Date: Wed, 18 Sep 2002 18:18:20 +0200 From: Jimmy Lantz <jimmy.lantz@lusidor.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: Monunting /etc read-only was Re: mount read only ... Message-ID: <5.1.0.14.0.20020918181508.00bc9da0@mail.lusidor.com> In-Reply-To: <441y7rxr5q.fsf@be-well.ilk.org> References: <5.1.0.14.0.20020918121808.00be1e30@mail.lusidor.com> <5.1.0.14.0.20020917103713.032c3950@mail.lusidor.nu> <5.1.0.14.0.20020917103713.032c3950@mail.lusidor.nu> <5.1.0.14.0.20020918121808.00be1e30@mail.lusidor.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:18 2002-09-18 -0400, you wrote: >Jimmy Lantz <jimmy.lantz@lusidor.com> writes: > > > ><snip> > > > > I'm looking for away to write protect > > > > some files whats the pros and cons > > > > with having the file on a seperate partition and mount that read-only > > > > or use the chflags schg and go to kernel security level 2? > > > > > >*Either* way you probably want to raise the security level. A > > >read-only mount doesn't help if it can be re-mounted writeable. If > > >the files *have* to be in the same directory with writeable files (as > > >for many systems is true of /etc), schg can be a very good solution. > > What in /etc needs to writeable? I was just thinking to mount it read-only. > >That's perfectly possible; you just have to work on it a bit, >especially if you have a large user base. Would you care to elaborate on this one? What would need work? The system in question will only have one wheel user login via SSH, ther rest is only deamons or nobody. Is there a FAQ/HOWTO/ or any online info cause google turns up nill on the topic? <snip> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020918181508.00bc9da0>