If you environment is sufficiently non-hostile that you don't worry about the
other users doing nasty things to you, then why don't you just give everybody
the root password?
>If you run an ISP with shell accounts, and you're concerned about
>users fouling up others' quotas, set up a simple shell script:
> foreach user
> find ~user ! -user $user -exec rm -f {} \;
That's a good enough solution for now.
>Maybe even a mount option to prevent non-owner linking to inodes would
>be acceptable (although I'm not convinced the "problem" is serious
>enough to merit this). But the proposal I've been hearing is basically
>a forced change for everyone, and that's not on.
I missed the start of this thread so I don't know what the original proposal
was. But if there was a mount option to disallow linking a file you can't
write, I'd use it. Sooner or later a "go through the system and link
everything" script will show up on a scriptkidddie site and then it will be a
real problem for people using quotas.
But the fact that we don't have a working revoke() is the more important
problem. Forget local attacks. What about telnet to port 80, type GET
/~user/bigassgif.gif, and hit ^]^Z so the transfer will never finish? rm
needs some teeth for such situations.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/