site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On Oct 18, 2006, at 12:26 AM, Jeffrey Ellis wrote: arch opaque nodump These three have no significant meaning. sappnd uappnd schg uchg These are the immutable flags. They make a file, well, immutable. sunlink uunlink And these are the undeletable flags. They make a file undeletable. = Mike _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... Can someone explain what the actual effect of setting each flag is, namely: These are the append-only flags. They effectively make it impossible to change data within a file. Each of these three pairs comes in two variants; the 'u' version which permits the flag to be set and reset by the owner, or root, at runtime, and the 's' version which can be set at runtime, but cannot be cleared except in single-user mode. Also, after some are set, I've now found that even sudo'ing "no" commands in chflags will not undo the original flag. -rw-r--r-- 1 jeffrey admin sappnd,arch,opaque 16 17 Oct 22:54 testfile :~/desktop root# chflags nosappnd testfile chflags: testfile: Operation not permitted Is there some other way to un-set these flags? Not short of booting the machine to single-user mode. The s* flags are designed to protect data against someone that has privileged access to the system; allowing that user to turn them off would render them useless. This email sent to site_archiver@lists.apple.com