Permissions advice needed.
youshi10 at u.washington.edu
Tue Jan 9 05:32:15 UTC 2007
Malcolm Kay wrote:
> On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote:
>> I have a curious problem.
>> I need an executable file to be owned by a user's uid and gid
>> so they can run it.
> A user does not need to own a file to be able to run it. All they
> need is execute permission. So what is the real problem?
>> HOWEVER, I don't want them to be able to modify or delete the
>> file and/or it's permissions. Another program will do that.
> Deleting or creating a file requires write access in the
> directory containg the file reference -- it has nothing to do
> with the permissions on the file itself.
>> This, under standard Unix permissions, is a tad difficult. :-)
>> ACL's don't help here as the owner of a file has the ability
>> to change permissions.
>> I could set the immutable bit (Linux term for the schg flag)
>> but the modifying program does not recognise this flag and
>> will thus fail to modify the file.
>> (I have no control over the modifying program).
>> Any ideas?
>> I don't want to go down the line of using BSD MAC but I'm
>> starting to think I may have too just to be able to prevent
>> the user from modifying ONE file! (I'm not even sure I could
>> implement this using MAC anyway).
Make a specialized setuid script or program to do that, and set the
sticky bit appropriately if you don't want them to have direct access to
the file. Just make sure that others don't have access to the file.
Why does he need access to aliases though? For mail program purposes?
More information about the freebsd-questions