ACL Question: normal user howto restrict root's permition ?
James McKenzie
jjmckenzie51 at earthlink.net
Fri Nov 12 01:50:19 UTC 2004
Gang Xu wrote:
>Hi, all~
>
>I have a question:
>normal users how to restrict root permition of a file(own by normal user)?
>
>[background]:
> Kernel 2.6.7 (compile with ACL)
> mount / with acl option
> skywind is a normal user in system
>
>[object]:
> normal user skywind restrict root's read permition by using ACL.
>
>[detailed]:
> skywind at localhost:~$ cat 123 > /tmp/test
> skywind at localhost:~$ chmod 700 /tmp/test
> skywind at localhost:~$ setfacl u:root:--- /tmp/test
> skywind at localhost:~$ su -
> localhost:~# cat /tmp/test
> 123
> localhost:~#
>
>[result is:]
> root can read the /tmp/test
>
>Why?
>I don't want root read the /tmp/test
>How to do?
>
>Could anyone help me?
>Very very thankx~~~~~
>:-)
>
>
>
Root is the ultimate administator on your system. It can access ALL
files, processes and software packages. The only method is to use file
encryption, which may or may not be a good idea, to block access to your
files. If you own the system, then you should not worry about root user
level access. No one should ever log onto your system as root, unless
absolutely necessary.
James McKenzie
>--
>Skywind
>
>
>
>
>
More information about the fedora-list
mailing list