Permissions advice needed.
malcolm.kay at internode.on.net
Tue Jan 9 05:52:54 UTC 2007
On Tue, 9 Jan 2007 04:02 pm, Garrett Cooper wrote:
> Malcolm Kay wrote:
> > On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote:
> >> I have a curious problem.
> >> I need an executable file to be owned by a user's uid and
> >> gid so they can run it.
> > A user does not need to own a file to be able to run it. All
> > they need is execute permission. So what is the real
> > problem?
> >> HOWEVER, I don't want them to be able to modify or delete
> >> the file and/or it's permissions. Another program will do
> >> that.
> > Deleting or creating a file requires write access in the
> > directory containg the file reference -- it has nothing to
> > do with the permissions on the file itself.
> > Malcolm
> >> This, under standard Unix permissions, is a tad difficult.
> >> :-)
> >> ACL's don't help here as the owner of a file has the
> >> ability to change permissions.
> >> I could set the immutable bit (Linux term for the schg
> >> flag) but the modifying program does not recognise this
> >> flag and will thus fail to modify the file.
> >> (I have no control over the modifying program).
> >> Any ideas?
> >> I don't want to go down the line of using BSD MAC but I'm
> >> starting to think I may have too just to be able to prevent
> >> the user from modifying ONE file! (I'm not even sure I
> >> could implement this using MAC anyway).
> >> Cheers,
> >> Brett.
> Make a specialized setuid script or program to do that, and
> set the sticky bit appropriately if you don't want them to
> have direct access to the file. Just make sure that others
> don't have access to the file.
> Why does he need access to aliases though? For mail program
> purposes? -Garrett
I think you may have mixed up two threads with very similar
subject lines. I see no reference to aliases in this thread.
(Confusing isn't it)
More information about the freebsd-questions