Indeed,
pico users tend to forget the "-w".
I got tired of this myself; I decided to 'fix it for them.'
First, I cd over to their user directory; then I go ahead and:
vi .profile
Then, I add this line to their profile:
alias pico='pico -w'
Finally, I make sure I do:
chown root .profile
chmod 644 .profile
heheh. *evil grin* and we're done -- they can't modify their own .profile to change it, and it forces them to indeed use the -w flag. heh. =)
Ok, let me answer some of these replies, I suppose:
a) Yes, I could change /etc/profile, but in general I let people make their own choices. I didn't say I set their profile for them universally, nor that its a very common occourance. It's not meant as a security measure, it's meant as a reminder. The chmod 644, on the other hand, is a habit ;)
b) The idea is not necessarily to 'restrict' the user. Why would someone break (their own) files intentionally? That type of user loses their shell pretty quickly; no need for 'hard security' on that one. Further, our machines are not 'customer' machines, and are limited to use by employees. We dont provide shells to customers -- so I dont really have to be 'politically correct' in what I do as an admin. The point of it being, the only type of user I can think of that would break their files repeatedly would be someone who just doesn't know better. Rather than being a restriction, it's more of a 'reminder', or something that would help them a bit, by making the correct way the default. I -do- go by their desk and mention it when I do it, and I also go over proper pico usage (again), as well.
c) Chmod 644 doesn't 'hide' anything. They can easily view the file and see what changes were made. I usually include a comment line in the file, stating what I changed and why.
On some systems, I find it better to just leave the default 'vi' installed, and not install pico at all. A user who is comfortable with vi is more than likely more experienced and less likely to damage their stuff.