Brian Grayson suggested to me in private e-mail that the functionality to make
security relevant files immutable should be folded into mtree(8). I strongly
second this idea. mtree(8) already does similar things for permissions and
ownerships. It is highly configurable making it easy to customize the set of
files one wants to be immutable/append-only.

So here's what to do with mtree(8):

o add a `flags' keyword; values may be schg, sappnd. Extending this list
        to all flags supported by chflags(1) may be considered.

o add a `-i' option (`i'mmutable): Set the flags specified by the flags
keyword.

o add a `-m' option (`m'utable): Remove the flags specified by the flags
        keyword. This can only be done at securelevel=0.

o customize /etc/mtree/NetBSD.dist and/or /etc/mtree/special

The `-i' and `-m' options should be inverse operations so that we only need one
mtree input file.

Opinions?

-- 
Dr. Alexandre Wennmacher
Institut fuer Geophysik und Meteorologie         wennmach@geo.Uni-Koeln.DE
Universitaet zu Koeln                            phone  +49 221 470 - 3387
D-50923 Koeln                                    fax    +49 221 470 - 5198