Permissions advice needed.
Brett Davidson
brett at net24.co.nz
Tue Jan 9 19:55:41 UTC 2007
Unfortunately, as I expounded to Malcolm Lay, in this application (a
shared-hosting webserver) suexec is being used which does not traverse
symbolic links. :-(
MAC_BSDEXTENDED in Bsd6.2 solves the problem very nicely.
Cheers,
Brett.
________________________________
From: George Vanev [mailto:george.vanev at gmail.com]
Sent: Tuesday, 9 January 2007 7:42 p.m.
To: Brett Davidson
Subject: Re: Permissions advice needed.
Brett,
Why don't you make a symbolic link to that file.
You may set read, write and execute permissions if you wish... doesn't
matter.
The users will be able to run your executable via the link,
but they won't be able to modify it.
On 1/8/07, Brett Davidson <brett at net24.co.nz> wrote:
I have a curious problem.
I need an executable file to be owned by a user's uid and gid so
they
can run it.
HOWEVER, I don't want them to be able to modify or delete the
file
and/or it's permissions. Another program will do that.
This, under standard Unix permissions, is a tad difficult. :-)
ACL's don't help here as the owner of a file has the ability to
change
permissions.
I could set the immutable bit (Linux term for the schg flag) but
the
modifying program does not recognise this flag and will thus
fail to
modify the file.
(I have no control over the modifying program).
Any ideas?
I don't want to go down the line of using BSD MAC but I'm
starting to
think I may have too just to be able to prevent the user from
modifying
ONE file! (I'm not even sure I could implement this using MAC
anyway).
Cheers,
Brett.
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
freebsd-questions-unsubscribe at freebsd.org
<mailto:freebsd-questions-unsubscribe at freebsd.org> "
--
George Vanev
More information about the freebsd-questions
mailing list