In some email I received from Bakul Shah, they wrote:
> 
> > Checkout chflags and what these offer.  It is possible to *stop*
> > people modifying the kernel, /etc/rc*, in multiuser mode already.
> 
> > For proof of this, create a file in /tmp, set the schg flag and try
> > remove the file.  Try rebooting, and see what happens when something
> > tries to remove it whilst cleaning /tmp on reboot.
> 
>     142: touch /tmp/foo
>     143: chflags uchg /tmp/foo
>     144: rm -f /tmp/foo
>     rm: /tmp/foo: Operation not permitted
>     145: mv -f /tmp/foo /tmp/bar
>     mv: rename /tmp/foo to /tmp/bar: Operation not permitted
>     146: touch /tmp/xx
>     147: mv -f /tmp/xx /tmp/foo
>     mv: rename /tmp/xx to /tmp/foo: Operation not permitted
> 
> So far so good.  But....
> 
>     148: chflags nouchg /tmp/foo
>     149: rm /tmp/foo
>     150: ls /tmp/foo
>     ls: /tmp/foo: No such file or directory
> 
> I didn't try the super-user version so may be this hole is filled.
> [Besides, it does say this call is under development:-)]

This is what you'd expect.  It is unreasonable to expect users to be around
to boot single-user just to remove a flag they've put on their file...

But, if I try it again with schg,  I get this:
candella# touch bar
candella# ls -algo bar
-rw-------  1 root  wheel  - 0 Mar 21 09:19 bar
candella# chflags schg bar
candella# ls -algo bar
-rw-------  1 root  wheel  schg 0 Mar 21 09:19 bar
candella# chflags noschg bar
chflags: bar: Operation not permitted
candella# ls -algo bar
-rw-------  1 root  wheel  schg 0 Mar 21 09:19 bar


Darren