Date: Thu, 19 Jun 2003 08:17:33 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Supote Leelasupphakorn <pjn0211@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: what dose the command "chflags" used for ? Message-ID: <20030619071733.GA646@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20030619064639.55561.qmail@web40601.mail.yahoo.com> References: <20030619064639.55561.qmail@web40601.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 19, 2003 at 07:46:39AM +0100, Supote Leelasupphakorn wrote: > >> Dear all, > >>=20 > >> Because we have the command "chmod" for change > the > >> permissions of > >> files so what does the command "chflags" used for > and > >> what suituation=20 > >> I must use it ? >=20 > >chflags is used to set system flags on files you > don't want to be > >modified accidentally - most commonly the 'noschg' > flag stops a file > >from being deleted by a normal user. >=20 > >See the man page for more details, and also the -o > option to 'ls' (which > >shows flag settings for files. >=20 > but "chmod 600 <those_file> do the same thing why does > "chflags" come to play ? chflags(1) adds a number of controls impossible to achieve using the standard filesystem permissions. With chflags(1) you can make a file impossible to modify, even by the super user, who can ignore the usual file permissions. You can make a file that you can only add contents to -- not delete -- which is perfect for log files which you need to guarrantee haven't been tampered with. You can make a file whose contents can be modified, by the file itself cannot be moved or deleted, even by a user who has write permissions on the containing directory. You can label a file such that the dump(8) program will ignore it.=20 Finally, if you run at a raised kern.securelevel, you can only increase the security protections added to files by chflags(1) -- in order to remove the flags, you need to reboot into single user mode, which requires you to have access to the system console. See chflags(2), sysctl(8), security(7) and the FAQ entry at http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#SECURELE= VEL for details on securelevels. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --ibTvN161/egqYuK8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+8WONdtESqEQa7a0RAiQeAKCErkaCrmwAFerCi/pRXsegjVq8JwCgg1B3 u1hO6odpWIaxHetmdTYXpqc= =8OZ0 -----END PGP SIGNATURE----- --ibTvN161/egqYuK8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030619071733.GA646>