From owner-freebsd-stable Sun Dec 17 16: 4:35 2000 From owner-freebsd-stable@FreeBSD.ORG Sun Dec 17 16:04:32 2000 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id 23C3237B400; Sun, 17 Dec 2000 16:04:32 -0800 (PST) Received: by bazooka.unixfreak.org (Postfix, from userid 1000) id 5860E3E09; Sun, 17 Dec 2000 16:04:31 -0800 (PST) Received: from unixfreak.org (localhost [127.0.0.1]) by bazooka.unixfreak.org (Postfix) with ESMTP id 573443C109; Sun, 17 Dec 2000 16:04:31 -0800 (PST) To: Nuno Teixeira Cc: freebsd-bugs@freebsd.org, stable@freebsd.org Subject: Re: chflags bug? In-Reply-To: Message from Nuno Teixeira of "Sun, 17 Dec 2000 23:45:42 GMT." Date: Sun, 17 Dec 2000 16:04:26 -0800 From: Dima Dorfman Message-Id: <20001218000431.5860E3E09@bazooka.unixfreak.org> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > The problem is: if I set on the 'schg' flag to a file, then I cannot > remove it with the 'noschg' option. That's the idea! If the system is in securelevel >= 1, the system immutable flag can't be unset. The point is to protect vital system components from tampering, accidental and otherwise. Since you can't lower the securelevel (unless you want to use ddb, but that's a story for another thread), you have two choices, 1) boot into single user mode, unset the flag (or install the kernel), or 2) set kern_securelevel_enable to "NO" in rc.conf. In a lower securelevel, you'll be able to unset the schg flag. Hope this helps Dima Dorfman dima@unixfreak.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message