file permission

[anukus]

Hi,
currently i need to restrict users' edit access to their own .profile and prevent others from reading. Chmod to 400 will not do the trick as owner himself can change the file permission. And changing the ownership, i will have to set the world to read, letting others to view. ={

Like to know if there are better solutions? Thanks for any suggestions.

 

[tikual]

You may do like these:
First, change user's home directory to be drwx------.
Second, change owner of .profile to be root and the mode is 444.

tikual

 

[anukus]

Hi,
Thanks for the suggestion. The users home directory need to be set 755 as they need to allow external programs for execution and output files in some of their sub-directories

 

[tikual]

Actually no method to restrict users to edit their .profile. Although they can't edit or not own the file. But they still have right to remove it and re-create it again. Because the home directories owner are them! I think that you can use /etc/profile to control all users rather than allow they have their own copies. Add a condition in /etc/profile to remove the user's .profile after login.

tikual