Date: Wed, 4 Jul 2007 22:20:42 -0500 From: "illoai@gmail.com" <illoai@gmail.com> To: "Kelly Jones" <kelly.terry.jones@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Allowing noschg in multi-user mode on Mac OS X Message-ID: <d7195cff0707042020y4c6f541n1f4c73172730619a@mail.gmail.com> In-Reply-To: <26face530707041929r47a0bf79md6006a680776b1aa@mail.gmail.com> References: <26face530707041929r47a0bf79md6006a680776b1aa@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/07/07, Kelly Jones <kelly.terry.jones@gmail.com> wrote: > Most FreeBSD kernels let you set a flag(?) to decide whether "chflags > noschg" will work in multi-user mode. > > How do I do this w/ Mac OS X? Here's what happens when I do "chflags > noschg" in multi-user mode: > > # chflags noschg test.txt > chflags: test.txt: Operation not permitted > > The opposite, "chflags schg", works fine. I realize this is a security > feature (you can protect files in multi-user mode, but not vica > versa), but it's annoying. > > I also realize I can boot into single-user mode > (http://docs.info.apple.com/article.html?artnum=106388) where "chflags > noschg" works just fine, but I'd like to use noschg more as advisory > protection from myself, not something that requires single-user mode > to undo. (serious crossposting removed) Under FreeBSD this general behaviour is controlled by the kern.securelevel sysctl. On a running system this can be raised, but not lowered, and it would seem that Apple et al have chosen to do it correctly. Pain in the metaphorical arse, but This Isn't Windows(sm). -- --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d7195cff0707042020y4c6f541n1f4c73172730619a>