SUMMARY: preventing users from setting 777 permissions

On Fri, 2004-01-16 at 04:03, I  wrote:

> Greetings,
> 
> I have a terrible problem with users who "chmod 777" their files 
> because... well they're lusers!
> 
> Is it possible on Solaris (anything from 2.6 to 9) to deny the "OTHER" 
> unix group from being set to full RWX permissions.
> 
> This includes files and directories in the user's home directories.
> 
> I have a umask 027 in /etc/default/login but that does not help.
> 
> Thank you,


Thanks to:

Tim Villa,
Rich Teer,
GertJan Hagenaars,
Kevin Buterbaugh,
Reggie Beavers,
Thomas M. Payerle,
Lewis, Orville M
Unix Guy @ a yahoo address
Johnson, Chad
Michael Jeffries (M)
Kugendran "Ted" Naidoo
Woogie Mahlangu III

The majority of the responses where about changing the chmod binary itself 
by either changing the permissions on the file itself or creating a wrapper.

Since it is my policy to keep the system as standard as possible this was 
not an option. Nevertheless sooner or later someone is gonna get "smart" and 
find a way around it. In any case most of the users need to use chmod for 
legitimate reasons.

The option of enforcing a company policy to discourage this implies
"policeing" the users with the threat of 
disciplinary action (not my style - better to gas the buggers - J.K. )

The option of using Role Based Access Control lists intrigued me 
and I've decided to go this way. Combined with a Java Enterprise System
controlling the show... life just got a whole lot more interesting.

Thank you all for your assistance.

Sugan Moodley
Sysadmin
ABSA Bank

______________________________________________

E-mail Disclaimer and Company Information

http://www.absa.co.za/ABSA/EMail_Disclaimer