From owner-freebsd-questions Wed Sep 18 3:19:26 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2567937B401 for ; Wed, 18 Sep 2002 03:19:25 -0700 (PDT) Received: from bouba.alxhost.com (bouba.alxhost.com [66.96.220.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id A72A543E6A for ; Wed, 18 Sep 2002 03:19:24 -0700 (PDT) (envelope-from jimmy.lantz@lusidor.com) Received: from [212.162.175.101] (helo=lusidor2002.lusidor.com) by bouba.alxhost.com with esmtp (Exim 3.36 #1) id 17rbvP-0005qm-00 for freebsd-questions@FreeBSD.ORG; Wed, 18 Sep 2002 06:19:16 -0400 Message-Id: <5.1.0.14.0.20020918121808.00be1e30@mail.lusidor.com> X-Sender: lusidor@mail.lusidor.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 18 Sep 2002 12:21:27 +0200 To: freebsd-questions@FreeBSD.ORG From: Jimmy Lantz Subject: Monunting /etc read-only was Re: mount read only ... In-Reply-To: <44ptvcu3dt.fsf@be-well.ilk.org> References: <5.1.0.14.0.20020917103713.032c3950@mail.lusidor.nu> <5.1.0.14.0.20020917103713.032c3950@mail.lusidor.nu> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - bouba.alxhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0] X-AntiAbuse: Sender Address Domain - lusidor.com Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > I'm looking for away to write protect > > some files whats the pros and cons > > with having the file on a seperate partition and mount that read-only > > or use the chflags schg and go to kernel security level 2? > >*Either* way you probably want to raise the security level. A >read-only mount doesn't help if it can be re-mounted writeable. If >the files *have* to be in the same directory with writeable files (as >for many systems is true of /etc), schg can be a very good solution. What in /etc needs to writeable? I was just thinking to mount it read-only. / Jimmy >If the files aren't part of the standard system at all, then as >someone else suggested, write-only media are an easy answer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message