tag:blogger.com,1999:blog-25595390.post8391651262730221316..comments2023-12-23T15:17:54.088+00:00Comments on iamleeg: Rootier than rootGraham Leehttp://www.blogger.com/profile/07305141119009757571noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-25595390.post-6842090355007439582009-05-11T01:06:00.000+01:002009-05-11T01:06:00.000+01:00Ah-ha!
It seems that this depends on kern.securel...Ah-ha!<br /><br />It seems that this depends on kern.securelevel, which is set to -1 by default on FreeBSD.<br /><br />According to the security(7) manpage on FreeBSD, you should be able to get rid of the flag when kern.securelevel is -1 or 0, but not when it's 1+ (and the actual behaviour matches this).<br /><br />I've been told that on OS X it's set to 0 by default, so I'm not sure what's going on there...djmnoreply@blogger.comtag:blogger.com,1999:blog-25595390.post-29548947292810088632009-05-03T08:52:00.000+01:002009-05-03T08:52:00.000+01:00That's not how Darwin works, and I think Darwin ha...That's not how Darwin works, and I think Darwin has it correct. Those flags should be MACs.Graham Leehttps://www.blogger.com/profile/07305141119009757571noreply@blogger.comtag:blogger.com,1999:blog-25595390.post-40142540187541190052009-05-02T20:02:00.000+01:002009-05-02T20:02:00.000+01:00Am I misunderstanding what you're saying about fla...Am I misunderstanding what you're saying about flags, or does Darwin differ from FreeBSD with this?<br /><br />[djm@sif ~]$ touch test_file<br />[djm@sif ~]$ sudo chflags schg test_file <br />[djm@sif ~]$ ls -lo test_file <br />-rw-r--r-- 1 djm djm schg 0 2 May 19:56 test_file<br />[djm@sif ~]$ rm test_file<br />override rw-r--r-- djm/djm schg for test_file? y<br />rm: test_file: Operation not permitted<br />[djm@sif ~]$ sudo rm test_file<br />override rw-r--r-- djm/djm schg for test_file? y<br />rm: test_file: Operation not permitted<br />[djm@sif ~]$ sudo chflags noschg test_file<br />[djm@sif ~]$ ls -lo test_file<br />-rw-r--r-- 1 djm djm - 0 2 May 19:56 test_file<br />[djm@sif ~]$ rm test_file <br />[djm@sif ~]$djmnoreply@blogger.com