Re: rc.conf.local update_motd=NO
On 4/20/06, Eduardo Alvarenga <[EMAIL PROTECTED]> wrote: > > > The patch prevents rc from adding these two lines into the motd file. > > > What I want is to not show information about the system and *JUST* my > > > personal motd, for security purposes and to follow the company's > > > policy. > > > > What security purposes? You have local users who you dont trust to know the > > operating system? Users who cant run "uname"? > > Yes I have. And the main reason is the company's policy. Every SunOS, > AIX, HP-UX, Linux, FreeBSD (that already has update_motd build in) > server in the company have a specific banner for many purposes, not > even security, but for information, and sometimes obscurity. > > What I really want is not to answer questions like: > > (from the innocent ones) > - Hum, the last time I logged on it was another *nix ? Why OpenBSD > now? Is Sun going to sue me? > > (from the stupid-managers) > - I've heard OpenBSD is in financial troubles right now, please take > this server down and migrate it to any-supported-and-paid-UNIX-system, > I don't want to donate! > > (from the funny ones) > - I don't like sushi, I prefer aquatic-bird flesh! > > > A FAQ article could do the trick. But a patch is better. >From what I've seen before, the OpenBSD philosophy means it will not bow to stupid users like this. I mean, I can see the use of it in practical situations, but the Real World(TM) tends to infect correctness and quality. Keep your patch around, and perhaps provide it somewhere for others, but don't expect it to get put into the official system. -Nick
Re: rc.conf.local update_motd=NO
> > The patch prevents rc from adding these two lines into the motd file. > > What I want is to not show information about the system and *JUST* my > > personal motd, for security purposes and to follow the company's > > policy. > > What security purposes? You have local users who you dont trust to know the > operating system? Users who cant run "uname"? Yes I have. And the main reason is the company's policy. Every SunOS, AIX, HP-UX, Linux, FreeBSD (that already has update_motd build in) server in the company have a specific banner for many purposes, not even security, but for information, and sometimes obscurity. What I really want is not to answer questions like: (from the innocent ones) - Hum, the last time I logged on it was another *nix ? Why OpenBSD now? Is Sun going to sue me? (from the stupid-managers) - I've heard OpenBSD is in financial troubles right now, please take this server down and migrate it to any-supported-and-paid-UNIX-system, I don't want to donate! (from the funny ones) - I don't like sushi, I prefer aquatic-bird flesh! A FAQ article could do the trick. But a patch is better. Regards, -- Eduardo Alvarenga
Re: rc.conf.local update_motd=NO
On Thu, Apr 20, 2006 at 10:30:10AM +0800, Lars Hansson wrote: > On Thursday 20 April 2006 03:42, Eduardo Alvarenga wrote: > > > Just leave the first two lines of motd intact, add you local motd after > > > the two first lines, and your message will not be touched. > > > > The patch prevents rc from adding these two lines into the motd file. > > What I want is to not show information about the system and *JUST* my > > personal motd, for security purposes and to follow the company's > > policy. > > What security purposes? You have local users who you dont trust to know the > operating system? Users who cant run "uname"? Users who have no account? I don't really see the point here, as physical security is required anyway, but I can see why the patch would be useful - it's a bit of a FAQ, after all, and there are valid esthetic reasons for patching. Joachim
Re: rc.conf.local update_motd=NO
On Thursday 20 April 2006 03:42, Eduardo Alvarenga wrote: > > Just leave the first two lines of motd intact, add you local motd after > > the two first lines, and your message will not be touched. > > The patch prevents rc from adding these two lines into the motd file. > What I want is to not show information about the system and *JUST* my > personal motd, for security purposes and to follow the company's > policy. What security purposes? You have local users who you dont trust to know the operating system? Users who cant run "uname"? Lars Hansson
Re: rc.conf.local update_motd=NO
> Just leave the first two lines of motd intact, add you local motd after > the two first lines, and your message will not be touched. The patch prevents rc from adding these two lines into the motd file. What I want is to not show information about the system and *JUST* my personal motd, for security purposes and to follow the company's policy. All I am asking is that if it is possible to commit upstream, It might become very handy and IMHO has minimal impact -- and of course should be disabled or even hidden from users by default. And yes, I have read motd(5). Regards, -- Eduardo Alvarenga
Re: rc.conf.local update_motd=NO
On Wed, Apr 19, 2006 at 03:50:45PM -0300, Eduardo Alvarenga wrote: > Some companies ask sysadmins to put a specific message of the day for > many purposes, this patch might become handy in such situations. Did you read motd(5)?
rc.conf.local update_motd=NO
Hi there,
--
--- rc.orig 2006-04-19 15:43:13.869242320 -0300
+++ rc 2006-04-19 15:45:43.632474848 -0300
@@ -491,6 +491,7 @@
if [ ! -f /etc/motd ]; then
install -c -o root -g wheel -m 664 /dev/null /etc/motd
fi
+if [ X"${update_motd}" != X"NO" ]; then
T=`mktemp /tmp/_motd.XX`
if [ $? -eq 0 ]; then
sysctl -n kern.version | sed 1q > $T
@@ -499,6 +500,7 @@
cmp -s $T /etc/motd || cp $T /etc/motd
rm -f $T
fi
+fi
if [ -f /var/account/acct ]; then
echo 'turning on accounting'; accton /var/account/acct
--
Some companies ask sysadmins to put a specific message of the day for
many purposes, this patch might become handy in such situations.
It is useful, at least for me.
Regards,
--
Eduardo Alvarenga
