root@komputer:~ # sysctl kern.securelevel=3
kern.securelevel: -1 -> 3
root@komputer:~ # sysctl kern.securelevel=3
kern.securelevel: 3 -> 3
root@komputer:~ # sysctl kern.securelevel
kern.securelevel: 3
root@komputer:~ #
SMART status:
Checking health of /dev/ada0: /dev/ada0: Operation not permitted
That's expected because smartctl needs to be able to write to the disk in order to command it to give up SMART data. securelevel(7) 2 precludes writing to the disk.Tried this also, just for fun, setting securelevel 2 after X was up. First hickup just appeared in mail from "periodic daily",
Code:SMART status: Checking health of /dev/ada0: /dev/ada0: Operation not permitted
Juha
11.3 explains why securelevel must be 0 to start X and offers an alternative: https://www.freebsd.org/doc/faq/x.htmlAfter Xorg stand up is working well but how about startup?
Code:X server died during startup X server for display :0 cannot be started session disabled.
I use KDE4 and tried 1,2 and 3 stage, and tried too startx after loging. Nothing. I read Xorg log now...
rcorder /etc/rc.d/*
, you'll see the securelevel script is run after LOGIN and syscons which I would assume rely on the ttys already being setup. sysctl kern.securelevel=N
there ought to work.find: Xsetup: No such file or directory
Agreed. This is a bad idea IMHO. Xorg needs access the the I/O subsystem as well as kernel memory on FreeBSD. This is true on Linux IIRC as well, and on FreeBSD, setting kern.securelevel above the default prevents that and will cause various weird errors(one of them noted above by Juha Nurmela).read security(7). Fiddling with the securelevel sysctl on a desktop or laptop doesn't have any benefit I can see, and will make the system impractical to work with.
tunefs -L randomlabel mmcsd0s2a
.That is actually kind of surprising, though you did set the security level after X was already up as opposed to before. I still wouldn't be surprised to see more mysterious oddities headed your way soon enough.Surprisingly few problems so far, I'm still on level 2 from the have-a-go experiment, and the only new thing to "report" is a failed tunefs -L randomlabel mmcsd0s2a.
Lol.I have steel bolts on my cheese door,
OpenBSD is the only operating system at this point of time that can successfully run Xorg devoid of root privileges.
sshd_enable="NO" in /etc/rc.conf should be sufficient. Root should be the only user able to modify that file and if an unauthorised person gains root, well the game is over.And I have one more question, is little off topic... remove for example sshd from /etc/rc.d is enough to permanently disable this daemon?
rm /usr/sbin/sshd
to be extremely permanent OpenBSD during installation asks the user if him intend to use X, then, if answered yes, sets the system variableIS basically configured to do that?
machdep.allowaperture
(inexistent on FreeBSD) to 2 or 1 (depending on platform) and stores it in /etc/sysctl.conf (just like FreeBSD does with its sysctl vars).You MUST NOT touch scripts in /etc/rc.d directory (unless you REALLY want to do that and know what you are doing). How leebrown66 saidAnd I have one more question, is little off topic... remove for example sshd from /etc/rc.d is enough to permanently disable this daemon?
sshd_enable="NO"
in /etc/rc.conf is enough.Well, this is REALLY extremely permanent!or even rm /usr/sbin/sshd to be extremely permanent
This is a(nother) good reason to use a firewall to close unneeded ones.A regular user could still run the daemon on a non-privileged port.