/var/empty has schg flag turned on. Why?

CyberLeo Kitsana cyberleo at cyberleo.net
Fri Jun 4 08:22:48 UTC 2010

On 06/04/2010 02:59 AM, Fbsd1 wrote:
> Why does the base RELEASE have schg flag turned for the /var/empty
> directory?
> Is that directory really used for anything?
> Is this a release build problem?

Certain daemons will chroot(2) to that directory to perform sensitive
privilege-separation operations, or when they know they will not need to
interact with the filesystem to perform their duties. The directory must
remain empty to ensure the operation is secure.

The best way to ensure no files are accidentally or intentionally
created there is to set it schg, which forbids any changes to the
directory (such as linking a file there).

Fuzzy love,
Furry Peace! - http://www.fur.com/peace/

More information about the freebsd-questions mailing list