>> of course...they could always move the entire directory...
>
>And that's enouth, unless the parent directory is immutable too ...
>Anyway, I think it's good practice to make directory immutable too when
>possible.

i've thought about this too.  and then decided it was a little
impractical for remote administration (which is what i do most of the
time).  yeah...i'll do upgrades from one version to the next over
tcp/ip, but not fiddle with immutable files.  go figure.  :)

it'd imply (given the following list)

>all of /bin
>all of /usr/bin
>all of /sbin
>all of /usr/sbin
>all of /usr/lib
>everything called from inetd
>everything called from the rc files
>all rc files and inetd.conf
>/usr/X11R6/bin
>/usr/X11R6/lib

not these directories (since their contents would all be immutable),
but instead:

/		(because of /etc, /bin, /var, and /usr)
/usr		(because of /usr/bin, /usr/sbin, and /usr/lib at least)
/usr/X11R6	(etc.)

and probably also

/usr/local	(etc.)
/usr/pkg	(etc.)

which would basically reduce netbsd to windows nt where you have to
reboot (well, almost) to upgrade cat.  yes, it's an extreme example,
but for upgrading *anything*, that's what it would do.  and that's one
of the reasons i *REALLY* hate windows nt.  if you upgrade cat, you
have to (heck...there you almost have to reboot if you move the
mouse).

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."