On Sun, Jan 04, 2015 at 06:40:10PM -0500, Jude Nelson wrote:
> Hi Hendrik,
>
> > In VAX/VMS there was a feature that could in theory be useful,
> > though I've never seen it actually used. Fila permissions could
> > forbid the root user from reading the file. This might be useful
> > for dire secrets. Even the sysadmin couldn't back up that file.
>
> I think for some applications (like dealing with medical records), this is
> a legal requirement.
>
> On Linux at least, locking a user with CAP_SYS_PTRACE out of a userspace
> filesystem is impossible, since in the extreme the user can always ptrace
> it and override its behavior. In vdev's case, even though it's possible to
> create an ACL that prevents even root from seeing devices via the VFS, a
> privileged user could still get past it. I'll be sure to document this--I
> wouldn't want users to get lulled into a false sense of security.

Even on VMS the administrator coculd change the permissions on such
file. So it wasn't really a serious security measure.

-- hendrik