best practices:
1. The old way of generating the localhost zones was not optimal both
because they did not exist by default, and because they were not really
aligned with BCP. There is no need to have the dynamic data that the
make-localhost script generated, and good reasons to do this more
"by the book."
2. In named.conf
a. Clean up white space
b. Add/clarify a few comments
c. Slave zones from the root servers instead of using a hints
file. This has several advantages, as described in the comments.
d. Significantly revamp the default zones, including the
forward localhost zone, and the reverse zones for IPv4 and IPv6
loopback addresses. There are extensive comments describing what
is included and why. Interested readers should take the time to
review the RFCs mentioned in the comments. There is also relevant
information about the motivations for hosting these zones in the
"work in progress" Internet-Draft,
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
or its successor.
It's also worth noting that a significant number of these
empty zones are already included by default in the named binary
without any user configuration.
e. Because we're including a lot of examples of both local
forward zones and slave zones in the default configuration,
eliminate some of those examples.
3. Add new localhost-{forward|reverse} zone files, and an "empty" zone
to support the changes in 2.d. above. The empty zone file isn't really
empty in order to avoid a warning from BIND about a zone file that
doesn't contain any A or AAAA records.
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.
In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.
The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs. E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM. When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made. Then it'll be
enough to set the expire field in future for the commands to run
again. And so on.
Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.
X-Security: should benefit as users have access to cron(8) by default
/etc/rc.d/sendmail whether or not to run newaliases if the database
is missing or the aliases text file is newer than aliases.db.
In my opinion, the aliases file should never be automatically rebuilt.
The current text form could represent a work in progress. Therefore,
in FreeBSD 7.0, this new option will default to "NO". When this rc.d
change is MFC'ed, it will need to remain "YES" to maintain backward
compatibility.
PR: conf/86252
Approved by: re (kensmith)
MFC after: 3 days
id used by sysinstall when enabling anonymous FTP.
Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.
PR: 93284
Approved by: ru (mentor)
Reviewed by: simon
instead of an authentication function. There are a design reason
and a practical reason for that. First, the module belongs in
account management because it checks availability of the account
and does no authentication. Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.
Document this change in the manpage.
Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.
Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)
PR: bin/112574
Approved by: des, re
when figuring out what the real interpreter is for an
interpreted command. That is, check whether we can read
the script file in the first place and, if so, make sure
we got a valid shebang line from it.
stop looking there for things like rc.d and periodic. This avoids
duplicating effort when /usr/X11R6 is a symlink to /usr/local,
which it is by default now.
It is not anticipated at this time that we will MFC this change, since
we'd like to avoid breaking legacy systems. However, there is a fix for
/etc/rc.subr in the works to avoid running any rc.d scripts twice which
we should be able to MFC.
/etc/rc.d/hostid now that we switched the origin of the UUID (variable
smbios.system.uuid as provided by the i386 BIOS code) to already provide
a standard conforming lower-case UUID text representation.
usage to an equivalent csh(1) usage as tr(1) stays in /usr/bin and
/etc/rc.d/hostid has just the root filesystem (and this way mainly the
tools in /bin) available.
I've chosen csh(1) here as the string manipulation tools available in
/bin is extremely limited and the (only) alternative ed(1) usage would
have been a lot more complicated or even might require a temporary file.
and ISO/IEC-9834-8:2005 is with LOWER-CASE hexadecimal characters only,
so translate the (usually upper-case and this way not conforming)
representation of the BIOS UUID when reading it. Also be more strict
about the valid characters in the textual representation by checking for
just the hexadecimal characters.
list.
This is only for the well known known ports (port 1-1023) for tcp and
udp only.
Changes:
- Removed "problems" comments around port 57, 77 and 87
- Removed audionews (port 114)
- Added imap3 (port 220)
- Removed yak-chat (port 258)
- Removed concert (port 786)
- Added a lot of new allocations
Submitted by: edwin
scripts in rc.d to stop rc(8) from booting into multi-user mode when
a critical or severe error condition is encountered.
o Modify scripts in etc/rc.d that already implemented this functionality
independently.
o Document it.
[1] - This subroutine was implemented in FreeBSD in rc.d/fsck. I moved it
to rc.subr(8). Our version differs slightly in that it takes an
optional argument to stop the boot even if "autoboot" is not set.
Obtained from: NetBSD
MFC after: 2 weeks
"forced". If some pre-condition is not met, it should fail as it normally
does and rc.subr(8) will make the appropriate decision. Incidentally, the
previous behaviour had a bug where the "force" flag was respected only
when checking rc.conf(5) knobs. The flag was ignored when verifying the
rpcbind(8) dependency.
MFC after: 2 weeks
dependency was introduced because this script had rc.d/localpkg (which is
*after* rc.d/NETWORKING) in its REQUIRE line.
From an examination of its contents it seems that only the availability of
a local filesystem is necessary for this script to function properly.
'zfs mount -a' from the main system - this is by design, as mountpoint
may be set to dangerous value. This all means, that such file system
has to be mounted from within a jail. To make it easier, reorganize
rc.d/zfs script so it can be used from within a jail.
NFS-share anything. This way we can safely start mountd with
/etc/zfs/exports and mountd won't complain.
Pointed out by: ceri
- Move 'zfs volinit' before 'zfs mount -a' and 'zfs volfini' after
'zfs unmount -a'.
The registration names for 5222(tcp,udp) and 5269(tcp,udp) was changed to
xmpp-client and xmpp-server correspondingly.
This inconsistency causes problems to applications developed on other
systems, as they tries to use port numbers from /etc/services as fallback.
PR: conf/100606
Submitted by: Ralph Meijer <freebsd-gnats2@ralphm.ik.nu>
Approved by: maxim
MFC after: 1 week
software-generated UUID. Store the result in /etc/hostid and use it in
the future. Perform simple UUID format check, as there is a lot of
hardware with broken UUIDs. The check should be improved to also eliminate
fake UUIDs like 00000000-0000-0000-0000-000000000000.
Requested by: many