Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!nntp.coast.net!news.kei.com!wang!uunet!in3.uu.net!news.iij.ad.jp!news.CET.CO.JP!usenet From: Michael Hancock <michaelh@cet.co.jp> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Is securitylevel implemented in FreeBSD? Date: Sat, 03 Aug 1996 19:25:00 +0900 Organization: CET Lines: 33 Message-ID: <320328FC.32C8@cet.co.jp> References: <4tm7uk$1me@overload.lbl.gov> NNTP-Posting-Host: a07m.cet.co.jp Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 2.0 (Win95; I) Jin Guojun[ITG] wrote: > > I have a question on setting securitylevel under FreeBSD. Here is what I did: > > # sysctl kern.securelevel > kern.securelevel = -1 ??? should be = 1 ??? Maybe, but it would confuse a lot of people, "I'm root but I can't install a new kernel, what's chflags and why doesn't it work". > # sysctl -w kern.securelevel=2 > kern.securelevel: -1 -> 2 > > #cat > /etc/xxx > > # sysctl -w kern.securelevel=5 > kern.securelevel: 2 -> 5 > > # cat > /etc/xxx > > The disk is still writeable. If I remember correctly, when the security > level is greater (higher) than 1, the entire system is read only. Making /etc read-only not possible anyway. You wouldn't be able to run your system. The kernel has "Permanently secure mode" compiled into it. "Secure mode" would be a good mode of operation, but you'll have to figure out how to get kern.securemode= -1 from being compiled in. Mike Hancock