On Sat, 2007-02-10 at 17:14 +1030, Tim wrote: > On Fri, 2007-02-09 at 09:44 -0600, Les Mikesell wrote: > > Remember, the object of this is to set the directory owner/modes so > > that the user can still create/remove his own files but can't > > remove/replace certain files that you will chown to root. > > I am curious whether a user can cause system problems by modifying their > own files? Yes, they can. There are many many files in the user account that either begin with "." or reside in a directory that begins with "." that the user owns and can modify, which are in fact modified by the controls for the various applications, so write capability is required for customization. If you go to a users directory and do the command % ls -al You will see a number of files and directories that begin with "." in each of these there are controls for the applications behavior from ".login" to ".bashrc" or ".kashrc" to various ".ini" files or ".dat" files that are used to setup and initialize applications, or in the case of the browser to select plugins to decode some forms of web data, such as JAVA or Jscript, movie formats, still photograph formats, downloads, etc. etc. When I maintained Unix systems, I would always have a generic user account that I could verify settings in, so that I could take a user back to basics to get them going again when things got messed up in their accounts or to check that the system had not in some way become corrupted (we did development, so lots of things could happen). Regards, Les H
