2.6. File Flags (FF)
This model defines some access flags for files, fifos, symlinks and dirs. Currently, the following flags are supported:
Table 2-2. FF rights
| Flag | Checked for | Notes |
|---|---|---|
| execute_only | FILE, FIFO, SYMLINK | |
| search_only | DIR | |
| read_only | FILE, FIFO, SYMLINK, DIR | |
| write_only | FILE, FIFO, SYMLINK | |
| secure_delete | FILE | File is blanked on delete and truncate (ext2, ext3, msdos/vfat, minix only) |
| no_execute | FILE | |
| no_delete_or_rename | FILE, FIFO, SYMLINK, DIR | new in 1.1.1, not inherited |
| append_only | FILE, FIFO, SYMLINK | new in 1.1.2, write accesses are limited to APPEND_OPEN and WRITE, read accesses are allowed |
| add_inherited | FILE, FIFO, SYMLINK, DIR | not inherited |
These flags are checked on every access to the given target types. Only users in system_role security officer can change the flags.
The add_inherited flag is special: If set, the parent dir's flags are added (or'd) to the target's own flags. Inheritance is on by default.
 | The flags no_delete_or_rename and add_inherited cannot be inherited, they must always be set explicitely! |
Please note that the attributes are independent from each other and restrictive: All attributes that are set are applied, e.g. execute_only and no_execute together (or read_only and write_only) lead to no access.
Flags that are only checked for some target types are ignored for the other ones. This can be used to set e.g. search_only and execute_only on a dir - you can SEARCH (not READ!) in the dir and EXECUTE files in it, but nothing else.
Example 2-1. Preventing a group of files against reading
Set write_only on a logging dir. All log files created in that dir inherit the write_only flag, thus the log can never be read unless the flag is removed
Example 2-2. Create a group of append-only files
Set append_only on a logging dir. All log files created in that dir inherit the append_only flag, thus the log can be read, but writing can only append to the file, unless the flag is removed. Add flag write_only, if the files should not be read either.
Example 2-3. Preventing execution of files from a directory
Set no_execute on /home. All executables below that dir inherit this flag, thus no user can execute files from her home directory, unless the flag is removed.
Example 2-4. Prevent moving of a directory
Set no_delete_or_rename on /home. User home dirs below can be added, removed and individually protected, but the parent dir /home cannot be moved or replaced to fake other home dirs for most users.
File Flags should be used, if you need global access settings which are valid for all users.