Re: limitation of user a/c ( telnet service )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2007-02-07 at 13:27 +0000, James Wilkinson wrote:
> Les wrote:
> > My bad... I didn't realize that would happen.  I had used this on some
> > other OS some time ago and it did work as I stated.  I should have
> > checked it here first.  I created a test file, changed its mode to 755,
> > then sourced it and it did source correctly, but then I typed rm
> > filename and I got a prompt to let me remove a protected file and sure
> > enough the regular user could do that.  So in Linux, anyway, I am not
> > sure how you can affect the user individaully other than perhaps a group
> > policy.  This would seem to be a "loose end" in terms of control by the
> > admin.
> 
> You use chattr to set the immutable attribute (this needs to be done as
> root).  Until this attribute is removed, no-one can change or delete the
> file:
> 
>    A file with the ‘i’ attribute cannot be modified: it cannot be
>    deleted or renamed, no link can be created to this file and no data
>    can be written to the file. Only the superuser or a process
>    possessing the CAP_LINUX_IMMUTABLE capability can set or clear this
>    attribute.
>       (-- man chattr)
> 
> Hope this helps,
> 
> James.
> 
Hi, James,
	Thanks.  I am getting too reliant on my memory, rather than look at the
tools available (like man).

Regards,
Les H


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux