On Sun, 18 Apr 1999, Josh Hope wrote:

> >You didn't by some strange quirk of fate manage to set the immutable
> >flag on the directory, did you?  Check using `ls -o'
> 
> Eh? What does this mean? The ls -o output is identical to the output 
> without the o. A ls -lo shows an extra column in the listing though, and 
> each item in the dir has a '-' for this extra column...

How about ls -lo /home ?

The immutable flag is one of a set of flags which can be set for a file.
It makes a file read-only. If the super-user variant is set, even the
super user can't change a file. There are also append-only flags.

These flags apply when the system is running multi-user (securelevel > 0),
and can't be changed at that time. So a production machine can set
the append-only flag on its logs, and the immutable flag on certain
binaries. Then even if an attacker gets root access, they can't change the
logs or programs. Of course to change these files requires dropping to
single-user. :-)

Take care,

Bill