static_routes and defaultrouter variables. I'm glad I looked again, however,
as I realized that setting static_routes to NO in the case of a defaultrouter
would wind up with a bogus value for static_routes. It doesn't really
hurt anything, but it's still wrong so I fixed it. I think this whole routing
section of sysconfig needs a revisit - it's getting gross!
While I'm at it, add a commented-out sample amd flags line to sysconfig
and drop a sample amd.map file in this directory for easy copying.
I know that this file's contents are highly site-variable, but the one I've
chosen for an example is also the one I've seen on 99.9% of the amd-using
sites I've visited. I think it's a fair default.
tape_umask=017 for all tapes. This has a significant effect only
for ft and st (they were created with the wrong umask 002 and then
chmod'ed to mode 640; now they are created with mode 660).
Chmod the st control devices (mode 3) to 600. These need to be
more secure than the st i/o devices, but were less secure.
Use the default umask of 077 for joy0. 002 gave mode 664, which
is insecure.
Use umask 037 for ch*. Cosmetic.
Removed redundant chmod's.
Sorted case lists for disks.
"hand", changed /etc/crontab to call /usr/sbin/newsyslog every hour
(the entry was there before - but we haven't had any newsyslog until
today :-) and changed /etc/inetd.conf to also contain (commentet out)
entries for rpc.rquotad and rpc.sprayd (taken from NetBSD)
directories to check in looking for port startup scripts. The specific gunge
for apache httpd, gated and pcnfsd in /etc/sysconfig and /etc/netstart is
gone now. Note that pcnfsd's troubles aren't necessarily over (and probably
why NetBSD brought it into their sources) - anyone adding pcnfsd will STILL
have to tweak /etc/sysconfig in order to set the new variable
`weak_mountd_authentication' to YES. The flags to mountd are directly affected
by pcnfsd's requirements for non-root mounts, unfortunately! :-(
Submitted by: paul & jkh
Sigh, I really hate this "feature". I'm tempted to comment the test out
(like in sendmail 8.6.xx), especially since we log the info in the
Received: header line anyway.. Doing it like this only makes it painful
for things like uucp..
rest of the memory group - std. Also correct the permissions so as not
to force a security hole. If /dev/*random have the permission 640 and
ownership bin.kmem, it forces applications that need random numbers
to be at least SGID. Picture the scene of a SGID PGP being able to
read /dev/kmem!
