Thanks for your reply.
Yes. I know, with immutable, even root cannot modify sensitive files. What I am curious is if an intruder has root access, he may have many ways to turn off the immutable protection and modify files. So immutable is designed just to prevent a valid root from making silly mistakes?
Xin
But without the proper capability, root _can't_ change the immutable bit. Of course, that also applies to DAC checks too. Personally, I find the immutable bit most useful at preventing accidents. I have several scripts designed specifically to access the same file, and I want to prevent one of my admins from accidentally editing that file by hand. The best way is with a big comment in the file itself and the immutable bit.
Cheers, Kyle Moffett
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a18 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r !y?(-)
------END GEEK CODE BLOCK------
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
