Thanks for your reply. Yes. I know, with immutable, even root cannot modify sensitive files. What I am curious is if an intruder has root access, he may have many ways to turn off the immutable protection and modify files. So immutable is designed just to prevent a valid root from making silly mistakes?
Xin On 4/17/05, Willy Tarreau <[EMAIL PROTECTED]> wrote: > On Sun, Apr 17, 2005 at 11:54:34AM -0400, Xin Zhao wrote: > > Why not simply unset the write bit for all three groups of users? > > That seems to be enough to prevent file modification. > > > > Immutable seems to only add one more protection level in case of > > misconfiguration on standard access right bits. Is that right? > > With immutable, even root cannot modify the file accidentely. It is > very useful for critical configuration files. > > Willy > > - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
