what dose the command "chflags" used for ?

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu Jun 19 00:19:01 PDT 2003

On Thu, Jun 19, 2003 at 07:46:39AM +0100, Supote Leelasupphakorn wrote:
> >> Dear all,
> >> 
> >>    Because we have the command "chmod" for change
> the
> >> permissions of
> >> files so what does the command "chflags" used for
> and
> >> what suituation 
> >> I must use it ?
> >chflags is used to set system flags on files you
> don't want to be
> >modified accidentally - most commonly the 'noschg'
> flag stops a file
> >from being deleted by a normal user.
> >See the man page for more details, and also the -o
> option to 'ls' (which
> >shows flag settings for files.
> but "chmod 600 <those_file> do the same thing why does
> "chflags" come to play ?

chflags(1) adds a number of controls impossible to achieve using the
standard filesystem permissions.

With chflags(1) you can make a file impossible to modify, even by the
super user, who can ignore the usual file permissions.

You can make a file that you can only add contents to -- not delete --
which is perfect for log files which you need to guarrantee haven't
been tampered with.

You can make a file whose contents can be modified, by the file itself
cannot be moved or deleted, even by a user who has write permissions
on the containing directory.

You can label a file such that the dump(8) program will ignore it. 

Finally, if you run at a raised kern.securelevel, you can only
increase the security protections added to files by chflags(1) -- in
order to remove the flags, you need to reboot into single user mode,
which requires you to have access to the system console. See
chflags(2), sysctl(8), security(7) and the FAQ entry at
for details on securelevels.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030619/054fabb6/attachment.bin

More information about the freebsd-questions mailing list