[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Les Mikesell wrote:

> Tim wrote:
>
>> [email protected]:
>>
>>>> But when user "edward" login to the server by the telnet service,
>>>> then he can modify the dot file...
>>>
>>
>> Sam Varshavchik:
>>
>>> 1) No, he can't. Not if the file is owned by root, with no other
>>> permissions.
>>
>>
>> The user owns the directory, they can remove files and create new ones.
>> You'd have to do more than change those file's ownership to root, and
>> I'm still not sure whether that'd work in a user's homespace.
>
>
> Make sure every user has a unique group (the default in fedora), then
> for each home directory:
> chown root directoryname
> chmod g+rwx directoryname
> chmod +t directoryname
> and
> chown root directoryname/dotfile_to_protect
>
> Now the user can still create new files and delete his own because of
> the group rwx on the directory. No one else has access because his
> group is unique. He can't remove files he doesn't own because of the
> sticky bit (+t) on the directory. So, he can't modify or remove files
> owned by root. And he can't remove the sticky bit because his home
> directory is owned by root.
>
Hello,

Sorry, any other problem :
If I want to config the web service, eg : http://www.abc.com, then the
actual location is /home/abc/html/All_of_homepage_files...
So, how to operator every web user account similar with above setting ?

Edward.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux