Tim wrote:
edwardspl@xxxxxxxxxx:
But when user "edward" login to the server by the telnet service, then he
can modify the dot file...
Sam Varshavchik:
1) No, he can't. Not if the file is owned by root, with no other
permissions.
The user owns the directory, they can remove files and create new ones.
You'd have to do more than change those file's ownership to root, and
I'm still not sure whether that'd work in a user's homespace.
Make sure every user has a unique group (the default in fedora), then
for each home directory:
chown root directoryname
chmod g+rwx directoryname
chmod +t directoryname
and
chown root directoryname/dotfile_to_protect
Now the user can still create new files and delete his own because of
the group rwx on the directory. No one else has access because his
group is unique. He can't remove files he doesn't own because of the
sticky bit (+t) on the directory. So, he can't modify or remove files
owned by root. And he can't remove the sticky bit because his home
directory is owned by root.
--
Les Mikesell
lesmikesell@xxxxxxxxx
