On Monday, September 22, 2003, at 08:02 PM, Nicholas Thornton wrote:
So I've been put in charge of setting up and maintaining our department's new dispatch/switchboard computer. In trying to keep it clean and in order, I was hoping, if possible, to be able to give users read/write access to information in files themselves, but to block them from renaming the files or moving them.
I tried giving r-x access to a folder and rwx access to the file inside. This lets them open the file and prohibits them from moving/renaming it, but prohibits them from saving any changes (because they can't write to the folder).
It shouldn't prohibit them from making changes, unless the editing tools they're using are trying to overwrite the entire file (or create a temporary file then replace the original) rather than just modifying it.
Here's an experiment I tried - notice that I was able to edit the file:
---------------------------- % ls -al total 8 dr-xr-xr-x 3 ken staff 102 Sep 23 09:13 ./ drwxr-xr-x 208 ken staff 7072 Sep 23 09:13 ../ -rw-r--r-- 1 ken staff 8 Sep 23 09:13 file % cat file content % emacs file % cat file content more content ----------------------------
If this kind of thing doesn't seem workable for your situation, I can think of two alternatives:
1) Keep the information in a relational database, where you can specify the privileges in a more fine-grained and appropriate manner
2) Write a suid script to handle the required modifications
-Ken
