In <pine.lnx.4.64.0904030026100.14...@bretnewworkstation.busby.net>, Bret Busby wrote: >had set the permissions on the . file of his account, to 000, and, as >such, had made the . file on his account, completely inaccessible to >everyone, including the superuser, and, as the . file is the root of the >account, he had effectively made his account, totally inaccessible to >everyone, including the superuser.
Outside of enhanced access controls like SELinux and AppArmor, processes with the euid of 0 ignore permission bits. Even if you chmod 000 a file on purpose, a superuser can chmod it to whatever they like, read the entire contents (and commit them to memory), replace the contents with half-truths about your love-life--basically whatever they want. >>From memory, it was on a SCO UNIX System V system, running on a LabTam While I haven't logged in to a SCO UNIX system, ever, I highly doubt that they would prevent the superuser from changing permissions on a file, even if it was chmod 000. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
