Date: Mon, 7 Oct 2002 11:31:54 -0600 (MDT) From: Randy Smith <randys@amigo.net> To: Jez Hancock <jez.hancock@munk.nu> Cc: FreeBSD ISP List <freebsd-isp@freebsd.org> Subject: Re: Apache vhost directive problem Message-ID: <20021007112908.M51200-100000@stalker.amigo.net> In-Reply-To: <20021007005601.GB72630@users.munk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 7 Oct 2002, Jez Hancock wrote: > Date: Mon, 7 Oct 2002 00:56:01 +0000 > From: Jez Hancock <jez.hancock@munk.nu> > To: FreeBSD ISP List <freebsd-isp@freebsd.org> > Subject: Re: Apache vhost directive problem > > > On Thu, Oct 03, 2002 at 09:38:13AM +0400, Konstantin M Volevatch wrote: > > > Also, you may set 'sunlnk' flag on 'web' subdir > I did play around with the 'chflags' command on a dummy user's .history > file to see if I could stop the user from deleting the file. Whilst it > worked perfectly well in that the user couldn't rm the file, when I > later went to unset the 'sunlnk' flag I was unable to (as root of > course). > > I then went on to test the problem / try to recreate it in another > directory. The output is as follows: > > [0:44:16] munk@users /home# cd /home/munk > [0:44:19] munk@users /home/munk# mkdir test > [0:44:22] munk@users /home/munk# cd test > [0:44:24] munk@users /home/munk/test# touch test > [0:44:27] munk@users /home/munk/test# chflags sunlnk test > [0:44:34] munk@users /home/munk/test# chflags nosunlnk test > chflags: test: Operation not permitted > [0:44:42] munk@users /home/munk/test# ls -alo > total 4 > drwxr-xr-x 2 root munk - 512 Oct 7 00:44 ./ > drwx-----x 14 munk munk - 1536 Oct 7 00:44 ../ > -rw-r--r-- 1 root munk sunlnk 0 Oct 7 00:44 test > [0:45:05] munk@users /home/munk/test# chflags nosunlnk test > chflags: test: Operation not permitted > [0:45:13] munk@users /home/munk/test# id > uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), > 5(operator), 20(staff), 31(guest), 1010(epl) > > What am I missing here? I'm unable to unset the 'sunlnk' flag on the > file 'test' at all for some reason. > > Thanks in advance, > > Jez > If kern.securelevel is > 1 then no one (even root) can unset an sunlnk, schg, etc. flag. You need to reduce your securelevel to remove the files. -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021007112908.M51200-100000>