<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=Big5" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Les wrote:<br>
<blockquote cite="mid1170839430.8631.1.camel@localhost.localdomain"
 type="cite">
  <pre wrap="">On Wed, 2007-02-07 at 12:44 +0800, <a class="moz-txt-link-abbreviated" href="mailto:edwardspl@ita.org.mo">edwardspl@ita.org.mo</a> wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">Sam Varshavchik wrote:
    </pre>
    <blockquote type="cite">
      <pre wrap=""><a class="moz-txt-link-abbreviated" href="mailto:edwardspl@ita.org.mo">edwardspl@ita.org.mo</a> writes: 

      </pre>
      <blockquote type="cite">
        <pre wrap="">ç«� HTML content follows ç½� 
Les wrote: 
        </pre>
        <blockquote type="cite">
          <pre wrap="">On�Tue,ï¿�2007-02-06�atï¿�23:06ï¿�
+0800,ï¿�<a class="moz-txt-link-rfc1738" href="mailto:edwardspl@ita.org.mo"><URL:mailto:edwardspl@ita.org.mo></a>edwar
<a class="moz-txt-link-abbreviated" href="mailto:dspl@ita.org.mo">dspl@ita.org.mo</a>�wrote: 
�� 

          </pre>
          <blockquote type="cite">
            <pre wrap="">Dear�All, 

How�can�we�limit�a�user�a/c�when�telnet�to�the�serverï¿�: 
egï¿�: 

[edward@svr1�~]$�lsï¿�-lï¿�-a 
totalï¿�36 
drwx------ï¿�3�edward�edwardï¿�4096�Feb��6ï¿�22:51ï¿�. 
drwxr-xr-xï¿�5�root���root��ï¿�4096�Feb��6ï¿�22:50ï¿�.. 
-rw-------ï¿�1�edward�edward��ï¿�14�Feb��6ï¿�22:52ï¿�.bash_history 
-rw-r--r--ï¿�1�edward�edward��ï¿�24�Feb��6ï¿�22:50ï¿�.bash_logout 
-rw-r--r--ï¿�1�edward�edward��176�Feb��6ï¿�22:50ï¿�.bash_profile 
-rw-r--r--ï¿�1�edward�edward��124�Feb��6ï¿�22:50ï¿�.bashrc 
drwxr-xr-xï¿�3�edward�edwardï¿�4096�Feb��6ï¿�22:50ï¿�.kde 
-rw-r--r--ï¿�1�edward�edward��658�Feb��6ï¿�22:50ï¿�.zshrc 
[edward@svr1�~]$ 

Prevent�userï¿�"edward"�from�doing�the�followingï¿�: 
modifyï¿�/�del�the�exiting�filesï¿�(�default�by�the�systemï¿�). 

Allow�userï¿�"edward"�createï¿�/�delï¿�/�modify�other�his�own�filesï¿�/�dirs. 

Edward. 
--ï¿� 
���� 
            </pre>
          </blockquote>
          <pre wrap="">Have�root�create�the�files�with�root�access,�then�put�the�world�read�and 
execute�privilege�on�them.��Only�root�can�then�modify�them. 

Regards, 
Les�H 

�� 
          </pre>
        </blockquote>
        <pre wrap="">But when user "edward" login to the server by the telnet service,
then he can modify the dot file... 
        </pre>
      </blockquote>
      <pre wrap="">1) No, he can't.  Not if the file is owned by root, with no other
permissions. 

2) If you allow telnet access, you have more problems to worry
about.  Such as anyone with access to your local network, or your
Internet provider's network, being able to capture your login
passwords. 


      </pre>
    </blockquote>
    <pre wrap="">For the point 1, user edward he can modify / delete the dot file....
-- 
    </pre>
  </blockquote>
  <pre wrap=""><!---->Is user edward a superuser?  If so, that will cause edward to be able to
change any file he wants, regardless of permissions or any other action
you may take.

Regards,
Les H

  </pre>
</blockquote>
<font size="-1">Hello to you,<br>
<br>
User "edward" is a normal user account...<br>
<br>
Edward.<br>
</font>
</body>
</html>