Subject: Re: Making setuid files immutable
To: None <>
From: Christos Zoulas <>
List: tech-security
Date: 01/19/1999 19:06:18
In article <990119181217.ZM5267@pluto.geo.Uni-Koeln.DE> wennmach@geo.Uni-Koeln.DE (Dr. Lex Wennmacher) writes:
>Brian Grayson suggested to me in private e-mail that the functionality to make
>security relevant files immutable should be folded into mtree(8). I strongly
>second this idea. mtree(8) already does similar things for permissions and
>ownerships. It is highly configurable making it easy to customize the set of
>files one wants to be immutable/append-only.
>So here's what to do with mtree(8):
>o add a `flags' keyword; values may be schg, sappnd. Extending this list
>        to all flags supported by chflags(1) may be considered.

This has been done.

>o add a `-i' option (`i'mmutable): Set the flags specified by the flags
>o add a `-m' option (`m'utable): Remove the flags specified by the flags
>        keyword. This can only be done at securelevel=0.
>o customize /etc/mtree/NetBSD.dist and/or /etc/mtree/special

This has not been done... Could be a good idea. On the other hand, you might
want to have some files that are permanently append only or immutable, so
you might have some syntax as +flagname to specify that this does not get
affected by -i and -m.