Re: limitation of user a/c ( telnet service )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:
edwardspl@xxxxxxxxxx:
But when user "edward" login to the server by the telnet service, then he can modify the dot file...

Sam Varshavchik:
1) No, he can't. Not if the file is owned by root, with no other permissions.

The user owns the directory, they can remove files and create new ones.
You'd have to do more than change those file's ownership to root, and
I'm still not sure whether that'd work in a user's homespace.

Make sure every user has a unique group (the default in fedora), then
for each home directory:
chown root directoryname
chmod g+rwx directoryname
chmod +t directoryname
and
chown root directoryname/dotfile_to_protect

Now the user can still create new files and delete his own because of the group rwx on the directory. No one else has access because his group is unique. He can't remove files he doesn't own because of the sticky bit (+t) on the directory. So, he can't modify or remove files owned by root. And he can't remove the sticky bit because his home directory is owned by root.

--
  Les Mikesell
   lesmikesell@xxxxxxxxx


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux