I'm not so sure. Could you please verify that on your own Unix system? As "root": ls -ld /home/luser drwxr-xr-x 98 luser luser 1024 Apr 1 10:11 /home/luser cd /home/luser mkdir .foo chown 0 .foo chgrp 0 .foo chmod 755 .foo As normal user "luser": cd /home/luser ls -ld .foo* drwxr-xr-x 2 root root 1024 Apr 1 10:11 .foo mv .foo .foobar ls -ld .foo* drwxr-xr-x 2 root root 1024 Apr 1 10:11 .foobar rmdir .foobar ls -ld .foo* ls: .foo*: No such file or directory I'm pretty sure that "luser" couldn't do things within the 755 directory owned by root:root, but since "luser" owns the parent directory, /home/luser, and has full rwx permissions, "luser" can rename the subdirectory. D * On Wed, Nov 22, 2000 at 10:38:01PM -0500, Deepak Saxena wrote: > > not if you change user:group of .gnome and .gnome-desktop to someone > else and than chmod 755 on it. the user can't delete it or move it > since he doesn't own it. > > ~ Deepak > > > On Nov 22 2000, at 17:53, plug@arcticmail.com was caught saying: > > > > OK, I know that grandma won't know how to do this, > > but using this method couldn't grandma as grandma > > do the following: > > > > cd ~grandma > > mv .gnome .gnome-grandmaubercracker > > mv .gnome-desktop .gnome-i-want-the-grandkids-photos-on-my-desktop > > > > assuming that grandma has sufficient permissions > > in her home directory? > > > > I would suspect that GNOME has a "system-wide" config > > file or some such that tells it to make use of ~/.gnome > > (and ~/.gnome-desktop) (or worst case I guess it could > > be hard coded in the source code). > > > > Anyway, it would seem that GNOME should be reconfigured > > NOT to use ~/.gnome and ~/.gnome-desktop, but rather it > > should get what it needs from shared, system-wide config > > directories /usr/local/etc/gnome and > > /usr/local/etc/gnome-desktop, both of which are > > locked down via chown and chmod. > > > > Of course, faced with this, grandma would have no > > choice but to custom-compile the GNOME source in > > her home directory. :) > > > > > > D > > > > * On Wed, Nov 22, 2000 at 12:44:06PM -0700, Deepak Saxena wrote: > > > > > > > > > create a "gnome" user/group. > > > you can use root, but it's probably cleaner not to > > > > > > pseudo-code: > > > > > > foreach USER > > > cd ~$USER/.gnome-desktop > > > chown -R gnome:gnome . > > > > > > That will lock down the desktop. They can read it, but they can't write to > > > it, so there's no way for them to add anything. > > > > > > You should be able to do the same sort of thing with the .gnome directory > > > by locking down config files. You may have to play with that directory a > > > little since certain files have to be written to by Gnome at logout. > > > Thing like session management information and such. > > > > > > I would create a default .gnome-desktop and .gnome directory structure > > > and then build a wrapper script around adduser so that they get automatically > > > installed into a new user's $HOME > > > > > > ~ Deepak > > > > > > On Nov 22 2000, at 12:32, Icegryphon was caught saying: > > > > I will be having Multiple users on a workstation with gnome. > > > > Here is the problem I run in to. I need to make a user with a normal desktop > > > > on gnome (i.e. Home Dir, floppy, Trash.) And also have Netscape and to > > > > logout/shutdown. Now how do I configure a user so that they and only see those > > > > and can use those. I Don't want them to be able to remove or del any icons > > > > from their desktop. I don't want them to be able to add a panel or change the > > > > background or any options. Pretty much a basic system that would only be able > > > > to use netscape and their home directory and floppy. > > > > Is there any good software around for creating policies like in windows NT? > > > > Please E-mail your comments to me at Icegryphon@netscape.net > > > > rather then posting them. > > > > Thank you > > > > > > > > ____________________________________________________________________ > > > > Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail > > > > > > > > ________________________________________________ > > > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > > > > > > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > -- > > > Deepak Saxena - deepak@csociety.purdue.edu > > > > > > I will not be pushed,filed,stamped,indexed,briefed,debriefed,or numbered! > > > My life is my own - No. 6 > > > > > > ________________________________________________ > > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > > > > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > ________________________________________________ > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > -- > Deepak Saxena - deepak@csociety.purdue.edu - phone://602.790.0500 > > "It is dangerous to confuse children with angels" - Magnolia > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >