/root/.ssh/authorized_keys file with correct permissions (0600 for the
file, 0700 for /root/.ssh dir). Since we encourage administrators to use
public keys only if they want to access root account via ssh, might
aswell make it easier, this will be particularly useful in
managed/provisioned environments (think ansible & others).
Note that administrators might get an e-mail from security(8) if the
file suddenly appears after an update - this is of course expected :)
ok tb@ sthen@ rpe@ ajacoutot@
to /usr/src or /usr/xenocara.
Change /usr/{,x}obj to owner build:wobj with mode 770 and install the
systemwide makefiles before starting a build. The root of the noperm fs
containing DESTDIR should also be owned by build:wobj.
Developers will need to add their users to group wobj to be able to write
to /usr/{,x}obj/.
"push forward" deraadt; testing, input & ok rpe
The installer will create these directories during install.
So local setups will not get overwritten during upgrades.
idea from and OK deraadt@
with help from and OK tb@
feedback from and no objections halex@
- If you start make build as root, everything will be run as root.
Nothing new here. New is, that you can set BUILDUSER=somebody and the
unprived parts will be run as somebody.
- If you start make build with sudo, the unprived parts will be run as
the real user (meaning YOU). You can still set BUILDUSER=somebody and
the uprived parts will run as somebody.
- If you start make build as a normal user it will error out. "I'm sorry
Dave."
Note that DESTDIR must be on partition with the noperm flag set for make
release to work correctly as an unprivileged user.
idea and ok deraadt
input and ok tb ratchov millert
rpe, halex and probably others where part of the conversation to make
this happen, thanks!
about pkg.conf isn't really that helpful and if a big syntax change comes along
well we have current.html.
it was disabled during p2k16 and no one complained so far
discussed with and ok deraadt@
Move the one useful bit of information contained in the file ("one
user name per line") to the ftpd(8) manual page where it belongs.
OK deraadt@ sthen@
The file format is so simple that no example is needed.
All relevant documentation is already available
from the proper place, which is the lpd(8) manual.
Consequently, delete the empty file.
OK millert@ dcoppa@ beck@ deraadt@
to hook the rc script and modify etc/rc.conf to make it disable by
default. Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.
ok deraadt
constraint to keep them in check. in the worst case of being on a
dark net, nothing changes.
this is being enabled by default to allow gathering of more operational
information from users. and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future. if not, ntpd
will become even more awesome along the way.
with reyk rpe
matthieu