From owner-freebsd-questions@FreeBSD.ORG Thu Jun 19 00:19:01 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B26237B401 for ; Thu, 19 Jun 2003 00:19:01 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1127443F3F for ; Thu, 19 Jun 2003 00:18:58 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h5J7HYlw001550 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 19 Jun 2003 08:18:55 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h5J7HXFG001549; Thu, 19 Jun 2003 08:17:33 +0100 (BST) (envelope-from matthew) Date: Thu, 19 Jun 2003 08:17:33 +0100 From: Matthew Seaman To: Supote Leelasupphakorn Message-ID: <20030619071733.GA646@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Supote Leelasupphakorn , freebsd-questions@freebsd.org, jez.hancock@munk.nu References: <20030619064639.55561.qmail@web40601.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ibTvN161/egqYuK8" Content-Disposition: inline In-Reply-To: <20030619064639.55561.qmail@web40601.mail.yahoo.com> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-7.0 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: jez.hancock@munk.nu cc: freebsd-questions@freebsd.org Subject: Re: what dose the command "chflags" used for ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2003 07:19:01 -0000 --ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 19, 2003 at 07:46:39AM +0100, Supote Leelasupphakorn wrote: > >> Dear all, > >>=20 > >> Because we have the command "chmod" for change > the > >> permissions of > >> files so what does the command "chflags" used for > and > >> what suituation=20 > >> I must use it ? >=20 > >chflags is used to set system flags on files you > don't want to be > >modified accidentally - most commonly the 'noschg' > flag stops a file > >from being deleted by a normal user. >=20 > >See the man page for more details, and also the -o > option to 'ls' (which > >shows flag settings for files. >=20 > but "chmod 600 do the same thing why does > "chflags" come to play ? chflags(1) adds a number of controls impossible to achieve using the standard filesystem permissions. With chflags(1) you can make a file impossible to modify, even by the super user, who can ignore the usual file permissions. You can make a file that you can only add contents to -- not delete -- which is perfect for log files which you need to guarrantee haven't been tampered with. You can make a file whose contents can be modified, by the file itself cannot be moved or deleted, even by a user who has write permissions on the containing directory. You can label a file such that the dump(8) program will ignore it.=20 Finally, if you run at a raised kern.securelevel, you can only increase the security protections added to files by chflags(1) -- in order to remove the flags, you need to reboot into single user mode, which requires you to have access to the system console. See chflags(2), sysctl(8), security(7) and the FAQ entry at http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#SECURELE= VEL for details on securelevels. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --ibTvN161/egqYuK8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+8WONdtESqEQa7a0RAiQeAKCErkaCrmwAFerCi/pRXsegjVq8JwCgg1B3 u1hO6odpWIaxHetmdTYXpqc= =8OZ0 -----END PGP SIGNATURE----- --ibTvN161/egqYuK8--