On Tue, 2002-04-30 at 19:37, Andi Kleen wrote: > On Tue, Apr 30, 2002 at 07:04:33PM -0500, Steve Lord wrote: > > On Tue, 2002-04-30 at 18:49, Stephen Lord wrote: ... > P.S.: Overall I don't think immutable/append-only are too useful because > > attackers can always get rid of them by mknod'ing a device and writing > to the > disk directly and forcing an inode flush. So it may not be worth much > effort > for the pseudo security ones, as they only give a false sense of > security. Right, and I didn't ask because of security, we're thinking more along the lines of mistakes, which could lead to flags with file monitors, etc. That is more important in this way, than *just* security, for the purpose of the question posed. > > immutable is sometimes useful to prevent mistakes, but not for more. Right. See above. > > The only ones that may be worth it are 'S' (force O_SYNC, especially > for directories e.g. to handle qmail/postfix spool dirs without forcing > synchronous for the whole fs), 'A' (no atime) and 'd' for incremental > backup purposes. They all have *some* usefulness, but trying to make then do things they weren't really designed to do in the first place, or putting too much stock in the base implementation, isn't always the best idea anyway. :) > > > -And -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin@coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb
Attachment:
signature.asc
Description: This is a digitally signed message part