The Immutable File Attribute
der.hans
plug-discuss@lists.plug.phoenix.az.us
Thu, 12 Dec 2002 14:22:23 -0700 (MST)
Am 12. Dec, 2002 schw=E4tzte Simper, Brian D so:
> As you probably know, the chattr and lsattr commands set and view
> file attributes in Linux and other UNIX OSes. The immutable flag is
> interesting because it prevents even root from modifying the file when it
> is set. However, root can casually set or remove the flag any time so it
> does not stand as a difficult barrier.
>
> I understand that in HP-UX you have to be in single-user mode to change
> this attribute. Is there a way to make Linux act in the same manner?
> This would be a nice security restriction if critical files could not be
> modified except by root in single-user mode. Does anyone know a way to d=
o
> this?
Look at features in the 2.5.x kernel. One I've been told about allows you t=
o
set a kernel lock that requires rebooting to unlock. Another cool feature
would be one that requires a passwd, so you could change things w/o having
to reboot. That might be impractical, though.
ciao,
der.hans
--=20
# https://www.LuftHans.com/ http://www.TOLISGroup.com/
# Strangers are friends just waiting to happen!