Allowing noschg in multi-user mode on Mac OS X
illoai at gmail.com
illoai at gmail.com
Thu Jul 5 03:20:48 UTC 2007
On 04/07/07, Kelly Jones <kelly.terry.jones at gmail.com> wrote:
> Most FreeBSD kernels let you set a flag(?) to decide whether "chflags
> noschg" will work in multi-user mode.
>
> How do I do this w/ Mac OS X? Here's what happens when I do "chflags
> noschg" in multi-user mode:
>
> # chflags noschg test.txt
> chflags: test.txt: Operation not permitted
>
> The opposite, "chflags schg", works fine. I realize this is a security
> feature (you can protect files in multi-user mode, but not vica
> versa), but it's annoying.
>
> I also realize I can boot into single-user mode
> (http://docs.info.apple.com/article.html?artnum=106388) where "chflags
> noschg" works just fine, but I'd like to use noschg more as advisory
> protection from myself, not something that requires single-user mode
> to undo.
(serious crossposting removed)
Under FreeBSD this general behaviour is
controlled by the kern.securelevel sysctl.
On a running system this can be raised, but
not lowered, and it would seem that Apple et
al have chosen to do it correctly. Pain in the
metaphorical arse, but This Isn't Windows(sm).
--
--
More information about the freebsd-questions
mailing list