You are preventing Group users from eXecuting your script by removing the
x. I think you wanted chmod 755 reading_room.tcl
Same for the db file where users of the same Group are not allowed to
Write.
Finally, I think locking may be a problem: users will run the script, which
will create journal
I don't believe you are providing any protection against editing the file,
just deleting.
On Sun, Jun 9, 2019, 4:38 PM Markos wrote:
> Many thanks to Luuk, Adrian, Graham, James, Simon, Richard and Peter,
>
> To guarantee "some" protection to the files containing the database I
> decided to use
Many thanks to Luuk, Adrian, Graham, James, Simon, Richard and Peter,
To guarantee "some" protection to the files containing the database I
decided to use the following strategy:
I created, as root, the directory /home/reading_room
And activated the "sticky bit" of the reading_room directory
This is what the UNIX group ID and the set-group-id capability is for.
You make the files readable (or read and write) by a group (mode 640 or
660).
You make the program that controls access to the files set-group-id to that
group.
You may need a small "C" wrapper program to run the script
On 5/27/19 9:16 AM, Simon Slavin wrote:
> On 27 May 2019, at 3:33am, Adrian Ho wrote:
>
>> The OP wants *all users* to be able to update (write) the DB via the Tcl
>> script reading_room.tcl, but *not* by (say) running the SQLite shell or
>> something else. In your setup, as long as a specific
On 27 May 2019, at 3:33am, Adrian Ho wrote:
> The OP wants *all users* to be able to update (write) the DB via the Tcl
> script reading_room.tcl, but *not* by (say) running the SQLite shell or
> something else. In your setup, as long as a specific user has write
> permissions, *every program*
On 27/5/19 4:51 AM, James K. Lowden wrote:
> On Sun, 26 May 2019 19:52:29 +0800
> Adrian Ho wrote:
>
>> Finally, create a "reading_room" script that your users will run:
>>
>> #!/usr/bin/env bash
>>
>> sudo -u reading_room /path/to/reading_room.tcl
> This script is more efficient and portable:
>
On 26/5/19 9:10 PM, Graham Holden wrote:
> You should probably also make sure that users cannot alter the tcl
> file through which they access the database file; probably something
> like:
>
> chown reading_room /path/to/reading_room.tcl
> chmod 644 /path/to/reading_room.tcl
Good point. In fact,
On 27/5/19 12:43 AM, Luuk wrote:
>
> On 26-5-2019 13:52, Adrian Ho wrote:
>> On 26/5/19 7:49 AM, Markos wrote:
>>> I made a program (reading_room.tcl), with Sqlite running on Debian 9,
>>> to control the books of a reading room.
>>>
>>> I implemented an authentication system for common users and
On Sun, 26 May 2019 19:52:29 +0800
Adrian Ho wrote:
> Finally, create a "reading_room" script that your users will run:
>
> #!/usr/bin/env bash
>
> sudo -u reading_room /path/to/reading_room.tcl
This script is more efficient and portable:
#! /bin/sh
sudo -u reading_room
On 26-5-2019 13:52, Adrian Ho wrote:
On 26/5/19 7:49 AM, Markos wrote:
I made a program (reading_room.tcl), with Sqlite running on Debian 9,
to control the books of a reading room.
I implemented an authentication system for common users and
administrator users in the reading_room.tcl program.
You should probably also make sure that users cannot alter the tcl
file through which they access the database file; probably something
like:
chown reading_room /path/to/reading_room.tcl
chmod 644 /path/to/reading_room.tcl
(It's possible that you will also need execute permission on the file,
On 26/5/19 5:26 PM, Luuk wrote:
>
> On 26-5-2019 01:49, Markos wrote:
>> Now I want that any user logged in the Linux be able to run the
>> program reading_room.tcl, which will access the database (books.db)
>>
>> But I want to protect the file books.db so that only the the program
>>
On 26/5/19 7:49 AM, Markos wrote:
> I made a program (reading_room.tcl), with Sqlite running on Debian 9,
> to control the books of a reading room.
>
> I implemented an authentication system for common users and
> administrator users in the reading_room.tcl program.
>
> Now I want that any user
On 26-5-2019 01:49, Markos wrote:
Hi,
I made a program (reading_room.tcl), with Sqlite running on Debian 9,
to control the books of a reading room.
I implemented an authentication system for common users and
administrator users in the reading_room.tcl program.
Now I want that any user
Hi,
I made a program (reading_room.tcl), with Sqlite running on Debian 9, to
control the books of a reading room.
I implemented an authentication system for common users and
administrator users in the reading_room.tcl program.
Now I want that any user logged in the Linux be able to run the
16 matches
Mail list logo
