On Wed, Aug 25, 2004 at 01:11:03PM +0100, James Wilkinson wrote: > meetkaustubhghosh@xxxxxxxx wrote: > > > > Let us consider a > > situation where a employee is to complete a report within a date .He > > didnot send it ,but later he just shifts the system date backwords, > > saves the file in the backward date and shows that he has completed > > the job in time. > > Or, more simply, he just uses the touch command. This doesn't even need > root access. > > Andre Speelmans commented: > > > > Clearly you don't trust the user. I assume it is required for him to have the > > privileges to change the date on the system (if he doesn't need them, strip > > them and your problem is solved). > > Well ... no. Not unless you can stop him from running touch or something > like it. (Careful review of permissions, filesystems, and the noexec > keyword can make this practical. But it's still not a good idea.) <ashamed> I didn't even think of touch. Stupid, stupid.... </ashamed> > > If you don't trust the user, why not change your procedure so that a report is > > completed when it is on the system *and* he has notified his manager. His > > manager can verify the existance of the report. > > Or when he has sent it by e-mail to his manager. E-mail doesn't have a guaranteed delivery. It is quite easy to say: I did send it, probably something wrong with the mail-server. > Does it really matter if the report isn't completed by a point in time > if the manager only looks at it later and it's finished then? IMHO: no. But the OP did specifically mention it should be completed at a certain date. > If no-one looks at a report, does it really exist? Is a sound really a sound if there is nobody to hear it? -- Kind regards, Andre
