limitation of user a/c ( telnet service )
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Tue Feb 20 14:54:56 UTC 2007
Les Mikesell wrote:
> Tim wrote:
>
>> edwardspl at ita.org.mo:
>>
>>>> But when user "edward" login to the server by the telnet service,
>>>> then he can modify the dot file...
>>>
>>
>> Sam Varshavchik:
>>
>>> 1) No, he can't. Not if the file is owned by root, with no other
>>> permissions.
>>
>>
>> The user owns the directory, they can remove files and create new ones.
>> You'd have to do more than change those file's ownership to root, and
>> I'm still not sure whether that'd work in a user's homespace.
>
>
> Make sure every user has a unique group (the default in fedora), then
> for each home directory:
> chown root directoryname
> chmod g+rwx directoryname
> chmod +t directoryname
> and
> chown root directoryname/dotfile_to_protect
>
> Now the user can still create new files and delete his own because of
> the group rwx on the directory. No one else has access because his
> group is unique. He can't remove files he doesn't own because of the
> sticky bit (+t) on the directory. So, he can't modify or remove files
> owned by root. And he can't remove the sticky bit because his home
> directory is owned by root.
>
Hello,
Sorry, any other problem :
If I want to config the web service, eg : http://www.abc.com, then the
actual location is /home/abc/html/All_of_homepage_files...
So, how to operator every web user account similar with above setting ?
Edward.
More information about the fedora-list
mailing list