On 1 Sep 2006 12:28:12 -0700
"Karen Hill" <karen_hill22@yahoo.com> wrote:

> Immutable files are files where not even root
> can change/delete/move a file set as immutable.

But root can unset the immutable flag. Thus it only serves as
protection against accidental deletions or modifications. This is
slightly useful. Roles are better for that purpose.

> For the Oracle DBAs, how can you guarentee an audit trail without
> immutable files?

You cannot guarantee it with immutable files.

Immutability is _not_ a security feature. It does _not_ solve the
problem that root can change any file. If you cannot trust your root
user, you've got major problems. Trust is a difficult concept for PHBs,
but there is no magic solution.

Learn to live with it.

--
Stefaan A Eeckels
--
Tener razón es una razón más para no tener ningún éxito.
--Nicolás Dávila