Subject: Re: permissions & rc.conf
To: Jan Danielsson <>
From: Lubomir Sedlacik <>
List: netbsd-users
Date: 08/23/2005 20:43:33
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 23, 2005 at 08:37:08PM +0200, Jan Danielsson wrote:
> My university network requires a login/logout via https. To get around
> this annoyance, I have written a login script which handles everything
> automatically during boot and shutdown. I have created a
> /etc/rc.d/unilogin which handles the login/logout. In rc.conf I have:
> unilogin=3DYES
> unilogin_flags=3D"--user=3D<userid> --pass=3D<pass>"
> Notice the "--pass=3D" parameter; that's what I want to hide.

you could as well just put the unilogin_flags setting into
/etc/rc.conf.d/unilogin file with the appropriate permissions.

> In fact, if /etc/rc.conf is readable by everyone, it's like saying:
> Don't put important login information here. But what if I *need* to
> place important login information there? IMHO, there should be some
> clear way to do this. I was given a tip which suits me just fine, but
> unless it breaks anything, I see not reason why more files in /etc
> shouldn't be made non-readable by 'everyone'. It's basic security
> thinking, imho.

under normal operation users can obtain most of the information from
observing the system anyway (e.g., hostname, ps, ifconfig, netstat,
etc.).  with the security pov i find it better to have the private
information strictly separated from what is public knowledge anyway.


-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.6 (NetBSD)