Date: Mon, 18 Dec 2000 13:29:09 -0800 (PST) From: opentrax@email.com To: dima@unixfreak.org Cc: nuno.teixeira@pt-quorum.com, freebsd-bugs@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: chflags bug? Message-ID: <200012182129.NAA14693@spammie.svbug.com> In-Reply-To: <20001218000431.5860E3E09@bazooka.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm sure this topic has been discussed to death in core, arch and stable. But this 'kernel_securelevel' has got to be amoung the screwyist ideas to date. Note: Flames to me will hit /dev/null I'm just expressing my opinion. Jessem. On 17 Dec, Dima Dorfman wrote: >> The problem is: if I set on the 'schg' flag to a file, then I cannot >> remove it with the 'noschg' option. > > That's the idea! If the system is in securelevel >= 1, the system > immutable flag can't be unset. The point is to protect vital system > components from tampering, accidental and otherwise. Since you can't > lower the securelevel (unless you want to use ddb, but that's a story > for another thread), you have two choices, > > 1) boot into single user mode, unset the flag (or install the kernel), or > 2) set kern_securelevel_enable to "NO" in rc.conf. > > In a lower securelevel, you'll be able to unset the schg flag. > > Hope this helps > > Dima Dorfman > dima@unixfreak.org > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012182129.NAA14693>