On Wed, 2007-02-07 at 12:44 +0800, edwardspl@xxxxxxxxxx wrote: > Sam Varshavchik wrote: > > edwardspl@xxxxxxxxxx writes: > > > > > 竄 HTML content follows 罈 > > > Les wrote: > > > > On�Tue,�2007-02-06�at�23:06� > > > > +0800,�<URL:mailto:edwardspl@xxxxxxxxxx>edwar > > > > dspl@xxxxxxxxxx�wrote: > > > > �� > > > > > > > > > Dear�All, > > > > > > > > > > How�can�we�limit�a�user�a/c�when�telnet�to�the�server�: > > > > > eg�: > > > > > > > > > > [edward@svr1�~]$�ls�-l�-a > > > > > total�36 > > > > > drwx------�3�edward�edward�4096�Feb��6�22:51�. > > > > > drwxr-xr-x�5�root���root���4096�Feb��6�22:50�.. > > > > > -rw-------�1�edward�edward���14�Feb��6�22:52�.bash_history > > > > > -rw-r--r--�1�edward�edward���24�Feb��6�22:50�.bash_logout > > > > > -rw-r--r--�1�edward�edward��176�Feb��6�22:50�.bash_profile > > > > > -rw-r--r--�1�edward�edward��124�Feb��6�22:50�.bashrc > > > > > drwxr-xr-x�3�edward�edward�4096�Feb��6�22:50�.kde > > > > > -rw-r--r--�1�edward�edward��658�Feb��6�22:50�.zshrc > > > > > [edward@svr1�~]$ > > > > > > > > > > Prevent�user�"edward"�from�doing�the�following�: > > > > > modify�/�del�the�exiting�files�(�default�by�the�system�). > > > > > > > > > > Allow�user�"edward"�create�/�del�/�modify�other�his�own�files�/�dirs. > > > > > > > > > > Edward. > > > > > --� > > > > > ���� > > > > Have�root�create�the�files�with�root�access,�then�put�the�world�read�and > > > > execute�privilege�on�them.��Only�root�can�then�modify�them. > > > > > > > > Regards, > > > > Les�H > > > > > > > > �� > > > But when user "edward" login to the server by the telnet service, > > > then he can modify the dot file... > > > > 1) No, he can't. Not if the file is owned by root, with no other > > permissions. > > > > 2) If you allow telnet access, you have more problems to worry > > about. Such as anyone with access to your local network, or your > > Internet provider's network, being able to capture your login > > passwords. > > > > > For the point 1, user edward he can modify / delete the dot file.... > -- Is user edward a superuser? If so, that will cause edward to be able to change any file he wants, regardless of permissions or any other action you may take. Regards, Les H
