Re: limitation of user a/c ( telnet service )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Les Mikesell wrote:

> Tim wrote:
>> [email protected]:
>>>> But when user "edward" login to the server by the telnet service,
>>>> then he can modify the dot file...
>> Sam Varshavchik:
>>> 1) No, he can't. Not if the file is owned by root, with no other
>>> permissions.
>> The user owns the directory, they can remove files and create new ones.
>> You'd have to do more than change those file's ownership to root, and
>> I'm still not sure whether that'd work in a user's homespace.
> Make sure every user has a unique group (the default in fedora), then
> for each home directory:
> chown root directoryname
> chmod g+rwx directoryname
> chmod +t directoryname
> and
> chown root directoryname/dotfile_to_protect
> Now the user can still create new files and delete his own because of
> the group rwx on the directory. No one else has access because his
> group is unique. He can't remove files he doesn't own because of the
> sticky bit (+t) on the directory. So, he can't modify or remove files
> owned by root. And he can't remove the sticky bit because his home
> directory is owned by root.

Sorry, any other problem :
If I want to config the web service, eg :, then the
actual location is /home/abc/html/All_of_homepage_files...
So, how to operator every web user account similar with above setting ?


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux