From owner-freebsd-questions@FreeBSD.ORG Sat Jan 15 16:57:10 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A97C91065695 for ; Sat, 15 Jan 2011 16:57:10 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 243AD8FC1A for ; Sat, 15 Jan 2011 16:57:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id p0FGv9Rd026666; Sun, 16 Jan 2011 03:57:09 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sun, 16 Jan 2011 03:57:09 +1100 (EST) From: Ian Smith To: perryh@pluto.rain.com In-Reply-To: <20110115231949.M62193@sola.nimnet.asn.au> Message-ID: <20110116023315.S62193@sola.nimnet.asn.au> References: <20110114032629.8042C1065782@hub.freebsd.org> <20110115003107.O62193@sola.nimnet.asn.au> <4d31714c./ou+xrju7k5Jpolu%perryh@pluto.rain.com> <20110115231949.M62193@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: swegill@gmail.com, freebsd@edvax.de, freebsd-questions@freebsd.org Subject: Re: httpd-modsec2_debug.log: Operation not permitted X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jan 2011 16:57:10 -0000 On Sat, 15 Jan 2011, Ian Smith wrote: > On Sat, 15 Jan 2011, perryh@pluto.rain.com wrote: [..] > > Last I knew having a file open, even for writing, was no protection > > against its last link being removed. The _inode_ won't go away > > until the last handle is closed, but the _directory entry_ can still > > be removed. > > Accepting that, why wouldn't root be permitted to rm these files? It's > been shown that they don't have immutable, append-only or other flags > set. Clearly the filesystem is writable, if full. Still bugging me .. maybe the _directory_ has some system flag/s set? sola# mkdir test sola# cd test sola# touch a b c sola# ls -lao total 14 drwxr-xr-x 2 root wheel - 512 Jan 16 02:31 . drwxr-xr-x 4 root wheel - 11264 Jan 16 02:31 .. -rw-r--r-- 1 root wheel - 0 Jan 16 02:31 a -rw-r--r-- 1 root wheel - 0 Jan 16 02:31 b -rw-r--r-- 1 root wheel - 0 Jan 16 02:31 c sola# chflags schg . sola# ls -lao total 14 drwxr-xr-x 2 root wheel schg 512 Jan 16 02:31 . drwxr-xr-x 4 root wheel - 11264 Jan 16 02:31 .. -rw-r--r-- 1 root wheel - 0 Jan 16 02:31 a -rw-r--r-- 1 root wheel - 0 Jan 16 02:31 b -rw-r--r-- 1 root wheel - 0 Jan 16 02:31 c sola# rm c rm: c: Operation not permitted sola# touch d touch: d: Operation not permitted sola# chflags noschg . sola# rm c sola# ls -lao total 14 drwxr-xr-x 2 root wheel - 512 Jan 16 02:32 . drwxr-xr-x 4 root wheel - 11264 Jan 16 02:31 .. -rw-r--r-- 1 root wheel - 0 Jan 16 02:31 a -rw-r--r-- 1 root wheel - 0 Jan 16 02:31 b So on the directory, setting schg achieves Subject behaviour/message, while sappnd permits adding (and truncating!) but not deleting files. cheers, Ian