Am 22. Nov, 2000 schwäzte Deepak Saxena so: > not if you change user:group of .gnome and .gnome-desktop to someone > else and than chmod 755 on it. the user can't delete it or move it > since he doesn't own it. If it's in a dir I own I can move it, including rm it. dir perms allow me to use mv and rm even though I can't actually change the file. ( see below, however, for earth-shaking, breaking news ;-) lufthans@LuftHans:~/tmp/fred$ mkdir .gnome lufthans@LuftHans:~/tmp/fred$ ls -ld .gnome/ drwxr-sr-x 2 lufthans lufthans 4096 Nov 23 07:19 .gnome/ lufthans@LuftHans:~/tmp/fred$ LuftHans:/home/lufthans/tmp/fred# chown root.root .gnome/ LuftHans:/home/lufthans/tmp/fred# chmod 755 .gnome/ LuftHans:/home/lufthans/tmp/fred# ls -ld .gnome/ drwxr-xr-x 2 root root 4096 Nov 23 07:19 .gnome/ LuftHans:/home/lufthans/tmp/fred# lufthans@LuftHans:~/tmp/fred$ ls -ld .gnome/ drwxr-xr-x 2 root root 4096 Nov 23 07:19 .gnome/ lufthans@LuftHans:~/tmp/fred$ mv .gnome .dwarf lufthans@LuftHans:~/tmp/fred$ ls -la total 12 drwxr-sr-x 3 lufthans lufthans 4096 Nov 23 07:20 . drwxr-sr-x 3 lufthans lufthans 4096 Nov 23 07:16 .. drwxr-xr-x 2 root root 4096 Nov 23 07:19 .dwarf lufthans@LuftHans:~/tmp/fred$ rm -rf .dwarf/ lufthans@LuftHans:~/tmp/fred$ id uid=2112(lufthans) gid=2112(lufthans) groups=2112(lufthans),24(cdrom),29(audio) lufthans@LuftHans:~/tmp/fred$ Ah, but there is a way to make it stick :). This might be be a bit extreme, but the immutable flag will protect things. lufthans@LuftHans:~/tmp/fred$ mkdir .gnome lufthans@LuftHans:~/tmp/fred$ ls -ld .gnome/ drwxr-sr-x 2 lufthans lufthans 4096 Nov 23 07:28 .gnome/ lufthans@LuftHans:~/tmp/fred$ LuftHans:/home/lufthans/tmp/fred# chown root.root .gnome/ LuftHans:/home/lufthans/tmp/fred# chmod 755 .gnome/ LuftHans:/home/lufthans/tmp/fred# chattr +i .gnome/ LuftHans:/home/lufthans/tmp/fred# ls -ld .gnome/ drwxr-xr-x 2 root root 4096 Nov 23 07:28 .gnome/ LuftHans:/home/lufthans/tmp/fred# lufthans@LuftHans:~/tmp/fred$ ls -ld .gnome/ drwxr-xr-x 2 root root 4096 Nov 23 07:28 .gnome/ lufthans@LuftHans:~/tmp/fred$ mv .gnome/ .dwarf mv: cannot remove directory `.gnome/': Operation not permitted mv: cannot remove `.gnome/': Operation not permitted lufthans@LuftHans:~/tmp/fred$ rm -rf .gnome/ rm: cannot remove directory `.gnome': Operation not permitted lufthans@LuftHans:~/tmp/fred$ Note: only dirs the user could write to would need chattrd, e.g. the top dirs and dirs gnome has to be able to write to. ciao, der.hans -- # der.hans@LuftHans.com home.pages.de/~lufthans/ www.Opnix.com # It's up to the reader to make the book interesting. # An author has only the opportunity to make it uninteresting. - der.hans