Malcolm Kay wrote:
On Tue, 9 Jan 2007 06:13 am, Brett Davidson wrote:
I have a curious problem.
I need an executable file to be owned by a user's uid and gid
so they can run it.
A user does not need to own a file to be able to run it. All they
need is execute permission. So what is the real problem?
HOWEVER, I don't want them to be able to modify or delete the
file and/or it's permissions. Another program will do that.
Deleting or creating a file requires write access in the
directory containg the file reference -- it has nothing to do
with the permissions on the file itself.
Malcolm
This, under standard Unix permissions, is a tad difficult. :-)
ACL's don't help here as the owner of a file has the ability
to change permissions.
I could set the immutable bit (Linux term for the schg flag)
but the modifying program does not recognise this flag and
will thus fail to modify the file.
(I have no control over the modifying program).
Any ideas?
I don't want to go down the line of using BSD MAC but I'm
starting to think I may have too just to be able to prevent
the user from modifying ONE file! (I'm not even sure I could
implement this using MAC anyway).
Cheers,
Brett.
Make a specialized setuid script or program to do that, and set the
sticky bit appropriately if you don't want them to have direct access to
the file. Just make sure that others don't have access to the file.
Why does he need access to aliases though? For mail program purposes?
-Garrett
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
