Date: Wed, 24 Feb 1999 23:32:45 -0600 From: Jon Hamilton <hamilton@pobox.com> To: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl> Cc: Johnny Matthews <jmatthew@greenville.edu>, freebsd-questions@FreeBSD.ORG Subject: Re: your mail Message-ID: <19990225053245.E1D7346381@pobox.com> In-Reply-To: Your message of "Wed, 24 Feb 1999 17:49:20 %2B0100." <XFMail.990224174920.asmodai@wxs.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <XFMail.990224174920.asmodai@wxs.nl>, Jeroen Ruigrok/Asmodai wrote: } On 23-Feb-99 Johnny Matthews wrote: } > How can I restrict my users from changing their finger information? } } Only thing could be to chmod the .plan file to a user that they cannot su } to (if they can su at all). } } Because if the file remains chmod to their UID then they can chmod it back } to rwx------ themselves and thus edit it. Won't do any good unless the user doesn't own their own home directory. Regardless of the owner of the file, if the user can write to the directory which contains it, he can delete the file (and then recreate it with whatever contents he likes). I don't think that's the question that was asked anyway; it sounds more like the original poster wanted to know how to disable chfn. The answer is not as straightforward as it might seem; disabling /usr/bin/chfn will get you only part way there, because all the ch* binaries (chsh, chfn, chpass, ypch*) are really the same binary, and behave differently depending on argv[0]. If you remove /usr/bin/chfn but leave /usr/bin/chsh, the user can do this: $ cd /tmp $ ln -s /usr/bin/chsh chfn $ ./chfn and still change their finger info. -- Jon Hamilton hamilton@pobox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990225053245.E1D7346381>