[K12OSN] thin-client lock down
Les Mikesell
les at futuresource.com
Mon Aug 23 16:07:53 UTC 2004
On Mon, 2004-08-23 at 05:50, Josiah Ritchie wrote:
> Each of these has "dot files" to configure the environment or a folder
> holding the info. You could probably set permissions to read, but not
> write for all that stuff and then give ownership to root. The ownership
> is important, otherwise a slick student can change his access rights
> back to write.
The tricky part here is that as long as you have write access to
the directory containing these files you can delete the existing
ones and replace them with new copies owned by yourself. I think
this possibility could be eliminated by setting the 'sticky' bit
on each home directory (chmod +t) to make it act like the /tmp
directory where files can only be deleted or renamed by root
or their owner.
---
Les Mikesell
les at futuresource.com
More information about the K12OSN
mailing list