Re: deny deleting a file for users.. trying a solution
From: Nathan Vack (njvack_at_lithium.hsl.wisc.edu)
Date: 06/18/03
- Previous message: Hal Flynn: "New SecurityFocus Article"
- In reply to: Zow: "Re: deny deleting a file for users.. trying a solution"
- Next in thread: Glynn Clements: "Re: deny deleting a file for users.. trying a solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Jun 2003 12:15:54 -0500 To: focus-linux@securityfocus.com
Zow Terry Brugger wrote:
> Light bulb goes on above head -- check out LIDS (lids.org)
...
> working normally. However, if you just want to protect the one file, you
> should be able to set it up so that nothing can modify the directory it
> resides in, and explicitly allow /usr/bin/netscape (or whatever) full access
> to the directory. That way, users will not be able to delete the file from a
> shell, but Netscape can continue to do its thing normally.
Note that LIDS permissions work by inode number, so if you do the
"obvious thing" and protect the FILE you want to protect, the first time
it gets recreated (which your mail client may well decide to do) you'll
lose your protection and be left scratching your head.
So you really do want to do it per directory.
Just a minor caveat, really...
-Nate
- Previous message: Hal Flynn: "New SecurityFocus Article"
- In reply to: Zow: "Re: deny deleting a file for users.. trying a solution"
- Next in thread: Glynn Clements: "Re: deny deleting a file for users.. trying a solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
