UFS filesystem flags

[joseph]

Please note:
The following article is in this two-line format:
Flag - Can be set by whom
Behavior


schg - Root only
System immutable. No part of it can change, not even metadata. Root cannot unset this flag unless the system is in single-user mode or the system is at securelevel 0 or less.

uchg - Owner or root
User immutable. Like the schg flag, above, but can be set and unset by root and the file's owner.

nodump - Owner or root
Skip dump. Tell the dump(8) program not to include a file when it backs up a filesystem.

sappnd - Root only
System append only.No one may truncate the file or write to it at any point other than its end. It can be read at any point, but only written at the end.

uappnd - Owner or root
User append only. Like the sappnd flag, above, but can be set and unset freely, both by root and the file's owner.

sunlnk - Root only
System unlink. No one, not even root, can unlink (delete) the file, regardless of the permissions on the parent directory or file.

uunlnk - Owner or root
User unlink. The owner cannot unlink (delete) the file, regardless of the Unix permissions on the parent directory or file.

opaque - Owner or root
Opaque directories. Set only on directories. Makes them opaque when directories are unionfs mounted on top of them, i.e., underlying filesystems will not "show through," just like a typical mount-over.

arch - Root only
Archive. The archive flag is not used.

[joseph]

Lock down and make immutable all the directories that contain software binaries and libraries. These include:

/bin
/sbin
/usr/bin

/usr/sbin
/usr/lib
/usr/libexec
/usr/libdata
/usr/X11R6/bin
/usr/X11R6/lib

/usr/local/bin
/usr/local/sbin
/usr/local/lib
/usr/local/libexec
/usr/local/libdata

[joseph]

find /home/joseph -flags +uunlnk -print

[Sitemon]

Hi, Imalgarbemdag,
Welcome to Admon Community. We're planing to promote this website soon