Linux has file-flags too
Posted May 6, 2004 12:45 UTC (Thu) by eru
In reply to: Linux has file-flags too
Parent article: OpenBSD 3.5: a peek at another free Unix
The point was not just having file flags (or file attributes) but their
interaction with the securelevels. From Linux "man chattr" (on RH 7.3):
A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this
file and no data can be written to the file. Only the
superuser can set or clear this attribute.
So a cracker who acquires root privileges can change it.
On OpenBSD (and FreeBSD) to "lock down" critical
files, you set the immutable flag and then raise the securelevel. After this
not even the root can change the file without a reboot. A feature I
would like to see in Linux as well.
to post comments)