On 26/5/19 7:49 AM, Markos wrote: > I made a program (reading_room.tcl), with Sqlite running on Debian 9, > to control the books of a reading room. > > I implemented an authentication system for common users and > administrator users in the reading_room.tcl program. > > Now I want that any user logged in the Linux be able to run the > program reading_room.tcl, which will access the database (books.db) > > But I want to protect the file books.db so that only the the program > reading_room.tcl can access the books.db file (to read or write). But > that no user could delete or write to the file books.db (only the > program reading_room.tcl)
The standard Unix permissions/ACLs architecture doesn't support this use case directly. A relatively simple and bulletproof way to achieve what you want is to use sudo to get everyone running reading_room.tcl as a separate (non-login) user. As root, run "useradd reading_room", then "visudo" to add the following line to /etc/sudoers: ALL ALL = (reading_room) /path/to/reading_room.tcl Then, "chown reading_room /path/to/books.db" and "chmod 600 /path/to/books.db" to ensure that only user "reading_room" can access the DB. Finally, create a "reading_room" script that your users will run: #!/usr/bin/env bash sudo -u reading_room /path/to/reading_room.tcl _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
