From owner-freebsd-questions  Thu Sep 12 22:30:50 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8991937B400
	for <freebsd-questions@FreeBSD.ORG>; Thu, 12 Sep 2002 22:30:48 -0700 (PDT)
Received: from sage.thought.org (sense-kline-248.oz.net [216.39.168.248])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A81C843E81
	for <freebsd-questions@FreeBSD.ORG>; Thu, 12 Sep 2002 22:30:47 -0700 (PDT)
	(envelope-from kline@tao.thought.org)
Received: from tao.thought.org (tao [216.39.168.250])
	by sage.thought.org (8.11.4/8.11.4) with ESMTP id g8D5Ul213256;
	Thu, 12 Sep 2002 22:30:47 -0700 (PDT)
	(envelope-from kline@tao.thought.org)
Received: (from kline@localhost)
	by tao.thought.org (8.11.6/8.11.3) id g8D5VNf22380;
	Thu, 12 Sep 2002 22:31:23 -0700 (PDT)
	(envelope-from kline)
Date: Thu, 12 Sep 2002 22:31:22 -0700
From: "Gary D. Kline" <kline@thought.org>
To: Dan Nelson <dnelson@allantgroup.com>
Cc: "Gary D. Kline" <kline@thought.org>,
	FreeBSD Mailing List <freebsd-questions@FreeBSD.ORG>
Subject: Re: can't rm -f /var/empty:: a new feature for 4.7?
Message-ID: <20020913053122.GA3220@tao.thought.org>
References: <200209130501.g8D51EK01185@tao.thought.org> <20020913051046.GJ42486@dan.emsphone.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020913051046.GJ42486@dan.emsphone.com>
X-Organization: Thought Unlimited. Public service Unix since 1986.
X-Of_Interest: Observing 16 years of service to the Unix community
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Fri, Sep 13, 2002 at 12:10:46AM -0500, Dan Nelson wrote:
> In the last episode (Sep 12), Gary D. Kline said:
> >   While running mergemaster with "t" to /tmp, I created a
> >   /var/tmp/empty. All are dirs, and "empty" is mode "dr-".  Not even
> >   root can chmod or rmdir.  I may be wrong, but the index node does
> >   no seem to point to itself.  Any ideas on what's going on?  How to
> >   remove?  This is more of a HUH, WHAT THE HELL? than anything.  I'm
> >   stumped.  It this a new security feature in 4.7PRE?
> 
> You probably mean /tmp/var/empty ?  I believe sshd chroots itself in
> there for some operations.  It's flagged schg so root can't even do
> anything with it.  Run "chflags noschg /tmp/var/empty" to remove the
> flag.
> 

	That was is, thanks muchly.  Right: /tmp/var/empty.  [no]schg
	complete vanished from my memory; I was checking things like
	kern_securelevel....

	(i thought there was a flag to ls to show changed flags but
	couldn't/can't see it.  ... this has been a long century :-)

	gary


-- 
   Gary Kline     kline@thought.org   www.thought.org     Public service Unix


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message