On Thu, 2004-11-11 at 19:50, James McKenzie wrote:
> Gang Xu wrote:
>
> >Hi, all~
> >
> >I have a question:
> >normal users how to restrict root permition of a file(own by normal user)?
This idea would be disastrous if you make it work as you list below.
example: A user restricts root from accessing his area
That user can then do whatever he wants, legal, illegal, or
otherwise, and can be maliciously bent.
Root: as the administrator has no way to find out what is being done
on/to his system.
This has legal implications as well as administrative nightmare factors.
Bottom line: No user should EVER have the ability to prevent root (the
super user) from monitoring/controlling what other users are doing.
If you have your own box, you can do whatever you want on that system.
If the box belongs to someone else, they are (and should be) able to
monitor/control all that is being done.
> >
> >[background]:
> > Kernel 2.6.7 (compile with ACL)
> > mount / with acl option
> > skywind is a normal user in system
> >
> >[object]:
> > normal user skywind restrict root's read permition by using ACL.
> >
> >[detailed]:
> > skywind@localhost:~$ cat 123 > /tmp/test
> > skywind@localhost:~$ chmod 700 /tmp/test
> > skywind@localhost:~$ setfacl u:root:--- /tmp/test
> > skywind@localhost:~$ su -
> > localhost:~# cat /tmp/test
> > 123
> > localhost:~#
> >
> >[result is:]
> > root can read the /tmp/test
> >
> >Why?
> >I don't want root read the /tmp/test
> >How to do?
> >
> >Could anyone help me?
> >Very very thankx~~~~~
> >:-)
> >
> >
> >
> Root is the ultimate administator on your system. It can access ALL
> files, processes and software packages. The only method is to use file
> encryption, which may or may not be a good idea, to block access to your
> files. If you own the system, then you should not worry about root user
> level access. No one should ever log onto your system as root, unless
> absolutely necessary.
>
> James McKenzie
>
>
> >--
> >Skywind
> >
> >
> >
> >
> >
