[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: override write protection?
On Sat, Aug 12, 2000 at 11:12:37AM -0500, Charles Menzes wrote:
> okay, here is my issue, i have some users on a machine that will need only
> specific privs. i have them set up as:
> shell /bin/rbash
> dir /home/guests/~user
> path /usr/local/guests/bin
> i would like to make sure that they are unable to edit their .bash_profile
> so that they can alter their path.
> dir perms 700 owned by user
> .bash_properms 640 owned by root group is user's group
> in order for them to not write to their profile, do i need a
> 2700 on their directory
> 4700 on their dir?
Assuming user "foo"...
writable dir: /home/guests/foo/data
Ownership of ~foo: user root (or whatever), group foo.
Permissions of ~foo: 0750.
Ownership of ~foo/data: user foo, group foo.
Permissions of ~foo/data: 6770 or 6700.
Ownership of ~foo/.bash_profile: user root, group foo.
Permissions of ~foo/.bash_profile: 0640.
(Also protect .profile, .cshrc, .bashrc, etc. the same way as
You realize, of course, that securing shell access to the box is
almost futile. But, this is better.
To unsubscribe, send email to email@example.com with
"unsubscribe luci-discuss" in the body.