From owner-freebsd-questions Wed Sep 18 9:16:29 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51DDC37B401 for ; Wed, 18 Sep 2002 09:16:28 -0700 (PDT) Received: from bouba.alxhost.com (bouba.alxhost.com [66.96.220.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id D441643E65 for ; Wed, 18 Sep 2002 09:16:27 -0700 (PDT) (envelope-from jimmy.lantz@lusidor.com) Received: from [212.162.175.101] (helo=lusidor2002.lusidor.com) by bouba.alxhost.com with esmtp (Exim 3.36 #1) id 17rhUu-00036B-00 for freebsd-questions@FreeBSD.ORG; Wed, 18 Sep 2002 12:16:16 -0400 Message-Id: <5.1.0.14.0.20020918181508.00bc9da0@mail.lusidor.com> X-Sender: lusidor@mail.lusidor.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 18 Sep 2002 18:18:20 +0200 To: freebsd-questions@FreeBSD.ORG From: Jimmy Lantz Subject: Re: Monunting /etc read-only was Re: mount read only ... In-Reply-To: <441y7rxr5q.fsf@be-well.ilk.org> References: <5.1.0.14.0.20020918121808.00be1e30@mail.lusidor.com> <5.1.0.14.0.20020917103713.032c3950@mail.lusidor.nu> <5.1.0.14.0.20020917103713.032c3950@mail.lusidor.nu> <5.1.0.14.0.20020918121808.00be1e30@mail.lusidor.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - bouba.alxhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0] X-AntiAbuse: Sender Address Domain - lusidor.com Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 11:18 2002-09-18 -0400, you wrote: >Jimmy Lantz writes: > > > > > > > > I'm looking for away to write protect > > > > some files whats the pros and cons > > > > with having the file on a seperate partition and mount that read-only > > > > or use the chflags schg and go to kernel security level 2? > > > > > >*Either* way you probably want to raise the security level. A > > >read-only mount doesn't help if it can be re-mounted writeable. If > > >the files *have* to be in the same directory with writeable files (as > > >for many systems is true of /etc), schg can be a very good solution. > > What in /etc needs to writeable? I was just thinking to mount it read-only. > >That's perfectly possible; you just have to work on it a bit, >especially if you have a large user base. Would you care to elaborate on this one? What would need work? The system in question will only have one wheel user login via SSH, ther rest is only deamons or nobody. Is there a FAQ/HOWTO/ or any online info cause google turns up nill on the topic? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message