Date: Tue, 16 Jul 1996 13:40:25 -0600 From: Sean Kelly <kelly@fsl.noaa.gov> To: mcnab@bayarea.net Cc: black@MR.Net, questions@FreeBSD.ORG Subject: Re: can't delete rcp Message-ID: <199607161939.TAA28526@gatekeeper.fsl.noaa.gov> In-Reply-To: <199607161817.LAA03277@baygate.bayarea.net> (message from David McNab on Tue, 16 Jul 1996 11:17:37 -0700)
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "David" == David McNab <mcnab@bayarea.net> writes:
David> This "flags" thing looks like an abomination to me.
David> What is the rationale behind it, and where did it come
David> from?
I'm not sure where it came from, but one rationale is system security.
By marking certain files as immutable, append-only, etc., and by
running your system at a high security level, even people who
compromise root won't be able to muck with your hard-earned
configuration, since the flags can't be changed. The best they could
do is shutdown into single user mode---but then you keep the console
behind closed doors.
See sysctl(1) to find out how to change the system security level.
(Of course, you can do quite a bit of damage as root anyway.)
--
Sean Kelly
NOAA Forecast Systems Laboratory kelly@fsl.noaa.gov
Boulder Colorado USA http://www-sdd.fsl.noaa.gov/~kelly/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607161939.TAA28526>