Thanks to all who replied. I'm resuming what I wanted to achieve: 'rodolfo' is a normal user, but Rodolfo (me) is also the superuser, whereas say, 'alberto' is only a normal user. Then I wish to adopt for alberto a security level 4, i.e. alberto should not be able to see the '/' directory nor its subdirs (although he should be able to see and use the /mnt dir), and for rodolfo a security level 2, i.e. he should be able to see (but *not* to modify) the '/' dir and its subdirs. Now, the command 'chmod' as far as I know cannot diversify different permissions to different users: if I do, e.g., 'chmod -r /', this will prevent *all* users (not only alberto) to read the '/' directory. Even if I do 'chmod u-r /' or 'chmod g-r /' or 'chmod o-r /' the problem remains.
That's what I tried to do to work the problem out: Security level: 2 (standard). I made the user rodolfo a member of the 'root' group in addition to 'rodolfo' group, just with: # usermod -g rodolfo -G root rodolfo ; then I adjusted the permissions of the '/' dir and its subdirs trying to keep level 2 philosophy: so that the user rodolfo (now a member of the root group) could read but not write those directories except for the /mnt dir, and that the other users could not even read those directories (except for /mnt, again). I obtained the following output of 'ls -l /' [EMAIL PROTECTED] rodolfo]$ ls -l / total 52 drwxr-x--x 2 root root 4096 Dec 17 16:05 bin/ drwxr-x--x 3 root root 4096 Dec 20 11:41 boot/ drwxr-x--x 17 root root 3800 Dec 20 11:41 dev/ drwxr-x--x 71 root root 4096 Dec 20 11:40 etc/ drwxr-x--x 4 root root 4096 Dec 18 18:53 home/ drwxr-x--x 2 root root 4096 Dec 17 16:31 initrd/ drwxr-x--x 11 root root 4096 Dec 17 16:13 lib/ drwxr-xr-x 7 root root 4096 Dec 18 11:48 mnt/ drwxr-x--x 2 root root 4096 Jan 5 2004 opt/ dr-xr-x--x 77 root root 0 Dec 20 11:40 proc/ drwx------ 11 root root 4096 Dec 19 20:16 root/ drwxr-x--x 2 root root 4096 Dec 17 15:59 sbin/ drwxr-x--x 9 root root 0 Dec 20 11:40 sys/ drwxrwxrwt 11 root root 4096 Dec 20 11:41 tmp/ drwxr-x--x 12 root root 4096 Dec 17 16:07 usr/ drwxr-x--x 17 root root 4096 Dec 17 15:59 var/ . It seems to me (but I might be wrong) that such a solution would be quite secure: as we see from the above output, the user rodolfo as a member of the root group has no more privileges than he normally has with a sec level 2, in the sense that he cannot see the /root directory and he can only read the other '/' subdirs; the other users cannot even see the '/' subdirs, just as I wanted (/tmp though must be accessible to start kde). There's only one problem: these changes are not permanent: in fact, after rebooting the system I get a different output to 'ls-l /': [EMAIL PROTECTED] rodolfo]$ ls -l / total 52 drwxr-x--x 2 root root 4096 Dec 17 16:05 bin/ drwxr-x--x 3 root root 4096 Dec 20 11:57 boot/ drwxr-xr-x 17 root root 3800 Dec 20 11:57 dev/ drwxr-x--x 71 root root 4096 Dec 20 11:57 etc/ drwxr-x--x 4 root root 4096 Dec 18 18:53 home/ drwxr-x--x 2 root root 4096 Dec 17 16:31 initrd/ drwxr-x--x 11 root root 4096 Dec 17 16:13 lib/ drwxr-xr-x 7 root root 4096 Dec 18 11:48 mnt/ drwxr-x--x 2 root root 4096 Jan 5 2004 opt/ dr-xr-xr-x 78 root root 0 Dec 20 11:56 proc/ drwx------ 11 root root 4096 Dec 19 20:16 root/ drwxr-x--x 2 root root 4096 Dec 17 15:59 sbin/ drwxr-xr-x 9 root root 0 Dec 20 11:56 sys/ drwxrwxrwt 11 root root 4096 Dec 20 11:58 tmp/ drwxr-x--x 12 root root 4096 Dec 17 16:07 usr/ drwxr-x--x 17 root root 4096 Dec 17 15:59 var/ . The /dev, /proc and /sys dirs have turned back to be readable by other users, what I don't want. Any other hints will be appreciated. Thanks, Rodolfo ____________________________________________________________ Regala e regalati Libero ADSL: 3 mesi gratis e navighi veloce. 1.2 Mega di musica, film, video e sport. Abbonati subito senza costi di attivazione su http://www.libero.it
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________