At 3:41 PM -0600 9/25/07, Frank Cox wrote: >On Tue, 25 Sep 2007 13:29:43 -0500 >"Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx> wrote: > >> Tony Nelson wrote: >> > At 2:25 AM -0600 9/25/07, Frank Cox wrote: >> >> On Tue, 25 Sep 2007 01:19:51 -0700 >> >> Brian Mury <brianmury@xxxxxxxxxxxxxx> wrote: >> >> >> >>> That would work, so long as the user doesn't modify ~/.bash_logout. >> >> chown root.root .bash_logout >> >> chmod 444 .bash_logout >> >> cp .bash_logout /etc/skel >> >> >> >> You're off to the races. >> > >> > The user can just rm .bash_logout and make a new one. Try it. > >After doing some thinking and research here, what about using chattr to >set the >i attribute? ... Yes, that will prevent the file from being replaced by a user. Also make sure that the user can't use chsh. -- ____________________________________________________________________ TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx> ' <http://www.georgeanelson.com/>
