On Thu, Aug 26, 1999 at 11:30:43AM -0500, Wenchi Liao wrote:
> Random questions about secure levels.
> 
> In init(8), the advice is to always run in level 0 for single
> user, and level 1 for multi-user.
> 
> init(8) goes on:
> 1     Secure mode - system immutable and system append-only flags may not
>       be turned off; disks for mounted filesystems, /dev/mem, and
>       /dev/kmem are read-only.
> 
> If disks for mounted filesystems are read-only, isn't it a
> bit pointless to run it in multi-user mode where people may
> need to write to the disk?

You can't write to the device (e.g. /dev/wd0a or /dev/rwd0a) if it is mounted.
But of course the device can be mounted read/write.

> 
> If I compile a kernel w/o insecure (or set the secure level
> to 0 in rc.conf), it seems I can write to the disk anyway.
> What I can't do, however, is start xdm in multi-user mode.
> (Rebooting has wiped the log, but the error message was
> something about the server being unable to access memory at
> address 0xNNNNNNNN.)
> 
> If anything, level 0 seems ideal for multi-user:
> 0     Insecure mode - immutable and append-only flags may be changed.
>       All devices may be read or written subject to their permissions.
> 
> Can somebody please explain the logic/reasoning behind

Depend on what you want to do. I have some boxes running at secure level
2 ( I admit level 1 is useless), where critical config files, binaries
and other things can't be changed when multi-user.
With the sappnd flag you can also ensure that something written to a log
file can't be changed later.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--