On 2019/01/23 12:46, Marcus Pedersén wrote:
> Hi,
>
> OpenBSD 6.4
>
> I have a strange behavior on chflags.
>
> If I run:
>
> chflags schg /usr/sbin/pkg_add
>
> This works fine and the schg flag is set.
>
>
> But if I run it recusively, as in:
>
> chflags -R schg /usr/sbin/
>
> I get the following error on pkg_add and a number of other files:
>
> chflags: /usr/sbin/pkg_add: Operation is not permitted
So you have already set "schg" on /usr/sbin/pkg_add and are then trying
to do it again with the recursive run (chflags always tries changing
flags, it doesn't restrict itself to only changing flags which are not
already set).
Changing flags on a file is not permitted on an "schg"-marked file,
("An immutable file may not be changed, moved, or deleted"),
even changing to the same flags already set.
> Still the schg flag is set.
>
>
> How come I get an error when running recurively but not when I run it on the
> same single file?
>
>
> I hope this will help you and if I have posted to the wrong address I
> apologize!!
>
> Please, tell me where to post this if it is wrong!
>
>
> Best regards
>
> Marcus Pedersén
>
> ---
> När du skickar e-post till SLU så innebär detta att SLU behandlar dina
> personuppgifter. För att läsa mer om hur detta går till, klicka här
> <https://www.slu.se/om-slu/kontakta-slu/personuppgifter/>
> E-mailing SLU will result in SLU processing your personal data. For more
> information on how this is done, click here
> <https://www.slu.se/en/about-slu/contact-slu/personal-data/>
I'm not convinced that what you are trying to do is really helpful -
if you are giving root access to not-entirely-trusted people there are
other ways they can make mischief than modifying system files..
And it does get in the way of applying fixes, so in some ways
could be seen as weakening system security.
