From owner-freebsd-questions@FreeBSD.ORG Thu Jul 5 03:20:47 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E804A16A400 for ; Thu, 5 Jul 2007 03:20:47 +0000 (UTC) (envelope-from illoai@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.189]) by mx1.freebsd.org (Postfix) with ESMTP id 7D95913C46C for ; Thu, 5 Jul 2007 03:20:47 +0000 (UTC) (envelope-from illoai@gmail.com) Received: by mu-out-0910.google.com with SMTP id w9so2610086mue for ; Wed, 04 Jul 2007 20:20:46 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=iaoG2yN5dhodwNQT4ZfNDugDCpoT0z+x8MmbHM3b0haLiD/YpDb+Idl+VM5YMNYM8LglHr2sy38v7PVsi47LQ4b1kCBaPQGmrmg2t6zvP65pzflfHsaVx2OGXLJ3yLVPgEIa8I/J/09Qyb8XVjahJmP5WzDDcciep8+SeYv1irw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QNTFNbhPGfZFThXJEF21Zwm0H9sBwBtkMlifrsnC2usK89jr839mOoE8APeBRQ59YIf5LouCyS0jW04qOGHtb+F6qQt7YQQCAi8gX4Y5AWscrSTxZha3vNBWIXWUKvatEHb8NU3xoR4hUADy2Zaat5fwv2+A7/OpRCerZG+qjI4= Received: by 10.82.112.3 with SMTP id k3mr19247767buc.1183605642521; Wed, 04 Jul 2007 20:20:42 -0700 (PDT) Received: by 10.82.187.6 with HTTP; Wed, 4 Jul 2007 20:20:42 -0700 (PDT) Message-ID: Date: Wed, 4 Jul 2007 22:20:42 -0500 From: "illoai@gmail.com" To: "Kelly Jones" In-Reply-To: <26face530707041929r47a0bf79md6006a680776b1aa@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <26face530707041929r47a0bf79md6006a680776b1aa@mail.gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Allowing noschg in multi-user mode on Mac OS X X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2007 03:20:48 -0000 On 04/07/07, Kelly Jones wrote: > Most FreeBSD kernels let you set a flag(?) to decide whether "chflags > noschg" will work in multi-user mode. > > How do I do this w/ Mac OS X? Here's what happens when I do "chflags > noschg" in multi-user mode: > > # chflags noschg test.txt > chflags: test.txt: Operation not permitted > > The opposite, "chflags schg", works fine. I realize this is a security > feature (you can protect files in multi-user mode, but not vica > versa), but it's annoying. > > I also realize I can boot into single-user mode > (http://docs.info.apple.com/article.html?artnum=106388) where "chflags > noschg" works just fine, but I'd like to use noschg more as advisory > protection from myself, not something that requires single-user mode > to undo. (serious crossposting removed) Under FreeBSD this general behaviour is controlled by the kern.securelevel sysctl. On a running system this can be raised, but not lowered, and it would seem that Apple et al have chosen to do it correctly. Pain in the metaphorical arse, but This Isn't Windows(sm). -- --