DragonFly users List (threaded) for 2008-05
DragonFly BSD
DragonFly users List (threaded) for 2008-05
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: OT: setrlimit equivalent to prevent unlink or truncate


From: Johannes Hofmann <hofmann@xxxxxxxxxxxxxxxxxxxxxx>
Date: 30 May 2008 19:25:18 GMT

Chris Turner <c.turner@199technologies.org> wrote:
> Johannes Hofmann wrote:
>> Hi,
>> 
>> I'm wondering whether there is a way to prevent a process to modify 
>> the file system. setrlimit(RLIMIT_FSIZE) to 0 almost does the trick,
>> but unfortunately it does not prevent unlink() or truncate().
>> Is there any reason why there is no limit to prevent unlink or
>> truncate?
>> 
> 
> if it works, mounting the FS readonly should work..
> 
> also, chflags might be helpful..
> 
> or is this a coding question about coding the program that calls 
> setrlimit() ?
> 

Yes, the latter. In a program I want to exec another binary with
limited privileges.



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]