[src/trunk]: src/sbin/init Bump date for previous; new sentence, new line; us...

[wiz <wiz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/7c65fa8f301a
branches:  trunk
changeset: 553194:7c65fa8f301a
user:      wiz <wiz%NetBSD.org@localhost>
date:      Sun Oct 12 07:21:57 2003 +0000

description:
Bump date for previous; new sentence, new line; use more macros; fix a typo.

diffstat:

 sbin/init/init.8 |  67 ++++++++++++++++++++++++++++++-------------------------
 1 files changed, 37 insertions(+), 30 deletions(-)

diffs (126 lines):

diff -r 76959c5c592c -r 7c65fa8f301a sbin/init/init.8
--- a/sbin/init/init.8  Sun Oct 12 04:23:17 2003 +0000
+++ b/sbin/init/init.8  Sun Oct 12 07:21:57 2003 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: init.8,v 1.29 2003/10/12 04:14:56 tls Exp $
+.\"    $NetBSD: init.8,v 1.30 2003/10/12 07:21:57 wiz Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -32,7 +32,7 @@
 .\"
 .\"     @(#)init.8     8.6 (Berkeley) 5/26/95
 .\"
-.Dd April 29, 2000
+.Dd October 12, 2003
 .Dt INIT 8
 .Os
 .Sh NAME
@@ -119,35 +119,41 @@
 .Sq console
 entry in the
 .Xr ttys 5
-file is marked ``insecure'', then
+file is marked
+.Dq insecure ,
+then
 .Nm
 will require that the superuser password be
 entered before the system will start a single-user shell.
 The password check is skipped if the
 .Sq console
-is marked as ``secure''.
+is marked as
+.Dq secure .
 .Pp
 The kernel runs with four different levels of security.
 Any superuser process can raise the security level, but only
 .Nm
 can lower it.
 .Pp
-The security level mechanism is intended to allow the administrator to 
-protect the persistent code and data on the system, or a subset thereof, 
-from modification, even by the superuser.  In order for this protection 
-to be effective, the administrator must ensure that no program that is 
-run while the security level is 0 or lower, nor any data or configuration 
-file used by any such program, can be modified while the security level 
-is greater than 0.  This may be achieved through the careful use of the 
-"immutable" file flag to define and protect a Trusted Computing Base 
-(TCB) consisting of all such programs and data, or by ensuring that all 
-such programs and data are on filesystems that are mounted read-only 
-and running at security level 2 or higher.  
-.Sy Particular care must be taken to ensure, if relying upon 
-.Sy security level 1 and the use of file flags, that the integrity of the 
-.Sy TCB cannot be compromised through the use of modifications to the 
-.Sy disklabel or access to overlapping disk partitions, including the 
-.Sy raw partition.
+The security level mechanism is intended to allow the administrator
+to protect the persistent code and data on the system, or a subset
+thereof, from modification, even by the superuser.
+In order for this protection to be effective, the administrator
+must ensure that no program that is run while the security level
+is 0 or lower, nor any data or configuration file used by any such
+program, can be modified while the security level is greater than
+0.
+This may be achieved through the careful use of the
+.Dq immutable
+file flag to define and protect a Trusted Computing Base (TCB)
+consisting of all such programs and data, or by ensuring that all
+such programs and data are on filesystems that are mounted read-only
+and running at security level 2 or higher.
+.Em Particular care must be taken to ensure, if relying upon
+.Em security level 1 and the use of file flags, that the integrity of the
+.Em TCB cannot be compromised through the use of modifications to the
+.Em disklabel or access to overlapping disk partitions, including the
+.Em raw partition .
 .Pp
 Do not overlook the fact that shell scripts (or anything else fed to an
 interpreter, through any mechanism) and the kernel itself are "programs
@@ -190,7 +196,9 @@
 .Pp
 Downgrading from highly secure mode to insecure mode (that is, to single-user
 mode) always requires the root password to be entered on the console, whether
-the console is marked as 'secure' in
+the console is marked as
+.Dq secure
+in
 .Pa /etc/ttys
 or not.
 .El
@@ -324,7 +332,7 @@
 If, at bootstrap time, the
 .Nm
 process cannot be located, the system will panic with the message
-``panic: "init died (signal %d, exit %d)''.
+.Dq panic: init died (signal %d, exit %d) .
 .Sh FILES
 .Bl -tag -width /var/log/wtmp -compact
 .It Pa /dev/console
@@ -351,11 +359,10 @@
 .Em "then continue trying to start the process" .
 .Pp
 .It "some processes would not die; ps axl advised."
-A process
-is hung and could not be killed when the system was shutting down.
-This condition is usually caused by a process
-that is stuck in a device driver because of
-a persistent device error condition.
+A process is hung and could not be killed when the system was
+shutting down.
+This condition is usually caused by a process that is stuck in a
+device driver because of a persistent device error condition.
 .El
 .Sh SEE ALSO
 .Xr kill 1 ,
@@ -380,8 +387,8 @@
 behave as though they have security level \-1.
 .Pp
 The security level 2 restrictions relating to TCB integrity protection
-should be enforced at security level 1.  Restrictions dependent upon
-security level but not relating to TCB integrity protection should be
-selected by
+should be enforced at security level 1.
+Restrictions dependent upon security level but not relating to TCB
+integrity protection should be selected by
 .Xr sysctl 8
 settings available only at security level 0 or lower.