From owner-freebsd-questions Wed Dec 23 08:14:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA04380 for freebsd-questions-outgoing; Wed, 23 Dec 1998 08:14:42 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA04375 for ; Wed, 23 Dec 1998 08:14:40 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id RAA48994; Wed, 23 Dec 1998 17:14:29 +0100 (CET) (envelope-from des) To: Karl Pielorz Cc: "Bond, Jeffery" , "'cjclark@home.com'" , "'questions@freebsd.org'" Subject: Re: Basic Security Question References: <084DD226F592D211988800A024AC583B02B789@exchange.nectech.co.uk> <367FD13F.1F19C977@tdx.co.uk> From: Dag-Erling Smorgrav Date: 23 Dec 1998 17:14:28 +0100 In-Reply-To: Karl Pielorz's message of "Tue, 22 Dec 1998 17:05:03 +0000" Message-ID: Lines: 17 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Karl Pielorz writes: > We had a similar problem with our FTP server, users 'owned' their own home > directory (which seemed fairly sensible), and as a courtesy we'd put a > 'readme.txt' file in each of their home directories, owned by root... > > We quickly noticed how the users could rename (i.e. mv) the file around > though, and 'ye olde readme.txt started ending up as '.rhosts' + others very > rapidly (fortunately they couldn't change it's contents)... The file belongs to root, but the directory it's listed in belongs to the user, so the user can rename it, delete it etc. because these operations boil down to modifying the contents of the directory, not modifying the file. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message