From mwm@mired.org  Thu Nov 30 15:05:20 2000
Return-Path: <mwm@mired.org>
Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186])
	by hub.freebsd.org (Postfix) with SMTP id 9A43B37B400
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 30 Nov 2000 15:05:19 -0800 (PST)
Received: (qmail 40603 invoked by uid 100); 30 Nov 2000 23:05:19 -0000
Message-Id: <20001130230519.40602.qmail@guru.mired.org>
Date: 30 Nov 2000 23:05:19 -0000
From: mwm@mired.org
Reply-To: mwm@mired.org
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] New FAQ entry, describing securelevel time change problem
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         23200
>Category:       docs
>Synopsis:       [PATCH] New FAQ entry, describing securelevel time change problem
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 30 15:10:00 PST 2000
>Closed-Date:    Tue Dec 5 05:18:22 PST 2000
>Last-Modified:  Tue Dec 05 05:19:01 PST 2000
>Originator:     Mike Meyer
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Meyer Consulting
>Environment:
System: FreeBSD guru.mired.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Nov 19 06:16:20 CST 2000 mwm@guru.mired.org:/usr/obj/sharetmp/src/sys/GURU i386

>Description:

Lots of people are running into not being able to change the time by
more than a second because they are have kern.securelevel > 1. This is
a clone of my previous FAQ entry about chflags and secure level,
tweaked for time changes.

>How-To-Repeat:

Hang out in -questions and watch this one go back.

>Fix:

Apply the attached patch. Note that I also fixed a dangling pronoun in the
preceeding question while I found was cloning it.

Aside: the docs people are to be congratulated on how quickly they
respond to such pr's!

--- book.sgml	Sun Nov 26 15:08:44 2000
+++ /tmp/book.sgml	Thu Nov 30 17:04:01 2000
@@ -6533,13 +6533,40 @@
 	  <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
 
 	   <para>You cannot lower the security level; you have to boot
-	     to single mode to install the kernel, or change it in
-	     <filename>/etc/rc.conf</filename> then reboot. See the
-	     &man.init.8; man page for details on securelevel, and
+	     to single mode to install the kernel, or change the
+	     security in <filename>/etc/rc.conf</filename> then reboot. See
+	     the &man.init.8; man page for details on securelevel, and
 	     see <filename>/etc/defaults/rc.conf</filename> and the
 	     &man.rc.conf.5; man page for more information on rc.conf.</para>
         </answer>
       </qandaentry>
+
+      <qandaentry>
+        <question id="kernel-chflag-failure">
+          <para>I can't change the time on my system by more than one second!
+	        How do I get around this?</para>
+        </question>
+
+        <answer>
+          <para>Short answer: You're probably at security level
+	    greater than 1.  Reboot directly to single user mode to
+	    change the date.</para>
+
+          <para>Long answer: FreeBSD disallows changing the time by
+              more that one second at security levels greater than 1.  You
+              can check your security level with the command:</para>
+
+	  <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
+
+	   <para>You cannot lower the security level; you have to boot
+	     to single mode to change the date, or change the security
+	     level in <filename>/etc/rc.conf</filename> then reboot. See
+	     the &man.init.8; man page for details on securelevel, and
+	     see <filename>/etc/defaults/rc.conf</filename> and the
+	     &man.rc.conf.5; man page for more information on rc.conf.</para>
+        </answer>
+      </qandaentry>
+
     </qandaset>
   </chapter>
 

>Release-Note:
>Audit-Trail:

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: mwm@mired.org
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: docs/23200: [PATCH] New FAQ entry, describing securelevel time change problem 
Date: Fri, 01 Dec 2000 14:31:40 +0200

 On 30 Nov 2000 23:05:19 GMT, mwm@mired.org wrote:
 
 > +      <qandaentry>
 > +        <question id="kernel-chflag-failure">
 > +          <para>I can't change the time on my system by more than one second
 !
 > +	        How do I get around this?</para>
 
 Shouldn't the question have a different ID?
 
 Ciao,
 Sheldon.
 
State-Changed-From-To: open->closed 
State-Changed-By: jim 
State-Changed-When: Tue Dec 5 05:18:22 PST 2000 
State-Changed-Why:  
Committed with minor changes (different question ID).  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=23200 
>Unformatted:
