03-05-2009
locking a users file as root
hello,
I have a challenge to find a way to lock down a file in a user's home directory, such that a user can NOT modify, rename, move, delete, etc. The solution needs to be deployable without, for example, having to switch from unix to windows, etc
We are using NFS. We want to lock the .xscreensaver in the user's home dir and not all the user to modify this file at all. I chmod the file to 700, owned by root:root but the user can go to his home dir and still do whatever he wants with this file because he is the owner of the parent directory.
Any ideas?
thanks for your help,
10 More Discussions You Might Find Interesting
1. AIX
At the office, we often have to edit one file with VI. We are 4-6 workers doing it and sometimes can be done at the same time.
We have found a problem and want to prevent it with a file lock. Is it possible and how ?
problem :
Worker-a starts edit VI session on File-A at 1PM
Worker-b... (14 Replies)
Discussion started by: Browser_ice
14 Replies
2. Solaris
Hello,
I'm working on a Solaris 9 machine. I found the root's environment variables (say, $PATH, $ORACLE_HOME, big problem) were set differently from the users'. All regular users use C shell now and share the same environment file stored in /usr/local/config/cshrc.default.
Should I just use... (4 Replies)
Discussion started by: alanlh
4 Replies
3. SCO
UnixWare 7, Release 7.1.3
We have a customer that has frequent issues with Non-Root users being unable to print. They are able to print w/o issues, but all of the sudden it stops working. The only workaround we have at this point is to reboot the server. It is happening weekly according to... (1 Reply)
Discussion started by: cfshd
1 Replies
4. Solaris
I would like to know how to prevent users connecting to a server using SSH as root.
I would still like them to be able to login with their username and then change to su.
But I would like to prevent them logging in directly as root.
I have searched the forum and read that I should set... (3 Replies)
Discussion started by: Sepia
3 Replies
5. UNIX for Dummies Questions & Answers
Hi everyone hope you can help me
i have 5 root users and the problem with that is how can you see
witch root user did what on the box how can you track the users that
played on the servers.
1) What commands they typed (in linux you get history )
2) From witch ip did they connect to the server (3 Replies)
Discussion started by: sucram
3 Replies
6. UNIX Desktop Questions & Answers
Hi there,
I'm working with a Linux server and now I can get a daily Logwatch mail ... my question is:since there are too many users with root password (...in my opinion... :mad:) how could I prevent to delete information about "su" log?
Thanks in advance,
GB (3 Replies)
Discussion started by: Giordano Bruno
3 Replies
7. Solaris
Hi,
we are running on Solaris 10 and I see that under
/usr/mail
-rw-rw---- 1 root mail 0 Nov 26 11:19 root
-rw------- 1 root mail 2 Nov 24 17:14 root.lock
-rw------- 1 root mail 2 Nov 27 09:26 root4_aGD6
-rw------- 1 root mail 2 Nov 27 09:26 rootHAaqyo
-rw------- 1 root mail 2 Nov 27 09:26... (6 Replies)
Discussion started by: manni2
6 Replies
8. Solaris
I'm using Solaris 10. I want to restrict users from executing this dangerous command.
rm -rf *
But they should be able to perform the below actions:
rm -rf *.*
rm -rf filename
rm -rf directory
Is it possible? If yes then pls let me know how to do it? (7 Replies)
Discussion started by: Arun_Linux
7 Replies
9. UNIX for Dummies Questions & Answers
Hi all,
I have a small problem. When I log in as root and try to switch to any other user using su -user, then it is giving an error saying libncurses.so permission denied. Can you help me?
Thank you in advance.
Sai. (1 Reply)
Discussion started by: sai2krishna
1 Replies
10. Shell Programming and Scripting
I need to list users in /etc/passwd with root's GID or UID or /root as home directory
If we have these entries in /etc/passwd
root:x:0:0:root:/root:/bin/bash
rootgooduser1:x:100:100::/home/gooduser1:/bin/bash
baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies
LEARN ABOUT DEBIAN
ykpamcfg
ykpamcfg(1) General Commands Manual ykpamcfg(1)
NAME
ykpamcfg - Manage user settings for the Yubico PAM module.
SYNOPSIS
ykpamcfg [-1 | -2] [-A] [-v] [-h]
OPTIONS
-1 use slot 1. This is the default.
-2 use slot 2.
-A action
choose action to perform. See ACTIONS below.
-v enable verbose mode.
ACTIONS
add_hmac_chalresp
The PAM module can utilize the HMAC-SHA1 Challenge-Response mode found in YubiKeys starting with version 2.2 for offline authentica-
tion. This action creates the initial state information with the C/R to be issued at the next logon.
The utility currently outputs the state information to a file in the current user's home directory (~/.yubico/challenge-123456 for a
YubiKey with serial number API readout enabled, and ~/.yubico/challenge for one without).
The PAM module supports a system wide directory for these state files (in case the user's home directories are encrypted), but in a
system wide directory, the 'challenge' part should be replaced with the username. Example : /var/yubico/challenges/alice-123456.
To use the system-wide mode, you currently have to move the generated state files manually and configure the PAM module accordingly.
EXAMPLE
First, program a YubiKey for challenge response on Slot 2 :
$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
...
Commit? (y/n) [n]: y
$
Now, set the current user to require this YubiKey for logon :
$ ykpamcfg -2 -v
...
Stored initial challenge and expected response in '/home/alice/.yubico/challenge-123456'.
$
Then, configure authentication with PAM for example like this (make a backup first) :
/etc/pam.d/common-auth (from Ubuntu 10.10) :
auth required pam_unix.so nullok_secure try_first_pass
auth [success=1 new_authtok_reqd=ok ignore=ignore default=die] pam_yubico.so mode=challenge-response
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_ecryptfs.so unwrap
BUGS
Report ykpamcfg bugs in the issue tracker <http://code.google.com/p/yubico-pam/issues/list>
SEE ALSO
The yubico-pam home page <http://code.google.com/p/yubico-pam/>
YubiKeys can be obtained from Yubico <http://www.yubico.com/>.
yubico-pam March 2011 ykpamcfg(1)