Re: Immutable flag and packages
>
> As a trivial example, it would be reasonable to have /etc/fstab
> marked immutable, while /etc/mtab would be mutable. Another example
> would be an immutable /etc/passwd and mutable /etc/shadow, to allow
> users to change their passwords but not their gecos field.
>
> > 1. "installation" should set the immutable flag for any
> > binary files and possiibly some configuration files.
> > Likewise, removing or updating a package will need to
> > clear that flag.
> >
> > I don't see this as a good idea, myself. If the superuser wants to
> > modify/remove a file, why should we stand in his way?
To remove or clear the flag you need not just to be superuser, but to be
running at securelevel 0, which normally requires a reboot to single user mode.
I suspect securelevels and immutable files are too much hassle for a normal
system, though they do have a place in things like firewall systems where
many of the files should not be modifiable, even by the superuser.
John Lines
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: