Re: Files I cannot delete/chown/chmod as root?

To: netbsd-users%netbsd.org@localhost
Subject: Re: Files I cannot delete/chown/chmod as root?
From: yancm%sdf.org@localhost
Date: Fri, 19 May 2023 14:34:52 -0000

> yancm%sdf.org@localhost wrote:
>> > I think the man page says flags can only be unset in single user mode.
>>
>> Yes and no...
>> This unset behavior IS mentioned in secmodel_securelevel(9) [thanks Jan]
>> But not that I can see in chflags(1)
>
> It is now:
> https://mail-index.netbsd.org/source-changes/2023/05/18/msg144818.html

FWIW, I was successful in temporarily booting with kernel security level
-1 in multi-user, to remove the flags. That was important to me because my
server is somewhat remote and single-user console is cumbersome...

As to the commit, would it be possible to add a link to
secmodel_securelevel(9) in chflags(1) in addition to the note in the
current revision?

On a side note, thinking about this immutable flag mechanism, I can
certainly see the use case to harden a server. But, in a case like mine
where I naively walked into it, if I could disable the flags mechanism
with a kernel flag (?) I'd probably select this option unless my use case
requires hardening...

References:
- Files I cannot delete/chown/chmod as root?
  - From: yancm
- Re: Files I cannot delete/chown/chmod as root?
  - From: yancm
- Re: Files I cannot delete/chown/chmod as root?
  - From: yancm
- Re: Files I cannot delete/chown/chmod as root?
  - From: Brook Milligan
- Re: Files I cannot delete/chown/chmod as root?
  - From: yancm
- Re: Files I cannot delete/chown/chmod as root?
  - From: Jan Schaumann

Prev by Date: Re: Problem seeing a cursor
Next by Date: bluetooth audio speakers
Previous by Thread: Re: Files I cannot delete/chown/chmod as root?
Next by Thread: Problem seeing a cursor
Indexes:

Home | Main Index | Thread Index | Old Index