The Immutable File Attribute

der.hans plug-discuss@lists.plug.phoenix.az.us
Thu, 12 Dec 2002 14:22:23 -0700 (MST)


Am 12. Dec, 2002 schw=E4tzte Simper, Brian D so:

> As you probably know, the chattr and lsattr commands set and view
> file attributes in Linux and other UNIX OSes.  The immutable flag is
> interesting because it prevents even root from modifying the file when it
> is set.  However, root can casually set or remove the flag any time so it
> does not stand as a difficult barrier.
>
> I understand that in HP-UX you have to be in single-user mode to change
> this attribute.  Is there a way to make Linux act in the same manner?
> This would be a nice security restriction if critical files could not be
> modified except by root in single-user mode.  Does anyone know a way to d=
o
> this?

Look at features in the 2.5.x kernel. One I've been told about allows you t=
o
set a kernel lock that requires rebooting to unlock. Another cool feature
would be one that requires a passwd, so you could change things w/o having
to reboot. That might be impractical, though.

ciao,

der.hans
--=20
#  https://www.LuftHans.com/    http://www.TOLISGroup.com/
#  Strangers are friends just waiting to happen!