You only need write access to the directory to delete files (unless the
sticky bit is set). Make the dir writable by a group the shell script
runs as.
IMHO, this is very bad advice (at least unless you know much more
about the context of Marco's question).
Directory write access is very powerful. It does not only allow
to delete files, but also create new files, to change the ownership
of files (by copying them and deleting the original) und thus
ultimately to change the contents of all files in the directory.
On top of that, depending on the context, it might be a bad idea
to make the whole shell script SGID - this is a possible violation
of the principle of least privilege.
Yes you're right, I was just throwing an idea into the mix without
considering all the possible scenarios.
BTW, I wouldn't advocate SGID scripts, rather that the group of the user
running the script could be used. Though as you say this may still allow
far too much access.
Mike
