Thread: [Pcbsd-developer] Re: PCBSD-Developer digest, Vol 1 #1 - 1 msg
Status: Beta
Brought to you by:
kmoore134
Menu
▾
▴
pcbsd-developer
|
From: Charles A. L. <lan...@gm...> - 2005-10-15 03:39:13
|
Yes Antik, I think there's no point being a rival of Linux - At least this is everything but my goal. We can greatly learn from Linux, especially from the mistakes that have been done over the years. The Linux relative fever can be a run way for PC-BSD because some people at least know there are alternatives out there, and this is good. As this is a dev mailing list, I can contribute in graphic design, but I'm not a good C++ programmer, as I had only classes at the University :( Other than that, I hope the Network control panel project emerges soon :D |
|
From: Andrei K. <And...@ma...> - 2006-03-09 00:02:33
|
I see that devfs.conf file have not enough permissions for users to write to their cd/dvd recorders and USB devices: ------------------------------------------------------------- # Allow all members of group operator to mount CD's own /dev/acd0 root:operator perm /dev/acd0 0660 own /dev/acd1 root:operator perm /dev/acd1 0660 own /dev/cd0 root:operator perm /dev/cd0 0660 own /dev/cd1 root:operator perm /dev/cd1 0660 # Allow all USB Devices to be mounted own /dev/da0 root:operator perm /dev/da0 0660 own /dev/da1 root:operator perm /dev/da1 0660 own /dev/da2 root:operator perm /dev/da2 0660 own /dev/da3 root:operator perm /dev/da3 0660 ------------------------------------------------------------- #####I'd like to see this way:#### Add in Kernel config: ------------------------------------------------------------ device scbus # SCSI bus (required for SCSI) device ch # SCSI media changers device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass # Passthrough device (direct SCSI access) device ses # SCSI Environmental Services (and SAF-TE) device atapicam ------------------------------------------------------------- # ee /etc/devfs.conf Add the following: ------------------------------------------------------------- perm acd0 0666 link acd0 cdrom perm pass0 0666 perm cd0 0666 perm xpt0 0666 #and so on... ------------------------------------------------------------- |
|
From: <ren...@gm...> - 2006-03-09 00:20:03
|
Andrei Kolu escreveu: > I see that devfs.conf file have not enough permissions for users to write to > their cd/dvd recorders and USB devices: > > ------------------------------------------------------------- > # Allow all members of group operator to mount CD's > own /dev/acd0 root:operator > perm /dev/acd0 0660 > own /dev/acd1 root:operator > perm /dev/acd1 0660 > own /dev/cd0 root:operator > perm /dev/cd0 0660 > own /dev/cd1 root:operator > perm /dev/cd1 0660 > > # Allow all USB Devices to be mounted > own /dev/da0 root:operator > perm /dev/da0 0660 > own /dev/da1 root:operator > perm /dev/da1 0660 > own /dev/da2 root:operator > perm /dev/da2 0660 > own /dev/da3 root:operator > perm /dev/da3 0660 > > ------------------------------------------------------------- > > > #####I'd like to see this way:#### > > Add in Kernel config: > ------------------------------------------------------------ > device scbus # SCSI bus (required for SCSI) > device ch # SCSI media changers > device da # Direct Access (disks) > device sa # Sequential Access (tape etc) > device cd # CD > device pass # Passthrough device (direct SCSI access) > device ses # SCSI Environmental Services (and SAF-TE) > device atapicam > ------------------------------------------------------------- > > # ee /etc/devfs.conf > Add the following: > ------------------------------------------------------------- > perm acd0 0666 > link acd0 cdrom > perm pass0 0666 > perm cd0 0666 > perm xpt0 0666 > #and so on... > ------------------------------------------------------------- > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > PCBSD-Developer mailing list > PCB...@li... > https://lists.sourceforge.net/lists/listinfo/pcbsd-developer > > I agree. Something as basic as burning CD's and using usb storage devices must be free for any user to use. |
|
From: Kris M. <pie...@gm...> - 2006-03-10 00:30:11
|
