If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):
From: johnd@sco.COM (John DuBois) Subject: Re: Creating user with major restrictions Date: 12 Feb 2001 21:07:21 GMT References: <slXh6.561$_O.16972@insync> In article <slXh6.561$_O.16972@insync>, Chris lamb <email@example.com> wrote: +I would like to set up a user within SCO OpenServer 5.0.5 with read-only +permissions anywhere they go on the server. Is this possible, even if misc. +files on the box have 'other' writeable permissions? I just want the user to +be able to view data and change directories, but do nothing else. So far, I +haven't had any luck and was hoping someone could help.
Only for extremely restricted purposes. The closest you could come to this would be to set the user's ulimit to 0. That controls the maximum offset in a regular file that a process owned by the user is allowed to write at. They would still be able to write to device nodes and pipes - fortunately, else the login wouldn't be much use (not being able to write to their tty, for example). But, this is liable to cause lots of problems. Various applications like to write to logfiles and such, and any spawned processes inherit the user's ulimit (regardless of whether they run under under a different uid or not), so if they don't change it (and most don't), they won't be able to write to their logfiles/etc. Depending on what your actual application is, you might want to experiment with it. Note that the default action upon receiving SIGXFSZ (attempt to write beyond ulimit) is to dump core. The interface that the Bourne shell (/bin/sh) uses to set the ulimit also sets the corefile limit to 0, so (under 5.0.5) you won't get corefiles (under certain earlier releases you'll get a 0-length corefile). If the user uses the Korn shell (ksh) or various other shells, a different interface is used that sets only the filesize limit - but the reason is that these shells also let you set the corefile limit. If the user uses one of these shells, be sure to set the corefile limit to 0 else you are liable to end up with corefiles littered about. John -- John DuBois firstname.lastname@example.org KC6QKZ/AE I wish to God these calculations had been executed by steam. - Charles Babbage
Got something to add? Send me email.
If you don't know anything about computers, just remember that they are machines that do exactly what you tell them but often surprise you in the result. (Richard Dawkins)