Re: Securing FreeBSD.
- Reply: Dewayne Geraghty : "Re: Securing FreeBSD."
- In reply to: Aryeh Friedman : "Re: Securing FreeBSD."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 04 Apr 2025 19:55:56 UTC
Le 04/04/2025 à 14:40:28-0400, Aryeh Friedman a écrit > On Fri, Apr 4, 2025 at 2:36 PM Albert Shih <Albert.Shih@obspm.fr> wrote: > > > > Le 04/04/2025 à 13:23:38-0400, Paul Procacci a écrit > > > On Fri, Apr 4, 2025 at 1:14 PM Albert Shih <Albert.Shih@obspm.fr> wrote: > > > > > > > > > > > > > > So you want to be root, without having the power of root. > > > Try logging into the system with a different user and the problem is > > > solved -- tongue and cheek. > > > > No, I want to make the system in a state where root *cannot* remove some > > file. > > Isn't the very definition of root (superuser) is that they can do *ANYTHING*? Well....not always...try this : echo 'kern.securelevel=2' >> /etc/sysctl.conf chflags schg /etc/sysctl.conf sysctl kern.securelevel=2 touch /root/file chflags schg /root/file and tell me how you will remove the file /root/file without be in the front of the server (no IPMI, no drac etc.) Regards -- Albert SHIH 🦫 🐸 France Heure locale/Local time: ven. 04 avril 2025 21:20:38 CEST