> On Thu, 09 Jul 2015 18:18:37 -0700, Edgar Pettijohn > <[email protected]> wrote: > > > # chflags schg /etc/resolv.conf > > > > Just keep in mind you have to go to single user mode to undo the above. > > That's an interesting workaround I hadn't considered. The problem is that > this setting must be deployed via an Ansible playbook, so single user mode > is out.
The 4.4BSD chflags model of "security" on inodes is unmaintained, and the utilitization of this is not realized OpenBSD. To be honest, I doubt any of us see much benefit in it, relative to other features of the system. When you are holed, a few file changes + a reboot can undo it, voila, noone would ever notice. I don't think it is more than a gimmick. If you use it, you really are on your own. To my knowledge, noone in the development group has seriously trialed/used it in years.
