On Mon 06 Jan 2025 at 12:29:01 -0500, Brad Spencer wrote: > Ya, a bit.. I just tested this on a test box with root user and a > directory in /var/tmp and was able to add and remove the schg flag and > was able to remove my testing directory. Are you at some high > securelevel (sysctl kern.securelevel)?? One of them, forgot which, I > think restricts the reset of some of the flags. The entire directory > tree up from the problem directory didn't get the schg flag set on it ...?? Yes, normally you would need to be in single user mode to remove the schg flag. This is not mentioned in chflags(1) but in secmodel_securelevel(9). But if you run X, you typically need to be in insecure mode anyway, so this point doesn't apply. -Olaf. -- ___ Olaf 'Rhialto' Seibert <rhialto/at/falu.nl> \X/ There is no AI. There is just someone else's work. --I. Rose
Attachment:
signature.asc
Description: PGP signature