Re: passing options thru '/etc/rc.d/foo start'
Tom Worster wrote: On 9/16/09 3:19 PM, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: Tom Worster wrote: is there a general shell syntax that can be used to pass arguments to a daemon that you're starting with the /etc/rc.d/foo start command? If you're starting service foo, then you should be able to define command arguments by setting foo_flags=-a -b -c. This is a convention, and particular services may use several more specific variables to build a command line or may simply ignore any flags variable completely, so you'll have to check each case individually. for example, how does one start sshd using /etc/rc.d/sshd and pass it '-o X11Forwarding=no' without touching a config file? In this case, setting sshd_flags will work as sshd uses the default rc start function. hi matthew, i tried this and couldn't make it work before i emailed my question. then mel answered that the /etc/rc.d/foo scripts ignore environment. and then, looking closer at man pages, i got the impression that perhaps only /etc/rc uses the foo_flags variables when it invokes /etc/rc.d/foo scripts. Uh, yeah. My tortured mental processes had somehow concluded that /etc/rc.conf *wasn't* a config file and then I pretty much forgot to add 'in /etc/rc.conf' at the crucial point in what I wrote. I don't think your request is possible without editing at least one file under /etc Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. Flat 3 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW, UK signature.asc Description: OpenPGP digital signature
Re: passing options thru '/etc/rc.d/foo start'
On Wednesday 16 September 2009 21:18:03 Tom Worster wrote: On 9/16/09 2:37 PM, Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Wednesday 16 September 2009 20:21:40 Chris Cowart wrote: Tom Worster wrote: thanks, Mel, that's good to know. i think your suggestion of modifying rc.conf will turn out to be a tidy solution for me. You could also just put: sshd_flags=-o X11Forwarding=no into your /etc/rc.conf file. What he wants is passing arguments without touching config files, which I find myself needing sometimes as well, on machines where static partitions are mounted read-only + kern.secure_level. that's right. when i read in 11.7 of the handbook: Since the rc.d system is primarily intended to start/stop services at system startup/shutdown time, ... i thought: maybe i'm making things hard by trying to use rc.d scripts when i could just execute the daemon's binary. One downside I forgot to mention: You do open yourself up now to SSHD_FLAGS=-o AllowRoot=yes, so you may need to complicate the logic a bit more, by sanitizing SSHD_FLAGS. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: passing options thru '/etc/rc.d/foo start'
On Thu, Sep 17, 2009 at 07:14:29PM +0200, Mel Flynn typed: On Wednesday 16 September 2009 21:18:03 Tom Worster wrote: On 9/16/09 2:37 PM, Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Wednesday 16 September 2009 20:21:40 Chris Cowart wrote: Tom Worster wrote: thanks, Mel, that's good to know. i think your suggestion of modifying rc.conf will turn out to be a tidy solution for me. You could also just put: sshd_flags=-o X11Forwarding=no into your /etc/rc.conf file. What he wants is passing arguments without touching config files, which I find myself needing sometimes as well, on machines where static partitions are mounted read-only + kern.secure_level. that's right. when i read in 11.7 of the handbook: Since the rc.d system is primarily intended to start/stop services at system startup/shutdown time, ... i thought: maybe i'm making things hard by trying to use rc.d scripts when i could just execute the daemon's binary. One downside I forgot to mention: You do open yourself up now to SSHD_FLAGS=-o AllowRoot=yes, so you may need to complicate the logic a bit more, by sanitizing SSHD_FLAGS. Please explain how this can be exploited by a non-root user? Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: passing options thru '/etc/rc.d/foo start'
On Thursday 17 September 2009 19:55:33 Ruben de Groot wrote: On Thu, Sep 17, 2009 at 07:14:29PM +0200, Mel Flynn typed: On Wednesday 16 September 2009 21:18:03 Tom Worster wrote: On 9/16/09 2:37 PM, Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Wednesday 16 September 2009 20:21:40 Chris Cowart wrote: Tom Worster wrote: thanks, Mel, that's good to know. i think your suggestion of modifying rc.conf will turn out to be a tidy solution for me. You could also just put: sshd_flags=-o X11Forwarding=no into your /etc/rc.conf file. What he wants is passing arguments without touching config files, which I find myself needing sometimes as well, on machines where static partitions are mounted read-only + kern.secure_level. that's right. when i read in 11.7 of the handbook: Since the rc.d system is primarily intended to start/stop services at system startup/shutdown time, ... i thought: maybe i'm making things hard by trying to use rc.d scripts when i could just execute the daemon's binary. One downside I forgot to mention: You do open yourself up now to SSHD_FLAGS=-o AllowRoot=yes, so you may need to complicate the logic a bit more, by sanitizing SSHD_FLAGS. Please explain how this can be exploited by a non-root user? By adding this to .profile of compromised wheel account and waiting for him to run sudo -E or using an older version of sudo. Yes, it's an unlikely path. More to the point, it defeats having ro mounted /etc + secure level, since no reboot is required to modify the running sshd, so you're compromising your failsafe. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: passing options thru '/etc/rc.d/foo start'
