>> i believe that if i say "the file should *not* be deleted" by setting
>> a flag, that should have a higher value than "i used rm -rf to really
>> delete all the files".
>
>I beleive no user should be able to prevent root from deleting his files
>with uchg. If -ff is needed, we will end up with scripts that always
>have -ff, I'm not sure this is a good practice.

root isn't prevented from deleting the user's files, but is simply
required to take an extra step to delete them.  in the case of
unattended deletion (eg tmp clean up), rm could be preceded by a call
to chflags -RP.  just about all other instance of root deleting trees
of files where a user may have set a flag like this are going to be
manual.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."