User: Password:
|
|
Subscribe / Log in / New account

Linux has file-flags too

Linux has file-flags too

Posted May 6, 2004 17:03 UTC (Thu) by gte223j (guest, #6492)
In reply to: Linux has file-flags too by eru
Parent article: OpenBSD 3.5: a peek at another free Unix

you said

"After this not even the root can change the file without a reboot."

all you have to do is go to run level 1 (single user console mode) to change the imuutable flags and file(s), in linux you just have to be root to run chattr.


(Log in to post comments)

Linux has file-flags too

Posted May 6, 2004 17:17 UTC (Thu) by jstrand1@rochester.rr.com (guest, #6394) [Link]

"all you have to do is go to run level 1 (single user console mode) to change the imuutable flags and file(s), in linux you just have to be root to run chattr."

This (IMO) downplays the added security. Openbsd requires physical access to use the machine in console mode-- in linux, root remote access is enough.

Linux has file-flags too

Posted May 6, 2004 19:32 UTC (Thu) by flewellyn (subscriber, #5047) [Link]

"Openbsd requires physical access to use the machine in console mode-- in linux, root remote access is enough."

This is true, except that with at least some versions of login, you can use the file /etc/securetty to specify which terminals root is allowed to log in from. And you can restrict ssh so that it does not allow root access from anywhere. This can help reduce the vectors for getting a root login. It won't help with privilege escalation bugs, but there are at least some measures in place.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds