Malcolm Kay wrote:
On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote:
I have a curious problem.

I need an executable file to be owned by a user's uid and gid
so they can run it.

A user does not need to own a file to be able to run it. All they need is execute permission. So what is the real problem?

HOWEVER, I don't want them to be able to modify or delete the
file and/or it's permissions. Another program will do that.

Deleting or creating a file requires write access in the directory containg the file reference -- it has nothing to do with the permissions on the file itself.


This, under standard Unix permissions, is a tad difficult. :-)

ACL's don't help here as the owner of a file has the ability
to change permissions.

I could set the immutable bit (Linux term for the schg flag)
but the modifying program does not recognise this flag and
will thus fail to modify the file.
(I have no control over the modifying program).

Any ideas?

I don't want to go down the line of using BSD MAC but I'm
starting to think I may have too just to be able to prevent
the user from modifying ONE file! (I'm not even sure I could
implement this using MAC anyway).

Make a specialized setuid script or program to do that, and set the sticky bit appropriately if you don't want them to have direct access to the file. Just make sure that others don't have access to the file.

Why does he need access to aliases though? For mail program purposes?
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to