OT: setrlimit equivalent to prevent unlink or truncate
Johannes Hofmann
hofmann at blob.baaderstrasse.com
Fri May 30 12:25:18 PDT 2008
Chris Turner <c.turner at 199technologies.org> wrote:
> Johannes Hofmann wrote:
>> Hi,
>>
>> I'm wondering whether there is a way to prevent a process to modify
>> the file system. setrlimit(RLIMIT_FSIZE) to 0 almost does the trick,
>> but unfortunately it does not prevent unlink() or truncate().
>> Is there any reason why there is no limit to prevent unlink or
>> truncate?
>>
>
> if it works, mounting the FS readonly should work..
>
> also, chflags might be helpful..
>
> or is this a coding question about coding the program that calls
> setrlimit() ?
>
Yes, the latter. In a program I want to exec another binary with
limited privileges.
More information about the Users
mailing list