limitation of user a/c ( telnet service )
Les
hlhowell at pacbell.net
Wed Feb 7 21:40:41 UTC 2007
On Wed, 2007-02-07 at 13:27 +0000, James Wilkinson wrote:
> Les wrote:
> > My bad... I didn't realize that would happen. I had used this on some
> > other OS some time ago and it did work as I stated. I should have
> > checked it here first. I created a test file, changed its mode to 755,
> > then sourced it and it did source correctly, but then I typed rm
> > filename and I got a prompt to let me remove a protected file and sure
> > enough the regular user could do that. So in Linux, anyway, I am not
> > sure how you can affect the user individaully other than perhaps a group
> > policy. This would seem to be a "loose end" in terms of control by the
> > admin.
>
> You use chattr to set the immutable attribute (this needs to be done as
> root). Until this attribute is removed, no-one can change or delete the
> file:
>
> A file with the ‘i’ attribute cannot be modified: it cannot be
> deleted or renamed, no link can be created to this file and no data
> can be written to the file. Only the superuser or a process
> possessing the CAP_LINUX_IMMUTABLE capability can set or clear this
> attribute.
> (-- man chattr)
>
> Hope this helps,
>
> James.
>
Hi, James,
Thanks. I am getting too reliant on my memory, rather than look at the
tools available (like man).
Regards,
Les H
More information about the fedora-list
mailing list