From owner-freebsd-questions Tue Jul 16 12:40:36 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA02228 for questions-outgoing; Tue, 16 Jul 1996 12:40:36 -0700 (PDT) Received: from gatekeeper.fsl.noaa.gov (gatekeeper.fsl.noaa.gov [137.75.131.181]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA02222 for ; Tue, 16 Jul 1996 12:40:34 -0700 (PDT) Received: from emu.fsl.noaa.gov (kelly@emu.fsl.noaa.gov [137.75.60.32]) by gatekeeper.fsl.noaa.gov (8.7.5/8.7.3) with ESMTP id TAA28526; Tue, 16 Jul 1996 19:39:55 GMT Message-Id: <199607161939.TAA28526@gatekeeper.fsl.noaa.gov> Received: by emu.fsl.noaa.gov (1.40.112.4/16.2) id AA117426025; Tue, 16 Jul 1996 13:40:25 -0600 Date: Tue, 16 Jul 1996 13:40:25 -0600 From: Sean Kelly To: mcnab@bayarea.net Cc: black@MR.Net, questions@FreeBSD.ORG In-Reply-To: <199607161817.LAA03277@baygate.bayarea.net> (message from David McNab on Tue, 16 Jul 1996 11:17:37 -0700) Subject: Re: can't delete rcp Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >>>>> "David" == David McNab writes: David> This "flags" thing looks like an abomination to me. David> What is the rationale behind it, and where did it come David> from? I'm not sure where it came from, but one rationale is system security. By marking certain files as immutable, append-only, etc., and by running your system at a high security level, even people who compromise root won't be able to muck with your hard-earned configuration, since the flags can't be changed. The best they could do is shutdown into single user mode---but then you keep the console behind closed doors. See sysctl(1) to find out how to change the system security level. (Of course, you can do quite a bit of damage as root anyway.) -- Sean Kelly NOAA Forecast Systems Laboratory kelly@fsl.noaa.gov Boulder Colorado USA http://www-sdd.fsl.noaa.gov/~kelly/