Hi
i was trying to change permissions of .profile on HP-UX ( HP-UX hpux1572 B.11.23 U ia64 ) so that user can not change it but irrespective of what permissions i give still user was able to make changes. so i made root:sys as owner & group still no change.
but if i remove permissions in AIX it works as expected.
why its not working on HP. any config setting ??
Is it the same user in AIX?
You know, when you fall on users that know a minimum of unix, it can be challenging for an admin... ( I had to rewrite the cp command once ten years ago...)
Not surprising. The user can change the permission of files hs owns (case 1)... and he can remove files -- also files owned by others -- from directories he owns, and replace them with others (case 2).
Perhaps you could make some changes to /etc/profile, as it may be it that sources .profile, and make ignore it unless it has the "right" owner and permissons?
Though what good it will do I don't know, as the user probably can start a new shell (within the existing shell) with whatever start-file he want.
An alternative would be specify a restricted shell that didn't read the user-profile at all, or perhaps specify (with options) that only the system-wide /etc/profile should be read.
Don't really understand what you hope to accomplish though, as most of the stuff set automatically by .profile can later be manually overidden with commands to the shell anyway (e.g. changing umask, limits and so on)...