read only system file permission to root in multi-user mode - Redhat

This is a discussion on read only system file permission to root in multi-user mode - Redhat ; Hi, I want to setup secure file systems in linux so that kernel files or other important system files are read and excutable only, even root cannot remote these files unless the system goes to single-user mode. Are there any ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: read only system file permission to root in multi-user mode

  1. read only system file permission to root in multi-user mode

    Hi,

    I want to setup secure file systems in linux so that kernel files or
    other important system files are read and excutable only, even root
    cannot remote these files unless the system goes to single-user mode.

    Are there any utilities and commands available for that purpose?
    the chflags command in BSD doing exactly the tasks as I described above.

    Thanks
    sam

  2. Re: read only system file permission to root in multi-user mode

    On Sun, 23 May 2004 10:37:03 +0800,
    sam posted:

    > I want to setup secure file systems in linux so that kernel files or
    > other important system files are read and excutable only, even root
    > cannot remote these files unless the system goes to single-user mode.


    You might want to look into an older idea about protecting systems from
    accidents: Using partitions instead of folders for some parts of the
    system, and mounting those partitions as read-only.

    --
    If you insist on e-mailing me, use the reply-to address (it's real but
    temporary). But please reply to the group, like you're supposed to.

    This message was sent without a virus, please delete some files yourself.

  3. Re: read only system file permission to root in multi-user mode

    In article <4mbjo4o53e7z.1wnmddycy9y64.dlg@40tude.net>, Tim wrote:
    > On Sun, 23 May 2004 10:37:03 +0800,
    > sam posted:
    >
    >> I want to setup secure file systems in linux so that kernel files or
    >> other important system files are read and excutable only, even root
    >> cannot remote these files unless the system goes to single-user mode.

    >
    > You might want to look into an older idea about protecting systems from
    > accidents: Using partitions instead of folders for some parts of the
    > system, and mounting those partitions as read-only.


    Another possibility _might_ be the kernel capabilities
    feature. Linux Journal did an article a year or two ago
    about a 32-bit vector that governs whether root or anyone
    else can do a bunch of things. I don't recall what those
    individual bits are, but they may give you at least some of
    what you want to do.

    Good luck.

    Robert Riches
    spamtrap42@verizon.net
    (Yes, that is one of my email addresses.)

+ Reply to Thread