On 06/18/2015 01:31 PM, jdd wrote:
Le 18/06/2015 22:28, I. Petrov a écrit :
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello Lew,
Interesting question indeed. In my opinion however it is not possible at all (especially for the root user). I'm interested what the others think about this though.
depends of what one want to do with the file, switching off an usb disk can prevent the file from being removed, even by root, be it's also unavailable for the others
Perhaps I should have included the original requirement. Here it is: "The operating system must enforce dual authorization for movement and/or deletion of all audit information, when such movement or deletion is not part of an authorized automatic process." It is what it is, but I think it's impossible without a rewrite of kernels, libraries, applications, and whatnot. Maybe rsyslog could be used to send logs to two external servers operating with different root credentials? Two "roots" would be required to delete all existent copies. I think I'll just let the customer tell me how to do it... Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org