On Wednesday 16 September 2009 18:45:29 Tom Worster wrote: is there a general shell syntax that can be used to pass arguments to a daemon that you're starting with the /etc/rc.d/foo start command? for example, how does one start sshd using /etc/rc.d/sshd and pass it '-o X11Forwarding=no' without touching a config file? You don't. Defaults are set in /etc/defaults/rc.conf, overridden in /etc/rc.conf. Unless you add the logic yourself in /etc/rc.conf, the environment is not looked at. So this means a one-time edit of /etc/rc.conf: if test -n ${SSHD_FLAGS}; then sshd_flags=${SSHD_FLAGS} else sshd_flags=${sshd_flags} fi Then start with SSHD_FLAGS=-o X11Forwarding=no /etc/rc.d/sshd start But this is specific for sshd, as it supports _flags. There's no generic way to do this. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: passing options thru '/etc/rc.d/foo start'
On 9/16/09 1:35 PM, Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Wednesday 16 September 2009 18:45:29 Tom Worster wrote: is there a general shell syntax that can be used to pass arguments to a daemon that you're starting with the /etc/rc.d/foo start command? for example, how does one start sshd using /etc/rc.d/sshd and pass it '-o X11Forwarding=no' without touching a config file? You don't. Defaults are set in /etc/defaults/rc.conf, overridden in /etc/rc.conf. Unless you add the logic yourself in /etc/rc.conf, the environment is not looked at. So this means a one-time edit of /etc/rc.conf: if test -n ${SSHD_FLAGS}; then sshd_flags=${SSHD_FLAGS} else sshd_flags=${sshd_flags} fi Then start with SSHD_FLAGS=-o X11Forwarding=no /etc/rc.d/sshd start But this is specific for sshd, as it supports _flags. There's no generic way to do this. thanks, Mel, that's good to know. i think your suggestion of modifying rc.conf will turn out to be a tidy solution for me. tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: passing options thru '/etc/rc.d/foo start'
Tom Worster wrote: thanks, Mel, that's good to know. i think your suggestion of modifying rc.conf will turn out to be a tidy solution for me. You could also just put: sshd_flags=-o X11Forwarding=no into your /etc/rc.conf file. Pretty much all of the rc.d scripts support the use of NAME_flags being defined in /etc/rc.conf, which are passed as extra commandline arguments to the daemon. You should generally check /etc/defaults/rc.conf to see what you might be clobbering. A small number of scripts may override this feature from the library, breaking this method, but it's pretty widely supported. -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley pgpdLHTVAM3EC.pgp Description: PGP signature
Re: passing options thru '/etc/rc.d/foo start'
On Wednesday 16 September 2009 20:21:40 Chris Cowart wrote: Tom Worster wrote: thanks, Mel, that's good to know. i think your suggestion of modifying rc.conf will turn out to be a tidy solution for me. You could also just put: sshd_flags=-o X11Forwarding=no into your /etc/rc.conf file. What he wants is passing arguments without touching config files, which I find myself needing sometimes as well, on machines where static partitions are mounted read-only + kern.secure_level. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: passing options thru '/etc/rc.d/foo start'
On 9/16/09 2:37 PM, Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: On Wednesday 16 September 2009 20:21:40 Chris Cowart wrote: Tom Worster wrote: thanks, Mel, that's good to know. i think your suggestion of modifying rc.conf will turn out to be a tidy solution for me. You could also just put: sshd_flags=-o X11Forwarding=no into your /etc/rc.conf file. What he wants is passing arguments without touching config files, which I find myself needing sometimes as well, on machines where static partitions are mounted read-only + kern.secure_level. that's right. when i read in 11.7 of the handbook: Since the rc.d system is primarily intended to start/stop services at system startup/shutdown time, ... i thought: maybe i'm making things hard by trying to use rc.d scripts when i could just execute the daemon's binary. an advantage i imagined of using rc.d is it starts the service with the same config as at boot so i don't have to remember any config items that might not be in the daemons config files. maybe all config _should_ be in the daemon's config files but then i _might_ have been both lazy and forgetful. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: passing options thru '/etc/rc.d/foo start'
Tom Worster wrote: is there a general shell syntax that can be used to pass arguments to a daemon that you're starting with the /etc/rc.d/foo start command? If you're starting service foo, then you should be able to define command arguments by setting foo_flags=-a -b -c. This is a convention, and particular services may use several more specific variables to build a command line or may simply ignore any flags variable completely, so you'll have to check each case individually. for example, how does one start sshd using /etc/rc.d/sshd and pass it '-o X11Forwarding=no' without touching a config file? In this case, setting sshd_flags will work as sshd uses the default rc start function. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: passing options thru '/etc/rc.d/foo start'
On 9/16/09 3:19 PM, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: Tom Worster wrote: is there a general shell syntax that can be used to pass arguments to a daemon that you're starting with the /etc/rc.d/foo start command? If you're starting service foo, then you should be able to define command arguments by setting foo_flags=-a -b -c. This is a convention, and particular services may use several more specific variables to build a command line or may simply ignore any flags variable completely, so you'll have to check each case individually. for example, how does one start sshd using /etc/rc.d/sshd and pass it '-o X11Forwarding=no' without touching a config file? In this case, setting sshd_flags will work as sshd uses the default rc start function. hi matthew, i tried this and couldn't make it work before i emailed my question. then mel answered that the /etc/rc.d/foo scripts ignore environment. and then, looking closer at man pages, i got the impression that perhaps only /etc/rc uses the foo_flags variables when it invokes /etc/rc.d/foo scripts. tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org