locking down gnome.

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM.Mder.hans at <-
MMMder.hans at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: der.hansPLUGd@LuftHans.com
Date:  
Subject: locking down gnome.
Am 22. Nov, 2000 schwäzte Deepak Saxena so:

> not if you change user:group of .gnome and .gnome-desktop to someone
> else and than chmod 755 on it. the user can't delete it or move it
> since he doesn't own it.

If it's in a dir I own I can move it, including rm it. dir perms allow me
to use mv and rm even though I can't actually change the file. ( see
below, however, for earth-shaking, breaking news ;-) 

lufthans@LuftHans:~/tmp/fred$ mkdir .gnome
lufthans@LuftHans:~/tmp/fred$ ls -ld .gnome/
drwxr-sr-x    2 lufthans lufthans     4096 Nov 23 07:19 .gnome/
lufthans@LuftHans:~/tmp/fred$ 


LuftHans:/home/lufthans/tmp/fred# chown root.root .gnome/
LuftHans:/home/lufthans/tmp/fred# chmod 755 .gnome/
LuftHans:/home/lufthans/tmp/fred# ls -ld .gnome/
drwxr-xr-x    2 root     root         4096 Nov 23 07:19 .gnome/
LuftHans:/home/lufthans/tmp/fred# 


lufthans@LuftHans:~/tmp/fred$ ls -ld .gnome/
drwxr-xr-x    2 root     root         4096 Nov 23 07:19 .gnome/
lufthans@LuftHans:~/tmp/fred$ mv .gnome .dwarf
lufthans@LuftHans:~/tmp/fred$ ls -la
total 12
drwxr-sr-x    3 lufthans lufthans     4096 Nov 23 07:20 .
drwxr-sr-x    3 lufthans lufthans     4096 Nov 23 07:16 ..
drwxr-xr-x    2 root     root         4096 Nov 23 07:19 .dwarf
lufthans@LuftHans:~/tmp/fred$ rm -rf .dwarf/
lufthans@LuftHans:~/tmp/fred$ id
uid=2112(lufthans) gid=2112(lufthans) groups=2112(lufthans),24(cdrom),29(audio)
lufthans@LuftHans:~/tmp/fred$


Ah, but there is a way to make it stick :). This might be be a bit
extreme, but the immutable flag will protect things. 

lufthans@LuftHans:~/tmp/fred$ mkdir .gnome
lufthans@LuftHans:~/tmp/fred$ ls -ld .gnome/
drwxr-sr-x    2 lufthans lufthans     4096 Nov 23 07:28 .gnome/
lufthans@LuftHans:~/tmp/fred$ 


LuftHans:/home/lufthans/tmp/fred# chown root.root .gnome/
LuftHans:/home/lufthans/tmp/fred# chmod 755 .gnome/
LuftHans:/home/lufthans/tmp/fred# chattr +i .gnome/
LuftHans:/home/lufthans/tmp/fred# ls -ld .gnome/
drwxr-xr-x    2 root     root         4096 Nov 23 07:28 .gnome/
LuftHans:/home/lufthans/tmp/fred# 


lufthans@LuftHans:~/tmp/fred$ ls -ld .gnome/
drwxr-xr-x    2 root     root         4096 Nov 23 07:28 .gnome/
lufthans@LuftHans:~/tmp/fred$ mv .gnome/ .dwarf
mv: cannot remove directory `.gnome/': Operation not permitted
mv: cannot remove `.gnome/': Operation not permitted
lufthans@LuftHans:~/tmp/fred$ rm -rf .gnome/
rm: cannot remove directory `.gnome': Operation not permitted
lufthans@LuftHans:~/tmp/fred$


Note: only dirs the user could write to would need chattrd, e.g. the top
dirs and dirs gnome has to be able to write to.

ciao,

der.hans
--
# home.pages.de/~lufthans/ www.Opnix.com
# It's up to the reader to make the book interesting.
# An author has only the opportunity to make it uninteresting. - der.hans





This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-locking down gnome.locking down gnome.->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)