[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: override write protection?



okay, here is my issue, i have some users on a machine that will need only
specific privs. i have them set up as:

shell /bin/rbash
dir   /home/guests/~user

path  /usr/local/guests/bin

i would like to make sure that they are unable to edit their .bash_profile
so that they can alter their path.

dir perms	700 owned by user
.bash_properms	640 owned by root group is user's group

in order for them to not write to their profile, do i need a

2700 on their directory
or
4700 on their dir?

On Fri, 11 Aug 2000, Jeff Licquia wrote:

> On Thu, Aug 10, 2000 at 08:03:30AM -0500, Charles Menzes wrote:
> > why can i as an ordinary user remove a file owned by another user when the
> > file is 0644 with a grp assigned to it that i am not a member of?
> > this seems wrong :)
> 
> Do you have write permission on the directory?  If so, that's correct
> behavior.
> 
> World- or group-writable directories should have the sticky bit set,
> which prevents anyone from deleting files unless they own either the
> file to be deleted or the directory.  But no one can stop the owner of
> a directory from doing whatever (s)he likes.  If that's a problem,
> don't leave files in directories owned by people you don't trust
> without keeping a hard link around in a safe directory.
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
> 

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.