netfilter firewalling problems and solutions

Archaic archaic at indy.rr.com
Sun Feb 22 18:51:04 PST 2004


On Sun, Feb 22, 2004 at 07:50:35PM -0500, Robert Connolly wrote:
> 
> I dont want coreutils su to overwrite shadow su, in the event coreutils gets 
> reinstalled. But not just coreutils, anything. It should give a permission 
> denied, or like 'cp -i', if make install tries to copy to a file that already 
> exists. This isn't on my todo list yet. It might be a while before I try to 
> put this into practice.

Okay. So you want to use chattr +i to do this? If so, that would work
even if root installed a package, because root can't even overcome
immutability without explicitly running chattr -i on a file. So now, I
see no reason for an lfs user. Are there any other reasons for this
user? BTW, I've said before, but just to be clear to anyone who might
come across this thread mid-way, chattr is only for ext2/3, so it's use
requires limiting possibilities. Something one needs to watch out for
lest they get bitten by it.


-- 
Archaic

To announce that there must be no criticism of the President or that we
are to stand by the President, right or wrong, is not only unpatriotic
and servile but it is morally treasonable to the American public.

- Theodore Roosevelt, May 7, 1918




More information about the hlfs-dev mailing list