summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sbin/init/init.851
1 files changed, 9 insertions, 42 deletions
diff --git a/sbin/init/init.8 b/sbin/init/init.8
index c23fff9761a..f8568c0333a 100644
--- a/sbin/init/init.8
+++ b/sbin/init/init.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: init.8,v 1.22 1999/07/20 18:35:36 aaron Exp $
+.\" $OpenBSD: init.8,v 1.23 2000/01/08 01:57:10 hugh Exp $
.\" $NetBSD: init.8,v 1.6 1995/03/18 14:56:31 cgd Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
@@ -88,47 +88,13 @@ The password check is skipped if the
is marked as
.Dq secure .
.Pp
-The kernel runs with four different levels of security.
-Any super-user process can raise the security level, but only
-.Nm
-can lower it.
-Security levels are defined as follows:
-.Bl -tag -width flag
-.It Ic -1
-Permanently insecure mode \- always run system in level 0 mode.
-.It Ic 0
-Insecure mode \- immutable and append-only flags may be changed.
-All devices may be read or written subject to their permissions.
-.It Ic 1
-Secure mode \- system immutable and append-only flags may not be turned off;
-disks for mounted filesystems,
-.Pa /dev/mem ,
-and
-.Pa /dev/kmem
-are read-only.
-.It Ic 2
-Highly secure mode \- same as secure mode, plus disks are always
-read-only whether mounted or not and
-the
-.Xr settimeofday 2
-system call can only advance the time.
-This level precludes tampering with filesystems by unmounting them,
-but also inhibits running
-.Xr newfs 8
-while the system is multi-user. Because the clock cannot
-be set back in time, malicious users who have gained root
-privileges are unable to change a file's ctime.
-.El
-.Pp
-Normally, the system runs in level 0 mode while single-user
-and in level 1 mode while multi-user.
-If the level 2 mode is desired while running multi-user,
-it can be set in the startup script
-.Pa /etc/rc.securelevel .
-If it is desired to run the system in level 0 mode while multi-user,
-the administrator must build a kernel with
-.Dq option INSECURE
-in the config file.
+The kernel
+.Xr securelevel 7
+is normally set to 0 while in single-user mode, and raised to 1 when
+the system begins multi-user operations. This action will not take
+place if the securelevel is -1, and can be modified via the
+.Pa /etc/rc.securelevel
+script.
.Pp
In multi-user operation,
.Nm
@@ -301,6 +267,7 @@ script run at shutdown time
.Xr halt 8 ,
.Xr rc 8 ,
.Xr rc.shutdown 8 ,
+.Xr securelevel 7 ,
.Xr reboot 8 ,
.Xr shutdown 8
.Sh HISTORY
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-26 19:46:18 +0000