Re: Restricting user profiles
From: J Shoemaker (shoemaker_at_softhome.net)
Date: 05/19/03
- Previous message: Alex Walker: "USENIX Annual Tech - Additions to Program and Savings Deadline is here"
- In reply to: Dave Mendez: "Restricting user profiles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 19 May 2003 00:11:02 -0600
>>>>> "dm" == Dave Mendez <dhmendez@mail.cinvestav.mx> writes:
[...]
dm> I've included those home directories in the tripwire policy
dm> file to check for modifications, additions, etc, Is there any
dm> other idea to reenforce this issue??? Thanks in advance Dave
You should try setting the users' directories 'sticky' after
'chown'ing them and the files you have configured in each user's
directory to root:wheel, and make such files non-writable by the
users, but ensure that their home directories remain group writable to
them.
'A directory whose `sticky bit' is set becomes an append-only
directory, or, more accurately, a directory in which the deletion of
files is restricted. A file in a sticky directory may only be removed
or renamed by a user if the user has write permission for the
directory and the user is the owner of the file, the owner of the
directory, or the super-user. This feature is usefully applied to
directories such as /tmp which must be publicly writable but should
deny users the license to arbitrarily delete or rename each others'
files.'
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----
- Previous message: Alex Walker: "USENIX Annual Tech - Additions to Program and Savings Deadline is here"
- In reply to: Dave Mendez: "Restricting user profiles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
