On Feb 07, Nicol?s Lichtmaier wrote: > > > Argh, egg on face: linux lets the owner of a file modify it even if it > > > is mode 444 and in a directory they do not own. Yuck! Is this standard > > > unix semantics? It sucks. > > Even worse: IIRC the owner of a file can chmod it to his or her > > heart's content, and this is standard Unix semantics. It could be > > mode 000 for all Linux cares. > > A better design would have been having the file to have a second UID/GID. > > So, a file could be owned by root, but setuid man.
If you can somehow map capabilities (like the ability to listen on a low port) to groups in a fine-grained enough way, the setgid mechanism would work fine for this. Of course, by then you're going far enough beyond portability that it's probably just better to implement ACLs or something. Then again, if the software can run as a non-root user and be suid to that user, I can't think of any good reason why it couldn't just be sgid to some group without any users in it instead. Maybe I'm not thinking hard enough though :) Chris -- Chris Lawrence <[EMAIL PROTECTED]> - http://www.lordsutch.com/chris/ Computer Systems Manager (Physics & Astronomy, 125 Lewis, 662-915-5765) Instructor, POL 101 (Political Science, 208 Deupree, 662-915-5949)
