On 26/5/19 5:26 PM, Luuk wrote:
>
> On 26-5-2019 01:49, Markos wrote:
>> Now I want that any user logged in the Linux be able to run the
>> program reading_room.tcl, which will access the database (books.db)
>>
>> But I want to protect the file books.db so that only the the program
>> reading_room.tcl can access the books.db file (to read or write). But
>> that no user could delete or write to the file books.db (only the
>> program reading_room.tcl)
> If you have read, and used, this:
> https://www.sqlite.org/src/doc/trunk/ext/userauth/user-auth.txt than
> you should know the answer ;)

WARNING: The documentation seems to suggest that an SQLite library/shell
compiled without SQLITE_USER_AUTHENTICATION still has full access to the
DB. A quick build and test seems to confirm this:

$ ./sqlite3_with_user_auth ~/tmp/test_userauth.db3
SQLite version 3.28.0 2019-04-16 19:49:53
Enter ".help" for usage hints.
sqlite> .user help
Usage: .user login|add|edit|delete ...
sqlite> .user add aho testing yes
sqlite> create table test(x int);
sqlite> insert into test values (1);
sqlite> select * from test;
1
sqlite>

Now let's see if an SQLite shell that doesn't do user auth can muck with
this DB:

$ sqlite3 ~/tmp/test_userauth.db3

sqlite> .user help
Error: unknown command or invalid arguments:  "user". Enter ".help" for help
sqlite> .schema
CREATE TABLE sqlite_user(
  uname TEXT PRIMARY KEY,
  isAdmin BOOLEAN,
  pw BLOB
) WITHOUT ROWID;
CREATE TABLE test(x int);
sqlite> select * from sqlite_user;
aho|1|$▒i����P}▒�m��
sqlite> select * from test;
1
sqlite> insert into test values (2);
sqlite> select * from test;
1
2

Uh oh...

> Otherwise set access permissions on the database  (use: 'man chmod'
> and/or 'man chown', to find out how to do that under Debian 9)

To give *any* user access to the DB *only* via reading_room.tcl, as the
OP requested, access permissions aren't sufficient by themselves. You'd
also need to force all users to run reading_room.tcl as the DB's owner,
i.e. something like "sudo".

_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to