in a security book i've just read it talks about audit / log files:
So root can do what it likes – access any file, become any user, or
whatever. ... This means that (with most flavours of Unix) the system
administrator can do anything, so we have difficulty implementing an
audit trail as a file that he cannot modify. ... The Berkeley
distributions, including FreeBSD, go some way toward fixing the
problem. Files can be set to be append-only, immutable or undeletable
for user, system or both. When set by a user at a sufficient security
level during the boot process, they cannot be overridden or removed
later, even by root.
so is the following correct?: these extra permissions (append only
etc., even if you're root) don't remain set continually like normal
permissions do? they only last for the extent of the current
system-up-time that they're set in. so for these extra permissions to
remain continually they would need setting each time the computer
starts up, otherwise the file won't have those extra
permissions/protections after a restart?
also os x is based on freebsd right, so os x provides the ability to
use these types of permissions? all versions of os x?
thanks, ben.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
