I don't believe you are providing any protection against editing the file, just deleting.
On Sun, Jun 9, 2019, 4:38 PM Markos <mar...@c2o.pro.br> wrote: > Many thanks to Luuk, Adrian, Graham, James, Simon, Richard and Peter, > > To guarantee "some" protection to the files containing the database I > decided to use the following strategy: > > I created, as root, the directory /home/reading_room > > And activated the "sticky bit" of the reading_room directory with the > command: > > chmod +t /home/reading_room/ > > And transferred, the files to the new directory with the following > access permissions: > > reading_room.tcl rwxr--r-x (owner markos) > > reading_room.db rw-r--rw- (owner markos) > > > This way other users can run the reading_room.tcl program but can't but > not edit it. > > And can't delete the files (.tcl or .db) > > Trying to protect against Murphy, but not Machiavelli. (As Richard said.) > > Thank you, > Markos > > Em 26-05-2019 23:33, Adrian Ho escreveu: > > On 27/5/19 12:43 AM, Luuk wrote: > >> On 26-5-2019 13:52, Adrian Ho wrote: > >>> On 26/5/19 7:49 AM, Markos wrote: > >>>> I made a program (reading_room.tcl), with Sqlite running on Debian 9, > >>>> to control the books of a reading room. > >>>> > >>>> I implemented an authentication system for common users and > >>>> administrator users in the reading_room.tcl program. > >>>> > >>>> Now I want that any user logged in the Linux be able to run the > >>>> program reading_room.tcl, which will access the database (books.db) > >>>> > >>>> But I want to protect the file books.db so that only the the program > >>>> reading_room.tcl can access the books.db file (to read or write). But > >>>> that no user could delete or write to the file books.db (only the > >>>> program reading_room.tcl) > >>> The standard Unix permissions/ACLs architecture doesn't support this > use > >>> case directly. > >> Can you give some more information on this, because it seems to work > >> as i excpect it to: > >> > >> Database is 'owned' by user 'luuk', trying to access via 'luuk2', both > >> users are in the group 'users': > >> > >> luuk2@opensuse1:/home/luuk/temp> whoami > >> luuk2 > >> luuk2@opensuse1:/home/luuk/temp> ls -l test.sqlite > >> -r--r--r-- 1 luuk users 8192 May 26 18:34 test.sqlite > >> luuk2@opensuse1:/home/luuk/temp> sqlite3 test.sqlite > >> SQLite version 3.28.0 2019-04-16 19:49:53 > >> Enter ".help" for usage hints. > >> sqlite> select * from test; > >> 1 > >> 2 > >> sqlite> insert into test values(3); > >> Error: attempt to write a readonly database > >> sqlite> .q > >> luuk2@opensuse1:/home/luuk/temp> > >> > > The OP wants *all users* to be able to update (write) the DB via the Tcl > > script reading_room.tcl, but *not* by (say) running the SQLite shell or > > something else. In your setup, as long as a specific user has write > > permissions, *every program* the user runs can write to the DB. > > _______________________________________________ > > sqlite-users mailing list > > sqlite-users@mailinglists.sqlite.org > > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
