limitation of user a/c ( telnet service )
Les Mikesell
lesmikesell at gmail.com
Wed Feb 7 13:41:07 UTC 2007
James Wilkinson wrote:
> Les wrote:
>> My bad... I didn't realize that would happen. I had used this on some
>> other OS some time ago and it did work as I stated. I should have
>> checked it here first. I created a test file, changed its mode to 755,
>> then sourced it and it did source correctly, but then I typed rm
>> filename and I got a prompt to let me remove a protected file and sure
>> enough the regular user could do that. So in Linux, anyway, I am not
>> sure how you can affect the user individaully other than perhaps a group
>> policy. This would seem to be a "loose end" in terms of control by the
>> admin.
>
> You use chattr to set the immutable attribute (this needs to be done as
> root). Until this attribute is removed, no-one can change or delete the
> file:
>
> A file with the ‘i’ attribute cannot be modified: it cannot be
> deleted or renamed, no link can be created to this file and no data
> can be written to the file. Only the superuser or a process
> possessing the CAP_LINUX_IMMUTABLE capability can set or clear this
> attribute.
> (-- man chattr)
>
> Hope this helps,
Ordinary permissions are enough: look at how /tmp works - you just don't
want that rwx for 'other'.
--
Les Mikesell
lesmikesell at gmail.com
More information about the users
mailing list