Simon Richter wrote:
> > As root you are free to remove flags with chattr regardless of who set them.
> Not without shutting down the machine.
In kernels past, that would have been true and is a -good- thing. Today we have
no securelevel to effect this.
I favor the idea Viro has about two level permissions for users and root. user
level immutable can be removed by root at any time. priviledged immutable
requires securelevel++ and by that requires reboot for removal of the flag. a
-very- good thing.
> > Permissions don't stop root from deleting a file in one step slip-ups.
>
> rm -r asks. rm -rf doesn't. Just as it should be.
rm -i is interactive. -f and -i are special. if no flag is present and
permissions allow, the item is deleted without confirmation. if permissions do
not allow but is in a permission granting directory, -f will delete elsewise
conf. is required. ..well, the rest is in the man page.
> > Permissions don't stop dhcpcd from screwing with your /etc/resolv.conf
> > (client that doesn't support the option for NOT messing with it) or similar
> > situations.
>
> I don't think file flags are the proper way to deal with broken software.
Programmers deal with software. The admin waits on the programmer and the user
waits on the admin. It can be a long time happening while in the meantime a
modicum of security can be had with the flags.
-d
-- "The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' - the pig was 'committed'."
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 21:00:07 EST