>> maybe we could make it remove the flags iff you are root and *two* -f
>> are given (and no -i)?  ie, make it *very* hard to shoot yourself in
>> the foot, but still provide a gun, powder, bullets...
>
>Well, I think I prefer to manually remove the immutable flag. You really
>have to think about it. typing two -f seems too easy.

i was just trying provide a compromise between someone wanting the
code and me not wanting it.  :)

>What about this?
>
>if user is non root
>  if no flag is set: remove file
>  if uchg is set: fail
>  if schg is set: fail
>if user is root
>  if no flag is set: remove file
>  if uchg flag is set
>    if -f is not used: fail
>    if -f is used
>      if the file is owned by root: fail
>      if the file is owned by anybody else: remove uchg and remove file
>  if schg flag is set: fail

that's all fine, and is the way things work now, with the exception of
the line "...owned by anybody else..." which i suggested should be
conditional on the presence of two -f options on the command line.
and no -i options.

i believe that if i say "the file should *not* be deleted" by setting
a flag, that should have a higher value than "i used rm -rf to really
delete all the files".

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."