OT: setrlimit equivalent to prevent unlink or truncate

Johannes Hofmann hofmann at blob.baaderstrasse.com
Fri May 30 12:25:18 PDT 2008


Chris Turner <c.turner at 199technologies.org> wrote:
> Johannes Hofmann wrote:
>> Hi,
>> 
>> I'm wondering whether there is a way to prevent a process to modify 
>> the file system. setrlimit(RLIMIT_FSIZE) to 0 almost does the trick,
>> but unfortunately it does not prevent unlink() or truncate().
>> Is there any reason why there is no limit to prevent unlink or
>> truncate?
>> 
> 
> if it works, mounting the FS readonly should work..
> 
> also, chflags might be helpful..
> 
> or is this a coding question about coding the program that calls 
> setrlimit() ?
> 

Yes, the latter. In a program I want to exec another binary with
limited privileges.





More information about the Users mailing list