NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Files I cannot delete/chown/chmod as root?

> wrote:
>> > I think the man page says flags can only be unset in single user mode.
>> Yes and no...
>> This unset behavior IS mentioned in secmodel_securelevel(9) [thanks Jan]
>> But not that I can see in chflags(1)
> It is now:

FWIW, I was successful in temporarily booting with kernel security level
-1 in multi-user, to remove the flags. That was important to me because my
server is somewhat remote and single-user console is cumbersome...

As to the commit, would it be possible to add a link to
secmodel_securelevel(9) in chflags(1) in addition to the note in the
current revision?

On a side note, thinking about this immutable flag mechanism, I can
certainly see the use case to harden a server. But, in a case like mine
where I naively walked into it, if I could disable the flags mechanism
with a kernel flag (?) I'd probably select this option unless my use case
requires hardening...

Home | Main Index | Thread Index | Old Index