Re: Limiting User Commands

To: "Michael Graham" <oobermick@yahoo.co.uk>
Cc: <debian-user@lists.debian.org>, <debian-isp@lists.debian.org>
Subject: Re: Limiting User Commands
From: "Ben Hutchings" <ben.hutchings@businesswebsoftware.com>
Date: Wed, 10 Nov 2004 10:49:47 +0000
Message-id: <[🔎] 4191F24B.7040005@businesswebsoftware.com>
In-reply-to: <pan.2004.11.09.19.15.00.669836@yahoo.co.uk>
References: <[🔎] 3f9fee5104110509315629b895@mail.gmail.com> <[🔎] 20041105231328.GB16508@aokiconsulting.com> <[🔎] 20041108182810.GA11599@iarc.uaf.edu> <[🔎] 4190BDAB.6060700@businesswebsoftware.com> <pan.2004.11.09.19.15.00.669836@yahoo.co.uk>

Michael Graham wrote:

Ben Hutchings wrote:

Christopher Swingley wrote:

Change the ownership and permissions on their .bash_profile and .bashrc
to root:root 644:

   -rw-r--r--    1 root     root          420 Sep 21 13:05
   .bash_profile -rw-r--r--    1 root     root          746 Sep 21
   13:05 .bashrc


You should also add the sticky bit to their directory (chmod +t) to
prevent them from replacing these files.



I feel the need to learn something new today. How could the user replace
the root owned files in a directory that they own?

By renaming or unlinking them. Linux treats this as an operation on thedirectory, not the file, so it's controlled by the directory's permissions.


Ben.

Reply to:

Follow-Ups:
- Re: Limiting User Commands
  - From: Russell Coker <russell@coker.com.au>

References:
- Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>
- Re: Limiting User Commands
  - From: Osamu Aoki <osamu@debian.org>
- Re: Limiting User Commands
  - From: Christopher Swingley <cswingle@iarc.uaf.edu>
- Re: Limiting User Commands
  - From: "Ben Hutchings" <ben.hutchings@businesswebsoftware.com>

Prev by Date: Re: exim or postfix
Next by Date: Re: exim or postfix
Previous by thread: Re: Limiting User Commands
Next by thread: Re: Limiting User Commands
Index(es):
- Date
- Thread