Permissions advice needed.

Malcolm Kay malcolm.kay at
Tue Jan 9 05:02:44 UTC 2007

On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote:
> I have a curious problem.
> I need an executable file to be owned by a user's uid and gid
> so they can run it.

A user does not need to own a file to be able to run it. All they 
need is execute permission. So what is the real problem?

> HOWEVER, I don't want them to be able to modify or delete the
> file and/or it's permissions. Another program will do that.

Deleting or creating a file requires write access in the 
directory containg the file reference -- it has nothing to do 
with the permissions on the file itself.


> This, under standard Unix permissions, is a tad difficult. :-)
> ACL's don't help here as the owner of a file has the ability
> to change permissions.
> I could set the immutable bit (Linux term for the schg flag)
> but the modifying program does not recognise this flag and
> will thus fail to modify the file.
> (I have no control over the modifying program).
> Any ideas?
> I don't want to go down the line of using BSD MAC but I'm
> starting to think I may have too just to be able to prevent
> the user from modifying ONE file! (I'm not even sure I could
> implement this using MAC anyway).
> Cheers,
> Brett.
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list