locking down gnome.
der.hans
PLUGd@LuftHans.com
Thu, 23 Nov 2000 09:40:48 -0700 (MST)
Am 23. Nov, 2000 schwäzte der.hans so:
Note to self: Self, don't reply-to-self.
> Note: only dirs the user could write to would need chattrd, e.g. the top
> dirs and dirs gnome has to be able to write to.
Wrote that wrong.
The top dirs, e.g. .gnome and .gnome-desktop, and dirs in dirs that gnome,
e.g. the user, needs to be able to write to.
Say, for instance, that gnome writes session info in
.gnome/session/<pid>, where <pid> is the PID of the process using the
session file/pipe. If there were other dirs in .gnome/session, say
.gnome/session/gnumeric, then the user/gnome would need to be able to
write to the .gnome/session dir, so the .gnome/session/gnumeric dir would
need to have the immutable flag set to preven the user from mucking with
it.
I don't really use the immutable flag. Anyone got experiences to
share? Web pages with further info?
I would think it could be setup such that only .gnome and .gnome-desktop
need to have the immutable flag set and the rest can work via user and
group perms. Maybe need the sticky bit...
ciao,
der.hans
--
# der.hans@LuftHans.com home.pages.de/~lufthans/ www.Opnix.com
# When I work, I work hard. When I play, I play hard.
# When I sit, I sleep. - Embe Kugler