From owner-freebsd-isp Mon Oct 7 10:32:59 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 301FD37B401 for ; Mon, 7 Oct 2002 10:32:58 -0700 (PDT) Received: from smtp1.amigo.net (smtp1.amigo.net [209.94.64.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D84643E77 for ; Mon, 7 Oct 2002 10:32:57 -0700 (PDT) (envelope-from randys@amigo.net) Received: from stalker.amigo.net (billing.amigo.net [209.94.67.250]) by smtp1.amigo.net (8.12.3/8.12.3) with ESMTP id g97HWfgx020328; Mon, 7 Oct 2002 11:32:50 -0600 (MDT) (envelope-from randys@amigo.net) Date: Mon, 7 Oct 2002 11:31:54 -0600 (MDT) From: Randy Smith X-X-Sender: randy@stalker.amigo.net To: Jez Hancock Cc: FreeBSD ISP List Subject: Re: Apache vhost directive problem In-Reply-To: <20021007005601.GB72630@users.munk.nu> Message-ID: <20021007112908.M51200-100000@stalker.amigo.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 7 Oct 2002, Jez Hancock wrote: > Date: Mon, 7 Oct 2002 00:56:01 +0000 > From: Jez Hancock > To: FreeBSD ISP List > Subject: Re: Apache vhost directive problem > > > On Thu, Oct 03, 2002 at 09:38:13AM +0400, Konstantin M Volevatch wrote: > > > Also, you may set 'sunlnk' flag on 'web' subdir > I did play around with the 'chflags' command on a dummy user's .history > file to see if I could stop the user from deleting the file. Whilst it > worked perfectly well in that the user couldn't rm the file, when I > later went to unset the 'sunlnk' flag I was unable to (as root of > course). > > I then went on to test the problem / try to recreate it in another > directory. The output is as follows: > > [0:44:16] munk@users /home# cd /home/munk > [0:44:19] munk@users /home/munk# mkdir test > [0:44:22] munk@users /home/munk# cd test > [0:44:24] munk@users /home/munk/test# touch test > [0:44:27] munk@users /home/munk/test# chflags sunlnk test > [0:44:34] munk@users /home/munk/test# chflags nosunlnk test > chflags: test: Operation not permitted > [0:44:42] munk@users /home/munk/test# ls -alo > total 4 > drwxr-xr-x 2 root munk - 512 Oct 7 00:44 ./ > drwx-----x 14 munk munk - 1536 Oct 7 00:44 ../ > -rw-r--r-- 1 root munk sunlnk 0 Oct 7 00:44 test > [0:45:05] munk@users /home/munk/test# chflags nosunlnk test > chflags: test: Operation not permitted > [0:45:13] munk@users /home/munk/test# id > uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), > 5(operator), 20(staff), 31(guest), 1010(epl) > > What am I missing here? I'm unable to unset the 'sunlnk' flag on the > file 'test' at all for some reason. > > Thanks in advance, > > Jez > If kern.securelevel is > 1 then no one (even root) can unset an sunlnk, schg, etc. flag. You need to reduce your securelevel to remove the files. -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message