Re: IMMUTABLE and APPEND-ONLY rationales

From: Igmar Palsenberg (maillist@chello.nl)
Date: Sat Jun 24 2000 - 21:32:04 EST


On Sat, 24 Jun 2000, Linda Walsh wrote:

> I could see a reason to deny IMMUTABLE to a user -- root might want to
> freeze a user file as 'evidence' of something, but that is a stretch.

Immutable means NOBODY can do anything bad with it, not even root. The
last thing I want is users setting immutable flags on my system.

It's mainly used as some anti-hack thing.

> Other than that, why was setting IMMUTABLE and APPEND-ONLY made to be a
> privileged operation? I could see end users wanting to protect certain
> files with those modes.

I don't. Use permissions.

> Also, APPEND-ONLY seems a bit of a misnomer
> as a file with APPEND-ONLY can still be readable as well.

Append-only means you can only write new data to it, not remove any. Very
handy for log-files :-)

> Just wondering about the rationale for things being the way they are...?
>
> tnx,
> -linda
>
> --
> Linda A Walsh | Trust Technology, Core Linux, SGI
> law@sgi.com | Voice: (650) 933-5338

        Igmar

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 21:00:06 EST