[K12OSN] Lockdown of users

goblin at scooter.co.nz goblin at scooter.co.nz
Fri Oct 1 05:24:01 UTC 2004

norbert wrote:
> Hi,
> If when I create new users and their default profile is taken from 
> /etc/skel/ could I make custom entries in /etc/skel/ and chown all the 
> files to "admin" or "root" to prevent the little monsters from modifiing 
> their desktop, specifically removing icon and launch bar ?

any normal files in a directory may be deleted by the owner of the 
directory regardless of who owns the said files.

An exception to this is if chattr -i has been used.. from the chattr man 

        A file with the `i' attribute cannot be modified: it  can-
        not  be deleted or renamed, no link can be created to this
        file and no data can be written to  the  file.   Only  the
        superuser  or a process possessing the CAP_LINUX_IMMUTABLE
        capability can set or clear this attribute

Be careful with this as a lot of stuff in the $HOME directory requires 
the user to be able to write to it.

I'm sure Gnome and gconf allow you to set these things in stone anyway 
which might be a better solution.


More information about the K12OSN mailing list