log_in_vain:
log_in_vain turns on logging for packets to ports for which
there is no listener.
rc.sysctl:
A generic way to set sysctl values. It reads /etc/syslog.conf
and sets values based on that. No /etc/syslog.conf has been
checked in yet, and I've not added this to the makefile yet
until I get more feedback.
Reviewed by: -current, -hackers and bde especially
enable_quotas - use quotas on your system
check_quotas - check for violations on startup
By assuming that a system was neat and without violation before it booted
we can skip a long (and at that point needless) process.
Submitted by: Alex Perel <veers@disturbed.net>
suitable defaults pointing to the FreeBSD-shipped versions. This will allow
for easier integration of third-party replacements for these daemons.
Reviewed by: Several members of -committers
he moved rc.conf. Then he deleted rc.diskless when it ( of course ) didn't
work. Now I'm putting the originally accidently removed rc.diskless{1,2}
back in.
we set in rc.conf.
Background: the `vinum read' command has changed. For a short period
of time, it required the names of the slices on which vinum was
stored. Now it requires the names of the drives.
Strictly speaking, it is not necessary; the screen saver will load
even if the splash module is still in memory. But still, it is the right
thing to do, otherwise the splash decoder module just wasts the kernel space.
Discussed with: des
let it rotate /var/log/wtmp again, and update monthly/200.accounting to
take this into account. (Some sites might want to change the parameters
of the rotation; it's easier to do this when it's all centralized in
newsyslog.conf.)
variable and propogates back to /etc/rc where it will be used to
locate the rc.local file. The local variable will also be used by
/etc/rc.conf. Note that /etc/rc.conf reverts to its prior operation
of accessing /etc/rc.conf.local if run standalone.
rc.conf should only contain simple ops. We still keep the conf_dir
override, however, and this will be used when rc.conf is run from
/etc/rc in a diskless configuration.
about this becase that makes it get run *before* the filesystems are
mounted. If people have added stuff to their rc.conf or rc.conf.local
that uses stuff outside of /bin and /sbin, this will break.
since the kernel must be booted from something ( like a floppy ). This
script must occur near the beginning of the rc file in order to support
read-only NFS mounts, which in turn allows all the BOOTP machines to use
the same / and /usr.
The companion rc.diskless script is forthcoming.
This means that if(when) you go "sh MAKEDEV all" in /dev
the devices get remade; you don't get errors.
A lot of the changes are for info only; they are commented out.
Not exactly shot to pieces by: bde
This should be merged into RELENG_3 and a similar patch may be needed
for RELENG_2_2, should that deemed necessary.
Make world succeeded with these patches in my tree.
Submitted by: "Kaleb S. KEITHLEY" <kaleb@ics.com>
vinum_slices to the names of all slices (block device) which are under
the control of vinum. The configuration will be read in from each in
turn, starting with the most recently updated.
Reviewed-by: jkh
normal ifconfig stuff, one might need to pass down authentication
parameters for them.
This is closely tied to Hellmuth's impending rc patches for ISDN, but
sppp can also be used separately (thus it doesn't go directly into the
planned ISDN section of rc.conf).
Reviewed by: hm
I have not enabled rbl by default, I understand an 'opt-in' is a key part
of it's legal protection.
Activate a few optional features (access_db, virtusertable, etc) which will
operate if (and only if) the corresponding table is created.
I've also turned on the MIME buffer overflow checking with sendmail.org's
recommended values (256/128).
to be written to /etc.
The only essential change is in paths.h, so any third-party software
written correctly will pick it up in the next rebuild.
Reviewed by: the committers list (actually an old version)
to a hostname. This will help those who keep a cluster of machines all with
the same hostname but different domain names.
PR: bin/9091
Submitted By: Heikki Suonsivu <hsu@clinet.fi>
No Response From: -current mailing list
man(1) will utilize manpath(1) if MANPATH is unset in the environment,
and with our existing manpath.config it is enough to find the X11
pages among others.
PR: 8587
Submitted by: Marc Slemko <marcs@znep.com>
mechanisms ('bind' user and group) in place so the feature can be easily
turned on. There were too many complaints. The security(1) man
page will be created/updated to include the appropriate info.
Delete rc.local from CVS tree, its remaining functionality has been
moved to /etc/rc. /etc/rc still supports an rc.local but it is now
a 100% user-controlled file.
Commit changes to rc and rc.local, removing the remaining minimal
functionality of rc.local into rc and commenting it out of rc.local
prior to the deletion of rc.local from the CVS tree.
(3?) people will make an effort to help those who would have benefitted from
this change. And just telling them that they should read and understand
the significance of each message posted to -current is not really good
enough IMHO.
${DESTDIR}/etc and an install target to install the missing ones. This
allows new files like pam.conf to be installed by the first installworld
after the file is added, but avoid clobbering files that might be
customized. This should save some support questions.
to the comments in named.conf to describe to the user how to create it.
(named.conf does not use /etc/namedb/s by default anyway so us not
pre-created it in the mtree does not hurt us terribly).
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk
Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s
subdirectory (user bind, group bind) to hold secondaries, adjust
comments in named.conf to reflect new secondary scheme. (Note that
core read-only zone files are left owned by root, increasing security even
more).
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.
Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.
