[EMAIL PROTECTED] wrote: > > Or you could just set the file(s) immuteable flag with 'chattr -i', and > > the file cannot be changed or deleted. > > Which is essentially useless. The file can be set to be read only, with > essentially the same result. If the attacker gets root they can unset the > immutable flag and muck around with it. The immutable attribute is > essentially pointless for files owned by root unless you want to prevent > accidental changes (manual edits, or stupid config programs/etc).
No, using the kernel capabilities (http://pw1.netcom.com/~spoon/lcap/) can give an additional layer of security. One can't simply "chattr -i" if the specific capability has been removed. Phil
