Les Mikesell wrote: > Tim wrote: > >> edwardspl@xxxxxxxxxx: >> >>>> But when user "edward" login to the server by the telnet service, >>>> then he can modify the dot file... >>> >> >> Sam Varshavchik: >> >>> 1) No, he can't. Not if the file is owned by root, with no other >>> permissions. >> >> >> The user owns the directory, they can remove files and create new ones. >> You'd have to do more than change those file's ownership to root, and >> I'm still not sure whether that'd work in a user's homespace. > > > Make sure every user has a unique group (the default in fedora), then > for each home directory: > chown root directoryname > chmod g+rwx directoryname > chmod +t directoryname > and > chown root directoryname/dotfile_to_protect > > Now the user can still create new files and delete his own because of > the group rwx on the directory. No one else has access because his > group is unique. He can't remove files he doesn't own because of the > sticky bit (+t) on the directory. So, he can't modify or remove files > owned by root. And he can't remove the sticky bit because his home > directory is owned by root. > Hello, Sorry, any other problem : If I want to config the web service, eg : http://www.abc.com, then the actual location is /home/abc/html/All_of_homepage_files... So, how to operator every web user account similar with above setting ? Edward.
