From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 22 21:48:08 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C61D216A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 22 Apr 2004 21:48:08 -0700 (PDT)
Received: from smtp1.adl2.internode.on.net (smtp1.adl2.internode.on.net
	[203.16.214.181])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E13EC43D39
	for <freebsd-questions@freebsd.org>;
	Thu, 22 Apr 2004 21:48:07 -0700 (PDT)
	(envelope-from malcolm.kay@internode.on.net)
Received: from beta.home (ppp139-232.lns1.adl2.internode.on.net
	[150.101.139.232])i3N4m5Zq047769;
	Fri, 23 Apr 2004 14:18:05 +0930 (CST)
From: Malcolm Kay <malcolm.kay@internode.on.net>
Organization: at home
To: Alden Louis-Pierre <alden.pierre@verizon.net>,
	freebsd-questions@freebsd.org
Date: Fri, 23 Apr 2004 14:18:04 +0930
User-Agent: KMail/1.5.4
References: <40888E41.1040700@verizon.net>
In-Reply-To: <40888E41.1040700@verizon.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200404231418.04696.malcolm.kay@internode.on.net>
Subject: Re: chflags understanding
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2004 04:48:08 -0000

On Friday 23 April 2004 13:02, Alden Louis-Pierre wrote:
>     I'm looking through the Handbook to learn how to secure my FreeBSD
> 4.9 system.  While reading 10.2(
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-intro.ht
>ml ) it makes reference to the chflags command.
> Is there a difference between "chflags -R schg /sbin *" and "chflags
> schg /sbin *"?
>

The asterisk '*' in these commands looks rather unlikely.
As it stands the first on these:
  chflags -R schg /sbin *
will set schg flags for the directory /sbin and for the whole tree down from 
there, AND, with the asterisk, all files in your current directory and the
whole tree down from there.

The second version
  chflags schg /sbin *
will set schg on the directory /sbin, AND on all files in your current
directory but it does not recurse through any trees.

Perhaps you intended to compare:
  chflags -R schg /sbin
with
  chflags schg /sbin/*
The first of these will set the schg flag on all files and directories in
the whole tree rooted at /sbin (including the directory /sbin.
The second will affect only the items listed in the /sbin directory not
including /sbin itself or any files or directories further down the tree.

Malcolm