Re: limitation of user a/c ( telnet service )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Les wrote:
> My bad... I didn't realize that would happen.  I had used this on some
> other OS some time ago and it did work as I stated.  I should have
> checked it here first.  I created a test file, changed its mode to 755,
> then sourced it and it did source correctly, but then I typed rm
> filename and I got a prompt to let me remove a protected file and sure
> enough the regular user could do that.  So in Linux, anyway, I am not
> sure how you can affect the user individaully other than perhaps a group
> policy.  This would seem to be a "loose end" in terms of control by the
> admin.

You use chattr to set the immutable attribute (this needs to be done as
root).  Until this attribute is removed, no-one can change or delete the
file:

   A file with the ‘i’ attribute cannot be modified: it cannot be
   deleted or renamed, no link can be created to this file and no data
   can be written to the file. Only the superuser or a process
   possessing the CAP_LINUX_IMMUTABLE capability can set or clear this
   attribute.
      (-- man chattr)

Hope this helps,

James.

-- 
E-mail:     james@ | Just remember: 1 virus         3 viriii
aprilcottage.co.uk |                2 virii         4 viriv
                   |     -- Matt S Trout


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux