……………………………………………………………………………… #chown bind:wheel file2 # ……………………………………………………………………………… Note Only
uappnd The user append-only flag can only be set by the file owner or root. Like the system append-only flag, sappnd, a file with this flag set can be added to but not otherwise edited or removed. This is most useful for logs from personal programs and the like, and is primarily a means to keep users from shooting themselves in the foot. The owner or root can remove this flag at any time. uchg The user immutable flag can only be set by the owner or root. Like the schg flag described earlier, the user immutable flag prevents a user from changing the file. Again, root can override this, and it can be disabled by the user at any securelevel. This flag helps to prevent mistakes, but not to secure the system. uunlnk The user undeletable flag can only be set by the owner or root. A file with this flag set cannot be deleted by the owner, though root can override that, and this flag can be turned off. This flag is mostly useless, but like the other user flags can be helpful in preventing mistakes. Viewing a File’s Flags You can see a file’s flags with ls -lo: ……………………………………………………………………………… # ls -lo important -rw-r–r– 1 mwlucas mwlucas uchg 0 May 11 19:51 important ……………………………………………………………………………… The uchg in the preceding listing tells us that the user immutable flag is set. In comparison, if a file has no flags set, it looks like this: ……………………………………………………………………………… # ls -lo unimportant -rw-r–r– 1 mwlucas mwlucas - 0 May 11 19:52 unimportant # ……………………………………………………………………………… The dash in place of the flag name tells us that no filesystem flag has been set. An out-of-the-box FreeBSD doesn’t have many files marked in this way. You can certainly mark anything you want in any way desired, however. On one system that I fully expected to be hacked, I went berserk with chflags -R schg in various system directories to prevent anyone from replacing system binaries with Trojaned versions. It might not stop an attacker from getting in, but it made me feel better to imagine how frustrated an attacker would be once he got a command prompt. Setting Flags You can set flags with the chflags(1) command. For example, to be sure that your kernel isn’t replaced, you could do this: ……………………………………………………………………………… # chflags schg /kernel ……………………………………………………………………………… This would keep anyone from replacing your kernel: both an intruder and you. 149
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services