limitation of user a/c ( telnet service )
James Wilkinson
fedora at aprilcottage.co.uk
Wed Feb 7 13:27:02 UTC 2007
Les wrote:
> My bad... I didn't realize that would happen. I had used this on some
> other OS some time ago and it did work as I stated. I should have
> checked it here first. I created a test file, changed its mode to 755,
> then sourced it and it did source correctly, but then I typed rm
> filename and I got a prompt to let me remove a protected file and sure
> enough the regular user could do that. So in Linux, anyway, I am not
> sure how you can affect the user individaully other than perhaps a group
> policy. This would seem to be a "loose end" in terms of control by the
> admin.
You use chattr to set the immutable attribute (this needs to be done as
root). Until this attribute is removed, no-one can change or delete the
file:
A file with the ‘i’ attribute cannot be modified: it cannot be
deleted or renamed, no link can be created to this file and no data
can be written to the file. Only the superuser or a process
possessing the CAP_LINUX_IMMUTABLE capability can set or clear this
attribute.
(-- man chattr)
Hope this helps,
James.
--
E-mail: james@ | Just remember: 1 virus 3 viriii
aprilcottage.co.uk | 2 virii 4 viriv
| -- Matt S Trout
More information about the users
mailing list