Date: 23 Dec 1998 17:14:28 +0100 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: "Bond, Jeffery" <Jeff.Bond@nectech.co.uk>, "'cjclark@home.com'" <cjclark@home.com>, "'questions@freebsd.org'" <questions@FreeBSD.ORG> Subject: Re: Basic Security Question Message-ID: <xzpww3ivnrv.fsf@flood.ping.uio.no> In-Reply-To: Karl Pielorz's message of "Tue, 22 Dec 1998 17:05:03 %2B0000" References: <084DD226F592D211988800A024AC583B02B789@exchange.nectech.co.uk> <367FD13F.1F19C977@tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Karl Pielorz <kpielorz@tdx.co.uk> writes: > We had a similar problem with our FTP server, users 'owned' their own home > directory (which seemed fairly sensible), and as a courtesy we'd put a > 'readme.txt' file in each of their home directories, owned by root... > > We quickly noticed how the users could rename (i.e. mv) the file around > though, and 'ye olde readme.txt started ending up as '.rhosts' + others very > rapidly (fortunately they couldn't change it's contents)... The file belongs to root, but the directory it's listed in belongs to the user, so the user can rename it, delete it etc. because these operations boil down to modifying the contents of the directory, not modifying the file. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpww3ivnrv.fsf>