> On Thu, Dec 18, 2008 at 5:47 PM, Bertrand Delacretaz > <[email protected]> wrote: >> Unixish systems solve this by using the identity of the user who owns >> the script (unless the setuid flag is set), and enforcing the way this >> identity can be set - but we don't have that kind of feature in JCR, >> or do we?
We could guess by looking at who can write to the file - but this is not a unique user or group and can be a whole list of them. Maybe we can take the first explicit write-allowed-ACL entry for that script (ignoring inherited ACLs). On Thu, Dec 18, 2008 at 5:59 PM, Lars Trieloff <[email protected]> wrote: > I think admin is a good start. To ensure this option, I would only start scripts (under user admin) if the script is only writeable by admin (which is simpler to check than the idea above, since the user = admin is "fixed"). Regards, Alex -- Alexander Klimetschek [email protected]
