Permissions advice needed.
malcolm.kay at internode.on.net
Tue Jan 9 05:02:44 UTC 2007
On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote:
> I have a curious problem.
> I need an executable file to be owned by a user's uid and gid
> so they can run it.
A user does not need to own a file to be able to run it. All they
need is execute permission. So what is the real problem?
> HOWEVER, I don't want them to be able to modify or delete the
> file and/or it's permissions. Another program will do that.
Deleting or creating a file requires write access in the
directory containg the file reference -- it has nothing to do
with the permissions on the file itself.
> This, under standard Unix permissions, is a tad difficult. :-)
> ACL's don't help here as the owner of a file has the ability
> to change permissions.
> I could set the immutable bit (Linux term for the schg flag)
> but the modifying program does not recognise this flag and
> will thus fail to modify the file.
> (I have no control over the modifying program).
> Any ideas?
> I don't want to go down the line of using BSD MAC but I'm
> starting to think I may have too just to be able to prevent
> the user from modifying ONE file! (I'm not even sure I could
> implement this using MAC anyway).
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions