Date: Wed, 17 Sep 1997 18:48:58 -0400 (EDT) From: Brian Mitchell <brian@firehouse.net> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Sean Kelly <kelly@fsl.noaa.gov>, security@FreeBSD.ORG Subject: Re: schg flag... Message-ID: <Pine.BSI.3.95.970917183446.13556A-100000@shell.firehouse.net> In-Reply-To: <Pine.BSF.3.96.970917165831.2986E-100000@cyrus.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Sep 1997, Robert Watson wrote: > So my question is this --- how does the appendonly flag interact with > move, newsyslog, etc. Ideally, logged matieral could be added to, but > never deleted. However, is this handled by inode, by open file, etc? If > I set the appendonly flag on /var/log/messages, it will most likely work > in the correct securelevel. If I do a mv messages messages.0, does it > move it (only change to the directory reference, not to the file)? How no, mv doesnt work, neither does unlink: # cd /tmp # touch foo # chflags sappnd foo # mv foo bar mv: rename foo to bar: Operation not permitted # rm foo override rw-r--r-- root/bin sappnd for foo? y rm: foo: Operation not permitted > does this work with hard links? If I create a hard link to a syschg'd > file in /var/tmp, presumably it retains the same property. Can it no > longer be removed by anyone, including superuser? nor do hard links # ln foo bar ln: bar: Operation not permitted > > Newsyslog assumes the ability to rename files, create new files, etc. > Presumably newsyslog used with the append-only flag would be a bad thing. yes, it wouldnt work :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970917183446.13556A-100000>