On Wed, 2007-02-07 at 13:27 +0000, James Wilkinson wrote: > Les wrote: > > My bad... I didn't realize that would happen. I had used this on some > > other OS some time ago and it did work as I stated. I should have > > checked it here first. I created a test file, changed its mode to 755, > > then sourced it and it did source correctly, but then I typed rm > > filename and I got a prompt to let me remove a protected file and sure > > enough the regular user could do that. So in Linux, anyway, I am not > > sure how you can affect the user individaully other than perhaps a group > > policy. This would seem to be a "loose end" in terms of control by the > > admin. > > You use chattr to set the immutable attribute (this needs to be done as > root). Until this attribute is removed, no-one can change or delete the > file: > > A file with the ‘i’ attribute cannot be modified: it cannot be > deleted or renamed, no link can be created to this file and no data > can be written to the file. Only the superuser or a process > possessing the CAP_LINUX_IMMUTABLE capability can set or clear this > attribute. > (-- man chattr) > > Hope this helps, > > James. > Hi, James, Thanks. I am getting too reliant on my memory, rather than look at the tools available (like man). Regards, Les H
