2 questions about security ( chmod and LDAP )

[billy_boy]

Hello everyone, im securing few servers, and in all of them, i need create the user, modify her password at first time, modify a special bashrc to users and developers and that is very cumbersome do it in each servers. Could this be config via a LDAP server and each user use that config in the rest of the host??

2º Question, what does this permisson means ?

-rwxr--r-T 1 root root 270 Oct 29 11:01 file

especially the big T

Regards!!

[mrjohnson]

Hello,

I would usually put stuff like that in /etc/bash.bashrc. Users and developers would probably have different permissions, so to do specific things for those groups, you can test who's a member of a supplementary group.

Actually, check this out:

Code:

case " $(groups) " in *\ developer\ *)
        echo "dev!"
        ;;
    *\ user\ *)
        echo "user!"
        ;;
esac

Then you don't need a special .bashrc for each user...

The T permission is the sticky bit.
File system permissions - Wikipedia, the free encyclopedia

I don't think it does anything for a non-executable file...

[matonb]

To make a user change thier password on first login you can "expire" the password with chage

Code:

chage -d0 <username>

Your users will get something like this the first time they login:

Code:

login as: auser
auser@###'s password:
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user auser.
Changing password for auser
(current) UNIX password: