On Wednesday 10 November 2004 21:49, "Ben Hutchings" <[EMAIL PROTECTED]> wrote: > > I feel the need to learn something new today. How could the user replace > > the root owned files in a directory that they own? > > By renaming or unlinking them. Linux treats this as an operation on the > directory, not the file, so it's controlled by the directory's permissions.
SE Linux has finer grained access control. So you can allow a user to have write access to their home directory but give ~/.bashrc etc a different type that permits only read, getattr, and execute access (but not write, append, unlink, link, rename, setattr, lock, ioctl, or create). I periodically run SE Linux play machines setup in this manner. I have some files in the root user's home directory that they can only read and execute, some that they can read and append to, and the default is for full access to files in the home directory. I'll have my play machine back online soon, see my web page for the details. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
