On Tue, 14 Dec 2004 20:27:33 -0500, Steven Bonneville <sbonnevi@xxxxxxxxxx> wrote: > Ed Wilts wrote: > > Without thinking about it too hard, I'd create my own system-wide > > .xscreensaver file. Then, at user creation time, create a symlink to > > the system version and make the symlink owned by root with no user write > > access. I obviously haven't tested this to prove that it works without > > breaking anything either. > > Won't work; the home directory is probably user-writable, so the user > can just delete the symlink. Remember, if you have write on a directory > you can create or delete files in that directory (even if you don't own > them, if sticky bit isn't set on the directory). I suspect you'd need to > have ~/.xscreensaver be an actual copy of the file and set it immutable > with chattr +i to make this approach work. Thanks. That comes very close to working. It works for all existing users and homedirs on each station, but we just tried it, and that immutable attribute does not copy over from /etc/skel for new users. So there's still a complication when a new user sits down at a station (we're doing network authentication against our Windows Active Directory, so people can sit down at any computer without having a local account previously created there). We're using pam_homedir to dynamically create new home dirs for users who log in at a station for the first time. So we're going to look into pam_homedir and see if it has hooks to run scripts on files it creates (it's all pretty new to us). So we could then programmatically run chattr +i on the new .xscreensaver /after/ it's copied from /etc/skel. Thanks, Matt
