Les Mikesell wrote:
Tim wrote:
edwardspl@xxxxxxxxxx:
But when user "edward" login to the
server by the telnet service, then he can modify the dot file...
Sam Varshavchik:
1) No, he can't. Not if the file is owned
by root, with no other permissions.
The user owns the directory, they can remove files and create new ones.
You'd have to do more than change those file's ownership to root, and
I'm still not sure whether that'd work in a user's homespace.
Make sure every user has a unique group (the default in fedora), then
for each home directory:
chown root directoryname
chmod g+rwx directoryname
chmod +t directoryname
and
chown root directoryname/dotfile_to_protect
Now the user can still create new files and delete his own because of
the group rwx on the directory. No one else has access because his
group is unique. He can't remove files he doesn't own because of the
sticky bit (+t) on the directory. So, he can't modify or remove files
owned by root. And he can't remove the sticky bit because his home
directory is owned by root.
Hello to you,
1, The System is FC6.
2, After run "adduser edward" and login with user "edward", then
[edward@svr1 ~]$ ls -l -a
total 36
drwx------ 3 edward edward 4096 Feb 6 22:51 .
drwxr-xr-x 5 root root 4096 Feb 6 22:50 ..
-rw------- 1 edward edward 67 Feb 7 12:47 .bash_history
-rw-r--r-- 1 edward edward 24 Feb 6 22:50 .bash_logout
-rw-r--r-- 1 edward edward 176 Feb 7 11:57 .bash_profile
-rw-r--r-- 1 edward edward 124 Feb 6 22:50 .bashrc
drwxr-xr-x 3 edward edward 4096 Feb 6 22:50 .kde
-rw-r--r-- 1 edward edward 658 Feb 6 22:50 .zshrc
[edward@svr1 ~]$
3, Is it :
chown root /home/edward
chmod g+rwx ( What number of g+rwx, eg : ?77 ) /home/edward
chmod +t ( What number of +t ) /home/edward
chown root /home/edward/ All_dot_filenames
|
