On Wed, 2007-02-07 at 17:13 +1030, Tim wrote: > edwardspl@xxxxxxxxxx: > >> But when user "edward" login to the server by the telnet service, then he > >> can modify the dot file... > > Sam Varshavchik: > > 1) No, he can't. Not if the file is owned by root, with no other > > permissions. > > The user owns the directory, they can remove files and create new ones. > You'd have to do more than change those file's ownership to root, and > I'm still not sure whether that'd work in a user's homespace. > > -- > (This box runs FC5, my others run FC4 & FC6, in case that's > important to the thread.) > > Don't send private replies to my address, the mailbox is ignored. > I read messages from the public lists. > My bad... I didn't realize that would happen. I had used this on some other OS some time ago and it did work as I stated. I should have checked it here first. I created a test file, changed its mode to 755, then sourced it and it did source correctly, but then I typed rm filename and I got a prompt to let me remove a protected file and sure enough the regular user could do that. So in Linux, anyway, I am not sure how you can affect the user individaully other than perhaps a group policy. This would seem to be a "loose end" in terms of control by the admin. Another option might be from the "login" shell script to recreate the files, but that still would not prevent the user from accessing the file during the session and modifying it. About the only other option would be a shell script that would run at login in one of the system accounts such that it would run first. Generally Unix, Solaris and some other OS's have an init script for login that resides inside the root directories. Some of these scripts are called from the local shell or login script, but some shells have scripts that are run outside the users control. Perhaps someone with more use time in Linux could give a better answer. Regards, Les H
