Re: Immutable flag and packages

To: bear@coyotesong.com
Cc: debian-devel@lists.debian.org
Subject: Re: Immutable flag and packages
From: John Lines <john@paladin.demon.co.uk>
Date: Mon, 06 Apr 1998 23:18:14 +0200
Message-id: <[🔎] 199804062218.XAA17825@athena.paladin.org.uk>
In-reply-to: Your message of "Mon, 06 Apr 1998 11:15:58 MDT." <[🔎] 199804061715.LAA17388@indra.com>

> 
> As a trivial example, it would be reasonable to have /etc/fstab
> marked immutable, while /etc/mtab would be mutable.  Another example
> would be an immutable /etc/passwd and mutable /etc/shadow, to allow
> users to change their passwords but not their gecos field.
> 
> >    1. "installation" should set the immutable flag for any
> >       binary files and possiibly some configuration files.
> >       Likewise, removing or updating a package will need to 
> >       clear that flag.
> > 
> > I don't see this as a good idea, myself.  If the superuser wants to
> > modify/remove a file, why should we stand in his way?

To remove or clear the flag you need not just to be superuser, but to be
running at securelevel 0, which normally requires a reboot to single user mode.

I suspect securelevels and immutable files are too much hassle for a normal
system, though they do have a place in things like firewall systems where
many of the files should not be modifiable, even by the superuser.


	John Lines





--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Immutable flag and packages
  - From: bear@coyotesong.com

References:
- Re: Immutable flag and packages
  - From: bear@coyotesong.com

Prev by Date: Re: New APT Version
Next by Date: Re: New APT Version
Previous by thread: Re: Securelevels and [Re: Immutable flag and packages]
Next by thread: Re: Immutable flag and packages
Index(es):
- Date
- Thread