From owner-freebsd-isp Mon Oct 7 17:29:55 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7DD537B401 for ; Mon, 7 Oct 2002 17:29:53 -0700 (PDT) Received: from users.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92AAF43E6E for ; Mon, 7 Oct 2002 17:29:52 -0700 (PDT) (envelope-from munk@users.munk.nu) Received: from users.munk.nu (localhost [127.0.0.1]) by users.munk.nu (8.12.5/8.12.3) with ESMTP id g981UYvD075927 for ; Tue, 8 Oct 2002 01:30:34 GMT (envelope-from munk@users.munk.nu) Received: (from munk@localhost) by users.munk.nu (8.12.5/8.12.3/Submit) id g981UYlK075926 for freebsd-isp@freebsd.org; Tue, 8 Oct 2002 01:30:34 GMT Date: Tue, 8 Oct 2002 01:30:33 +0000 From: Jez Hancock To: FreeBSD ISP List Subject: Re: Apache vhost directive problem Message-ID: <20021008013033.GA75840@users.munk.nu> Mail-Followup-To: FreeBSD ISP List References: <20021007005601.GB72630@users.munk.nu> <20021007112908.M51200-100000@stalker.amigo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021007112908.M51200-100000@stalker.amigo.net> User-Agent: Mutt/1.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Oct 07, 2002 at 11:31:54AM -0600, Randy Smith wrote: > On Mon, 7 Oct 2002, Jez Hancock wrote: > > > Date: Mon, 7 Oct 2002 00:56:01 +0000 > > From: Jez Hancock > > To: FreeBSD ISP List > > Subject: Re: Apache vhost directive problem > > > > > On Thu, Oct 03, 2002 at 09:38:13AM +0400, Konstantin M Volevatch wrote: > > > > Also, you may set 'sunlnk' flag on 'web' subdir > > I did play around with the 'chflags' command on a dummy user's .history > > file to see if I could stop the user from deleting the file. Whilst it > > worked perfectly well in that the user couldn't rm the file, when I > > later went to unset the 'sunlnk' flag I was unable to (as root of > > course). > > > > I then went on to test the problem / try to recreate it in another > > directory. The output is as follows: > > > > [0:44:16] munk@users /home# cd /home/munk > > [0:44:19] munk@users /home/munk# mkdir test > > [0:44:22] munk@users /home/munk# cd test > > [0:44:24] munk@users /home/munk/test# touch test > > [0:44:27] munk@users /home/munk/test# chflags sunlnk test > > [0:44:34] munk@users /home/munk/test# chflags nosunlnk test > > chflags: test: Operation not permitted > > [0:44:42] munk@users /home/munk/test# ls -alo > > total 4 > > drwxr-xr-x 2 root munk - 512 Oct 7 00:44 ./ > > drwx-----x 14 munk munk - 1536 Oct 7 00:44 ../ > > -rw-r--r-- 1 root munk sunlnk 0 Oct 7 00:44 test > > [0:45:05] munk@users /home/munk/test# chflags nosunlnk test > > chflags: test: Operation not permitted > > [0:45:13] munk@users /home/munk/test# id > > uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), > > 5(operator), 20(staff), 31(guest), 1010(epl) > > > > What am I missing here? I'm unable to unset the 'sunlnk' flag on the > > file 'test' at all for some reason. > > > > Thanks in advance, > > > > Jez > > > > If kern.securelevel is > 1 then no one (even root) can unset an sunlnk, > schg, etc. flag. You need to reduce your securelevel to remove the files. *doh* - bingo that's the problem. Many thanks. Jez To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message