Re: can touch(1) readonly files

[Russell Coker]

On Tue, 13 May 2003 21:53, Bernd Eckenfels wrote:
> On Tue, May 13, 2003 at 04:59:24PM +0800, Dan Jacobson wrote:
> > But how can I protect _myself_ from _myself_?
>
> Protection from yourself, especially if you are root are extended Unix
> features (like for example immutable and append only files, RBAC or
> SELinux).
>
> And it is still not a core-utils bug but a property of the Linux kernel.

Bernd is correct.  It's a kernel issue.

SE Linux allows you to determine who has setattr permission for each file, 
writing to a file or appending to it will still change the time stamps in the 
usual fashion, but write and append access can be controlled independantly of 
read access too.

SE Linux allows control over what your processes do.  Running a particular 
program can automatically transition to a different domain with different 
levels of access to various resources.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page