Iris Lames wrote: > Now, my main focus for them not to sniff the database or for them to end > up fighting is to deny my users to change dir except thier home.
If this is the case, won't a umask 077 in /etc/profile and a default home directory ownership of 700 do the trick? Since they're ordinary users, they can't go into someone else's home directory and see their files. Since their umask is 077, the default permissions of files they make are 600, meaning that no one but them (and root) can read their files. They can't change to any home directory except their own or read any files made by the other uses on the system in this case. Hopefully only you have the root password and so are the only user who has any ability to go into someone else's home and read their files is you. Nobody but root can sniff their databases then! If they don't trust you either, well, teach them how to use GNU Privacy Guard and show them how they can use it to encrypt their files. Remember an important thing about GNU/Linux: it is not Windows 98, it has a reasonably flexible file access permissions system that you ought to familiarize yourself with if you don't already know all about how it works. It seems plenty flexible enough for your application, I think. Jailing the users with a restricted shell or a chroot strikes me as gratuitous overkill that may wind up making it harder for them to do what they are supposed to be doing in the first place. -- It is *so* convenient to have a system where everyone is a criminal. http://stormwyrm.blogspot.com/ _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
