-15 20:30:04 +00:00
Nicolas Souchu
d551f05381 Arrg, ppi*) corrected 1998-11-12 22:48:16 +00:00
Nicolas Souchu
5f3f114afa Add ppi*) iic*) and smb*) 1998-11-12 22:45:24 +00:00
Peter Wemm
29ddf71810 kldload the screen savers 1998-11-11 05:25:32 +00:00
Peter Wemm
2bfb2faded kldload ipfw, it's installed always and works on both kernel formats 1998-11-11 05:23:44 +00:00
Brian Somers
d7264d6e3a Suggest using ``iface clear'' under certain circumstances
in ppp.linkdown.
1998-11-05 23:14:19 +00:00
Poul-Henning Kamp
83713d0b04 Add example for the internal "ident server". 1998-11-04 19:42:35 +00:00
Poul-Henning Kamp
5707e03c5f Move the "root" entry up so people can see it. 1998-11-03 08:14:38 +00:00
Wolfram Schneider
de4f843d24 Write temp files with a uniq name into /var/run
instead the public writable directory /tmp
PR:	 conf/8330
1998-11-01 13:04:15 +00:00
David E. O'Brien
255e0e14be Backout rev 1.175. 1998-10-31 05:27:02 +00:00
David E. O'Brien
5b3ac95f28 ``MAKEDEV ccd3'' is now consistant with many of the other devices in that
*ccd{0,1,2}* will be created.
1998-10-30 06:02:48 +00:00