locking down gnome.

der.hans PLUGd@LuftHans.com
Thu, 23 Nov 2000 09:40:48 -0700 (MST)


Am 23. Nov, 2000 schwäzte der.hans so:

Note to self: Self, don't reply-to-self.

> Note: only dirs the user could write to would need chattrd, e.g. the top
> dirs and dirs gnome has to be able to write to.

Wrote that wrong.

The top dirs, e.g. .gnome and .gnome-desktop, and dirs in dirs that gnome,
e.g. the user, needs to be able to write to.

Say, for instance, that gnome writes session info in
.gnome/session/<pid>, where <pid> is the PID of the process using the
session file/pipe. If there were other dirs in .gnome/session, say
.gnome/session/gnumeric, then the user/gnome would need to be able to
write to the .gnome/session dir, so the .gnome/session/gnumeric dir would
need to have the immutable flag set to preven the user from mucking with
it.

I don't really use the immutable flag. Anyone got experiences to
share? Web pages with further info?

I would think it could be setup such that only .gnome and .gnome-desktop
need to have the immutable flag set and the rest can work via user and
group perms. Maybe need the sticky bit...

ciao,

der.hans
-- 
#  der.hans@LuftHans.com   home.pages.de/~lufthans/   www.Opnix.com
#  When I work, I work hard. When I play, I play hard.
#  When I sit, I sleep. - Embe Kugler