Re: limitation of user a/c ( telnet service )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2007-02-07 at 17:13 +1030, Tim wrote:
> edwardspl@xxxxxxxxxx:
> >> But when user "edward" login to the server by the telnet service, then he 
> >> can modify the dot file...
> 
> Sam Varshavchik:
> > 1) No, he can't.  Not if the file is owned by root, with no other 
> > permissions.
> 
> The user owns the directory, they can remove files and create new ones.
> You'd have to do more than change those file's ownership to root, and
> I'm still not sure whether that'd work in a user's homespace.
> 
> -- 
> (This box runs FC5, my others run FC4 & FC6, in case that's
>  important to the thread.)
> 
> Don't send private replies to my address, the mailbox is ignored.
> I read messages from the public lists.
> 
My bad... I didn't realize that would happen.  I had used this on some
other OS some time ago and it did work as I stated.  I should have
checked it here first.  I created a test file, changed its mode to 755,
then sourced it and it did source correctly, but then I typed rm
filename and I got a prompt to let me remove a protected file and sure
enough the regular user could do that.  So in Linux, anyway, I am not
sure how you can affect the user individaully other than perhaps a group
policy.  This would seem to be a "loose end" in terms of control by the
admin.

	Another option might be from the "login" shell script to recreate the
files, but that still would not prevent the user from accessing the file
during the session and modifying it.  

	About the only other option would be a shell script that would run at
login in one of the system accounts such that it would run first.
Generally Unix, Solaris and some other OS's have an init script for
login that resides inside the root directories.  Some of these scripts
are called from the local shell or login script, but some shells have
scripts that are run outside the users control.  Perhaps someone with
more use time in Linux could give a better answer.

Regards,
Les H


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux