| |||||||||||||
Shortening the rope (around RH's neck)Shortening the rope (around RH's neck)Posted Apr 3, 2009 23:51 UTC (Fri) by nix (subscriber, #2304)In reply to: Shortening the rope (around RH's neck) by fmarier Parent article: Shortening the rope
What does safe-rm do that 'chattr +i' doesn't?
(Log in to post comments)
Shortening the rope (around RH's neck) Posted Apr 4, 2009 7:17 UTC (Sat) by Cato (subscriber, #7643) [Link]
chattr +i would stop any changes at all to a file, including normal version upgrades of executables. Something like safe-rm is a bit more focused on preventing accidental deletions. However, "chattr +i / /usr" might be a good idea as it doesn't depend on someone using safe-rm etc.
Shortening the rope (around RH's neck) Posted Apr 5, 2009 1:58 UTC (Sun) by Simetrical (guest, #53439) [Link]
chattr +i on a directory will stop any files in the directory from being modified, from a quick test, but it won't stop subdirectories from being removed recursively by rm -r. So it's only really useful on files, but you don't want to make files in /bin unmodifiable -- they need to be be changed in system upgrades. So for the same reason you don't want to make /bin unmodifiable (it seems to prevent some modifications to files it contains, certainly at least removal and likely overwriting of all kinds).
Shortening the rope (around RH's neck) Posted Apr 5, 2009 11:56 UTC (Sun) by nix (subscriber, #2304) [Link]
Ew. I didn't realise that. That seems like an rm -r bug to me.
|
|||||||||||||