From owner-freebsd-hackers Sun Feb 18 02:51:52 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id CAA08174 for hackers-outgoing; Sun, 18 Feb 1996 02:51:52 -0800 (PST) Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id CAA08168 for ; Sun, 18 Feb 1996 02:51:50 -0800 (PST) Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id LAA16382 for ; Sun, 18 Feb 1996 11:51:46 +0100 Received: by sax.sax.de (8.6.11/8.6.12-s1) with UUCP id LAA03563 for freebsd-hackers@freebsd.org; Sun, 18 Feb 1996 11:51:45 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.7.3/8.6.9) id LAA06523 for freebsd-hackers@freebsd.org; Sun, 18 Feb 1996 11:29:23 +0100 (MET) From: J Wunsch Message-Id: <199602181029.LAA06523@uriah.heep.sax.de> Subject: Re: Is "immutable" supposed to be a good idea? To: freebsd-hackers@freebsd.org (FreeBSD hackers) Date: Sun, 18 Feb 1996 11:29:23 +0100 (MET) Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: <199602180608.RAA29273@godzilla.zeta.org.au> from "Bruce Evans" at Feb 18, 96 05:08:54 pm X-Phone: +49-351-2012 669 X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org Precedence: bulk As Bruce Evans wrote: > The immututable flags are always honoured. In secure mode, you can't > turn then off. In highly secure mode, you can write to the disk > directly to turn them off. You should not. INIT(8) FreeBSD System Manager's Manual INIT(8) NAME init - process control initialization 2 Highly secure mode - same as secure mode, plus disks are always read-only whether mounted or not. This level precludes tampering with filesystems by unmounting them, but also inhibits running newfs(8) while the system is multi-user. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)