A Conundrum with permissions

Posted:
in General Discussion edited January 2014
Hey guys, I have a problem.

We're using OS X at our school and we wanted a way to lock each staff's home folder as a precaution in case someone releases a trojan that wipes out the home folder.

The simple fix in unix would be to set home's owner to an admin account and give the user read access. In fact in the terminal this works quite well against a simple 'rm -r' At least the intial directory structure would be spared.

The idea being at least this would force the offending application to ask for permission.

However, when the r/w permissions are given to our admin account and the user only has r, the user still has the ability to trash it without asking for permission.



Can anyone help?

Comments

  • Reply 1 of 5
    I have a question for you. What good is a home folder if the user can't write to it?



    Also I believe OS X already separates users home folders. If one user were to run an unscrupulous script it would only wipe them out and leave every one else alone.
  • Reply 2 of 5
    kickahakickaha Posts: 8,760member
    Quote:

    Originally posted by R_Peach

    However, when the r/w permissions are given to our admin account and the user only has r, the user still has the ability to trash it without asking for permission.



    If the user is a member of the group 'admin', then they have r/w permissions.
  • Reply 3 of 5
    r_peachr_peach Posts: 12member
    Alright, so I screwed up the terminology. When I said Home Folder, I meant just the top level folder that bears the user's name. This would sacrifice the ability to create new folders in only that top level directory with benefit or protecting the ones already there.

    I know individual user's folder's are seperated and the OS is nicely protected, but that means nothing to our users.

    All I want is to make sure that if something does try to modify the user's folder it has to ask permission. That's all. For whatever reason, OS X just bypasses the permission checks for me when I delete a test folder.
  • Reply 4 of 5
    r_peachr_peach Posts: 12member
    Quote:

    Originally posted by Kickaha

    If the user is a member of the group 'admin', then they have r/w permissions.



    I've looked and the test user isn't apart of the admin group. Get info shows the user is only allowed to read.
  • Reply 5 of 5
    r_peachr_peach Posts: 12member
    heh. looks like I solved my own problem.

    I forgot about how privilages effect the directory structure.

    I was attempting to lock a test folder inside of a folder that the user had privilages to. I guess it didn't matter what the privilages were for the test folder since in the end the parent folder contained its information.

    Sorry to bother everyone. I'll go back to lurking now.
Sign In or Register to comment.