A Conundrum with permissions
Hey guys, I have a problem.
We're using OS X at our school and we wanted a way to lock each staff's home folder as a precaution in case someone releases a trojan that wipes out the home folder.
The simple fix in unix would be to set home's owner to an admin account and give the user read access. In fact in the terminal this works quite well against a simple 'rm -r' At least the intial directory structure would be spared.
The idea being at least this would force the offending application to ask for permission.
However, when the r/w permissions are given to our admin account and the user only has r, the user still has the ability to trash it without asking for permission.
Can anyone help?
We're using OS X at our school and we wanted a way to lock each staff's home folder as a precaution in case someone releases a trojan that wipes out the home folder.
The simple fix in unix would be to set home's owner to an admin account and give the user read access. In fact in the terminal this works quite well against a simple 'rm -r' At least the intial directory structure would be spared.
The idea being at least this would force the offending application to ask for permission.
However, when the r/w permissions are given to our admin account and the user only has r, the user still has the ability to trash it without asking for permission.
Can anyone help?
Comments
Also I believe OS X already separates users home folders. If one user were to run an unscrupulous script it would only wipe them out and leave every one else alone.
Originally posted by R_Peach
However, when the r/w permissions are given to our admin account and the user only has r, the user still has the ability to trash it without asking for permission.
If the user is a member of the group 'admin', then they have r/w permissions.
I know individual user's folder's are seperated and the OS is nicely protected, but that means nothing to our users.
All I want is to make sure that if something does try to modify the user's folder it has to ask permission. That's all. For whatever reason, OS X just bypasses the permission checks for me when I delete a test folder.
Originally posted by Kickaha
If the user is a member of the group 'admin', then they have r/w permissions.
I've looked and the test user isn't apart of the admin group. Get info shows the user is only allowed to read.
I forgot about how privilages effect the directory structure.
I was attempting to lock a test folder inside of a folder that the user had privilages to. I guess it didn't matter what the privilages were for the test folder since in the end the parent folder contained its information.
Sorry to bother everyone. I'll go back to lurking now.