Good call, I'll get this modified for 1.0-release and the next patch also! --- Kris Moore Andrei Kolu wrote: > I see that devfs.conf file have not enough permissions for users to write to > their cd/dvd recorders and USB devices: > > ------------------------------------------------------------- > # Allow all members of group operator to mount CD's > own /dev/acd0 root:operator > perm /dev/acd0 0660 > own /dev/acd1 root:operator > perm /dev/acd1 0660 > own /dev/cd0 root:operator > perm /dev/cd0 0660 > own /dev/cd1 root:operator > perm /dev/cd1 0660 > > # Allow all USB Devices to be mounted > own /dev/da0 root:operator > perm /dev/da0 0660 > own /dev/da1 root:operator > perm /dev/da1 0660 > own /dev/da2 root:operator > perm /dev/da2 0660 > own /dev/da3 root:operator > perm /dev/da3 0660 > > ------------------------------------------------------------- > > > #####I'd like to see this way:#### > > Add in Kernel config: > ------------------------------------------------------------ > device scbus # SCSI bus (required for SCSI) > device ch # SCSI media changers > device da # Direct Access (disks) > device sa # Sequential Access (tape etc) > device cd # CD > device pass # Passthrough device (direct SCSI access) > device ses # SCSI Environmental Services (and SAF-TE) > device atapicam > ------------------------------------------------------------- > > # ee /etc/devfs.conf > Add the following: > ------------------------------------------------------------- > perm acd0 0666 > link acd0 cdrom > perm pass0 0666 > perm cd0 0666 > perm xpt0 0666 > #and so on... > ------------------------------------------------------------- > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > PCBSD-Developer mailing list > PCB...@li... > https://lists.sourceforge.net/lists/listinfo/pcbsd-developer > |
|
From: Andrei K. <an...@bs...> - 2006-07-15 17:20:21
|
Hi! After some discussion with linux zealots (IKIAPS) I decided to implement=20 security features that is available to FreeBSD. =2D------------------------------------------------- The FreeBSD 7-CURRENT development branch includes support for Event Auditin= g=20 based on the POSIX=AE.1e draft and Sun's published BSM API and file format.= =20 Event auditing permits the selective logging of security-relevant system=20 events for the purposes of post-mortem analysis, system monitoring, and=20 intrusion detection.=20 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html options AUDIT auditd_enable=3D"YES" =2D------------------------------------------------- =46reeBSD 5.X introduced new security extensions from the TrustedBSD projec= t=20 based on the POSIX=AE.1e draft. Two of the most significant new security=20 mechanisms are file system Access Control Lists (ACLs) and Mandatory Access= =20 Control (MAC) facilities. Mandatory Access Control allows new access contro= l=20 modules to be loaded, implementing new security policies. Some provide=20 protections of a narrow subset of the system, hardening a particular servic= e.=20 Others provide comprehensive labeled security across all subjects and=20 objects. The mandatory part of the definition comes from the fact that the= =20 enforcement of the controls is done by administrators and the system, and i= s=20 not left up to the discretion of users as is done with discretionary access= =20 control (DAC, the standard file and System V IPC permissions on FreeBSD). http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html options MAC mac_bsdextended(4) mixed with mac_seeotheruids(4) could co-exist and block= =20 access not only to system objects but to hide user processes as well. Begin by adding the following lines to /boot/loader.conf: mac_seeotheruids_enabled=3D"YES" The mac_bsdextended(4) security policy module may be activated through the = use=20 of the following rc.conf variable: ugidfw_enable=3D"YES" =46or testing purposes, try logging in as a different user across two conso= les.=20 Run the ps aux command to see if processes of other users are visible. Try = to=20 run ls(1) on another users home directory, it should fail. =2D------------------------------------------------- Kernel configuration line: options MAC_IFOFF Boot option: mac_ifoff_load=3D"YES" The mac_ifoff(4) module exists solely to disable network interfaces on the = fly=20 and keep network interfaces from being brought up during the initial system= =20 boot. It does not require any labels to be set up on the system, nor does i= t=20 have a dependency on other MAC modules. Most of the control is done through the sysctl tunables listed below. security.mac.ifoff.lo_enabled will enable/disable all traffic on the loopba= ck=20 (lo(4)) interface. security.mac.ifoff.bpfrecv_enabled will enable/disable all traffic on the=20 Berkeley Packet Filter interface (bpf(4)) security.mac.ifoff.other_enabled will enable/disable traffic on all other=20 interfaces. One of the most common uses of mac_ifoff(4) is network monitoring in an=20 environment where network traffic should not be permitted during the boot=20 sequence. Another suggested use would be to write a script which uses=20 security/aide to automatically block network traffic if it finds new or=20 altered files in protected directories. =2D------------------------------------------------- Or something like this... |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X