- a bit more of descriptive text
- an example of the new way swap devices are defined
- an example of the '-G' flag for GEMDOS-flavored msdos filesystems.
switch and a set of flags. Get rid of DEFAULT flags entirely. Print
warnings if on/off switches are not set, or are set incorrectly.
Add a shell function to simplify this on/off switch testing.
* remove superfluous umasks
* replace `eval ...` with $((...)) or ${i#...}
* use $0 instead of MAKEDEV
* warn on unknown devices
* add enss* to ss*
* ensure tapes are root.operator 660
* st* perms are 660 not 640
* ttyv* isn't a special case on the sparc (it's an i386-ism)
* add enss* to ss*
* use $0.local instead of MAKEDEV.local, and reset the umask afterwards
* remove devices before mknod-ing them
* use ${i#...} and $((...)) instead of `eval ...`
* tz* has perms 660 root.operator (instead of 666 root.wheel)
* consolidate a few devices into one case, with internal switching
for the slight difference (usually unit name and major number)
* reset the umask after MAKEDEV.local
* don't treat ttyv* specially - it's an i386-ism
* add enss* to ss*
* md* is root.operator 640 not root.wheel 600
* use ${i#...} instead of `expr ...`
* use 'sh $0.local' not 'sh MAKEDEV.local'
* warn on invalid devices
* st* has perms 660 not 640
* use $0 not MAKEDEV
* add enss* to ss*
* remove superfluous use of umask
* ensure umask is reset after running MAKEDEV.local
- clean up comments and generated output.
- clean up $SECUREDIR if SIGINT or SIGQUIT received.
- .rhosts may have to be world readable in NFS environments, so allow it to be.
- update list of disks to check for reasonable permissions
- don't show differences in /etc/master.passwd, as the encrypted strings may
be sent. From reading comments earlier in the script, this was the intention
anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994].
- when checking /etc/ftpusers, skip comment lines and only match full
usernames.
XXX: this should be enhanced to check lines of the enhanced ftpusers format.
mycroft