1
1
I'm not asking an obvious question here. I would like to elucidate with an example.
A user 'bob' is always executing 'chmod 777 /home/bob/impfiles' so that user 'alice' could make changes to the files in /home/bob/impfiles/ which is a insecure way of sharing files according to the company policies ( I just made this up). Now, as a root user, you disabled 'chmod' for user 'bob'. Smartypants alice tells bob, get the /bin/chmod from the Internet, and save it as /home/bob/bin/attribmod. Bob does it, and he runs "/home/bob/bin/attribmod 777 /home/bob/impfiles" giving access to everyone.
How do you think we can restrict 'bob' from executing chmod with another name?
Thanks!
rajadhiraja
Posted 2014-09-18T22:02:41.953
Reputation: 11
The answer isn't to block chmod, it's to prevent "bob" from having permissions to modify in the first place . . . if "bob" has the appropriate access to the files, then he should be able to do whatever he wants to do to them. – ernie – 2014-09-18T22:08:16.510
I understand they are his files, but I don't want him to let other people to read/write. When he loses his impfiles directory, he can be a real crybaby. ( Assume, bob has a mentality of 5 year old ) – rajadhiraja – 2014-09-18T22:15:11.277
Here is an answer that should lead you down the right path. – Archangel33 – 2014-09-18T22:48:33.753