locking down the desktop
Gavin McCullagh
gmccullagh at gmail.com
Mon Jan 21 15:07:16 GMT 2008
Hi,
On Mon, 21 Jan 2008, Ismael Farfán Estrada wrote:
> Hi, I'm thinking on doing the same,
> I plan to change the owner of the desktop folder to root
> and put it to read only
>
> chown root /home/*/Desktop
> chmod 111 /home/*/Desktop
> (111 readonly?)
111 is execute only. 444 is read-only. You'll want 555 (r-x) though so
the user can traverse the directory and read it.
> > This is something they could undo, but I'm guessing you're just trying to
> > keep things tidy. If it's a security issue (?)
>
> If root is the owner, they can't "undo" anything
If ~user/Desktop is owned by root and ~user is owned by user, user can
delete the Desktop folder and recreate it with their own ownership.
This is because user has ownership of the parent directory.
gavin at chris:~ $ sudo mkdir tmp1
gavin at chris:~ $ ls -la tmp1/
total 8
drwxr-xr-x 2 root root 4096 2008-01-21 15:12 .
drwxr-xr-x 55 gavin gavin 4096 2008-01-21 15:12 ..
gavin at chris:~ $ rmdir tmp1
gavin at chris:~ $ ls -la tmp1/
ls: tmp1/: No such file or directory
You could make the home directory owned by root, but that would probably
break a host of other things.
Gavin
More information about the edubuntu-users
mailing list