Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Short version: Can you make a symlink read only? I mean the link itself, not the file to which it points.
Long version: I have about 100 users who all have a .login. They like to modify their .login, which is fine in most cases, but sometimes they do it wrong & it screws up a LOT of the things they are supposed to be doing. Because of this, I'm going to lock down all .logins & I thought, "wouldn't it be nice if we could modify one file & all users would get the modification?" So I'm currently testing having everyone's .login point to a central .login via symlink. It works fine, but it appears that the users can [re]move the link & replace it with a file, thus defeating the purpose.
The question, then, is: Can I lock down the symlink so the user cannot move or remove the link? FWIW, it must be a symbolic link (as opposed to a hard link) as the file it points to is on an NFS share (not the same file system).
The permissions of a file control whether the user can modify the contents of it. But whether a user can create, delete, or rename a file depends on the permissions of the directory it's in, not on the permissions of the file itself.
It can help to think of a directory as just another kind of file; one that keeps a list of all the other files that are "in" it. Only people who can modify the directory "file" can control what's in that directory.
Trying to change the file permissions of a symlink is pointless, because there are no contents to modify.
Last edited by David the H.; 02-02-2010 at 09:48 PM.
Reason: edited for clarity
What you can do if you want to be ruthless is setup the central .login (or just use /etc/profile) and as part of the login process, have it remove any local-to-user .log/.bash_profile etc before it hands over ctrl to the user.
Sorry for the delay in my response, but thanks for the comments.
I believe I'm going to make the default /etc/csh.chsrc or /etc/bash.bashrc point to the central file that sets up a "company sanctioned" environment & allow the users to go to town on their own ~/.login. This way, we can simply move the user's ~/.login out of the way if they do it wrong.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
